I'm using System.getProperty("user.name") to get the name of localuser. It works fine and now my class need to work on server.
Unfortunately, System.getProperty("user.name") try to catch the user name of the server and return "root".
Is it possible using System.getProperty() I get the name of localuser running the class on the server? If not, is there any way?
System.getProperty("user.name") returns user's account name on which the java process is running. As you mentioned on your local computer you are running it on user "Filiipe" however on server you are running it as a root user. Maybe you are using tomcat/jboss started automatically as a system service, that kind of services are running under root user.
You can also easily check it with ps -ef command on linux - the first column is user that started the service.
You can also try override this parameter by adding additional option to your server starting script -Duser.name=Fellipe. I didn't try it but it may work.
Related
I wrote a little Hadoop Client Java application, that lists all files in HDFS (unsecure) and all tables in Hive, and some more stuff. However, I need to change the Hadoop Username during runtime.
Setting the name via System.setProperty("HADOOP_USER_NAME", "testuser"); works fine for the first time I need this username. But when I want to change the username to e.g. System.setProperty("HADOOP_USER_NAME", "hdfs"); I get an exception (after setting the hadoop username to hdfs as shown above):
org.apache.hadoop.security.AccessControlException: Permission denied: user=testuser, access=READ_EXECUTE, inode="/app-logs/ambari-qa":ambari-qa:hadoop:drwxrwx---
What could be the problem here? Why can't I just change the username via the HADOOP_USER_NAME property whenever I want to?
EDIT
Can I just use UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(username)); to change the user during runtime or are there some restrictions?
Because, you are connecting to HDFS or Hive using JDBC connection.
Till you close the existing connection , you cannot make one more connection from the same application to HDFS/Hive service .
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.
I've installed the latest RabbitMQ server (rabbitmq-server-3.3.0-1.noarch.rpm) on a fresh Centos 5.10 VM according to the instructions on the official site.
I've done this many times before during development and never had any issues. However, this time I cannot log into the management web interface using the default guest/guest user.
In the logs, I see the following:
=ERROR REPORT==== 4-Apr-2014::00:55:15 ===
webmachine error: path="api/whoami"
"Unauthorized"
What could be causing this?
It's new features since the version 3.3.0
http://www.rabbitmq.com/release-notes/README-3.3.0.txt
server
------
...
25603 prevent access using the default guest/guest credentials except via
localhost.
If you want enable the guest user read this or this RabbitMQ 3.3.1 can not login with guest/guest
# remove guest from loopback_users in rabbitmq.config like this
[{rabbit, [{loopback_users, []}]}].
# It is danger for default user and default password for remote access
# better to change password
rabbitmqctl change_password guest NEWPASSWORD
If you want create a new user with admin grants:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Now you can access using test test.
If you still can't access the management console after a fresh install, check if the management console was enabled. To enable it:
Go to the RabbitMQ command prompt.
Type:
rabbitmq-plugins enable rabbitmq_management
Something that just happened to me and caused me some headaches:
I have set up a new Linux RabbitMQ server and used a shell script to set up my own custom users (not guest!).
The script had several of those "code" blocks:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Very similar to the one in Gabriele's answer, so I take his code and don't need to redact passwords.
Still I was not able to log in in the management console. Then I noticed that I had created the setup script in Windows (CR+LF line ending) and converted the file to Linux (LF only), then reran the setup script on my Linux server.
... and was still not able to log in, because it took another 15 minutes until I realized that calling add_user over and over again would not fix the broken passwords (which probably ended with a CR character). I had to call change_password for every user to fix my earlier mistake:
rabbitmqctl change_password test test
(Another solution would have been to delete all users and then call the script again)
If on Windows and installed using chocolatey make sure firewall is allowing the default ports for it:
netsh advfirewall firewall add rule name="RabbitMQ Management" dir=in action=allow protocol=TCP localport=15672
netsh advfirewall firewall add rule name="RabbitMQ" dir=in action=allow protocol=TCP localport=5672
for the remote access.
I also couldn't log in to Rabbit's web interface. in my case, cookies were disabled in the browser for this web interface. I allowed cookies to be saved and rebooted chrome. and I was able to log in again.
