List of usage examples for org.apache.hadoop.security.authentication.client AuthenticatedURL AuthenticatedURL
public AuthenticatedURL(Authenticator authenticator)
AuthenticatedURL. From source file:com.pigai.hadoop.HttpFSFileSystem.java
License:Apache License
/** * Convenience method that creates a <code>HttpURLConnection</code> for the * specified URL./* www . ja v a2 s . co m*/ * <p/> * This methods performs and injects any needed authentication credentials. * * @param url * url to connect to. * @param method * the HTTP method. * * @return a <code>HttpURLConnection</code> for the HttpFSServer server, * authenticated and ready to use for the specified path and file * system operation. * * @throws IOException * thrown if an IO error occurrs. */ private HttpURLConnection getConnection(URL url, String method) throws IOException { Class<? extends Authenticator> klass = getConf().getClass("httpfs.authenticator.class", HttpKerberosAuthenticator.class, Authenticator.class); Authenticator authenticator = ReflectionUtils.newInstance(klass, getConf()); try { HttpURLConnection conn = new AuthenticatedURL(authenticator).openConnection(url, authToken); conn.setRequestMethod(method); if (method.equals(HTTP_POST) || method.equals(HTTP_PUT)) { conn.setDoOutput(true); } return conn; } catch (Exception ex) { throw new IOException(ex); } }
From source file:org.apache.falcon.client.FalconClient.java
License:Apache License
public static AuthenticatedURL.Token getToken(String baseUrl) { AuthenticatedURL.Token currentToken = new AuthenticatedURL.Token(); try {/*from w ww .j a v a 2 s . com*/ URL url = new URL(baseUrl + AUTH_URL); // using KerberosAuthenticator which falls back to PsuedoAuthenticator // instead of passing authentication type from the command line - bad factory HttpsURLConnection.setDefaultSSLSocketFactory(getSslContext().getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER); new AuthenticatedURL(AUTHENTICATOR).openConnection(url, currentToken); } catch (Exception ex) { throw new FalconCLIException("Could not authenticate, " + ex.getMessage(), ex); } return currentToken; }
From source file:org.apache.falcon.resource.channel.HTTPChannel.java
License:Apache License
protected AuthenticatedURL.Token getToken(String baseUrl, Client client) throws FalconException { AuthenticatedURL.Token currentToken = new AuthenticatedURL.Token(); try {/* w ww . j ava 2 s . co m*/ URL url = new URL(baseUrl); // using KerberosAuthenticator which falls back to PsuedoAuthenticator // instead of passing authentication type from the command line - bad factory HTTPSProperties httpsProperties = ((HTTPSProperties) client.getProperties() .get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES)); SSLContext sslContext = null; if (httpsProperties != null) { sslContext = httpsProperties.getSSLContext(); } if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER); } new AuthenticatedURL(AUTHENTICATOR).openConnection(url, currentToken); } catch (Exception ex) { throw new FalconException("Could not authenticate, " + ex.getMessage(), ex); } return currentToken; }
From source file:org.apache.falcon.security.FalconAuthorizationToken.java
License:Apache License
private static void authenticate(String user, String protocol, String host, int port) throws IOException, AuthenticationException, InterruptedException { final URL url = new URL(String.format("%s://%s:%d/%s", protocol, host, port, AUTH_URL + "?" + PseudoAuthenticator.USER_NAME + "=" + user)); LOGGER.info("Authorize using url: " + url.toString()); final AuthenticatedURL.Token currentToken = new AuthenticatedURL.Token(); /*using KerberosAuthenticator which falls back to PsuedoAuthenticator instead of passing authentication type from the command line - bad factory*/ try {/*from w w w . j ava 2 s. c o m*/ HttpsURLConnection.setDefaultSSLSocketFactory(BaseRequest.getSslContext().getSocketFactory()); } catch (Exception e) { throw new RuntimeException(e); } HttpsURLConnection.setDefaultHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER); UserGroupInformation callerUGI = KerberosHelper.getUGI(user); callerUGI.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { new AuthenticatedURL(AUTHENTICATOR).openConnection(url, currentToken); return null; } }); String key = getKey(user, protocol, host, port); // initialize a hash map if its null. LOGGER.info("Authorization Token: " + currentToken.toString()); INSTANCE.tokens.put(key, currentToken); }
From source file:org.apache.falcon.util.HadoopQueueUtil.java
License:Apache License
