List of usage examples for org.apache.hadoop.security.authentication.server KerberosAuthenticationHandler PRINCIPAL
String PRINCIPAL
To view the source code for org.apache.hadoop.security.authentication.server KerberosAuthenticationHandler PRINCIPAL.
Click Source Link
From source file:org.apache.atlas.web.filters.AtlasAuthenticationFilter.java
License:Apache License
@Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Configuration configuration;//ww w . jav a 2s . c om try { configuration = ApplicationProperties.get(); } catch (Exception e) { throw new ServletException(e); } // transfer atlas-application.properties config items starting with defined prefix Configuration subConfiguration = ApplicationProperties.getSubsetConfiguration(configuration, PREFIX); Properties config = ConfigurationConverter.getProperties(subConfiguration); config.put(AuthenticationFilter.COOKIE_PATH, "/"); // add any config passed in as init parameters Enumeration<String> enumeration = filterConfig.getInitParameterNames(); while (enumeration.hasMoreElements()) { String name = enumeration.nextElement(); config.put(name, filterConfig.getInitParameter(name)); } //Resolve _HOST into bind address String bindAddress = configuration.getString(SecurityProperties.BIND_ADDRESS); if (bindAddress == null) { LOG.info("No host name configured. Defaulting to local host name."); try { bindAddress = InetAddress.getLocalHost().getHostName(); } catch (UnknownHostException e) { throw new ServletException("Unable to obtain host name", e); } } String principal = config.getProperty(KerberosAuthenticationHandler.PRINCIPAL); if (principal != null) { try { principal = SecurityUtil.getServerPrincipal(principal, bindAddress); } catch (IOException ex) { throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex); } config.put(KerberosAuthenticationHandler.PRINCIPAL, principal); } LOG.info("AuthenticationFilterConfig: {}", config); return config; }
From source file:org.apache.falcon.security.BasicAuthFilter.java
License:Apache License
/** * Returns the configuration from Oozie configuration to be used by the authentication filter. * <p/>/*from ww w.j ava 2 s . c o m*/ * All properties from Oozie configuration which name starts with {@link #FALCON_PREFIX} will * be returned. The keys of the returned properties are trimmed from the {@link #FALCON_PREFIX} * prefix, for example the Oozie configuration property name 'oozie.authentication.type' will * be just 'type'. * * @param configPrefix configuration prefix, this parameter is ignored by this implementation. * @param filterConfig filter configuration, this parameter is ignored by this implementation. * @return all Oozie configuration properties prefixed with {@link #FALCON_PREFIX}, without the * prefix. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { Properties authProperties = new Properties(); Properties configProperties = StartupProperties.get(); // setting the cookie path to root '/' so it is used for all resources. authProperties.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); for (Map.Entry entry : configProperties.entrySet()) { String name = (String) entry.getKey(); if (name.startsWith(FALCON_PREFIX)) { String value = (String) entry.getValue(); name = name.substring(FALCON_PREFIX.length()); authProperties.setProperty(name, value); } } if (UserGroupInformation.isSecurityEnabled()) { // replace _HOST in principal String principal = getKerberosPrincipalWithSubstitutedHost(configProperties); // principal cannot be null in secure mode, is validated in submission authProperties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, principal); } return authProperties; }
From source file:org.apache.falcon.security.BasicAuthFilterTest.java
License:Apache License
@Test public void testGetKerberosPrincipalWithSubstitutedHostSecure() throws Exception { String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL); String expectedPrincipal = "falcon/" + SecurityUtil.getLocalHostName() + "@Example.com"; try {//from w w w.ja v a 2s. co m Configuration conf = new Configuration(false); conf.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(conf); Assert.assertTrue(UserGroupInformation.isSecurityEnabled()); StartupProperties.get().setProperty(BasicAuthFilter.KERBEROS_PRINCIPAL, "falcon/_HOST@Example.com"); BasicAuthFilter filter = new BasicAuthFilter(); Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX, null); Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), expectedPrincipal); } finally { StartupProperties.get().setProperty(BasicAuthFilter.KERBEROS_PRINCIPAL, principal); } }
From source file:org.apache.falcon.security.BasicAuthFilterTest.java
License:Apache License
@Test public void testGetKerberosPrincipalWithSubstitutedHostNonSecure() throws Exception { String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL); Configuration conf = new Configuration(false); conf.set("hadoop.security.authentication", "simple"); UserGroupInformation.setConfiguration(conf); Assert.assertFalse(UserGroupInformation.isSecurityEnabled()); BasicAuthFilter filter = new BasicAuthFilter(); Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX, null); Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), principal); }