If you are in Mac OS, you need to open the /usr/local/etc/rabbitmq/rabbitmq-env.conf and
set NODE_IP_ADDRESS=, it used to be 127.0.0.1. Then add another user as the accepted answer suggested.
After that, restart rabbitMQ, brew services restart rabbitmq
I installed a standard executable jar file as a Windows service by running the following command:
> prunsrv.exe //IS//"My Service" --Install="C:\path-to-prunsrv.exe" --Jvm=auto \
--Startup=auto --StartMode=jvm --Classpath="C:\path-to-MyService.jar" \
--StartClass=com.mydomain.MyService
I can now run my program fine in console mode by running the following command (I'm using Java 1.6):
> prunsrv.exe //TS//"My Service"
When I try to start the service through the standard Windows services interface, I get the following error message:
The MyService service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.
There is no output in my application's log file when I attempt to start the service this way. There is also no output in the Window's event log (Windows 7 64-bit). What can I do to try and figure out why this service will not run?
Don't use any white-space in the service name!
After many hours of testing and pulling apart Tomcat and duplicating it's bootstrap process, the fix for my problem ended up being that Apache Commons Daemon (Procrun) does not work properly when there is white-space in the name of the Windows service.
It seemingly correctly installs and registers a service with Windows when there are spaces in the service name. The Windows registry entries even look correct. The service even runs in debug (aka TS or console) mode just fine. When run, however, as an actual service launched by Windows it fails if the service was installed with a white-space in the service name.
I sure wish Procrun had some type of log output when it fails! Good logging can make debugging issues like this a snap.
I did need to have multiple words in my service name, so I named my service with one word and changed the name with the "DisplayName" parameter:
> prunsrv.exe //IS//MyService --Install="C:\path-to-prunsrv.exe" --Jvm=auto \
--Startup=auto --StartMode=jvm --Classpath="C:\path-to-MyService.jar" \
--StartClass=com.mydomain.MyService --DisplayName="My Service"
I wanted to give some additional information about what '11101101b' said above. (This is my first post, so please be gentle!)
I was able to get the service to install correctly with spaces in the service name by changing the //IS//MyService part of his command to instead be the following, which I suspect is what he also did. (I apologize if I'm assuming incorrectly.) Notice that the opening double quote is at the beginning of the string rather than at the beginning of the service name.
"//IS//My Service"
As was the case for him, the service installed correctly and looked correct, but it wouldn't start. I was able to get around that by changing the service's ImagePath value data setting in the registry to have the same change for the //RS//My Service part of the command. Therefore, the registry value instead had the following in its data setting:
"//RS//My Service"
Everything seems to be working without any problems.
This server starts and stops because of reason the task is completed by the service so it would stop automatically. if you have a logic of running long inside it would not stop.
I got same problem ... under my local machine everthing working fine on server the same issue => problem was that Working Path was not set.
May its heps someone ... be the force with you
I have a server where I work with a database and files using a java app.
When I start my app I give a report regarding file access to the server using:
public static boolean folderExists(String folderPath) {
File folderToCheck = new File(folderPath);
return folderToCheck.exists();
}
Every time I start my app (after a fresh restart of my computer)
I get a false response, even though the server is on.
The reason is because I must give an authentication as another user.
What I do is access the server through Windows
where I am being asked for username/password,
and after that I get a true response regarding file access to the server.
Is there a way to give the authentication username/password through Java,
and not through Windows?
Thank you
On Windows 'native' Java IO (e.g. java.io.File) always inherits the security context of the user running the JVM process. For example, you could run the Java app as a Windows service with the correct credentials.
The JCIFS project implements CIFS (the Windows SMB file server protocol) and allows you to directly specify the username/password.
See the API for examples.
I am pretty sure, that there is no way to grant fileaccess by java, without a Windows-Call.
You can call cacls file.log /e /t /p Everyone:f but this will be language-dependent.
I had a similar problem: How to change the file ACL in windows, if I only know the SID?
With Java7 there may be a way to do this.