@InterfaceAudience.Public @InterfaceStability.Evolving public class UserGroupInformation extends Object
| Modifier and Type | Class and Description | 
|---|---|
| static class  | UserGroupInformation.AuthenticationMethodexisting types of authentications' methods | 
| Modifier and Type | Field and Description | 
|---|---|
| static String | HADOOP_TOKENEnvironment variable pointing to the base64 tokens. | 
| static String | HADOOP_TOKEN_FILE_LOCATIONEnvironment variable pointing to the token cache file | 
| Modifier and Type | Method and Description | 
|---|---|
| void | addCredentials(Credentials credentials)Add the given Credentials to this user. | 
| boolean | addToken(Text alias,
        Token<? extends TokenIdentifier> token)Add a named token to this UGI | 
| boolean | addToken(Token<? extends TokenIdentifier> token)Add a token to this UGI | 
| boolean | addTokenIdentifier(TokenIdentifier tokenId)Add a TokenIdentifier to this UGI. | 
| void | checkTGTAndReloginFromKeytab()Re-login a user from keytab if TGT is expired or is close to expiry. | 
| static UserGroupInformation | createProxyUser(String user,
               UserGroupInformation realUser)Create a proxy user using username of the effective user and the ugi of the
 real user. | 
| static UserGroupInformation | createProxyUserForTesting(String user,
                         UserGroupInformation realUser,
                         String[] userGroups)Create a proxy user UGI for testing HDFS and MapReduce | 
| static UserGroupInformation | createRemoteUser(String user)Create a user from a login name. | 
| static UserGroupInformation | createRemoteUser(String user,
                org.apache.hadoop.security.SaslRpcServer.AuthMethod authMethod)Create a user from a login name. | 
| static UserGroupInformation | createUserForTesting(String user,
                    String[] userGroups)Create a UGI for testing HDFS and MapReduce | 
| <T> T | doAs(PrivilegedAction<T> action)Run the given action as the user. | 
| <T> T | doAs(PrivilegedExceptionAction<T> action)Run the given action as the user, potentially throwing an exception. | 
| boolean | equals(Object o)Compare the subjects to see if they are equal to each other. | 
| void | forceReloginFromKeytab()Force re-Login a user in from a keytab file irrespective of the last login
 time. | 
| UserGroupInformation.AuthenticationMethod | getAuthenticationMethod()Get the authentication method from the subject | 
| static UserGroupInformation | getBestUGI(String ticketCachePath,
          String user)Find the most appropriate UserGroupInformation to use | 
| Credentials | getCredentials()Obtain the tokens in credentials form associated with this user. | 
| static UserGroupInformation | getCurrentUser()Return the current user, including any doAs in the current stack. | 
| String[] | getGroupNames()Get the group names for this user. | 
| List<String> | getGroups()Get the group names for this user. | 
| static UserGroupInformation | getLoginUser()Get the currently logged in user. | 
| String | getPrimaryGroupName() | 
| UserGroupInformation.AuthenticationMethod | getRealAuthenticationMethod()Get the authentication method from the real user's subject. | 
| static UserGroupInformation.AuthenticationMethod | getRealAuthenticationMethod(UserGroupInformation ugi)Returns the authentication method of a ugi. | 
| UserGroupInformation | getRealUser()get RealUser (vs. | 
| static UserGroupInformation | getRealUserOrSelf(UserGroupInformation user)If this is a proxy user, get the real user. | 
| String | getShortUserName()Get the user's login name. | 
| protected Subject | getSubject()Get the underlying subject from this ugi. | 
| Set<TokenIdentifier> | getTokenIdentifiers()Get the set of TokenIdentifiers belonging to this UGI | 
| Collection<Token<? extends TokenIdentifier>> | getTokens()Obtain the collection of tokens associated with this user. | 
| static UserGroupInformation | getUGIFromSubject(Subject subject)Create a UserGroupInformation from a Subject with Kerberos principal. | 
| static UserGroupInformation | getUGIFromTicketCache(String ticketCache,
                     String user)Create a UserGroupInformation from a Kerberos ticket cache. | 
| String | getUserName()Get the user's full principal name. | 
| int | hashCode()Return the hash of the subject. | 
| boolean | hasKerberosCredentials()checks if logged in using kerberos | 
| boolean | isFromKeytab()Is this user logged in from a keytab file managed by the UGI? | 
| static boolean | isInitialized() | 
| static boolean | isLoginKeytabBased()Did the login happen via keytab. | 
| static boolean | isLoginTicketBased()Did the login happen via ticket cache. | 
| static boolean | isSecurityEnabled()Determine if UserGroupInformation is using Kerberos to determine
 user identities or is relying on simple authentication | 
| static void | logAllUserInfo(UserGroupInformation ugi)Log all (current, real, login) UGI and token info into UGI debug log. | 
