Package org.apache.hadoop.security.SaslRpcServer

Examples of org.apache.hadoop.security.SaslRpcServer.AuthMethod

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
     @Override
     public TTransport createClientTransport(
       String principalConfig, String host,
        String methodStr, String tokenStrForm, TTransport underlyingTransport)
       throws IOException {
       AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);

       TTransport saslTransport = null;
       switch (method) {
         case DIGEST:
           Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
           t.decodeFromUrlString(tokenStrForm);
           saslTransport = new TSaslClientTransport(
            method.getMechanismName(),
            null,
            null, SaslRpcServer.SASL_DEFAULT_REALM,
            SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(t),
            underlyingTransport);
           return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());

         case KERBEROS:
           String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host);
           String names[] = SaslRpcServer.splitKerberosName(serverPrincipal);
           if (names.length != 3) {
             throw new IOException(
               "Kerberos principal name does NOT have the expected hostname part: "
                 + serverPrincipal);
           }
           try {
             saslTransport = new TSaslClientTransport(
               method.getMechanismName(),
               null,
               names[0], names[1],
               SaslRpcServer.SASL_PROPS, null,
               underlyingTransport);
             return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
     @Override
     public TTransport createClientTransport(
       String principalConfig, String host,
        String methodStr, String tokenStrForm, TTransport underlyingTransport)
       throws IOException {
       AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);

       TTransport saslTransport = null;
       switch (method) {
         case DIGEST:
           Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
           t.decodeFromUrlString(tokenStrForm);
           saslTransport = new TSaslClientTransport(
            method.getMechanismName(),
            null,
            null, SaslRpcServer.SASL_DEFAULT_REALM,
            SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(t),
            underlyingTransport);
           return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());

         case KERBEROS:
           String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host);
           String names[] = SaslRpcServer.splitKerberosName(serverPrincipal);
           if (names.length != 3) {
             throw new IOException(
               "Kerberos principal name does NOT have the expected hostname part: "
                 + serverPrincipal);
           }
           try {
             saslTransport = new TSaslClientTransport(
               method.getMechanismName(),
               null,
               names[0], names[1],
               SaslRpcServer.SASL_PROPS, null,
               underlyingTransport);
             return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
    boolean switchToSimple = false;
    for (SaslAuth authType : authTypes) {
      if (!isValidAuthType(authType)) {
        continue; // don't know what it is, try next
      }
      AuthMethod authMethod = AuthMethod.valueOf(authType.getMethod());
      if (authMethod == AuthMethod.SIMPLE) {
        switchToSimple = true;
      } else {
        saslClient = createSaslClient(authType);
        if (saslClient == null) { // client lacks credentials, try next
View Full Code Here
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
    return selectedAuthType;
  }
 

  private boolean isValidAuthType(SaslAuth authType) {
    AuthMethod authMethod;
    try {
      authMethod = AuthMethod.valueOf(authType.getMethod());
    } catch (IllegalArgumentException iae) { // unknown auth
      authMethod = null;
    }
    // do we know what it is?  is it using our mechanism?
    return authMethod != null &&
           authMethod.getMechanismName().equals(authType.getMechanism());
 
View Full Code Here
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
    final String saslServerName = authType.getServerId();
    Map<String, String> saslProperties =
      saslPropsResolver.getClientProperties(serverAddr.getAddress())
    CallbackHandler saslCallback = null;
   
    final AuthMethod method = AuthMethod.valueOf(authType.getMethod());
    switch (method) {
      case TOKEN: {
        Token<?> token = getServerToken(authType);
        if (token == null) {
          return null; // tokens aren't supported or user doesn't have one
        }
        saslCallback = new SaslClientCallbackHandler(token);
        break;
      }
      case KERBEROS: {
        if (ugi.getRealAuthenticationMethod().getAuthMethod() !=
            AuthMethod.KERBEROS) {
          return null; // client isn't using kerberos
        }
        String serverPrincipal = getServerPrincipal(authType);
        if (serverPrincipal == null) {
          return null; // protocol doesn't use kerberos
        }
        if (LOG.isDebugEnabled()) {
          LOG.debug("RPC Server's Kerberos principal name for protocol="
              + protocol.getCanonicalName() + " is " + serverPrincipal);
        }
        break;
      }
      default:
        throw new IOException("Unknown authentication method " + method);
    }
   
