org.apache.hadoop.security.authentication.client.ConnectionConfigurator Java Examples

The following examples show how to use org.apache.hadoop.security.authentication.client.ConnectionConfigurator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecureClientUtils.java    From atlas with Apache License 2.0 6 votes vote down vote up
private  ConnectionConfigurator newSslConnConfigurator(final int timeout, Configuration conf)
throws IOException, GeneralSecurityException {
    final SSLSocketFactory sf;
    final HostnameVerifier hv;

    factory = getSSLFactory(conf);
    sf = factory.createSSLSocketFactory();
    hv = factory.getHostnameVerifier();

    return new ConnectionConfigurator() {
        @Override
        public HttpURLConnection configure(HttpURLConnection conn) throws IOException {
            if (conn instanceof HttpsURLConnection) {
                HttpsURLConnection c = (HttpsURLConnection) conn;
                c.setSSLSocketFactory(sf);
                c.setHostnameVerifier(hv);
            }
            setTimeouts(conn, timeout);
            return conn;
        }
    };
}
 
Example #2
Source File: TimelineReaderFactory.java    From tez with Apache License 2.0 6 votes vote down vote up
@Override
public HttpURLConnection getHttpURLConnection(URL url) throws IOException {
  try {
    AuthenticatedURL authenticatedURL= ReflectionUtils.createClazzInstance(
        DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME, new Class[] {
        delegationTokenAuthenticatorClazz,
        ConnectionConfigurator.class
    }, new Object[] {
        authenticator,
        connConfigurator
    });
    return ReflectionUtils.invokeMethod(authenticatedURL,
        delegationTokenAuthenticateURLOpenConnectionMethod, url, token, doAsUser);
  } catch (Exception e) {
    throw new IOException(e);
  }
}
 
Example #3
Source File: TestURLConnectionFactory.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testConnConfiguratior() throws IOException {
  final URL u = new URL("http://localhost");
  final List<HttpURLConnection> conns = Lists.newArrayList();
  URLConnectionFactory fc = new URLConnectionFactory(new ConnectionConfigurator() {
    @Override
    public HttpURLConnection configure(HttpURLConnection conn)
        throws IOException {
      Assert.assertEquals(u, conn.getURL());
      conns.add(conn);
      return conn;
    }
  });

  fc.openConnection(u);
  Assert.assertEquals(1, conns.size());
}
 
Example #4
Source File: TestURLConnectionFactory.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testConnConfiguratior() throws IOException {
  final URL u = new URL("http://localhost");
  final List<HttpURLConnection> conns = Lists.newArrayList();
  URLConnectionFactory fc = new URLConnectionFactory(new ConnectionConfigurator() {
    @Override
    public HttpURLConnection configure(HttpURLConnection conn)
        throws IOException {
      Assert.assertEquals(u, conn.getURL());
      conns.add(conn);
      return conn;
    }
  });

  fc.openConnection(u);
  Assert.assertEquals(1, conns.size());
}
 
Example #5
Source File: KerberosWebHDFSConnection2.java    From Transwarp-Sample-Code with MIT License 6 votes vote down vote up
public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password)  {
        this.httpfsUrl = httpfsUrl;
        this.principal = principal;
        this.password = password;

        Configuration conf = new Configuration();
        conf.addResource("conf/hdfs-site.xml");
        conf.addResource("conf/core-site.xml");
        newToken = new AuthenticatedURL.Token();

        KerberosAuthenticator ka = new KerberosAuthenticator();
        ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf);
        ka.setConnectionConfigurator(connectionConfigurator);

        try{
            URL url = new URL(httpfsUrl);
            ka.authenticate(url,newToken);
        }catch(Exception e){
            e.printStackTrace();
        }


         this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator);
//        this.authenticatedURL = new AuthenticatedURL(
//                new KerberosAuthenticator2(principal, password));
    }
 
Example #6
Source File: TestTimelineReaderFactory.java    From tez with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 5000)
public void testPseudoAuthenticatorConnectionUrlShouldHaveUserName() throws Exception {
  ConnectionConfigurator connConf = mock(ConnectionConfigurator.class);
  TimelineReaderPseudoAuthenticatedStrategy.PseudoAuthenticatedURLConnectionFactory
      connectionFactory = new TimelineReaderPseudoAuthenticatedStrategy
        .PseudoAuthenticatedURLConnectionFactory(connConf);
  String inputUrl = "http://host:8080/path";
  String expectedUrl = inputUrl + "?user.name=" + UserGroupInformation.getCurrentUser().getShortUserName();
  HttpURLConnection httpURLConnection = connectionFactory.getHttpURLConnection(new URL(inputUrl));
  Assert.assertEquals(expectedUrl, httpURLConnection.getURL().toString());
}
 
