org.apache.hadoop.security.authentication.server.AuthenticationFilter Java Examples

The following examples show how to use org.apache.hadoop.security.authentication.server.AuthenticationFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SentryWebServer.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
private static Map<String, String> loadWebAuthenticationConf(Configuration conf) {
  Map<String,String> prop = new HashMap<String, String>();
  prop.put(AuthenticationFilter.CONFIG_PREFIX, ServerConfig.SENTRY_WEB_SECURITY_PREFIX);
  String allowUsers = conf.get(ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS);
  if (allowUsers == null || allowUsers.equals("")) {
    allowUsers = conf.get(ServerConfig.ALLOW_CONNECT);
    conf.set(ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS, allowUsers);
  }
  validateConf(conf);
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(ServerConfig.SENTRY_WEB_SECURITY_PREFIX)) {
      String value = conf.get(name);
      prop.put(name, value);
    }
  }
  return prop;
}
 
Example #2
Source File: TestFileSignerSecretProvider.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));
  testDir.mkdirs();
  String secretValue = "hadoop";
  File secretFile = new File(testDir, "http-secret.txt");
  Writer writer = new FileWriter(secretFile);
  writer.write(secretValue);
  writer.close();

  FileSignerSecretProvider secretProvider
          = new FileSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET_FILE,
      secretFile.getAbsolutePath());
  secretProvider.init(secretProviderProps, null, -1);
  Assert.assertArrayEquals(secretValue.getBytes(),
      secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]);
}
 
Example #3
Source File: TestFileSignerSecretProvider.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));
  testDir.mkdirs();
  String secretValue = "hadoop";
  File secretFile = new File(testDir, "http-secret.txt");
  Writer writer = new FileWriter(secretFile);
  writer.write(secretValue);
  writer.close();

  FileSignerSecretProvider secretProvider
          = new FileSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET_FILE,
      secretFile.getAbsolutePath());
  secretProvider.init(secretProviderProps, null, -1);
  Assert.assertArrayEquals(secretValue.getBytes(),
      secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]);
}
 
Example #4
Source File: TestRMWebServicesAppsModification.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 
Example #5
Source File: HttpServer2.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example #6
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example #7
Source File: HttpServer.java    From hadoop with Apache License 2.0 6 votes vote down vote up
protected void initSpnego(Configuration conf,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<String, String>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal",
               SecurityUtil.getServerPrincipal(principalInConf, listener.getHost()));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example #8
Source File: HttpServer2.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example #9
Source File: AtlasAuthenticationFilter.java    From incubator-atlas with Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig)
        throws ServletException {
    LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider {}", filterConfig);
    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().
            getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);
    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
        configPrefix = (configPrefix != null) ? configPrefix + "." : "";
        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(
                    filterConfig.getServletContext(),
                    super.getConfiguration(configPrefix, filterConfig), false);
            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }
    signer = new Signer(secretProvider);
}
 
Example #10
Source File: HttpServer.java    From big-c with Apache License 2.0 6 votes vote down vote up
protected void initSpnego(Configuration conf,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<String, String>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal",
               SecurityUtil.getServerPrincipal(principalInConf, listener.getHost()));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example #11
Source File: HttpServer2.java    From knox with Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example #12
Source File: TestRMWebServicesAppsModification.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 
Example #13
Source File: HttpServer2.java    From knox with Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example #14
Source File: AtlasAuthenticationFilter.java    From atlas with Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig) throws ServletException {
    LOG.info("==> AtlasAuthenticationFilter.initializeSecretProvider");

    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);

    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);

        configPrefix = (configPrefix != null) ? configPrefix + "." : "";

        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(filterConfig.getServletContext(), super.getConfiguration(configPrefix, filterConfig), false);

            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }

    signer = new Signer(secretProvider);

    LOG.info("<== AtlasAuthenticationFilter.initializeSecretProvider(filterConfig={})", filterConfig);
}
 
Example #15
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 6 votes vote down vote up
private void initSpnego(ConfigurationSource conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example #16
Source File: HttpServer2.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #17
Source File: TestRMWebServicesDelegationTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example #18
Source File: TestHttpCookieFlag.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain) throws IOException,
                                               ServletException {
  HttpServletResponse resp = (HttpServletResponse) response;
  boolean isHttps = "https".equals(request.getScheme());
  AuthenticationFilter.createAuthCookie(resp, "token", null, null, -1,
          isHttps);
  chain.doFilter(request, resp);
}
 
Example #19
Source File: AuthenticationFilterInitializer.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example #20
Source File: FileSignerSecretProvider.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public void init(Properties config, ServletContext servletContext,
                 long tokenValidity) throws Exception {

  String signatureSecretFile = config.getProperty(
      AuthenticationFilter.SIGNATURE_SECRET_FILE, null);

