As the title says, is it possible to make a service that can handle WebHDFS request from multiple users on the same realm?
Im rather lost on this question, have searched the web and have found a lot of stuff but none seems to answer my question.
Im using SpringBoot to test this and so far I have made the following:
application.yml:
# HDFS properties
hdfs:
user: user1
config.path: file:/environment/hadoop-config/local.xml
base:
path: /user/${hdfs.user}
data.path: ${hdfs.base.path}/data
-
@Bean("FileSystem")
public FileSystem hadoopConfig(
@Value("${hdfs.config.path}") final Resource hdfsConfig,
@Value("${hdfs.user}") final String hdfsUser
) throws IOException {
final org.apache.hadoop.conf.Configuration config = new org.apache.hadoop.conf.Configuration();
config.addResource(hdfsConfig.getInputStream());
UserGroupInformation.setConfiguration(config);
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(hdfsUser));
final FileSystem fileSystem = FileSystem.get(config);
return fileSystem instanceof WebHdfsFileSystem ? fileSystem : null
}
As you can see, this is a bean configured to work with one user only.
Exp. scenario. User1 has permissions to reads his data only and sends the reqest to list the data in /user1/data/foo, at the same time User2 has permission to read his data only and send to list the data in /user1/data/foo and gets denied. Is this possible?
Can a JAAS file have multiple principals defined? Exp.
client {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal=“user1@EXAMPLE.COM”
useKeyTab=true
keyTab=“/etc/secrets/user1.keytab"
storeKey=true;
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal=“user2@EXAMPLE.COM”
useKeyTab=true
keyTab=“/etc/secrets/user2.keytab"
storeKey=true;
};
Plain java can work also i just need to understand the concept. Thanks
