org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler Java Examples

The following examples show how to use org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KMSAuthenticationFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example #2
Source File: KMSAuthenticationFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example #3
Source File: KMSAuthenticationFilter.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 
Example #4
Source File: SqoopAuthenticationFilter.java    From sqoop-on-spark with Apache License 2.0 4 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
                                      FilterConfig filterConfig) throws ServletException {
  Properties properties = new Properties();
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String type = mapContext.getString(
      SecurityConstants.AUTHENTICATION_TYPE,
      SecurityConstants.TYPE.SIMPLE.name()).trim();

  if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
    properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());

    String keytab = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
    if (keytab.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0005,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
    }

    String principal = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
    if (principal.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    String hostPrincipal = "";
    try {
      hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    } catch (IOException e) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
    properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
  } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
    properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
    properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
        mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
  } else {
    throw new SqoopException(SecurityError.AUTH_0004, type);
  }

  properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
          SecurityConstants.TOKEN_KIND);

  return properties;
}