Example 1 with TSaslServerTransport
use of org.apache.thrift.transport.TSaslServerTransport in project hive by apache.
the class TSetIpAddressProcessor method setUserName.
private void setUserName(final TProtocol in) {
TTransport transport = in.getTransport();
if (transport instanceof TSaslServerTransport) {
String userName = ((TSaslServerTransport) transport).getSaslServer().getAuthorizationID();
THREAD_LOCAL_USER_NAME.set(userName);
}
}
Also used :
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
TTransport(org.apache.thrift.transport.TTransport)
Example 2 with TSaslServerTransport
use of org.apache.thrift.transport.TSaslServerTransport in project hbase by apache.
the class ThriftServerRunner method setupServer.
/**
* Setting up the thrift TServer
*/
private void setupServer() throws Exception {
// Construct correct ProtocolFactory
TProtocolFactory protocolFactory;
if (conf.getBoolean(COMPACT_CONF_KEY, false)) {
LOG.debug("Using compact protocol");
protocolFactory = new TCompactProtocol.Factory();
} else {
LOG.debug("Using binary protocol");
protocolFactory = new TBinaryProtocol.Factory();
}
final TProcessor p = new Hbase.Processor<>(handler);
ImplType implType = ImplType.getServerImpl(conf);
TProcessor processor = p;
// Construct correct TransportFactory
TTransportFactory transportFactory;
if (conf.getBoolean(FRAMED_CONF_KEY, false) || implType.isAlwaysFramed) {
if (qop != null) {
throw new RuntimeException("Thrift server authentication" + " doesn't work with framed transport yet");
}
transportFactory = new TFramedTransport.Factory(conf.getInt(MAX_FRAME_SIZE_CONF_KEY, 2) * 1024 * 1024);
LOG.debug("Using framed transport");
} else if (qop == null) {
transportFactory = new TTransportFactory();
} else {
// Extract the name from the principal
String name = SecurityUtil.getUserFromPrincipal(conf.get("hbase.thrift.kerberos.principal"));
Map<String, String> saslProperties = new HashMap<>();
saslProperties.put(Sasl.QOP, qop);
TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory();
saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslGssCallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
AuthorizeCallback ac = null;
for (Callback callback : callbacks) {
if (callback instanceof AuthorizeCallback) {
ac = (AuthorizeCallback) callback;
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL GSSAPI Callback");
}
}
if (ac != null) {
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (!authid.equals(authzid)) {
ac.setAuthorized(false);
} else {
ac.setAuthorized(true);
String userName = SecurityUtil.getUserFromPrincipal(authzid);
LOG.info("Effective user: " + userName);
ac.setAuthorizedID(userName);
}
}
}
});
transportFactory = saslFactory;
// Create a processor wrapper, to get the caller
processor = new TProcessor() {
@Override
public boolean process(TProtocol inProt, TProtocol outProt) throws TException {
TSaslServerTransport saslServerTransport = (TSaslServerTransport) inProt.getTransport();
SaslServer saslServer = saslServerTransport.getSaslServer();
String principal = saslServer.getAuthorizationID();
hbaseHandler.setEffectiveUser(principal);
return p.process(inProt, outProt);
}
};
}
if (conf.get(BIND_CONF_KEY) != null && !implType.canSpecifyBindIP) {
LOG.error("Server types " + Joiner.on(", ").join(ImplType.serversThatCannotSpecifyBindIP()) + " don't support IP " + "address binding at the moment. See " + "https://issues.apache.org/jira/browse/HBASE-2155 for details.");
throw new RuntimeException("-" + BIND_CONF_KEY + " not supported with " + implType);
}
// Thrift's implementation uses '0' as a placeholder for 'use the default.'
