org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler Java Examples

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 

@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 

/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 

/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 

@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 

/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 

/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 

/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" +
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName, filterConfig);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
  cookieName = config.getProperty(RangerCommonConstants.PROP_COOKIE_NAME, RangerCommonConstants.DEFAULT_COOKIE_NAME);
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 

public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 

private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 

private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 

private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 

/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" + 
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }    
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
}
 

private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 

public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 

public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 

@Override
protected Properties getConfiguration(String configPrefix,
                                      FilterConfig filterConfig) throws ServletException {
  Properties properties = new Properties();
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String type = mapContext.getString(
      SecurityConstants.AUTHENTICATION_TYPE,
      SecurityConstants.TYPE.SIMPLE.name()).trim();

  if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
    properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());

    String keytab = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
    if (keytab.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0005,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
    }

    String principal = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
    if (principal.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    String hostPrincipal = "";
    try {
      hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    } catch (IOException e) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
    properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
  } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
    properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
    properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
        mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
  } else {
    throw new SqoopException(SecurityError.AUTH_0004, type);
  }

  properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
          SecurityConstants.TOKEN_KIND);

  return properties;
}
 

public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 

public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 

public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 

@Override
public void init(FilterConfig conf) throws ServletException {
  final FilterConfig globalConf = conf;
  String hostName = logSearchSpnegoConfig.getHostName();
  final Map<String, String> params = new HashMap<String, String>();
  if (spnegoEnable) {
    authType = KerberosAuthenticationHandler.TYPE;
  }
  params.put(AUTH_TYPE,authType);
  params.put(NAME_RULES_PARAM, logSearchSpnegoConfig.getNameRules());
  params.put(TOKEN_VALID_PARAM, logSearchSpnegoConfig.getTokenValid());
  params.put(COOKIE_DOMAIN_PARAM, logSearchSpnegoConfig.getCookieDomain());
  params.put(COOKIE_PATH_PARAM, logSearchSpnegoConfig.getCookiePath());
  params.put(PRINCIPAL_PARAM, logSearchSpnegoConfig.getPrincipal());
  params.put(KEYTAB_PARAM, logSearchSpnegoConfig.getKeyTab());
  FilterConfig myConf = new FilterConfig() {
    @Override
    public ServletContext getServletContext() {
      if (globalConf != null) {
        return globalConf.getServletContext();
      } else {
        return NO_SERVLET_CONTEXT;
      }
    }

    @SuppressWarnings("unchecked")
    @Override
    public Enumeration<String> getInitParameterNames() {
      return new IteratorEnumeration(params.keySet().iterator());
    }

    @Override
    public String getInitParameter(String param) {
      return params.get(param);
    }

    @Override
    public String getFilterName() {
      return "KerberosFilter";
    }
  };
  super.init(myConf);
}