Example #7
Source File: SecureClientUtils.java    From atlas with Apache License 2.0 5 votes vote down vote up
private  ConnectionConfigurator newConnConfigurator(Configuration conf) {
    try {
        return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT_IN_MSECS, conf);
    } catch (Exception e) {
        LOG.debug("Cannot load customized ssl related configuration. " + "Fallback to system-generic settings.", e);
        return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
    }
}
 
Example #8
Source File: TimelineReaderFactory.java    From tez with Apache License 2.0 5 votes vote down vote up
public TokenAuthenticatedURLConnectionFactory(ConnectionConfigurator connConfigurator,
                                              Authenticator authenticator,
                                              UserGroupInformation authUgi,
                                              String doAsUser) throws TezException {
  this.connConfigurator = connConfigurator;
  this.authenticator = authenticator;
  this.authUgi = authUgi;
  this.doAsUser = doAsUser;
  this.token = ReflectionUtils.createClazzInstance(
      DELEGATION_TOKEN_AUTHENTICATED_URL_TOKEN_CLASS_NAME, null, null);
}
 
Example #9
Source File: SecureClientUtils.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
private static ConnectionConfigurator newConnConfigurator(Configuration conf) {
    try {
        return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT_IN_MSECS, conf);
    } catch (Exception e) {
        LOG.debug("Cannot load customized ssl related configuration. " + "Fallback to system-generic settings.", e);
        return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
    }
}
 
Example #10
Source File: ResourceRequest.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
public Token<?>[] addDelegationTokens(String strURL, String renewer,
                                      Credentials credentials) throws IOException {
  Token<?>[] tokens = null;
  Text dtService = getDelegationTokenService(strURL);
  Token<?> token = credentials.getToken(dtService);
  if (token == null) {
    URL url = new URL(strURL);
    DelegationTokenAuthenticatedURL authUrl =
            new DelegationTokenAuthenticatedURL(new ConnectionConfigurator() {
              @Override
              public HttpURLConnection configure(HttpURLConnection conn) throws IOException {
                return conn;
              }
            });
    try {
      token = authUrl.getDelegationToken(url, authToken, renewer);
      if (token != null) {
        credentials.addToken(token.getService(), token);
        tokens = new Token<?>[]{token};
      } else {
        throw new IOException("Got NULL as delegation token");
      }
    } catch (AuthenticationException ex) {
      throw new IOException(ex);
    }
  }
  return tokens;
}
 
Example #11
Source File: DelegationTokenAuthenticatedURL.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static DelegationTokenAuthenticator
    obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator dta,
          ConnectionConfigurator connConfigurator) {
  try {
    if (dta == null) {
      dta = DEFAULT_AUTHENTICATOR.newInstance();
      dta.setConnectionConfigurator(connConfigurator);
    }
    return dta;
  } catch (Exception ex) {
    throw new IllegalArgumentException(ex);
  }
}
 
Example #12
Source File: URLConnectionFactory.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Construct a new URLConnectionFactory based on the configuration. It will
 * try to load SSL certificates when it is specified.
 */
public static URLConnectionFactory newDefaultURLConnectionFactory(Configuration conf) {
  ConnectionConfigurator conn = null;
  try {
    conn = newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf);
  } catch (Exception e) {
    LOG.debug(
        "Cannot load customized ssl related configuration. Fallback to system-generic settings.",
        e);
    conn = DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
  }
  return new URLConnectionFactory(conn);
}
 
Example #13
Source File: TimelineClientImpl.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static ConnectionConfigurator newConnConfigurator(Configuration conf) {
  try {
    return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf);
  } catch (Exception e) {
    LOG.debug("Cannot load customized ssl related configuration. " +
        "Fallback to system-generic settings.", e);
    return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
  }
}
 
Example #14
Source File: TimelineClientImpl.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static ConnectionConfigurator newConnConfigurator(Configuration conf) {
  try {
    return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf);
  } catch (Exception e) {
    LOG.debug("Cannot load customized ssl related configuration. " +
        "Fallback to system-generic settings.", e);
    return DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
  }
}
 
Example #15
Source File: URLConnectionFactory.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Construct a new URLConnectionFactory based on the configuration. It will
 * try to load SSL certificates when it is specified.
 */
public static URLConnectionFactory newDefaultURLConnectionFactory(Configuration conf) {
  ConnectionConfigurator conn = null;
  try {
    conn = newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf);
  } catch (Exception e) {
    LOG.debug(
        "Cannot load customized ssl related configuration. Fallback to system-generic settings.",
        e);
    conn = DEFAULT_TIMEOUT_CONN_CONFIGURATOR;
  }
  return new URLConnectionFactory(conn);
}
 