int backlog = conf.getInt(BACKLOG_CONF_KEY, 0);
if (implType == ImplType.HS_HA || implType == ImplType.NONBLOCKING || implType == ImplType.THREADED_SELECTOR) {
InetAddress listenAddress = getBindAddress(conf);
TNonblockingServerTransport serverTransport = new TNonblockingServerSocket(new InetSocketAddress(listenAddress, listenPort));
if (implType == ImplType.NONBLOCKING) {
TNonblockingServer.Args serverArgs = new TNonblockingServer.Args(serverTransport);
serverArgs.processor(processor).transportFactory(transportFactory).protocolFactory(protocolFactory);
tserver = new TNonblockingServer(serverArgs);
} else if (implType == ImplType.HS_HA) {
THsHaServer.Args serverArgs = new THsHaServer.Args(serverTransport);
CallQueue callQueue = new CallQueue(new LinkedBlockingQueue<>(), metrics);
ExecutorService executorService = createExecutor(callQueue, serverArgs.getMaxWorkerThreads(), serverArgs.getMaxWorkerThreads());
serverArgs.executorService(executorService).processor(processor).transportFactory(transportFactory).protocolFactory(protocolFactory);
tserver = new THsHaServer(serverArgs);
} else {
// THREADED_SELECTOR
TThreadedSelectorServer.Args serverArgs = new HThreadedSelectorServerArgs(serverTransport, conf);
CallQueue callQueue = new CallQueue(new LinkedBlockingQueue<>(), metrics);
ExecutorService executorService = createExecutor(callQueue, serverArgs.getWorkerThreads(), serverArgs.getWorkerThreads());
serverArgs.executorService(executorService).processor(processor).transportFactory(transportFactory).protocolFactory(protocolFactory);
tserver = new TThreadedSelectorServer(serverArgs);
}
LOG.info("starting HBase " + implType.simpleClassName() + " server on " + Integer.toString(listenPort));
} else if (implType == ImplType.THREAD_POOL) {
// Thread pool server. Get the IP address to bind to.
InetAddress listenAddress = getBindAddress(conf);
int readTimeout = conf.getInt(THRIFT_SERVER_SOCKET_READ_TIMEOUT_KEY, THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT);
TServerTransport serverTransport = new TServerSocket(new TServerSocket.ServerSocketTransportArgs().bindAddr(new InetSocketAddress(listenAddress, listenPort)).backlog(backlog).clientTimeout(readTimeout));
TBoundedThreadPoolServer.Args serverArgs = new TBoundedThreadPoolServer.Args(serverTransport, conf);
serverArgs.processor(processor).transportFactory(transportFactory).protocolFactory(protocolFactory);
LOG.info("starting " + ImplType.THREAD_POOL.simpleClassName() + " on " + listenAddress + ":" + Integer.toString(listenPort) + " with readTimeout " + readTimeout + "ms; " + serverArgs);
TBoundedThreadPoolServer tserver = new TBoundedThreadPoolServer(serverArgs, metrics);
this.tserver = tserver;
} else {
throw new AssertionError("Unsupported Thrift server implementation: " + implType.simpleClassName());
}
// A sanity check that we instantiated the right type of server.
if (tserver.getClass() != implType.serverClass) {
throw new AssertionError("Expected to create Thrift server class " + implType.serverClass.getName() + " but got " + tserver.getClass().getName());
}
registerFilters(conf);
}
Also used :
TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory)
TNonblockingServerTransport(org.apache.thrift.transport.TNonblockingServerTransport)
TProcessor(org.apache.thrift.TProcessor)
SaslServer(javax.security.sasl.SaslServer)
InetSocketAddress(java.net.InetSocketAddress)
TThreadedSelectorServer(org.apache.thrift.server.TThreadedSelectorServer)
LogFactory(org.apache.commons.logging.LogFactory)
TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
LinkedBlockingQueue(java.util.concurrent.LinkedBlockingQueue)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
TServerSocket(org.apache.thrift.transport.TServerSocket)
THsHaServer(org.apache.thrift.server.THsHaServer)
TProcessor(org.apache.thrift.TProcessor)
TProtocol(org.apache.thrift.protocol.TProtocol)
TFramedTransport(org.apache.thrift.transport.TFramedTransport)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
TNonblockingServer(org.apache.thrift.server.TNonblockingServer)
TServerTransport(org.apache.thrift.transport.TServerTransport)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
SaslGssCallbackHandler(org.apache.hadoop.security.SaslRpcServer.SaslGssCallbackHandler)
Callback(javax.security.auth.callback.Callback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
TBinaryProtocol(org.apache.thrift.protocol.TBinaryProtocol)
TNonblockingServerSocket(org.apache.thrift.transport.TNonblockingServerSocket)
ExecutorService(java.util.concurrent.ExecutorService)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
HashMap(java.util.HashMap)
InetAddress(java.net.InetAddress)
Example 3 with TSaslServerTransport
use of org.apache.thrift.transport.TSaslServerTransport in project hbase by apache.
the class ThriftServer method run.
