org.apache.oozie.client

Class AuthOozieClient

java.lang.Object

org.apache.oozie.client.OozieClient

org.apache.oozie.client.XOozieClient

org.apache.oozie.client.AuthOozieClient

public class AuthOozieClient
extends XOozieClient

This subclass of XOozieClient supports Kerberos HTTP SPNEGO and simple authentication.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthOozieClient.AuthType

Nested classes/interfaces inherited from class org.apache.oozie.client.OozieClient

OozieClient.ClientCallable<T>, OozieClient.Instrumentation, OozieClient.MapClientCallable, OozieClient.Metrics, OozieClient.SORT_BY, OozieClient.SYSTEM_MODE

Field Summary

Fields

Modifier and Type	Field and Description
static File	AUTH_TOKEN_CACHE_FILE File constant that defines the location of the authentication token cache file.
static String	AUTHENTICATOR_CLASS_SYS_PROP Java system property to specify a custom Authenticator implementation.
static String	USE_AUTH_TOKEN_CACHE_SYS_PROP Java system property that, if set the authentication token will be cached in the user home directory in a hidden file .oozie-auth-token with user read/write permissions only.

Fields inherited from class org.apache.oozie.client.XOozieClient

ARCHIVES, FILES, HIVE_OPTIONS, HIVE_SCRIPT, HIVE_SCRIPT_PARAMS, IS_PROXY_SUBMISSION, JT, JT_2, JT_PRINCIPAL, NN, NN_2, NN_PRINCIPAL, PIG_OPTIONS, PIG_SCRIPT, PIG_SCRIPT_PARAMS, SQOOP_COMMAND, SQOOP_OPTIONS

Fields inherited from class org.apache.oozie.client.OozieClient

ACTION_MAX_RETRIES, ACTION_NOTIFICATION_URL, ACTION_RETRY_INTERVAL, APP_PATH, BUNDLE_APP_PATH, BUNDLE_ID, CHANGE_VALUE_CONCURRENCY, CHANGE_VALUE_ENDTIME, CHANGE_VALUE_PAUSETIME, CHANGE_VALUE_STATUS, COORD_ACTION_NOTIFICATION_PROXY, COORD_ACTION_NOTIFICATION_URL, COORDINATOR_APP_PATH, debugMode, EXTERNAL_ID, FILTER_APPNAME, FILTER_BUNDLE, FILTER_CREATED_TIME_END, FILTER_CREATED_TIME_START, FILTER_FREQUENCY, FILTER_GROUP, FILTER_ID, FILTER_JOBID, FILTER_NAME, FILTER_NOMINAL_TIME, FILTER_SLA_APPNAME, FILTER_SLA_EVENT_STATUS, FILTER_SLA_ID, FILTER_SLA_NOMINAL_END, FILTER_SLA_NOMINAL_START, FILTER_SLA_PARENT_ID, FILTER_SLA_STATUS, FILTER_SORT_BY, FILTER_STATUS, FILTER_UNIT, FILTER_USER, GROUP_NAME, JOB_ACL, LIBPATH, LOG_TOKEN, OOZIE_SUSPEND_ON_NODES, RERUN_FAIL_NODES, RERUN_SKIP_NODES, SLA_DISABLE_ALERT, SLA_DISABLE_ALERT_COORD, SLA_DISABLE_ALERT_OLDER_THAN, SLA_ENABLE_ALERT, USE_SYSTEM_LIBPATH, USER_NAME, WORKFLOW_NOTIFICATION_PROXY, WORKFLOW_NOTIFICATION_URL, WS_PROTOCOL_VERSION, WS_PROTOCOL_VERSION_0, WS_PROTOCOL_VERSION_1

Constructor Summary

Constructors

Constructor and Description
AuthOozieClient(String oozieUrl) Create an instance of the AuthOozieClient.
AuthOozieClient(String oozieUrl, String authOption) Create an instance of the AuthOozieClient.

Method Summary

Methods

Modifier and Type	Method and Description
protected HttpURLConnection	createConnection(URL url, String method) Create an authenticated connection to the Oozie server.
protected org.apache.hadoop.security.authentication.client.Authenticator	getAuthenticator() Return the Hadoop-auth Authenticator to use.
protected Map<String,Class<? extends org.apache.hadoop.security.authentication.client.Authenticator>>	getAuthenticators() Get the map for classes of Authenticator.
String	getAuthOption() Get authOption
protected org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token	readAuthToken() Read a authentication token cached in the user home directory.
protected void	writeAuthToken(org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token authToken) Write the current authentication token to the user home directory.authOption

Methods inherited from class org.apache.oozie.client.XOozieClient

addArchive, addFile, setLib, submitMapReduce, submitPig, submitScriptLanguage, submitScriptLanguage, submitSqoop

