List of usage examples for org.apache.zookeeper.client ZooKeeperSaslClient LOGIN_CONTEXT_NAME_KEY
String LOGIN_CONTEXT_NAME_KEY
To view the source code for org.apache.zookeeper.client ZooKeeperSaslClient LOGIN_CONTEXT_NAME_KEY.
Click Source Link
From source file:co.cask.cdap.common.kerberos.SecurityUtil.java
License:Apache License
/** * Enables Kerberos authentication based on configuration. * * @param cConf configuration object./* ww w .j a v a 2 s . c o m*/ */ public static void enableKerberosLogin(CConfiguration cConf) throws IOException { if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) { LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG)); return; } if (!isKerberosEnabled(cConf)) { LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.Security.KERBEROS_ENABLED, Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH); return; } Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured"); String principal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL); principal = SecurityUtil.expandPrincipal(principal); Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured"); File keyTabFile = new File(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH)); Preconditions.checkArgument(keyTabFile.exists(), "Kerberos keytab file does not exist: " + keyTabFile.getAbsolutePath()); Preconditions.checkArgument(keyTabFile.isFile(), "Kerberos keytab file should be a file: " + keyTabFile.getAbsolutePath()); Preconditions.checkArgument(keyTabFile.canRead(), "Kerberos keytab file cannot be read: " + keyTabFile.getAbsolutePath()); LOG.info("Using Kerberos principal {} and keytab {}", principal, keyTabFile.getAbsolutePath()); System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true"); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client"); final Map<String, String> properties = new HashMap<>(); properties.put("doNotPrompt", "true"); properties.put("useKeyTab", "true"); properties.put("useTicketCache", "false"); properties.put("principal", principal); properties.put("keyTab", keyTabFile.getAbsolutePath()); final AppConfigurationEntry configurationEntry = new AppConfigurationEntry( KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties); Configuration configuration = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String s) { return new AppConfigurationEntry[] { configurationEntry }; } }; // apply the configuration Configuration.setConfiguration(configuration); }
From source file:co.cask.common.security.kerberos.SecurityUtil.java
License:Apache License
/** * Enables Kerberos authentication based on configuration. * * @param conf configuration object./*w ww .ja va2 s .co m*/ */ public static void enableKerberosLogin(SecurityConfiguration conf) throws IOException { if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) { LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG)); return; } if (!isKerberosEnabled(conf)) { LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.KERBEROS_ENABLED, Constants.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.CFG_CDAP_MASTER_KRB_KEYTAB_PATH); return; } Preconditions.checkArgument(conf.get(Constants.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured"); String principal = conf.get(Constants.CFG_CDAP_MASTER_KRB_PRINCIPAL); principal = SecurityUtil.expandPrincipal(principal); Preconditions.checkArgument(conf.get(Constants.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured"); File keyTabFile = new File(conf.get(Constants.CFG_CDAP_MASTER_KRB_KEYTAB_PATH)); Preconditions.checkArgument(keyTabFile.exists(), "Kerberos keytab file does not exist: " + keyTabFile.getAbsolutePath()); Preconditions.checkArgument(keyTabFile.isFile(), "Kerberos keytab file should be a file: " + keyTabFile.getAbsolutePath()); Preconditions.checkArgument(keyTabFile.canRead(), "Kerberos keytab file cannot be read: " + keyTabFile.getAbsolutePath()); LOG.info("Using Kerberos principal {} and keytab {}", principal, keyTabFile.getAbsolutePath()); System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true"); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client"); final Map<String, String> properties = new HashMap<String, String>(); properties.put("doNotPrompt", "true"); properties.put("useKeyTab", "true"); properties.put("useTicketCache", "false"); properties.put("doNotPrompt", "true"); properties.put("principal", principal); properties.put("keyTab", keyTabFile.getAbsolutePath()); final AppConfigurationEntry configurationEntry = new AppConfigurationEntry( KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties); javax.security.auth.login.Configuration configuration = new javax.security.auth.login.Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String s) { return new AppConfigurationEntry[] { configurationEntry }; } }; // apply the configuration javax.security.auth.login.Configuration.setConfiguration(configuration); }
From source file:com.cloudera.impala.service.ZooKeeperSession.java
License:Apache License
/** * Setup configuration to connect to Zookeeper using kerberos. */// www . j a v a 2s . com private void setupJAASConfig(String principal, String keytab) throws IOException { Preconditions.checkArgument(principal != null && !principal.isEmpty()); if (keytab == null || keytab.trim().isEmpty()) { throw new IOException("Keytab must be set to connect using kerberos."); } LOGGER.debug("Authenticating with principal {} and keytab {}", principal, keytab); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keytab); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