    String mechanism = method.getMechanismName();
    if (LOG.isDebugEnabled()) {
      LOG.debug("Creating SASL " + mechanism + "(" + method + ") "
          + " client to authenticate to service at " + saslServerName);
    }
    return Sasl.createSaslClient(
View Full Code Here
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
    @Override
    public TTransport createClientTransport(
        String principalConfig, String host,
        String methodStr, String tokenStrForm, TTransport underlyingTransport,
        Map<String, String> saslProps) throws IOException {
      AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);

      TTransport saslTransport = null;
      switch (method) {
      case DIGEST:
        Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
        t.decodeFromUrlString(tokenStrForm);
        saslTransport = new TSaslClientTransport(
            method.getMechanismName(),
            null,
            null, SaslRpcServer.SASL_DEFAULT_REALM,
            saslProps, new SaslClientCallbackHandler(t),
            underlyingTransport);
        return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());

      case KERBEROS:
        String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host);
        String names[] = SaslRpcServer.splitKerberosName(serverPrincipal);
        if (names.length != 3) {
          throw new IOException(
              "Kerberos principal name does NOT have the expected hostname part: "
                  + serverPrincipal);
        }
        try {
          saslTransport = new TSaslClientTransport(
              method.getMechanismName(),
              null,
              names[0], names[1],
              saslProps, null,
              underlyingTransport);
          return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
View Full Code Here
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
     @Override
     public TTransport createClientTransport(
       String principalConfig, String host,
        String methodStr, String tokenStrForm, TTransport underlyingTransport)
       throws IOException {
       AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);

       TTransport saslTransport = null;
       switch (method) {
         case DIGEST:
           Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
           t.decodeFromUrlString(tokenStrForm);
           saslTransport = new TSaslClientTransport(
            method.getMechanismName(),
            null,
            null, SaslRpcServer.SASL_DEFAULT_REALM,
            SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(t),
            underlyingTransport);
           return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());

         case KERBEROS:
           String serverPrincipal = SecurityUtil.getServerPrincipal(principalConfig, host);
           String names[] = SaslRpcServer.splitKerberosName(serverPrincipal);
           if (names.length != 3) {
             throw new IOException(
               "Kerberos principal name does NOT have the expected hostname part: "
                 + serverPrincipal);
           }
           try {
             saslTransport = new TSaslClientTransport(
               method.getMechanismName(),
               null,
               names[0], names[1],
               SaslRpcServer.SASL_PROPS, null,
               underlyingTransport);
             return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
View Full Code Here
362
363
364
365
366
367
368
369
370
371
372
    TestSaslProtocol proxy = null;
    try {
      proxy = RPC.getProxy(TestSaslProtocol.class,
          TestSaslProtocol.versionID, addr, conf);
      AuthMethod authMethod = proxy.getAuthMethod();
      assertEquals(TOKEN, authMethod);
      //QOP must be auth
      assertEquals(expectedQop.saslQop,
                   RPC.getConnectionIdForProxy(proxy).getSaslQop());           
      proxy.ping();
View Full Code Here
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
                TestSaslProtocol.versionID, addr, clientConf);
           
            proxy.ping();
            // make sure the other side thinks we are who we said we are!!!
            assertEquals(clientUgi.getUserName(), proxy.getAuthUser());
            AuthMethod authMethod = proxy.getAuthMethod();
            // verify sasl completed with correct QOP
            assertEquals((authMethod != SIMPLE) ? expectedQop.saslQop : null,
                         RPC.getConnectionIdForProxy(proxy).getSaslQop());           
            return authMethod.toString();
          } finally {
            if (proxy != null) {
              RPC.stopProxy(proxy);
            }
          }
View Full Code Here
362
363
364
365
366
367
368
369
370
371
372
    TestSaslProtocol proxy = null;
    try {
      proxy = RPC.getProxy(TestSaslProtocol.class,
          TestSaslProtocol.versionID, addr, conf);
      AuthMethod authMethod = proxy.getAuthMethod();
      assertEquals(TOKEN, authMethod);
      //QOP must be auth
      assertEquals(expectedQop.saslQop,
                   RPC.getConnectionIdForProxy(proxy).getSaslQop());           
      proxy.ping();
View Full Code Here
TOP

Related Classes of org.apache.hadoop.security.SaslRpcServer.AuthMethod

  • org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Client
  • org.apache.hadoop.ipc.TestSaslRPC
  • org.apache.hadoop.security.SaslRpcClient
  • org.apache.hadoop.thriftfs.HadoopThriftAuthBridge$Client
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.