Java Code Examples for org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler

The following examples show how to use org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example 2
Source Project: big-c   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example 3
Source Project: ranger   Source File: KMSAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 
Example 4
Source Project: lucene-solr   Source File: HadoopAuthPlugin.java    License: Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("unchecked")
protected FilterConfig getInitFilterConfig(Map<String, Object> pluginConfig) {
  Map<String, String> params = new HashMap<>();

  String type = (String) Objects.requireNonNull(pluginConfig.get(HADOOP_AUTH_TYPE));
  params.put(HADOOP_AUTH_TYPE, type);

  String sysPropPrefix = (String) pluginConfig.getOrDefault(SYSPROP_PREFIX_PROPERTY, "solr.");
  Collection<String> authConfigNames = (Collection<String>) pluginConfig.
      getOrDefault(AUTH_CONFIG_NAMES_PROPERTY, Collections.emptyList());
  Map<String,String> authConfigDefaults = (Map<String,String>) pluginConfig
      .getOrDefault(DEFAULT_AUTH_CONFIGS_PROPERTY, Collections.emptyMap());
  Map<String,String> proxyUserConfigs = (Map<String,String>) pluginConfig
      .getOrDefault(PROXY_USER_CONFIGS, Collections.emptyMap());

  for ( String configName : authConfigNames) {
    String systemProperty = sysPropPrefix + configName;
    String defaultConfigVal = authConfigDefaults.get(configName);
    String configVal = System.getProperty(systemProperty, defaultConfigVal);
    if (configVal != null) {
      params.put(configName, configVal);
    }
  }

  // Configure proxy user settings.
  params.putAll(proxyUserConfigs);

  // Needed to work around HADOOP-13346
  params.put(DelegationTokenAuthenticationHandler.JSON_MAPPER_PREFIX + JsonGenerator.Feature.AUTO_CLOSE_TARGET,
      "false");

  final ServletContext servletContext = new AttributeOnlyServletContext();
  if (log.isInfoEnabled()) {
    log.info("Params: {}", params);
  }

  ZkController controller = coreContainer.getZkController();
  if (controller != null) {
    servletContext.setAttribute(DELEGATION_TOKEN_ZK_CLIENT, controller.getZkClient());
  }

  FilterConfig conf = new FilterConfig() {
    @Override
    public ServletContext getServletContext() {
      return servletContext;
    }

    @Override
    public Enumeration<String> getInitParameterNames() {
      return Collections.enumeration(params.keySet());
    }

    @Override
    public String getInitParameter(String param) {
      return params.get(param);
    }

    @Override
    public String getFilterName() {
      return "HadoopAuthFilter";
    }
  };

  return conf;
}
 
Example 5
Source Project: sqoop-on-spark   Source File: SqoopAuthenticationFilter.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
                                      FilterConfig filterConfig) throws ServletException {
  Properties properties = new Properties();
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String type = mapContext.getString(
      SecurityConstants.AUTHENTICATION_TYPE,
      SecurityConstants.TYPE.SIMPLE.name()).trim();

  if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
    properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());

    String keytab = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
    if (keytab.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0005,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
    }

    String principal = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
    if (principal.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    String hostPrincipal = "";
    try {
      hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    } catch (IOException e) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
    properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
  } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
    properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
    properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
        mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
  } else {
    throw new SqoopException(SecurityError.AUTH_0004, type);
  }

  properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
          SecurityConstants.TOKEN_KIND);

  return properties;
}