| static void | loginUserFromKeytab(String user,
                   String path)Log a user in from a keytab file. | 
| static UserGroupInformation | loginUserFromKeytabAndReturnUGI(String user,
                               String path)Log a user in from a keytab file. | 
| static void | loginUserFromSubject(Subject subject)Log in a user using the given subject | 
| void | logoutUserFromKeytab()Log the current user out who previously logged in using keytab. | 
| static void | main(String[] args)A test method to print out the current user's UGI. | 
| static void | reattachMetrics()Reattach the class's metrics to a new metric system. | 
| void | reloginFromKeytab()Re-Login a user in from a keytab file. | 
| void | reloginFromTicketCache()Re-Login a user in from the ticket cache. | 
| void | setAuthenticationMethod(org.apache.hadoop.security.SaslRpcServer.AuthMethod authMethod)Sets the authentication method in the subject. | 
| void | setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)Sets the authentication method in the subject. | 
| static void | setConfiguration(Configuration conf)Set the static configuration for UGI. | 
| static void | setShouldRenewImmediatelyForTests(boolean immediate)For the purposes of unit tests, we want to test login
 from keytab and don't want to wait until the renew
 window (controlled by TICKET_RENEW_WINDOW). | 
| String | toString()Return the username. | 
| static String | trimLoginMethod(String userName)remove the login method that is followed by a space from the username
 e.g. | 
public static final String HADOOP_TOKEN_FILE_LOCATION
public static final String HADOOP_TOKEN
public static void setShouldRenewImmediatelyForTests(boolean immediate)
immediate - true if we should login without waiting for ticket windowpublic static void reattachMetrics()
public static boolean isInitialized()
@InterfaceAudience.Public @InterfaceStability.Evolving public static void setConfiguration(Configuration conf)
conf - the configuration to usepublic static boolean isSecurityEnabled()
public boolean hasKerberosCredentials()
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getCurrentUser() throws IOException
IOException - if login failspublic static UserGroupInformation getBestUGI(String ticketCachePath, String user) throws IOException
ticketCachePath - The Kerberos ticket cache path, or NULL
                           if none is specfieduser - The user name, or NULL if none is specified.IOException - raised on errors performing I/O.@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getUGIFromTicketCache(String ticketCache, String user) throws IOException
user - The principal name to load from the ticket
                            cacheticketCache - the path to the ticket cache fileIOException - if the kerberos login failspublic static UserGroupInformation getUGIFromSubject(Subject subject) throws IOException
subject - The KerberosPrincipal to use in UGI.
                            The creator of subject is responsible for
                            renewing credentials.IOException - raised on errors performing I/O.KerberosAuthException - if the kerberos login fails@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getLoginUser() throws IOException
IOException - if login failspublic static String trimLoginMethod(String userName)
userName - input userName.@InterfaceAudience.Public @InterfaceStability.Evolving public static void loginUserFromSubject(Subject subject) throws IOException
subject - the subject to use when logging in a user, or null to
 create a new subject.
 If subject is not null, the creator of subject is responsible for renewing
 credentials.IOException - if login failspublic boolean isFromKeytab()
@InterfaceAudience.Public @InterfaceStability.Evolving public static void loginUserFromKeytab(String user, String path) throws IOException
user - the principal name to load from the keytabpath - the path to the keytab fileIOException - raised on errors performing I/O.KerberosAuthException - if it's a kerberos login exception.@InterfaceAudience.Public
 @InterfaceStability.Evolving
public void logoutUserFromKeytab()
                                                                                  throws IOException
loginUserFromKeytab(String, String).IOException - raised on errors performing I/O.KerberosAuthException - if a failure occurred in logout,
 or if the user did not log in by invoking loginUserFromKeyTab() before.public void checkTGTAndReloginFromKeytab()
                                  throws IOException
IOException - raised on errors performing I/O.KerberosAuthException - if it's a kerberos login exception.@InterfaceAudience.Public
 @InterfaceStability.Evolving
public void reloginFromKeytab()
                                                                               throws IOException
loginUserFromKeytab(String, String) had
 happened already.
