001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.oozie.action.hadoop; 020 021import org.apache.hadoop.conf.Configuration; 022import org.apache.hadoop.security.UserGroupInformation; 023import org.apache.hadoop.util.ReflectionUtils; 024import org.apache.oozie.service.ConfigurationService; 025import org.apache.oozie.service.Services; 026import org.apache.oozie.util.XLog; 027 028import java.io.IOException; 029 030public class CredentialsProvider { 031 Credentials cred; 032 String type; 033 public static final String CRED_KEY = "oozie.credentials.credentialclasses"; 034 private static final XLog LOG = XLog.getLog(CredentialsProvider.class); 035 036 public CredentialsProvider(String type) { 037 this.type = type; 038 this.cred = null; 039 LOG.debug("Credentials Provider is created for Type: " + type); 040 } 041 042 /** 043 * Create Credential object 044 * 045 * @return Credential object 046 * @throws Exception 047 */ 048 public Credentials createCredentialObject() throws Exception { 049 String type; 050 String classname; 051 for (String function : ConfigurationService.getStrings(CRED_KEY)) { 052 function = Trim(function); 053 LOG.debug("Creating Credential class for : " + function); 054 String[] str = function.split("="); 055 if (str.length > 0) { 056 type = str[0]; 057 classname = str[1]; 058 if (classname != null) { 059 LOG.debug("Creating Credential type : '" + type + "', class Name : '" + classname + "'"); 060 if (this.type.equalsIgnoreCase(str[0])) { 061 Class<?> klass = null; 062 try { 063 klass = Thread.currentThread().getContextClassLoader().loadClass(classname); 064 } 065 catch (ClassNotFoundException ex) { 066 LOG.warn("Exception while loading the class", ex); 067 throw ex; 068 } 069 070 cred = (Credentials) ReflectionUtils.newInstance(klass, null); 071 } 072 } 073 } 074 } 075 return cred; 076 } 077 078 /** 079 * Relogs into Kerberos using the Keytab for the Oozie server user. This should be called before attempting to get delegation 080 * tokens via {@link Credentials} implementations to ensure that the Kerberos credentials are current and won't expire too soon. 081 * 082 * @throws IOException 083 */ 084 public static void ensureKerberosLogin() throws IOException { 085 LOG.debug("About to relogin from keytab"); 086 UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab(); 087 LOG.debug("Relogin from keytab successful"); 088 } 089 090 /** 091 * To trim string 092 * 093 * @param str 094 * @return trim string 095 */ 096 public String Trim(String str) { 097 if (str != null) { 098 str = str.replaceAll("\\n", ""); 099 str = str.replaceAll("\\t", ""); 100 str = str.trim(); 101 } 102 return str; 103 } 104}