From source file:org.apache.falcon.security.FalconAuthenticationFilter.java
License:Apache License
/** * Returns the configuration from Oozie configuration to be used by the authentication filter. * <p/>/* w ww . jav a 2 s .c om*/ * All properties from Oozie configuration which name starts with {@link #FALCON_PREFIX} will * be returned. The keys of the returned properties are trimmed from the {@link #FALCON_PREFIX} * prefix, for example the Oozie configuration property name 'oozie.authentication.type' will * be just 'type'. * * @param configPrefix configuration prefix, this parameter is ignored by this implementation. * @param filterConfig filter configuration, this parameter is ignored by this implementation. * @return all Oozie configuration properties prefixed with {@link #FALCON_PREFIX}, without the * prefix. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { Properties authProperties = new Properties(); Properties configProperties = StartupProperties.get(); // setting the cookie path to root '/' so it is used for all resources. authProperties.setProperty( org.apache.hadoop.security.authentication.server.AuthenticationFilter.COOKIE_PATH, "/"); for (Map.Entry entry : configProperties.entrySet()) { String name = (String) entry.getKey(); if (name.startsWith(FALCON_PREFIX)) { String value = (String) entry.getValue(); name = name.substring(FALCON_PREFIX.length()); authProperties.setProperty(name, value); } } if (UserGroupInformation.isSecurityEnabled()) { // replace _HOST in principal String principal = getKerberosPrincipalWithSubstitutedHost(configProperties); // principal cannot be null in secure mode, is validated in submission authProperties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, principal); } return authProperties; }
From source file:org.apache.falcon.security.FalconAuthenticationFilterTest.java
License:Apache License
@Test public void testGetKerberosPrincipalWithSubstitutedHostSecure() throws Exception { String principal = StartupProperties.get().getProperty(FalconAuthenticationFilter.KERBEROS_PRINCIPAL); String expectedPrincipal = "falcon/" + SecurityUtil.getLocalHostName().toLowerCase() + "@Example.com"; try {//from w ww . jav a 2s.co m Configuration conf = new Configuration(false); conf.set("hadoop.security.authentication", "kerberos"); UserGroupInformation.setConfiguration(conf); Assert.assertTrue(UserGroupInformation.isSecurityEnabled()); StartupProperties.get().setProperty(FalconAuthenticationFilter.KERBEROS_PRINCIPAL, "falcon/_HOST@Example.com"); FalconAuthenticationFilter filter = new FalconAuthenticationFilter(); Properties properties = filter.getConfiguration(FalconAuthenticationFilter.FALCON_PREFIX, null); Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), expectedPrincipal); } finally { StartupProperties.get().setProperty(FalconAuthenticationFilter.KERBEROS_PRINCIPAL, principal); } }
From source file:org.apache.falcon.security.FalconAuthenticationFilterTest.java
License:Apache License
@Test public void testGetKerberosPrincipalWithSubstitutedHostNonSecure() throws Exception { String principal = StartupProperties.get().getProperty(FalconAuthenticationFilter.KERBEROS_PRINCIPAL); Configuration conf = new Configuration(false); conf.set("hadoop.security.authentication", "simple"); UserGroupInformation.setConfiguration(conf); Assert.assertFalse(UserGroupInformation.isSecurityEnabled()); FalconAuthenticationFilter filter = new FalconAuthenticationFilter(); Properties properties = filter.getConfiguration(FalconAuthenticationFilter.FALCON_PREFIX, null); Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), principal); }
From source file:org.apache.sqoop.filter.SqoopAuthenticationFilter.java
License:Apache License
@Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties properties = new Properties(); MapContext mapContext = SqoopConfiguration.getInstance().getContext(); String type = mapContext// w w w.ja va2 s . c o m .getString(SecurityConstants.AUTHENTICATION_TYPE, SecurityConstants.TYPE.SIMPLE.name()).trim(); if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) { properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); String keytab = mapContext.getString(SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim(); if (keytab.length() == 0) { throw new SqoopException(SecurityError.AUTH_0005, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB); } String principal = mapContext.getString(SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL) .trim(); if (principal.length() == 0) { throw new SqoopException(SecurityError.AUTH_0006, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL); } String hostPrincipal = ""; try { hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); } catch (IOException e) { throw new SqoopException(SecurityError.AUTH_0006, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL); } properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal); properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab); } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) { properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim()); } else { throw new SqoopException(SecurityError.AUTH_0004, type); } properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND, SecurityConstants.TOKEN_KIND); return properties; }