org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation Java Examples

The following examples show how to use org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 
Example #2
Source File: KMSMDCFilter.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL.toString()));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 
Example #3
Source File: HadoopAuthFilter.java    From lucene-solr with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 
Example #4
Source File: DelegationTokenKerberosFilter.java    From lucene-solr with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 
Example #5
Source File: KMSMDCFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 
Example #6
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #7
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #8
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #9
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #10
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #11
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #12
Source File: KMSMDCFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 
Example #13
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #14
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #15
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #16
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #17
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #18
Source File: KMS.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 
Example #19
Source File: KMS.java    From big-c with Apache License 2.0 6 votes vote down vote up
@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 
Example #20
Source File: AuthorizationEngine.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
private static void checkPrivilege(MPrivilege... privileges) {
  AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler();
  UserGroupInformation user = HttpUserGroupInformation.get();
  String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName();
  MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER);
  handler.checkPrivileges(principal, Arrays.asList(privileges));
}
 
Example #21
Source File: HttpFSServer.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Binding to handle DELETE requests.
 *
 * @param path the path for operation.
 * @param op the HttpFS operation of the request.
 * @param params the HttpFS parameters of the request.
 *
 * @return the request response.
 *
 * @throws IOException thrown if an IO error occurred. Thrown exceptions are
 * handled by {@link HttpFSExceptionProvider}.
 * @throws FileSystemAccessException thrown if a FileSystemAccess releated
 * error occurred. Thrown exceptions are handled by
 * {@link HttpFSExceptionProvider}.
 */
@DELETE
@Path("{path:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response delete(@PathParam("path") String path,
                       @QueryParam(OperationParam.NAME) OperationParam op,
                       @Context Parameters params,
                       @Context HttpServletRequest request)
  throws IOException, FileSystemAccessException {
  UserGroupInformation user = HttpUserGroupInformation.get();
  Response response;
  path = makeAbsolute(path);
  MDC.put(HttpFSFileSystem.OP_PARAM, op.value().name());
  MDC.put("hostname", request.getRemoteAddr());
  switch (op.value()) {
    case DELETE: {
      Boolean recursive =
        params.get(RecursiveParam.NAME,  RecursiveParam.class);
      AUDIT_LOG.info("[{}] recursive [{}]", path, recursive);
      FSOperations.FSDelete command =
        new FSOperations.FSDelete(path, recursive);
      JSONObject json = fsExecute(user, command);
      response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
      break;
    }
    default: {
      throw new IOException(
        MessageFormat.format("Invalid HTTP DELETE operation [{0}]",
                             op.value()));
    }
  }
  return response;
}
 
Example #22
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyVersions method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_KEY_VERSIONS, name, request.getRemoteAddr());
    LOG.debug("Getting key versions for key {}", name);
    List<KeyVersion> ret = user.doAs(new PrivilegedExceptionAction<List<KeyVersion>>() {
      @Override
      public List<KeyVersion> run() throws Exception {
        return provider.getKeyVersions(name);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(ret);
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyVersions method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
      LOG.error("Exception in getKeyVersions.", e);
    throw e;
  }
 }
 
Example #23
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName, @Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyVersion method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(versionName, "versionName");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_KEY_VERSION, request.getRemoteAddr());
    LOG.debug("Getting key with version name {}.", versionName);
    KeyVersion keyVersion = user.doAs(new PrivilegedExceptionAction<KeyVersion>() {
      @Override
      public KeyVersion run() throws Exception {
        return provider.getKeyVersion(versionName);
      }
    });
    if (keyVersion != null) {
      kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
    }
    Object json = KMSUtil.toJSON(keyVersion);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyVersion method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getKeyVersion.", e);
    throw e;
  }
}
 
Example #24
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getCurrentVersion method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_CURRENT_KEY, name, request.getRemoteAddr());
    LOG.debug("Getting key version for key with name {}.", name);
    KeyVersion keyVersion = user.doAs(new PrivilegedExceptionAction<KeyVersion>() {
      @Override
      public KeyVersion run() throws Exception {
        return provider.getCurrentKey(name);
      }
    });
    Object json = KMSUtil.toJSON(keyVersion);
    kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
    if (LOG.isDebugEnabled()) {
      LOG.debug("Exiting getCurrentVersion method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getCurrentVersion.", e);
    throw e;
  }
}
 
Example #25
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getMetadata method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getAdminCallsMeter().mark();
    assertAccess(Type.GET_METADATA, user, KMSOp.GET_METADATA, name, request.getRemoteAddr());
    LOG.debug("Getting metadata for key with name {}.", name);
    KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
      @Override
      public KeyProvider.Metadata run() throws Exception {
        return provider.getMetadata(name);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(name, metadata);
    kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getMetadata method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getMetadata.", e);
    throw e;
  }
}
 
Example #26
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames(@Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyNames method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.GET_KEYS, user, KMSOp.GET_KEYS, request.getRemoteAddr());
    List<String> json = user.doAs(new PrivilegedExceptionAction<List<String>>() {
      @Override
      public List<String> run() throws Exception {
        return provider.getKeys();
      }
    });
    kmsAudit.ok(user, KMSOp.GET_KEYS, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyNames method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getkeyNames.", e);
    throw e;
  }
}
 
Example #27
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList, @Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeysMetadata method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    final String[] keyNames = keyNamesList.toArray( new String[keyNamesList.size()]);
    assertAccess(Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA, request.getRemoteAddr());
    KeyProvider.Metadata[] keysMeta = user.doAs(new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
      @Override
      public KeyProvider.Metadata[] run() throws Exception {
        return provider.getKeysMetadata(keyNames);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
    kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeysMetadata method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getKeysmetadata.", e);
    throw e;
  }
}
 
Example #28
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@POST
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.INVALIDATECACHE_RESOURCE)
public Response invalidateCache(@PathParam("name") final String name) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering invalidateCache Method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    checkNotEmpty(name, "name");
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.ROLLOVER, user, KMSOp.INVALIDATE_CACHE, name);
    LOG.debug("Invalidating cache with key name {}.", name);
    user.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        provider.invalidateCache(name);
        provider.flush();
        return null;
      }
    });
    kmsAudit.ok(user, KMSOp.INVALIDATE_CACHE, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting invalidateCache for key name {}.", name);
    }
    return Response.ok().build();
  } catch (Exception e) {
    LOG.error("Exception in invalidateCache for key name {}.", name, e);
    throw e;
  }
}
 
Example #29
Source File: KMS.java    From ranger with Apache License 2.0 5 votes vote down vote up
@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering deleteKey method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.DELETE, user, KMSOp.DELETE_KEY, name, request.getRemoteAddr());
    checkNotEmpty(name, "name");
    LOG.debug("Deleting key with name {}.", name);
    user.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        provider.deleteKey(name);
        provider.flush();
        return null;
      }
    });
    kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting deleteKey method.");
    }
    return Response.ok().build();
  } catch (Exception e) {
    LOG.error("Exception in deleteKey.", e);
    throw e;
    }
}
 
Example #30
Source File: RequestContext.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
/**
 * Get username specified by custom username HTTP header.
 *
 * @return Name of user sending the request
 */
public String getUserName() {
  if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
    return HttpUserGroupInformation.get().getShortUserName();
  } else {
    return request.getParameter(PseudoAuthenticator.USER_NAME);
  }
}