org.apache.thrift.transport.TSaslServerTransport Java Examples

The following examples show how to use org.apache.thrift.transport.TSaslServerTransport. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SaslTransportPlugin.java    From jstorm with Apache License 2.0 6 votes vote down vote up 
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
    // populating request context
    ReqContext req_context = ReqContext.context();

    TTransport trans = inProt.getTransport();
    // Sasl transport
    TSaslServerTransport saslTrans = (TSaslServerTransport) trans;
    // remote address
    TSocket tsocket = (TSocket) saslTrans.getUnderlyingTransport();
    Socket socket = tsocket.getSocket();
    req_context.setRemoteAddress(socket.getInetAddress());

    // remote subject
    SaslServer saslServer = saslTrans.getSaslServer();
    String authId = saslServer.getAuthorizationID();
    Subject remoteUser = new Subject();
    remoteUser.getPrincipals().add(new User(authId));
    req_context.setSubject(remoteUser);

    // invoke service handler
    return wrapped.process(inProt, outProt);
}
Example #2
Source File: ThriftUtil.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up 
public static void setImpersonator(final TProtocol in) {
  try {
    TTransport transport = in.getTransport();
    if (transport instanceof TSaslServerTransport) {
      String impersonator = ((TSaslServerTransport) transport).getSaslServer()
          .getAuthorizationID();
      setImpersonator(impersonator);
    }
  } catch (Exception e) {
    // If there has exception when get impersonator info, log the error information.
    LOGGER.warn("There is an error when get the impersonator:" + e.getMessage());
  }
}
Example #3
Source File: ThriftUtil.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up 
/**
 * Returns the underlying TSocket from the transport, or null of the transport type is unknown.
 */
private static TSocket getUnderlyingSocketFromTransport(TTransport transport) {
  Preconditions.checkNotNull(transport);
  if (transport instanceof TSaslServerTransport) {
    return (TSocket) ((TSaslServerTransport) transport).getUnderlyingTransport();
  } else if (transport instanceof TSaslClientTransport) {
    return (TSocket) ((TSaslClientTransport) transport).getUnderlyingTransport();
  } else if (transport instanceof TSocket) {
    return (TSocket) transport;
  }
  return null;
}
Example #4
Source File: DigestSaslTransportPlugin.java    From jstorm with Apache License 2.0 5 votes vote down vote up 
protected TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);

    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
Example #5
Source File: KerberosSaslTransportPlugin.java    From jstorm with Apache License 2.0 4 votes vote down vote up 
public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);

    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file "
                + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}