org.apache.hadoop.security.AuthenticationFilterInitializer Java Examples

The following examples show how to use org.apache.hadoop.security.AuthenticationFilterInitializer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(ConfigurationSource conf, String
    prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
      .getFilterConfigMap(
          LegacyHadoopConfigurationSource.asHadoopConfiguration(conf),
          prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #2
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example #3
Source File: TestApplicationHistoryServer.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 240000)
public void testFilterOverrides() throws Exception {

  HashMap<String, String> driver = new HashMap<String, String>();
  driver.put("", TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(StaticUserWebFilter.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName() + ","
        + StaticUserWebFilter.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName() + ","
      + TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName() + ", "
      + TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());

  for (Map.Entry<String, String> entry : driver.entrySet()) {
    String filterInitializer = entry.getKey();
    String expectedValue = entry.getValue();
    ApplicationHistoryServer historyServer = new ApplicationHistoryServer();
    Configuration config = new YarnConfiguration();
    config.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE,
        MemoryTimelineStore.class, TimelineStore.class);
    config.setClass(YarnConfiguration.TIMELINE_SERVICE_STATE_STORE_CLASS,
        MemoryTimelineStateStore.class, TimelineStateStore.class);
    config.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, "localhost:0");
    try {
      config.set("hadoop.http.filter.initializers", filterInitializer);
      historyServer.init(config);
      historyServer.start();
      Configuration tmp = historyServer.getConfig();
      assertEquals(expectedValue, tmp.get("hadoop.http.filter.initializers"));
    } finally {
      historyServer.stop();
    }
  }
}
 
Example #4
Source File: HttpServer2.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(Configuration conf, String
    prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
      .getFilterConfigMap(conf, prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #5
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example #6
Source File: TestApplicationHistoryServer.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 240000)
public void testFilterOverrides() throws Exception {

  HashMap<String, String> driver = new HashMap<String, String>();
  driver.put("", TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(StaticUserWebFilter.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName() + ","
        + StaticUserWebFilter.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName() + ","
      + TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());
  driver.put(AuthenticationFilterInitializer.class.getName() + ", "
      + TimelineAuthenticationFilterInitializer.class.getName(),
    TimelineAuthenticationFilterInitializer.class.getName());

  for (Map.Entry<String, String> entry : driver.entrySet()) {
    String filterInitializer = entry.getKey();
    String expectedValue = entry.getValue();
    ApplicationHistoryServer historyServer = new ApplicationHistoryServer();
    Configuration config = new YarnConfiguration();
    config.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE,
        MemoryTimelineStore.class, TimelineStore.class);
    config.setClass(YarnConfiguration.TIMELINE_SERVICE_STATE_STORE_CLASS,
        MemoryTimelineStateStore.class, TimelineStateStore.class);
    config.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, "localhost:0");
    try {
      config.set("hadoop.http.filter.initializers", filterInitializer);
      historyServer.init(config);
      historyServer.start();
      Configuration tmp = historyServer.getConfig();
      assertEquals(expectedValue, tmp.get("hadoop.http.filter.initializers"));
    } finally {
      historyServer.stop();
    }
  }
}
 
Example #7
Source File: HttpServer2.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(Configuration conf, String
    prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
      .getFilterConfigMap(conf, prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #8
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(Configuration conf, String
    prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
      .getFilterConfigMap(conf, prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #9
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(Configuration conf, String
                                                                      prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
                                         .getFilterConfigMap(conf, prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #10
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private static Properties getFilterProperties(Configuration conf, String
                                                                      prefix) {
  Properties prop = new Properties();
  Map<String, String> filterConfig = AuthenticationFilterInitializer
                                         .getFilterConfigMap(conf, prefix);
  prop.putAll(filterConfig);
  return prop;
}
 
Example #11
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up
private void initializeWebServer(String name, String hostName,
    ConfigurationSource conf, String[] pathSpecs,
    String authFilterConfigPrefix,
    boolean securityEnabled) throws IOException {

  Preconditions.checkNotNull(webAppContext);

  int maxThreads = conf.getInt(HTTP_MAX_THREADS_KEY, -1);
  // If HTTP_MAX_THREADS is not configured, QueueThreadPool() will use the
  // default value (currently 250).

  QueuedThreadPool threadPool = (QueuedThreadPool) webServer.getThreadPool();
  threadPool.setDaemon(true);
  if (maxThreads != -1) {
    threadPool.setMaxThreads(maxThreads);
  }

  SessionHandler handler = webAppContext.getSessionHandler();
  handler.setHttpOnly(true);
  handler.getSessionCookieConfig().setSecure(true);

  ContextHandlerCollection contexts = new ContextHandlerCollection();
  RequestLog requestLog = HttpRequestLog.getRequestLog(name);

  handlers.addHandler(contexts);
  if (requestLog != null) {
    RequestLogHandler requestLogHandler = new RequestLogHandler();
    requestLogHandler.setRequestLog(requestLog);
    handlers.addHandler(requestLogHandler);
  }
  handlers.addHandler(webAppContext);
  final String appDir = getWebAppsPath(name);
  addDefaultApps(contexts, appDir, conf);
  webServer.setHandler(handlers);

  Map<String, String> xFrameParams = setHeaders(conf);
  addGlobalFilter("safety", QuotingInputFilter.class.getName(), xFrameParams);
  final FilterInitializer[] initializers = getFilterInitializers(conf);
  if (initializers != null) {
    conf.set(BIND_ADDRESS, hostName);
    org.apache.hadoop.conf.Configuration hadoopConf =
        LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
    Map<String, String> filterConfig = getFilterConfigMap(hadoopConf,
        authFilterConfigPrefix);
    for (FilterInitializer c : initializers) {
      if ((c instanceof AuthenticationFilterInitializer) && securityEnabled) {
        addFilter("authentication",
            AuthenticationFilter.class.getName(), filterConfig);
      } else {
        c.initFilter(this, hadoopConf);
      }
    }
  }

  addDefaultServlets();

  if (pathSpecs != null) {
    for (String path : pathSpecs) {
      LOG.info("adding path spec: {}", path);
      addFilterPathMapping(path, webAppContext);
    }
  }
}
 
Example #12
Source File: ApplicationHistoryServer.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private void startWebApp() {
  Configuration conf = getConfig();
  TimelineAuthenticationFilter.setTimelineDelegationTokenSecretManager(
      secretManagerService.getTimelineDelegationTokenSecretManager());
  // Always load pseudo authentication filter to parse "user.name" in an URL
  // to identify a HTTP request's user in insecure mode.
  // When Kerberos authentication type is set (i.e., secure mode is turned on),
  // the customized filter will be loaded by the timeline server to do Kerberos
  // + DT authentication.
  String initializers = conf.get("hadoop.http.filter.initializers");
  boolean modifiedInitializers = false;

  initializers =
      initializers == null || initializers.length() == 0 ? "" : initializers;

  if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) {
    if(conf.getBoolean(YarnConfiguration
        .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration
            .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) {
      initializers = CrossOriginFilterInitializer.class.getName() + ","
          + initializers;
      modifiedInitializers = true;
    }
  }

  if (!initializers.contains(TimelineAuthenticationFilterInitializer.class
    .getName())) {
    initializers =
        TimelineAuthenticationFilterInitializer.class.getName() + ","
            + initializers;
    modifiedInitializers = true;
  }

  String[] parts = initializers.split(",");
  ArrayList<String> target = new ArrayList<String>();
  for (String filterInitializer : parts) {
    filterInitializer = filterInitializer.trim();
    if (filterInitializer.equals(AuthenticationFilterInitializer.class
      .getName())) {
      modifiedInitializers = true;
      continue;
    }
    target.add(filterInitializer);
  }
  String actualInitializers =
      org.apache.commons.lang.StringUtils.join(target, ",");
  if (modifiedInitializers) {
    conf.set("hadoop.http.filter.initializers", actualInitializers);
  }
  String bindAddress = WebAppUtils.getWebAppBindURL(conf,
                        YarnConfiguration.TIMELINE_SERVICE_BIND_HOST,
                        WebAppUtils.getAHSWebAppURLWithoutScheme(conf));
  LOG.info("Instantiating AHSWebApp at " + bindAddress);
  try {
    webApp =
        WebApps
          .$for("applicationhistory", ApplicationHistoryClientService.class,
              ahsClientService, "ws")
          .with(conf).at(bindAddress).start(
              new AHSWebApp(timelineDataManager, ahsClientService));
  } catch (Exception e) {
    String msg = "AHSWebApp failed to start.";
    LOG.error(msg, e);
    throw new YarnRuntimeException(msg, e);
  }
}
 
Example #13
Source File: ApplicationHistoryServer.java    From big-c with Apache License 2.0 4 votes vote down vote up
private void startWebApp() {
  Configuration conf = getConfig();
  TimelineAuthenticationFilter.setTimelineDelegationTokenSecretManager(
      secretManagerService.getTimelineDelegationTokenSecretManager());
  // Always load pseudo authentication filter to parse "user.name" in an URL
  // to identify a HTTP request's user in insecure mode.
  // When Kerberos authentication type is set (i.e., secure mode is turned on),
  // the customized filter will be loaded by the timeline server to do Kerberos
  // + DT authentication.
  String initializers = conf.get("hadoop.http.filter.initializers");
  boolean modifiedInitializers = false;

  initializers =
      initializers == null || initializers.length() == 0 ? "" : initializers;

  if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) {
    if(conf.getBoolean(YarnConfiguration
        .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration
            .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) {
      initializers = CrossOriginFilterInitializer.class.getName() + ","
          + initializers;
      modifiedInitializers = true;
    }
  }

  if (!initializers.contains(TimelineAuthenticationFilterInitializer.class
    .getName())) {
    initializers =
        TimelineAuthenticationFilterInitializer.class.getName() + ","
            + initializers;
    modifiedInitializers = true;
  }

  String[] parts = initializers.split(",");
  ArrayList<String> target = new ArrayList<String>();
  for (String filterInitializer : parts) {
    filterInitializer = filterInitializer.trim();
    if (filterInitializer.equals(AuthenticationFilterInitializer.class
      .getName())) {
      modifiedInitializers = true;
      continue;
    }
    target.add(filterInitializer);
  }
  String actualInitializers =
      org.apache.commons.lang.StringUtils.join(target, ",");
  if (modifiedInitializers) {
    conf.set("hadoop.http.filter.initializers", actualInitializers);
  }
  String bindAddress = WebAppUtils.getWebAppBindURL(conf,
                        YarnConfiguration.TIMELINE_SERVICE_BIND_HOST,
                        WebAppUtils.getAHSWebAppURLWithoutScheme(conf));
  LOG.info("Instantiating AHSWebApp at " + bindAddress);
  try {
    webApp =
        WebApps
          .$for("applicationhistory", ApplicationHistoryClientService.class,
              ahsClientService, "ws")
          .with(conf).at(bindAddress).start(
              new AHSWebApp(timelineDataManager, ahsClientService));
  } catch (Exception e) {
    String msg = "AHSWebApp failed to start.";
    LOG.error(msg, e);
    throw new YarnRuntimeException(msg, e);
  }
}