org.apache.hadoop.security.KerberosInfo Java Exaples

Source File: AdminSecurityInfo.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceManagerAdministrationProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: TestSaslRPC.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return new KerberosInfo() {
    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }
    @Override
    public String serverPrincipal() {
      return SERVER_PRINCIPAL_KEY;
    }
    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: ClientHSSecurityInfo.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(HSClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return JHAdminConfig.MR_HISTORY_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: ClientRMSecurityInfo.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: ClientTimelineSecurityInfo.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationHistoryProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: RMNMSecurityInfoClass.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceTrackerPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return YarnConfiguration.NM_PRINCIPAL;
    }
  };
}

Source File: RMNMSecurityInfoClass.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceTrackerPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return YarnConfiguration.NM_PRINCIPAL;
    }
  };
}

Source File: ClientTimelineSecurityInfo.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationHistoryProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: ClientRMSecurityInfo.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: ClientHSSecurityInfo.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(HSClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return JHAdminConfig.MR_HISTORY_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: AdminSecurityInfo.java From big-c with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceManagerAdministrationProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: TestSaslRPC.java From hadoop with Apache License 2.0

6 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return new KerberosInfo() {
    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }
    @Override
    public String serverPrincipal() {
      return SERVER_PRINCIPAL_KEY;
    }
    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}

Source File: HdfsPlugin.java From crate with Apache License 2.0

5 votes

private static Void eagerInit() {
    /*
     * Hadoop RPC wire serialization uses ProtocolBuffers. All proto classes for Hadoop
     * come annotated with configurations that denote information about if they support
     * certain security options like Kerberos, and how to send information with the
     * message to support that authentication method. SecurityUtil creates a service loader
     * in a static field during its clinit. This loader provides the implementations that
     * pull the security information for each proto class. The service loader sources its
     * services from the current thread's context class loader, which must contain the Hadoop
     * jars. Since plugins don't execute with their class loaders installed as the thread's
     * context class loader, we need to install the loader briefly, allow the util to be
     * initialized, then restore the old loader since we don't actually own this thread.
     */
    ClassLoader oldCCL = Thread.currentThread().getContextClassLoader();
    try {
        Thread.currentThread().setContextClassLoader(HdfsRepository.class.getClassLoader());
        KerberosInfo info = SecurityUtil.getKerberosInfo(ClientNamenodeProtocolPB.class, null);
        // Make sure that the correct class loader was installed.
        if (info == null) {
            throw new RuntimeException("Could not initialize SecurityUtil: " +
                "Unable to find services for [org.apache.hadoop.security.SecurityInfo]");
        }
    } finally {
        Thread.currentThread().setContextClassLoader(oldCCL);
    }
    return null;
}

Source File: MRClientSecurityInfo.java From big-c with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: StreamingContainerSecurityInfo.java From Bats with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> type, Configuration c)
{
  return null;
}

Source File: DAGClientSecurityInfo.java From tez with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: DAGClientSecurityInfo.java From incubator-tez with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: StreamingContainerSecurityInfo.java From attic-apex-core with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> type, Configuration c)
{
  return null;
}

Source File: ContainerManagerSecurityInfo.java From hadoop with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: Client.java From big-c with Apache License 2.0

4 votes

private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}

Source File: ServiceAuthorizationManager.java From big-c with Apache License 2.0

4 votes

/**
 * Authorize the user to access the protocol being used.
 * 
 * @param user user accessing the service 
 * @param protocol service being accessed
 * @param conf configuration to use
 * @param addr InetAddress of the client
 * @throws AuthorizationException on authorization failure
 */
public void authorize(UserGroupInformation user, 
                             Class<?> protocol,
                             Configuration conf,
                             InetAddress addr
                             ) throws AuthorizationException {
  AccessControlList[] acls = protocolToAcls.get(protocol);
  MachineList[] hosts = protocolToMachineLists.get(protocol);
  if (acls == null || hosts == null) {
    throw new AuthorizationException("Protocol " + protocol + 
                                     " is not known.");
  }
  
  // get client principal key to verify (if available)
  KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
  String clientPrincipal = null; 
  if (krbInfo != null) {
    String clientKey = krbInfo.clientPrincipal();
    if (clientKey != null && !clientKey.isEmpty()) {
      try {
        clientPrincipal = SecurityUtil.getServerPrincipal(
            conf.get(clientKey), addr);
      } catch (IOException e) {
        throw (AuthorizationException) new AuthorizationException(
            "Can't figure out Kerberos principal name for connection from "
                + addr + " for user=" + user + " protocol=" + protocol)
            .initCause(e);
      }
    }
  }
  if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) || 
     acls.length != 2  || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
    AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
        + ", expected client Kerberos principal is " + clientPrincipal);
    throw new AuthorizationException("User " + user + 
        " is not authorized for protocol " + protocol + 
        ", expected client Kerberos principal is " + clientPrincipal);
  }
  if (addr != null) {
    String hostAddress = addr.getHostAddress();
    if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
        hosts[1].includes(hostAddress)) {
      AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
          + " from host = " +  hostAddress);
      throw new AuthorizationException("Host " + hostAddress +
          " is not authorized for protocol " + protocol) ;
    }
  }
  AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}

Source File: SchedulerSecurityInfo.java From hadoop with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: Client.java From hadoop with Apache License 2.0

4 votes

private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}

Source File: TestClientToAMTokens.java From big-c with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: LocalizerSecurityInfo.java From big-c with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: LocalizerSecurityInfo.java From hadoop with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: TestClientToAMTokens.java From hadoop with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: MRClientSecurityInfo.java From hadoop with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: SchedulerSecurityInfo.java From big-c with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

Source File: ContainerManagerSecurityInfo.java From big-c with Apache License 2.0

4 votes

@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}

org.apache.hadoop.security.KerberosInfo Java Examples