/** * Uses Resource Manager REST API to get the hadoop scheduler info. * * @param rmBaseUrlStr//from w w w . j a v a 2 s . co m * @return JSON string representing hadoop Scheduler Info * @throws FalconException */ public static String getHadoopClusterSchedulerInfo(String rmBaseUrlStr) throws FalconException { KerberosAuthenticator kAUTHENTICATOR = new KerberosAuthenticator(); AuthenticatedURL.Token authenticationToken = new AuthenticatedURL.Token(); String rmSchedulerInfoURL = rmBaseUrlStr; if (!rmSchedulerInfoURL.endsWith("/")) { rmSchedulerInfoURL += "/"; } rmSchedulerInfoURL += "ws/v1/cluster/scheduler"; HttpURLConnection conn = null; BufferedReader reader = null; try { URL url = new URL(rmSchedulerInfoURL); conn = new AuthenticatedURL(kAUTHENTICATOR).openConnection(url, authenticationToken); reader = new BufferedReader(new InputStreamReader(conn.getInputStream())); StringBuilder jsonResponse = new StringBuilder(); String line; while ((line = reader.readLine()) != null) { jsonResponse.append(line); } return jsonResponse.toString(); } catch (Exception ex) { throw new RuntimeException("Could not authenticate, " + ex.getMessage(), ex); } finally { IOUtils.closeQuietly(reader); if (conn != null) { conn.disconnect(); } } }
From source file:org.apache.oozie.client.AuthOozieClient.java
License:Apache License
/** * Create an authenticated connection to the Oozie server. * <p>/* ww w . j av a 2s.c om*/ * It uses Hadoop-auth client authentication which by default supports * Kerberos HTTP SPNEGO, Pseudo/Simple and anonymous. * <p> * if the Java system property {@link #USE_AUTH_TOKEN_CACHE_SYS_PROP} is set to true Hadoop-auth * authentication token will be cached/used in/from the '.oozie-auth-token' file in the user * home directory. * * @param url the URL to open a HTTP connection to. * @param method the HTTP method for the HTTP connection. * @return an authenticated connection to the Oozie server. * @throws IOException if an IO error occurred. * @throws OozieClientException if an oozie client error occurred. */ @Override protected HttpURLConnection createConnection(URL url, String method) throws IOException, OozieClientException { boolean useAuthFile = System.getProperty(USE_AUTH_TOKEN_CACHE_SYS_PROP, "false").equalsIgnoreCase("true"); AuthenticatedURL.Token readToken = new AuthenticatedURL.Token(); AuthenticatedURL.Token currentToken = new AuthenticatedURL.Token(); if (useAuthFile) { readToken = readAuthToken(); if (readToken != null) { currentToken = new AuthenticatedURL.Token(readToken.toString()); } } if (currentToken.isSet()) { HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("OPTIONS"); AuthenticatedURL.injectToken(conn, currentToken); if (conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) { AUTH_TOKEN_CACHE_FILE.delete(); currentToken = new AuthenticatedURL.Token(); } } if (!currentToken.isSet()) { Authenticator authenticator = getAuthenticator(); try { new AuthenticatedURL(authenticator).openConnection(url, currentToken); } catch (AuthenticationException ex) { AUTH_TOKEN_CACHE_FILE.delete(); throw new OozieClientException(OozieClientException.AUTHENTICATION, "Could not authenticate, " + ex.getMessage(), ex); } } if (useAuthFile && currentToken.isSet() && !currentToken.equals(readToken)) { writeAuthToken(currentToken); } HttpURLConnection conn = super.createConnection(url, method); AuthenticatedURL.injectToken(conn, currentToken); return conn; }
From source file:org.apache.oozie.util.AuthUrlClient.java
License:Apache License
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn;/*from w w w .j a va 2s . com*/ try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } catch (InstantiationException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } catch (IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
From source file:org.apache.sentry.api.service.thrift.TestSentryServiceMetrics.java
License:Apache License
@Test public void testMetricsWeb() throws Exception { clientUgi.doAs(new PrivilegedExceptionAction<Void>() { @Override/*from ww w .jav a2 s . c o m*/ public Void run() throws Exception { final URL url = new URL("http://" + SERVER_HOST + ":" + webServerPort + "/metrics"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); //make sure we are able to access the metrics page Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); SentryWebMetricParser mp = new SentryWebMetricParser(response); Assert.assertEquals(Boolean.FALSE, mp.isHA()); Assert.assertEquals(Boolean.TRUE, mp.isActive()); return null; } }); }
From source file:org.apache.sentry.api.service.thrift.TestSentryWebServerWithKerberos.java
License:Apache License
@Test public void testPing() throws Exception { SentryServiceIntegrationBase.clientUgi.doAs(new PrivilegedExceptionAction<Void>() { @Override/*from w w w. j av a 2s.c o m*/ public Void run() throws Exception { final URL url = new URL("http://" + SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); return null; } }); }
From source file:org.apache.sentry.api.service.thrift.TestSentryWebServerWithKerberos.java
License:Apache License
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://" + SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try {/* www . j av a 2 s . com*/ new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = exceptionContainsMessage(e, "No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }