Examples with DelegationTokenAuthenticatedURL org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL used on opensource projects

Search in sources :

Example 1 with DelegationTokenAuthenticatedURL

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL in project hadoop by apache.

the class HttpFSFileSystem method initialize.

/**
   * Called after a new FileSystem instance is constructed.
   *
   * @param name a uri whose authority section names the host, port, etc. for this FileSystem
   * @param conf the configuration
   */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    //the real use is the one that has the Kerberos credentials needed for
    //SPNEGO to work
    realUser = ugi.getRealUser();
    if (realUser == null) {
        realUser = UserGroupInformation.getLoginUser();
    }
    super.initialize(name, conf);
    try {
        uri = new URI(name.getScheme() + "://" + name.getAuthority());
    } catch (URISyntaxException ex) {
        throw new IOException(ex);
    }
    Class<? extends DelegationTokenAuthenticator> klass = getConf().getClass("httpfs.authenticator.class", KerberosDelegationTokenAuthenticator.class, DelegationTokenAuthenticator.class);
    DelegationTokenAuthenticator authenticator = ReflectionUtils.newInstance(klass, getConf());
    authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
Also used : DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) URI(java.net.URI) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with DelegationTokenAuthenticatedURL

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL in project hadoop by apache.

the class KMSClientProvider method createConnection.

private HttpURLConnection createConnection(final URL url, String method) throws IOException {
    HttpURLConnection conn;
    try {
        final String doAsUser = getDoAsUser();
        conn = getActualUgi().doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

            @Override
            public HttpURLConnection run() throws Exception {
                DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator);
                return authUrl.openConnection(url, authToken, doAsUser);
            }
        });
    } catch (IOException ex) {
        if (ex instanceof SocketTimeoutException) {
            LOG.warn("Failed to connect to {}:{}", url.getHost(), url.getPort());
        }
        throw ex;
    } catch (UndeclaredThrowableException ex) {
        throw new IOException(ex.getUndeclaredThrowable());
    } catch (Exception ex) {
        throw new IOException(ex);
    }
    conn.setUseCaches(false);
    conn.setRequestMethod(method);
    if (method.equals(HTTP_POST) || method.equals(HTTP_PUT)) {
        conn.setDoOutput(true);
    }
    conn = configureConnection(conn);
    return conn;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) SocketTimeoutException(java.net.SocketTimeoutException) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) URISyntaxException(java.net.URISyntaxException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SocketTimeoutException(java.net.SocketTimeoutException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) ExecutionException(java.util.concurrent.ExecutionException)

Example 3 with DelegationTokenAuthenticatedURL

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL in project atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}
Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 4 with DelegationTokenAuthenticatedURL

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL in project hadoop by apache.

the class KMSClientProvider method renewDelegationToken.

@Override
public long renewDelegationToken(final Token<?> dToken) throws IOException {
    try {
        final String doAsUser = getDoAsUser();
        final DelegationTokenAuthenticatedURL.Token token = generateDelegationToken(dToken);
        final URL url = createURL(null, null, null, null);
        LOG.debug("Renewing delegation token {} with url:{}, as:{}", token, url, doAsUser);
        final DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator);
        return getActualUgi().doAs(new PrivilegedExceptionAction<Long>() {

            @Override
            public Long run() throws Exception {
                return authUrl.renewDelegationToken(url, token, doAsUser);
            }
        });
    } catch (Exception ex) {
        if (ex instanceof IOException) {
            throw (IOException) ex;
        } else {
            throw new IOException(ex);
        }
    }
}
Also used : DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) IOException(java.io.IOException) URL(java.net.URL) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) URISyntaxException(java.net.URISyntaxException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SocketTimeoutException(java.net.SocketTimeoutException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) ExecutionException(java.util.concurrent.ExecutionException)

Example 5 with DelegationTokenAuthenticatedURL

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL in project hadoop by apache.

the class KMSClientProvider method addDelegationTokens.

@Override
public Token<?>[] addDelegationTokens(final String renewer, Credentials credentials) throws IOException {
    Token<?>[] tokens = null;
    Text dtService = getDelegationTokenService();
    Token<?> token = credentials.getToken(dtService);
    if (token == null) {
        final URL url = createURL(null, null, null, null);
        final DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator);
        try {
            final String doAsUser = getDoAsUser();
            token = getActualUgi().doAs(new PrivilegedExceptionAction<Token<?>>() {

                @Override
                public Token<?> run() throws Exception {
                    // everytime.
                    return authUrl.getDelegationToken(url, new DelegationTokenAuthenticatedURL.Token(), renewer, doAsUser);
                }
            });
            if (token != null) {
                credentials.addToken(token.getService(), token);
                tokens = new Token<?>[] { token };
            } else {
                throw new IOException("Got NULL as delegation token");
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        } catch (Exception e) {
            throw new IOException(e);
        }
    }
    return tokens;
}
Also used : DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) URL(java.net.URL) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) URISyntaxException(java.net.URISyntaxException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SocketTimeoutException(java.net.SocketTimeoutException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) ExecutionException(java.util.concurrent.ExecutionException)

Aggregations

DelegationTokenAuthenticatedURL (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL)10 IOException (java.io.IOException)8 URL (java.net.URL)6 GeneralSecurityException (java.security.GeneralSecurityException)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)6 SocketTimeoutException (java.net.SocketTimeoutException)5 URISyntaxException (java.net.URISyntaxException)5 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4 HttpURLConnection (java.net.HttpURLConnection)4 MalformedURLException (java.net.MalformedURLException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 ExecutionException (java.util.concurrent.ExecutionException)4 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)4 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)4 URI (java.net.URI)3 Configuration (org.apache.hadoop.conf.Configuration)3 AuthenticatedURL (org.apache.hadoop.security.authentication.client.AuthenticatedURL)3 DelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator)3 KerberosDelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator)3 HttpURLConnectionFactory (com.sun.jersey.client.urlconnection.HttpURLConnectionFactory)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial