Java Code Examples for org.apache.hadoop.security.SaslRpcServer#splitKerberosName()
The following examples show how to use
org.apache.hadoop.security.SaslRpcServer#splitKerberosName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GSSCallback.java From incubator-sentry with Apache License 2.0 | 6 votes |
boolean comparePrincipals(String principal1, String principal2) { String[] principalParts1 = SaslRpcServer.splitKerberosName(principal1); String[] principalParts2 = SaslRpcServer.splitKerberosName(principal2); if (principalParts1.length == 0 || principalParts2.length == 0) { return false; } if (principalParts1.length == principalParts2.length) { for (int i=0; i < principalParts1.length; i++) { if (!principalParts1[i].equals(principalParts2[i])) { return false; } } return true; } else { return false; } }
Example 2
Source File: GSSCallback.java From incubator-sentry with Apache License 2.0 | 4 votes |
private String getShortName(String principal) { String parts[] = SaslRpcServer.splitKerberosName(principal); return parts[0]; }
Example 3
Source File: SentryService.java From incubator-sentry with Apache License 2.0 | 4 votes |
public SentryService(Configuration conf) { this.conf = conf; int port = conf .getInt(ServerConfig.RPC_PORT, ServerConfig.RPC_PORT_DEFAULT); if (port == 0) { port = findFreePort(); conf.setInt(ServerConfig.RPC_PORT, port); } this.address = NetUtils.createSocketAddr( conf.get(ServerConfig.RPC_ADDRESS, ServerConfig.RPC_ADDRESS_DEFAULT), port); LOGGER.info("Configured on address " + address); kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim()); maxThreads = conf.getInt(ServerConfig.RPC_MAX_THREADS, ServerConfig.RPC_MAX_THREADS_DEFAULT); minThreads = conf.getInt(ServerConfig.RPC_MIN_THREADS, ServerConfig.RPC_MIN_THREADS_DEFAULT); maxMessageSize = conf.getLong(ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE, ServerConfig.SENTRY_POLICY_SERVER_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); if (kerberos) { // Use Hadoop libraries to translate the _HOST placeholder with actual hostname try { String rawPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required"); principal = SecurityUtil.getServerPrincipal(rawPrincipal, address.getAddress()); } catch(IOException io) { throw new RuntimeException("Can't translate kerberos principal'", io); } LOGGER.info("Using kerberos principal: " + principal); principalParts = SaslRpcServer.splitKerberosName(principal); Preconditions.checkArgument(principalParts.length == 3, "Kerberos principal should have 3 parts: " + principal); keytab = Preconditions.checkNotNull(conf.get(ServerConfig.KEY_TAB), ServerConfig.KEY_TAB + " is required"); File keytabFile = new File(keytab); Preconditions.checkState(keytabFile.isFile() && keytabFile.canRead(), "Keytab " + keytab + " does not exist or is not readable."); } else { principal = null; principalParts = null; keytab = null; } serviceExecutor = Executors.newSingleThreadExecutor(new ThreadFactory() { private int count = 0; @Override public Thread newThread(Runnable r) { return new Thread(r, SentryService.class.getSimpleName() + "-" + (count++)); } }); webServerPort = conf.getInt(ServerConfig.SENTRY_WEB_PORT, ServerConfig.SENTRY_WEB_PORT_DEFAULT); status = Status.NOT_STARTED; }
Example 4
Source File: SentryGenericServiceClientDefaultImpl.java From incubator-sentry with Apache License 2.0 | 4 votes |
public SentryGenericServiceClientDefaultImpl(Configuration conf) throws IOException { // copy the configuration because we may make modifications to it. this.conf = new Configuration(conf); Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); this.serverAddress = NetUtils.createSocketAddr(Preconditions.checkNotNull( conf.get(ClientConfig.SERVER_RPC_ADDRESS), "Config key " + ClientConfig.SERVER_RPC_ADDRESS + " is required"), conf.getInt( ClientConfig.SERVER_RPC_PORT, ClientConfig.SERVER_RPC_PORT_DEFAULT)); this.connectionTimeout = conf.getInt(ClientConfig.SERVER_RPC_CONN_TIMEOUT, ClientConfig.SERVER_RPC_CONN_TIMEOUT_DEFAULT); kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim()); transport = new TSocket(serverAddress.getHostName(), serverAddress.getPort(), connectionTimeout); if (kerberos) { String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required"); // since the client uses hadoop-auth, we need to set kerberos in // hadoop-auth if we plan to use kerberos conf.set(HADOOP_SECURITY_AUTHENTICATION, ServerConfig.SECURITY_MODE_KERBEROS); // Resolve server host in the same way as we are doing on server side serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress()); LOGGER.debug("Using server kerberos principal: " + serverPrincipal); serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal); Preconditions.checkArgument(serverPrincipalParts.length == 3, "Kerberos principal should have 3 parts: " + serverPrincipal); boolean wrapUgi = "true".equalsIgnoreCase(conf .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true")); transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(), null, serverPrincipalParts[0], serverPrincipalParts[1], ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi, conf); } else { serverPrincipalParts = null; } try { transport.open(); } catch (TTransportException e) { throw new IOException("Transport exception while opening transport: " + e.getMessage(), e); } LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress); long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); TMultiplexedProtocol protocol = new TMultiplexedProtocol( new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), SentryGenericPolicyProcessor.SENTRY_GENERIC_SERVICE_NAME); client = new SentryGenericPolicyService.Client(protocol); LOGGER.debug("Successfully created client"); }
Example 5
Source File: SentryPolicyServiceClientDefaultImpl.java From incubator-sentry with Apache License 2.0 | 4 votes |
public SentryPolicyServiceClientDefaultImpl(Configuration conf) throws IOException { this.conf = conf; Preconditions.checkNotNull(this.conf, "Configuration object cannot be null"); this.serverAddress = NetUtils.createSocketAddr(Preconditions.checkNotNull( conf.get(ClientConfig.SERVER_RPC_ADDRESS), "Config key " + ClientConfig.SERVER_RPC_ADDRESS + " is required"), conf.getInt( ClientConfig.SERVER_RPC_PORT, ClientConfig.SERVER_RPC_PORT_DEFAULT)); this.connectionTimeout = conf.getInt(ClientConfig.SERVER_RPC_CONN_TIMEOUT, ClientConfig.SERVER_RPC_CONN_TIMEOUT_DEFAULT); kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase( conf.get(ServerConfig.SECURITY_MODE, ServerConfig.SECURITY_MODE_KERBEROS).trim()); transport = new TSocket(serverAddress.getHostName(), serverAddress.getPort(), connectionTimeout); if (kerberos) { String serverPrincipal = Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), ServerConfig.PRINCIPAL + " is required"); // Resolve server host in the same way as we are doing on server side serverPrincipal = SecurityUtil.getServerPrincipal(serverPrincipal, serverAddress.getAddress()); LOGGER.debug("Using server kerberos principal: " + serverPrincipal); serverPrincipalParts = SaslRpcServer.splitKerberosName(serverPrincipal); Preconditions.checkArgument(serverPrincipalParts.length == 3, "Kerberos principal should have 3 parts: " + serverPrincipal); boolean wrapUgi = "true".equalsIgnoreCase(conf .get(ServerConfig.SECURITY_USE_UGI_TRANSPORT, "true")); transport = new UgiSaslClientTransport(AuthMethod.KERBEROS.getMechanismName(), null, serverPrincipalParts[0], serverPrincipalParts[1], ClientConfig.SASL_PROPERTIES, null, transport, wrapUgi); } else { serverPrincipalParts = null; } try { transport.open(); } catch (TTransportException e) { throw new IOException("Transport exception while opening transport: " + e.getMessage(), e); } LOGGER.debug("Successfully opened transport: " + transport + " to " + serverAddress); long maxMessageSize = conf.getLong(ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE, ServiceConstants.ClientConfig.SENTRY_POLICY_CLIENT_THRIFT_MAX_MESSAGE_SIZE_DEFAULT); TMultiplexedProtocol protocol = new TMultiplexedProtocol( new TBinaryProtocol(transport, maxMessageSize, maxMessageSize, true, true), SentryPolicyStoreProcessor.SENTRY_POLICY_SERVICE_NAME); client = new SentryPolicyService.Client(protocol); LOGGER.debug("Successfully created client"); }