org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler Java Examples

The following examples show how to use org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KMSAuthenticationFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example #2
Source File: KMSAuthenticationFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 
Example #3
Source File: DelegationTokenAuthenticationFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 
Example #4
Source File: DelegationTokenAuthenticationFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 
Example #5
Source File: AuthFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 
Example #6
Source File: DelegationTokenAuthenticationFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 
Example #7
Source File: DelegationTokenAuthenticationFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 
Example #8
Source File: KMSAuthenticationFilter.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 
Example #9
Source File: AuthFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 
Example #10
Source File: TestRMWebServicesDelegationTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 
Example #11
Source File: RangerKrbFilter.java    From ranger with Apache License 2.0 5 votes vote down vote up
/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" +
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName, filterConfig);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
  cookieName = config.getProperty(RangerCommonConstants.PROP_COOKIE_NAME, RangerCommonConstants.DEFAULT_COOKIE_NAME);
}
 
Example #12
Source File: TestWebDelegationToken.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 
Example #13
Source File: AuthenticationFilterInitializer.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example #14
Source File: TestKerberosAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example #15
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example #16
Source File: TestRMWebServicesDelegationTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 
Example #17
Source File: TestRMWebServicesDelegationTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example #18
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example #19
Source File: LogsearchKrbFilter.java    From ambari-logsearch with Apache License 2.0 5 votes vote down vote up
/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" + 
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }    
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
}
 
Example #20
Source File: TestKerberosAuthenticator.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example #21
Source File: TestWebDelegationToken.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE,
      KerberosDelegationTokenAuthenticationHandler.class.getName());
  conf.setProperty(KerberosAuthenticationHandler.KEYTAB, keytabFile);
  conf.setProperty(KerberosAuthenticationHandler.PRINCIPAL,
      "HTTP/localhost");
  conf.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND,
      "token-kind");
  return conf;
}
 
Example #22
Source File: AuthenticationFilterInitializer.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example #23
Source File: TestRMWebServicesDelegationTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example #24
Source File: RMAuthenticationFilterInitializer.java    From big-c with Apache License 2.0 4 votes vote down vote up
public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 
Example #25
Source File: SqoopAuthenticationFilter.java    From sqoop-on-spark with Apache License 2.0 4 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
                                      FilterConfig filterConfig) throws ServletException {
  Properties properties = new Properties();
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String type = mapContext.getString(
      SecurityConstants.AUTHENTICATION_TYPE,
      SecurityConstants.TYPE.SIMPLE.name()).trim();

  if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
    properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());

    String keytab = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
    if (keytab.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0005,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
    }

    String principal = mapContext.getString(
            SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
    if (principal.length() == 0) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    String hostPrincipal = "";
    try {
      hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    } catch (IOException e) {
      throw new SqoopException(SecurityError.AUTH_0006,
              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
    }

    properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
    properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
  } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
    properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
    properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
        mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
  } else {
    throw new SqoopException(SecurityError.AUTH_0004, type);
  }

  properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
          SecurityConstants.TOKEN_KIND);

  return properties;
}
 
Example #26
Source File: KerberosDelegationTokenAuthenticationHandler.java    From big-c with Apache License 2.0 4 votes vote down vote up
public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 
Example #27
Source File: KerberosDelegationTokenAuthenticationHandler.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public KerberosDelegationTokenAuthenticationHandler() {
  super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE +
      TYPE_POSTFIX));
}
 
Example #28
Source File: RMAuthenticationFilterInitializer.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public RMAuthenticationFilterInitializer() {
  this.configPrefix = "hadoop.http.authentication.";
  this.kerberosPrincipalProperty = KerberosAuthenticationHandler.PRINCIPAL;
  this.cookiePath = "/";
}
 
Example #29
Source File: LogsearchKRBAuthenticationFilter.java    From ambari-logsearch with Apache License 2.0 4 votes vote down vote up
@Override
public void init(FilterConfig conf) throws ServletException {
  final FilterConfig globalConf = conf;
  String hostName = logSearchSpnegoConfig.getHostName();
  final Map<String, String> params = new HashMap<String, String>();
  if (spnegoEnable) {
    authType = KerberosAuthenticationHandler.TYPE;
  }
  params.put(AUTH_TYPE,authType);
  params.put(NAME_RULES_PARAM, logSearchSpnegoConfig.getNameRules());
  params.put(TOKEN_VALID_PARAM, logSearchSpnegoConfig.getTokenValid());
  params.put(COOKIE_DOMAIN_PARAM, logSearchSpnegoConfig.getCookieDomain());
  params.put(COOKIE_PATH_PARAM, logSearchSpnegoConfig.getCookiePath());
  params.put(PRINCIPAL_PARAM, logSearchSpnegoConfig.getPrincipal());
  params.put(KEYTAB_PARAM, logSearchSpnegoConfig.getKeyTab());
  FilterConfig myConf = new FilterConfig() {
    @Override
    public ServletContext getServletContext() {
      if (globalConf != null) {
        return globalConf.getServletContext();
      } else {
        return NO_SERVLET_CONTEXT;
      }
    }

    @SuppressWarnings("unchecked")
    @Override
    public Enumeration<String> getInitParameterNames() {
      return new IteratorEnumeration(params.keySet().iterator());
    }

    @Override
    public String getInitParameter(String param) {
      return params.get(param);
    }

    @Override
    public String getFilterName() {
      return "KerberosFilter";
    }
  };
  super.init(myConf);
}