2323import com .google .gson .GsonBuilder ;
2424import org .apache .hadoop .conf .Configuration ;
2525import org .apache .hadoop .security .UserGroupInformation ;
26+ import org .apache .ranger .audit .provider .MiscUtil ;
2627import org .apache .ranger .plugin .model .RangerRole ;
2728import org .apache .ranger .plugin .util .GrantRevokeRequest ;
2829import org .apache .ranger .plugin .util .GrantRevokeRoleRequest ;
@@ -43,6 +44,8 @@ public abstract class AbstractRangerAdminClient implements RangerAdminClient {
4344
4445 private boolean forceNonKerberos ;
4546
47+ private boolean forceSecureEndpointAccess ;
48+
4649 @ Override
4750 public void init (String serviceName , String appId , String configPropertyPrefix , Configuration config ) {
4851 Gson gson = null ;
@@ -54,7 +57,8 @@ public void init(String serviceName, String appId, String configPropertyPrefix,
5457 }
5558
5659 this .gson = gson ;
57- this .forceNonKerberos = config .getBoolean (configPropertyPrefix + ".forceNonKerberos" , false );
60+ this .forceNonKerberos = config .getBoolean (configPropertyPrefix + ".forceNonKerberos" , false );
61+ this .forceSecureEndpointAccess = config .getBoolean (configPropertyPrefix + ".forceSecureEndpointAccess" , false );
5862 }
5963
6064 @ Override
@@ -127,12 +131,21 @@ public ServiceGdsInfo getGdsInfoIfUpdated(long lastKnownVersion, long lastActiva
127131 return null ;
128132 }
129133
134+ public boolean isAuthenticationEnabled () {
135+ return forceSecureEndpointAccess || isKerberosEnabled ();
136+ }
137+
138+ public boolean isKerberosEnabled () {
139+ return isKerberosEnabled (MiscUtil .getUGILoginUser ());
140+ }
141+
130142 public boolean isKerberosEnabled (UserGroupInformation user ) {
131143 final boolean ret ;
132144
133145 if (forceNonKerberos ) {
134146 ret = false ;
135147 } else {
148+ LOG .debug ("UGI user: {}" , user );
136149 ret = user != null && UserGroupInformation .isSecurityEnabled () && user .hasKerberosCredentials ();
137150 }
138151
0 commit comments