From source file:org.apache.drill.exec.ZookeeperTestUtil.java
License:Apache License
/** * Sets zookeeper server and client SASL test config properties. *///from w ww .j ava2 s . co m public static void setZookeeperSaslTestConfigProps() { System.setProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "DrillTestServerForUnitTests"); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "DrillTestClientForUnitTests"); }
From source file:org.apache.hadoop.hbase.zookeeper.ZKUtil.java
License:Apache License
/** * Log in the current zookeeper client using the given configuration * keys for the credential file and login principal. * * <p><strong>This is only applicable when running on secure hbase</strong> * On regular HBase (without security features), this will safely be ignored. * </p>/*from w ww . ja va 2s . co m*/ * * @param conf The configuration data to use * @param keytabFileKey Property key used to configure the path to the credential file * @param userNameKey Property key used to configure the login principal * @param hostname Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public static void loginClient(Configuration conf, String keytabFileKey, String userNameKey, String hostname) throws IOException { login(conf, keytabFileKey, userNameKey, hostname, ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JaasConfiguration.CLIENT_KEYTAB_KERBEROS_CONFIG_NAME); }
From source file:org.apache.hadoop.hive.llap.registry.impl.LlapZookeeperRegistryImpl.java
License:Apache License
/** * Dynamically sets up the JAAS configuration that uses kerberos * * @param principal// w w w.j a va 2s . com * @param keyTabFile * @throws IOException */ private void setZookeeperClientKerberosJaasConfig(String principal, String keyTabFile) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section final String SASL_LOGIN_CONTEXT_NAME = "LlapZooKeeperClient"; System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); userNameFromPrincipal = LlapUtil.getUserNameFromPrincipal(principal); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keyTabFile); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
From source file:org.apache.hadoop.hive.metastore.utils.SecurityUtils.java
License:Apache License
/** * Dynamically sets up the JAAS configuration that uses kerberos * @param principal//from w w w. j a v a2 s .c o m * @param keyTabFile * @throws IOException */ public static void setZookeeperClientKerberosJaasConfig(String principal, String keyTabFile) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section final String SASL_LOGIN_CONTEXT_NAME = "HiveZooKeeperClient"; System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keyTabFile); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
From source file:org.apache.hadoop.hive.registry.impl.ZookeeperUtils.java
License:Apache License
/** * Dynamically sets up the JAAS configuration that uses kerberos * * @param principal// w w w. ja v a 2s .co m * @param keyTabFile * @throws IOException */ private static String setZookeeperClientKerberosJaasConfig(String saslLoginContextName, String zkPrincipal, String zkKeytab) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, saslLoginContextName); String principal = SecurityUtil.getServerPrincipal(zkPrincipal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration(saslLoginContextName, principal, zkKeytab); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); return principal; }
From source file:org.apache.hadoop.hive.shims.HadoopShimsSecure.java
License:Apache License
@Override public void setZookeeperClientKerberosJaasConfig(String principal, String keyTabFile) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section final String SASL_LOGIN_CONTEXT_NAME = "HiveZooKeeperClient"; System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = getResolvedPrincipal(principal); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keyTabFile); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
From source file:org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider.java
License:Apache License
/** * This method creates the Curator client and connects to ZooKeeper. * @param config configuration properties * @return A Curator client/*w w w .j ava 2 s . co m*/ * @throws Exception thrown if an error occurred */ protected CuratorFramework createCuratorClient(Properties config) throws Exception { String connectionString = config.getProperty(ZOOKEEPER_CONNECTION_STRING, "localhost:2181"); RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3); ACLProvider aclProvider; String authType = config.getProperty(ZOOKEEPER_AUTH_TYPE, "none"); if (authType.equals("sasl")) { LOG.info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs"); String principal = setJaasConfiguration(config); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME); System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); aclProvider = new SASLOwnerACLProvider(principal); } else { // "none" LOG.info("Connecting to ZooKeeper without authentication"); aclProvider = new DefaultACLProvider(); // open to everyone } CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(connectionString) .retryPolicy(retryPolicy).aclProvider(aclProvider).build(); cf.start(); return cf; }