 The Subject field of this UserGroupInformation object is updated to have
 the new credentials.IOException - raised on errors performing I/O.KerberosAuthException - on a failure@InterfaceAudience.Public
 @InterfaceStability.Evolving
public void forceReloginFromKeytab()
                                                                                    throws IOException
loginUserFromKeytab(String, String) had happened already. The
 Subject field of this UserGroupInformation object is updated to have the
 new credentials.IOException - raised on errors performing I/O.KerberosAuthException - on a failure@InterfaceAudience.Public
 @InterfaceStability.Evolving
public void reloginFromTicketCache()
                                                                                    throws IOException
IOException - raised on errors performing I/O.KerberosAuthException - on a failurepublic static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user, String path) throws IOException
user - the principal name to load from the keytabpath - the path to the keytab fileIOException - if the keytab file can't be read@InterfaceAudience.Public
 @InterfaceStability.Evolving
public static boolean isLoginKeytabBased()
                                                                                          throws IOException
IOException - raised on errors performing I/O.public static boolean isLoginTicketBased()
                                  throws IOException
IOException - raised on errors performing I/O.@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user)
user - the full user principal name, must not be empty or null@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user, org.apache.hadoop.security.SaslRpcServer.AuthMethod authMethod)
user - the full user principal name, must not be empty or nullauthMethod - input authMethod.@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createProxyUser(String user, UserGroupInformation realUser)
user - input user.realUser - input realUser.@InterfaceAudience.Public @InterfaceStability.Evolving public UserGroupInformation getRealUser()
public static UserGroupInformation getRealUserOrSelf(UserGroupInformation user)
user - the user to check@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
user - the full user principal nameuserGroups - the names of the groups that the user belongs topublic static UserGroupInformation createProxyUserForTesting(String user, UserGroupInformation realUser, String[] userGroups)
user - the full user principal name for effective userrealUser - UGI of the real useruserGroups - the names of the groups that the user belongs topublic String getShortUserName()
public String getPrimaryGroupName() throws IOException
IOException@InterfaceAudience.Public @InterfaceStability.Evolving public String getUserName()
public boolean addTokenIdentifier(TokenIdentifier tokenId)
tokenId - tokenIdentifier to be addedpublic Set<TokenIdentifier> getTokenIdentifiers()
public boolean addToken(Token<? extends TokenIdentifier> token)
token - Token to be addedpublic boolean addToken(Text alias, Token<? extends TokenIdentifier> token)
alias - Name of the tokentoken - Token to be addedpublic Collection<Token<? extends TokenIdentifier>> getTokens()
public Credentials getCredentials()
public void addCredentials(Credentials credentials)
credentials - of tokens and secretspublic String[] getGroupNames()
getGroups() is less
 expensive alternative when checking for a contained element.public List<String> getGroups()
public void setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)
authMethod - input authMethod.public void setAuthenticationMethod(org.apache.hadoop.security.SaslRpcServer.AuthMethod authMethod)
authMethod - input authMethod.public UserGroupInformation.AuthenticationMethod getAuthenticationMethod()
public UserGroupInformation.AuthenticationMethod getRealAuthenticationMethod()
public static UserGroupInformation.AuthenticationMethod getRealAuthenticationMethod(UserGroupInformation ugi)
ugi - input ugi.public boolean equals(Object o)
protected Subject getSubject()
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedAction<T> action)
T - the return type of the run methodaction - the method to execute@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
T - the return type of the run methodaction - the method to executeIOException - if the action throws an IOExceptionError - if the action throws an ErrorRuntimeException - if the action throws a RuntimeExceptionInterruptedException - if the action throws an InterruptedExceptionUndeclaredThrowableException - if the action throws something elsepublic static void logAllUserInfo(UserGroupInformation ugi) throws IOException
ugi - - UGIIOException - raised on errors performing I/O.Copyright © 2023 Apache Software Foundation. All rights reserved.