Example #16
Source File: DelegationTokenAuthenticatedURL.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static DelegationTokenAuthenticator
    obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator dta,
          ConnectionConfigurator connConfigurator) {
  try {
    if (dta == null) {
      dta = DEFAULT_AUTHENTICATOR.newInstance();
      dta.setConnectionConfigurator(connConfigurator);
    }
    return dta;
  } catch (Exception ex) {
    throw new IllegalArgumentException(ex);
  }
}
 
Example #17
Source File: KerberosAuthenticator2.java    From Transwarp-Sample-Code with MIT License 4 votes vote down vote up
public void setConnectionConfigurator(ConnectionConfigurator arg0) {
    // TODO Auto-generated method stub
}
 
Example #18
Source File: TimelineReaderFactory.java    From tez with Apache License 2.0 4 votes vote down vote up
public PseudoAuthenticatedURLConnectionFactory(ConnectionConfigurator connectionConf) {
  this.connectionConf = connectionConf;
}
 
Example #19
Source File: URLConnectionFactory.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@VisibleForTesting
URLConnectionFactory(ConnectionConfigurator connConfigurator) {
  this.connConfigurator = connConfigurator;
}
 
Example #20
Source File: TestWebHdfsTokens.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testSetTokenServiceAndKind() throws Exception {
  MiniDFSCluster cluster = null;

  try {
    final Configuration clusterConf = new HdfsConfiguration(conf);
    SecurityUtil.setAuthenticationMethod(SIMPLE, clusterConf);
    clusterConf.setBoolean(DFSConfigKeys
            .DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);

    // trick the NN into thinking s[ecurity is enabled w/o it trying
    // to login from a keytab
    UserGroupInformation.setConfiguration(clusterConf);
    cluster = new MiniDFSCluster.Builder(clusterConf).numDataNodes(0).build();
    cluster.waitActive();
    SecurityUtil.setAuthenticationMethod(KERBEROS, clusterConf);
    final WebHdfsFileSystem fs = WebHdfsTestUtil.getWebHdfsFileSystem
            (clusterConf, "webhdfs");
    Whitebox.setInternalState(fs, "canRefreshDelegationToken", true);

    URLConnectionFactory factory = new URLConnectionFactory(new ConnectionConfigurator() {
      @Override
      public HttpURLConnection configure(HttpURLConnection conn)
              throws IOException {
        return conn;
      }
    }) {
      @Override
      public URLConnection openConnection(URL url) throws IOException {
        return super.openConnection(new URL(url + "&service=foo&kind=bar"));
      }
    };
    Whitebox.setInternalState(fs, "connectionFactory", factory);
    Token<?> token1 = fs.getDelegationToken();
    Assert.assertEquals(new Text("bar"), token1.getKind());

    final HttpOpParam.Op op = GetOpParam.Op.GETDELEGATIONTOKEN;
    Token<DelegationTokenIdentifier> token2 =
        fs.new FsPathResponseRunner<Token<DelegationTokenIdentifier>>(
            op, null, new RenewerParam(null)) {
          @Override
          Token<DelegationTokenIdentifier> decodeResponse(Map<?, ?> json)
              throws IOException {
            return JsonUtil.toDelegationToken(json);
          }
        }.run();

    Assert.assertEquals(new Text("bar"), token2.getKind());
    Assert.assertEquals(new Text("foo"), token2.getService());
  } finally {
    if (cluster != null) {
      cluster.shutdown();
    }
  }
}
 
Example #21
Source File: DelegationTokenAuthenticator.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public void setConnectionConfigurator(ConnectionConfigurator configurator) {
  authenticator.setConnectionConfigurator(configurator);
  connConfigurator = configurator;
}
 
Example #22
Source File: DelegationTokenAuthenticator.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public void setConnectionConfigurator(ConnectionConfigurator configurator) {
  authenticator.setConnectionConfigurator(configurator);
  connConfigurator = configurator;
}
 
Example #23
Source File: TestWebHdfsTokens.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testSetTokenServiceAndKind() throws Exception {
  MiniDFSCluster cluster = null;

  try {
    final Configuration clusterConf = new HdfsConfiguration(conf);
    SecurityUtil.setAuthenticationMethod(SIMPLE, clusterConf);
    clusterConf.setBoolean(DFSConfigKeys
            .DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);

    // trick the NN into thinking s[ecurity is enabled w/o it trying
    // to login from a keytab
    UserGroupInformation.setConfiguration(clusterConf);
    cluster = new MiniDFSCluster.Builder(clusterConf).numDataNodes(0).build();
    cluster.waitActive();
    SecurityUtil.setAuthenticationMethod(KERBEROS, clusterConf);
    final WebHdfsFileSystem fs = WebHdfsTestUtil.getWebHdfsFileSystem
            (clusterConf, "webhdfs");
    Whitebox.setInternalState(fs, "canRefreshDelegationToken", true);