  Reader reader = null;
  if (signatureSecretFile != null) {
    try {
      StringBuilder sb = new StringBuilder();
      reader = new InputStreamReader(
          new FileInputStream(signatureSecretFile), Charsets.UTF_8);
      int c = reader.read();
      while (c > -1) {
        sb.append((char) c);
        c = reader.read();
      }
      secret = sb.toString().getBytes(Charset.forName("UTF-8"));
    } catch (IOException ex) {
      throw new RuntimeException("Could not read signature secret file: " +
          signatureSecretFile);
    } finally {
      if (reader != null) {
        try {
          reader.close();
        } catch (IOException e) {
          // nothing to do
        }
      }
    }
  }

  secrets = new byte[][]{secret};
}
 
Example #21
Source File: TestKerberosAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example #22
Source File: TestKerberosAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticator() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 
Example #23
Source File: TestKerberosAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 
Example #24
Source File: TestStringSignerSecretProvider.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  String secretStr = "secret";
  StringSignerSecretProvider secretProvider
          = new StringSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET, "secret");
  secretProvider.init(secretProviderProps, null, -1);
  byte[] secretBytes = secretStr.getBytes();
  Assert.assertArrayEquals(secretBytes, secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretBytes, allSecrets[0]);
}
 
Example #25
Source File: StringSignerSecretProvider.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public void init(Properties config, ServletContext servletContext,
        long tokenValidity) throws Exception {
  String signatureSecret = config.getProperty(
          AuthenticationFilter.SIGNATURE_SECRET, null);
  secret = signatureSecret.getBytes(Charset.forName("UTF-8"));
  secrets = new byte[][]{secret};
}
 
Example #26
Source File: TestSigner.java    From big-c with Apache License 2.0 5 votes vote down vote up
private StringSignerSecretProvider createStringSignerSecretProvider() throws Exception {
    StringSignerSecretProvider secretProvider = new StringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, -1);
    return secretProvider;
}
 
Example #27
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #28
Source File: HttpParamDelegationTokenPlugin.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
@Override
public void init(Map<String, Object> pluginConfig) {
  try {
    final FilterConfig initConf = getInitFilterConfig(pluginConfig, true);

    FilterConfig conf = new FilterConfig() {
      @Override
      public ServletContext getServletContext() {
        return initConf.getServletContext();
      }

      @Override
      public Enumeration<String> getInitParameterNames() {
        return initConf.getInitParameterNames();
      }

      @Override
      public String getInitParameter(String param) {
        if (AuthenticationFilter.AUTH_TYPE.equals(param)) {
          return HttpParamDelegationTokenAuthenticationHandler.class.getName();
        }
        return initConf.getInitParameter(param);
      }

      @Override
      public String getFilterName() {
       return "HttpParamFilter";
      }
    };
    Filter kerberosFilter = new HttpParamToRequestFilter();
    kerberosFilter.init(conf);
    setKerberosFilter(kerberosFilter);
  } catch (ServletException e) {
    throw new SolrException(SolrException.ErrorCode.SERVER_ERROR,
        "Error initializing kerberos authentication plugin: "+e);
  }
}
 
Example #29
Source File: AuthFilter.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the configuration to be used by the authentication filter
 * to initialize the authentication handler.
 *
 * This filter retrieves all HBase configurations and passes those started
 * with REST_PREFIX to the authentication handler.  It is useful to support
 * plugging different authentication handlers.
*/
@Override
protected Properties getConfiguration(
    String configPrefix, FilterConfig filterConfig) throws ServletException {
  Properties props = super.getConfiguration(configPrefix, filterConfig);
  //setting the cookie path to root '/' so it is used for all resources.
  props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");

  Configuration conf = null;
  // Dirty hack to get at the RESTServer's configuration. These should be pulled out
  // of the FilterConfig.
  if (RESTServer.conf != null) {
    conf = RESTServer.conf;
  } else {
    conf = HBaseConfiguration.create();
  }
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(REST_PREFIX)) {
      String value = entry.getValue();
      if(name.equals(REST_AUTHENTICATION_PRINCIPAL))  {
        try {
          String machineName = Strings.domainNamePointerToHostName(
            DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
              conf.get(REST_DNS_NAMESERVER, "default")));
          value = SecurityUtil.getServerPrincipal(value, machineName);
        } catch (IOException ie) {
          throw new ServletException("Failed to retrieve server principal", ie);
        }
      }
      if (LOG.isTraceEnabled()) {
        LOG.trace("Setting property " + name + "=" + value);
      }
      name = name.substring(REST_PREFIX_LEN);
      props.setProperty(name, value);
    }
  }
  return props;
}
 
Example #30
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}