Methods inherited from class org.apache.oozie.client.OozieClient

bulkModifyJobs, change, createConfiguration, createRetryableConnection, doAs, dryrun, getAvailableOozieServers, getBulkInfo, getBundleJobInfo, getBundleJobsInfo, getClientBuildVersion, getCoordActionInfo, getCoordJobInfo, getCoordJobInfo, getCoordJobInfo, getCoordJobsInfo, getDebugMode, getHeader, getHeaderNames, getHeaders, getInstrumentation, getJavaSystemProperties, getJMSConnectionInfo, getJMSTopicName, getJobAuditLog, getJobDefinition, getJobErrorLog, getJobId, getJobInfo, getJobInfo, getJobLog, getJobLog, getJobLog, getJobsInfo, getJobsInfo, getMetrics, getOozieUrl, getOSEnv, getProtocolUrl, getQueueDump, getRetryCount, getServerBuildVersion, getServerConfiguration, getSlaInfo, getStatus, getSystemMode, getWfsForCoordAction, getWorkflowActionInfo, ignore, kill, kill, killJobs, listShareLib, notEmpty, notNull, pollJob, removeHeader, reRun, reRunBundle, reRunCoord, reRunCoord, resume, resumeJobs, run, setDebugMode, setHeader, setRetryCount, setSystemMode, slaChange, slaChange, slaChange, slaDisableAlert, slaDisableAlert, slaEnableAlert, slaEnableAlert, start, submit, suspend, suspendJobs, updateCoord, updateCoord, updateShareLib, validateWSVersion, validateXML, writeToXml

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTHENTICATOR_CLASS_SYS_PROP

public static final String AUTHENTICATOR_CLASS_SYS_PROP

Java system property to specify a custom Authenticator implementation.

See Also:

Constant Field Values

USE_AUTH_TOKEN_CACHE_SYS_PROP

public static final String USE_AUTH_TOKEN_CACHE_SYS_PROP

Java system property that, if set the authentication token will be cached in the user home directory in a hidden file .oozie-auth-token with user read/write permissions only.

See Also:

Constant Field Values

AUTH_TOKEN_CACHE_FILE

public static final File AUTH_TOKEN_CACHE_FILE

File constant that defines the location of the authentication token cache file.

It resolves to ${user.home}/.oozie-auth-token.

Constructor Detail

AuthOozieClient

public AuthOozieClient(String oozieUrl)

Create an instance of the AuthOozieClient.

Parameters:

oozieUrl - the Oozie URL

AuthOozieClient

public AuthOozieClient(String oozieUrl,
               String authOption)

Create an instance of the AuthOozieClient.

Parameters:

oozieUrl - the Oozie URL

authOption - the auth option

Method Detail

createConnection

protected HttpURLConnection createConnection(URL url,
                                 String method)
                                      throws IOException,
                                             OozieClientException

Create an authenticated connection to the Oozie server.

It uses Hadoop-auth client authentication which by default supports Kerberos HTTP SPNEGO, Pseudo/Simple and anonymous.

if the Java system property USE_AUTH_TOKEN_CACHE_SYS_PROP is set to true Hadoop-auth authentication token will be cached/used in/from the '.oozie-auth-token' file in the user home directory.

Overrides:

createConnection in class OozieClient

Parameters:

url - the URL to open a HTTP connection to.

method - the HTTP method for the HTTP connection.

Returns:

an authenticated connection to the Oozie server.

Throws:

IOException - if an IO error occurred.

OozieClientException - if an oozie client error occurred.

readAuthToken

protected org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token readAuthToken()

Read a authentication token cached in the user home directory.

Returns:

the authentication token cached in the user home directory, NULL if none.

writeAuthToken

protected void writeAuthToken(org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token authToken)

Write the current authentication token to the user home directory.authOption

The file is written with user only read/write permissions.

If the file cannot be updated or the user only ready/write permissions cannot be set the file is deleted.

Parameters:

authToken - the authentication token to cache.

getAuthenticator

protected org.apache.hadoop.security.authentication.client.Authenticator getAuthenticator()
                                                                                   throws OozieClientException

Return the Hadoop-auth Authenticator to use.

It first looks for value of command line option 'auth', if not set it continues to check AUTHENTICATOR_CLASS_SYS_PROP Java system property for Authenticator.

It the value of the AUTHENTICATOR_CLASS_SYS_PROP is not set it uses Hadoop-auth KerberosAuthenticator which supports both Kerberos HTTP SPNEGO and Pseudo/simple authentication.

Returns:

the Authenticator to use, NULL if none.

Throws:

OozieClientException - thrown if the authenticator could not be instantiated.

getAuthenticators

protected Map<String,Class<? extends org.apache.hadoop.security.authentication.client.Authenticator>> getAuthenticators()

Get the map for classes of Authenticator. Default values are: null : KerberosAuthenticator SIMPLE : PseudoAuthenticator KERBEROS : KerberosAuthenticator

Returns:

the map for classes of Authenticator

getAuthOption

public String getAuthOption()

Get authOption

Returns:

the authOption