    URLConnectionFactory factory = new URLConnectionFactory(new ConnectionConfigurator() {
      @Override
      public HttpURLConnection configure(HttpURLConnection conn)
              throws IOException {
        return conn;
      }
    }) {
      @Override
      public URLConnection openConnection(URL url) throws IOException {
        return super.openConnection(new URL(url + "&service=foo&kind=bar"));
      }
    };
    Whitebox.setInternalState(fs, "connectionFactory", factory);
    Token<?> token1 = fs.getDelegationToken();
    Assert.assertEquals(new Text("bar"), token1.getKind());

    final HttpOpParam.Op op = GetOpParam.Op.GETDELEGATIONTOKEN;
    Token<DelegationTokenIdentifier> token2 =
        fs.new FsPathResponseRunner<Token<DelegationTokenIdentifier>>(
            op, null, new RenewerParam(null)) {
          @Override
          Token<DelegationTokenIdentifier> decodeResponse(Map<?, ?> json)
              throws IOException {
            return JsonUtil.toDelegationToken(json);
          }
        }.run();

    Assert.assertEquals(new Text("bar"), token2.getKind());
    Assert.assertEquals(new Text("foo"), token2.getService());
  } finally {
    if (cluster != null) {
      cluster.shutdown();
    }
  }
}
 
Example #24
Source File: URLConnectionFactory.java    From big-c with Apache License 2.0 4 votes vote down vote up
@VisibleForTesting
URLConnectionFactory(ConnectionConfigurator connConfigurator) {
  this.connConfigurator = connConfigurator;
}
 
Example #25
Source File: PseudoAuthenticator.java    From Transwarp-Sample-Code with MIT License 4 votes vote down vote up
public void setConnectionConfigurator(ConnectionConfigurator arg0) {
    // TODO Auto-generated method stub
}
 
Example #26
Source File: DelegationTokenAuthenticatedURL.java    From big-c with Apache License 2.0 3 votes vote down vote up
/**
 * Creates an <code>DelegationTokenAuthenticatedURL</code>.
 *
 * @param authenticator the {@link DelegationTokenAuthenticator} instance to
 * use, if <code>null</code> the default one will be used.
 * @param connConfigurator a connection configurator.
 */
public DelegationTokenAuthenticatedURL(
    DelegationTokenAuthenticator authenticator,
    ConnectionConfigurator connConfigurator) {
  super(obtainDelegationTokenAuthenticator(authenticator, connConfigurator),
          connConfigurator);
}
 
Example #27
Source File: DelegationTokenAuthenticatedURL.java    From hadoop with Apache License 2.0 3 votes vote down vote up
/**
 * Creates an <code>DelegationTokenAuthenticatedURL</code>.
 *
 * @param authenticator the {@link DelegationTokenAuthenticator} instance to
 * use, if <code>null</code> the default one will be used.
 * @param connConfigurator a connection configurator.
 */
public DelegationTokenAuthenticatedURL(
    DelegationTokenAuthenticator authenticator,
    ConnectionConfigurator connConfigurator) {
  super(obtainDelegationTokenAuthenticator(authenticator, connConfigurator),
          connConfigurator);
}
 
Example #28
Source File: DelegationTokenAuthenticatedURL.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Creates an <code>DelegationTokenAuthenticatedURL</code> using the default
 * {@link DelegationTokenAuthenticator} class.
 *
 * @param connConfigurator a connection configurator.
 */
public DelegationTokenAuthenticatedURL(
    ConnectionConfigurator connConfigurator) {
  this(null, connConfigurator);
}
 
Example #29
Source File: KMSClientProvider.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Sets the timeout and wraps another connection configurator
 * @param timeout - will set both connect and read timeouts - in seconds
 * @param cc - another configurator to wrap - may be null
 */
public TimeoutConnConfigurator(int timeout, ConnectionConfigurator cc) {
  this.timeout = timeout;
  this.cc = cc;
}
 
Example #30
Source File: DelegationTokenAuthenticatedURL.java    From hadoop with Apache License 2.0 2 votes vote down vote up
/**
 * Creates an <code>DelegationTokenAuthenticatedURL</code> using the default
 * {@link DelegationTokenAuthenticator} class.
 *
 * @param connConfigurator a connection configurator.
 */
public DelegationTokenAuthenticatedURL(
    ConnectionConfigurator connConfigurator) {
  this(null, connConfigurator);
}