Java Code Examples for org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

The following examples show how to use org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: AuthFilter.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 
Example 2
/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 
Example 3
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 
Example 4
Source Project: hadoop   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example 5
Source Project: big-c   Source File: AuthFilter.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 
Example 6
Source Project: big-c   Source File: DelegationTokenAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 
Example 7
Source Project: big-c   Source File: DelegationTokenAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 
Example 8
Source Project: big-c   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example 9
Source Project: ranger   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 
Example 10
Source Project: ambari-logsearch   Source File: LogsearchKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" + 
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }    
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
}
 
Example 11
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example 12
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 
Example 13
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example 14
Source Project: hadoop   Source File: AuthenticationFilterInitializer.java    License: Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example 15
Source Project: hadoop   Source File: TestWebDelegationToken.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 
Example 16
Source Project: hadoop   Source File: TestKerberosAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:[email protected]$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example 17
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example 18
Source Project: big-c   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 
Example 19
Source Project: big-c   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example 20
Source Project: big-c   Source File: AuthenticationFilterInitializer.java    License: Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example 21
Source Project: big-c   Source File: TestWebDelegationToken.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 
Example 22
Source Project: big-c   Source File: TestKerberosAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:[email protected]$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example 23
Source Project: ranger   Source File: RangerKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" +
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName, filterConfig);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
  cookieName = config.getProperty(RangerCommonConstants.PROP_COOKIE_NAME, RangerCommonConstants.DEFAULT_COOKIE_NAME);
}
 
Example 24
@Override
public void init(FilterConfig conf) throws ServletException {
  final FilterConfig globalConf = conf;
  String hostName = logSearchSpnegoConfig.getHostName();
  final Map<String, String> params = new HashMap<String, String>();
  if (spnegoEnable) {
    authType = KerberosAuthenticationHandler.TYPE;
  }
  params.put(AUTH_TYPE,authType);
  params.put(NAME_RULES_PARAM, logSearchSpnegoConfig.getNameRules());
  params.put(TOKEN_VALID_PARAM, logSearchSpnegoConfig.getTokenValid());
  params.put(COOKIE_DOMAIN_PARAM, logSearchSpnegoConfig.getCookieDomain());
  params.put(COOKIE_PATH_PARAM, logSearchSpnegoConfig.getCookiePath());
  params.put(PRINCIPAL_PARAM, logSearchSpnegoConfig.getPrincipal());
  params.put(KEYTAB_PARAM, logSearchSpnegoConfig.getKeyTab());
  FilterConfig myConf = new FilterConfig() {
    @Override
    public ServletContext getServletContext() {
      if (globalConf != null) {
        return globalConf.getServletContext();
      } else {
        return NO_SERVLET_CONTEXT;
      }
    }

    @SuppressWarnings("unchecked")
    @Override
    public Enumeration<String> getInitParameterNames() {
      return new IteratorEnumeration(params.keySet().iterator());
    }

    @Override
    public String getInitParameter(String param) {
      return params.get(param);
    }

    @Override
    public String getFilterName() {
      return "KerberosFilter";
    }
  };
  super.init(myConf);
}
 
Example 25
Source Project: hadoop   Source File: RMAuthenticationFilterInitializer.java    License: Apache License 2.0 4 votes vote down vote up
public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 
Example 26
public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 
Example 27
Source Project: big-c   Source File: RMAuthenticationFilterInitializer.java    License: Apache License 2.0 4 votes vote down vote up
public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 
Example 28
public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 
Example 29
Source Project: sqoop-on-spark   Source File: SqoopAuthenticationFilter.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
                                      FilterConfig filterConfig) throws ServletException {
  Properties properties = new Properties();
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String type = mapContext.getString(
      SecurityConstants.AUTHENTICATION_TYPE,
      SecurityConstants.TYPE.SIMPLE.name()).trim();

  if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
    properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());

    String keytab = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
    if (keytab.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0005,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
    }

    String principal = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
    if (principal.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    String hostPrincipal = "";
    try {
      hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    } catch (IOException e) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
    properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
  } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
    properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
    properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
        mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
  } else {
    throw new SqoopException(SecurityError.AUTH_0004, type);
  }

  properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
          SecurityConstants.TOKEN_KIND);

  return properties;
}