@Override
public int run(String[] args) throws Exception {
final Configuration conf = getConf();
TServer server = null;
Options options = getOptions();
CommandLine cmd = parseArguments(conf, options, args);
int workerThreads = 0;
int selectorThreads = 0;
// use unbounded queue by default
int maxCallQueueSize = -1;
/**
* This is to please both bin/hbase and bin/hbase-daemon. hbase-daemon provides "start" and "stop" arguments hbase
* should print the help if no argument is provided
*/
List<?> argList = cmd.getArgList();
if (cmd.hasOption("help") || !argList.contains("start") || argList.contains("stop")) {
printUsage();
return 1;
}
// Get address to bind
String bindAddress;
if (cmd.hasOption("bind")) {
bindAddress = cmd.getOptionValue("bind");
conf.set("hbase.thrift.info.bindAddress", bindAddress);
} else {
bindAddress = conf.get("hbase.thrift.info.bindAddress");
}
// Get read timeout
int readTimeout = THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT;
if (cmd.hasOption(READ_TIMEOUT_OPTION)) {
try {
readTimeout = Integer.parseInt(cmd.getOptionValue(READ_TIMEOUT_OPTION));
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the timeout option", e);
}
} else {
readTimeout = conf.getInt(THRIFT_SERVER_SOCKET_READ_TIMEOUT_KEY, THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT);
}
// Get port to bind to
int listenPort = 0;
try {
if (cmd.hasOption("port")) {
listenPort = Integer.parseInt(cmd.getOptionValue("port"));
} else {
listenPort = conf.getInt("hbase.regionserver.thrift.port", DEFAULT_LISTEN_PORT);
}
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the port option", e);
}
// Thrift's implementation uses '0' as a placeholder for 'use the default.'
int backlog = conf.getInt(BACKLOG_CONF_KEY, 0);
// Local hostname and user name,
// used only if QOP is configured.
String host = null;
String name = null;
UserProvider userProvider = UserProvider.instantiate(conf);
// login the server principal (if using secure Hadoop)
boolean securityEnabled = userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
if (securityEnabled) {
host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"), conf.get("hbase.thrift.dns.nameserver", "default")));
userProvider.login("hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal", host);
}
UserGroupInformation realUser = userProvider.getCurrent().getUGI();
String stringQop = conf.get(THRIFT_QOP_KEY);
SaslUtil.QualityOfProtection qop = null;
if (stringQop != null) {
qop = SaslUtil.getQop(stringQop);
if (!securityEnabled) {
throw new IOException("Thrift server must" + " run in secure mode to support authentication");
}
// Extract the name from the principal
name = SecurityUtil.getUserFromPrincipal(conf.get("hbase.thrift.kerberos.principal"));
}
boolean nonblocking = cmd.hasOption("nonblocking");
boolean hsha = cmd.hasOption("hsha");
boolean selector = cmd.hasOption("selector");
ThriftMetrics metrics = new ThriftMetrics(conf, ThriftMetrics.ThriftServerType.TWO);
final JvmPauseMonitor pauseMonitor = new JvmPauseMonitor(conf, metrics.getSource());
String implType = "threadpool";
if (nonblocking) {
implType = "nonblocking";
} else if (hsha) {
implType = "hsha";
} else if (selector) {
implType = "selector";
}
conf.set("hbase.regionserver.thrift.server.type", implType);
conf.setInt("hbase.regionserver.thrift.port", listenPort);
registerFilters(conf);
// Construct correct ProtocolFactory
boolean compact = cmd.hasOption("compact") || conf.getBoolean("hbase.regionserver.thrift.compact", false);
TProtocolFactory protocolFactory = getTProtocolFactory(compact);
final ThriftHBaseServiceHandler hbaseHandler = new ThriftHBaseServiceHandler(conf, userProvider);
THBaseService.Iface handler = ThriftHBaseServiceHandler.newInstance(hbaseHandler, metrics);
final THBaseService.Processor p = new THBaseService.Processor(handler);
conf.setBoolean("hbase.regionserver.thrift.compact", compact);
TProcessor processor = p;
boolean framed = cmd.hasOption("framed") || conf.getBoolean("hbase.regionserver.thrift.framed", false) || nonblocking || hsha;
TTransportFactory transportFactory = getTTransportFactory(qop, name, host, framed, conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb", 2) * 1024 * 1024);
InetSocketAddress inetSocketAddress = bindToPort(bindAddress, listenPort);
conf.setBoolean("hbase.regionserver.thrift.framed", framed);
if (qop != null) {
// Create a processor wrapper, to get the caller
processor = new TProcessor() {
@Override
public boolean process(TProtocol inProt, TProtocol outProt) throws TException {
TSaslServerTransport saslServerTransport = (TSaslServerTransport) inProt.getTransport();
SaslServer saslServer = saslServerTransport.getSaslServer();
String principal = saslServer.getAuthorizationID();
hbaseHandler.setEffectiveUser(principal);
return p.process(inProt, outProt);
}
};
}
if (cmd.hasOption("w")) {
workerThreads = Integer.parseInt(cmd.getOptionValue("w"));
}
if (cmd.hasOption("s")) {
selectorThreads = Integer.parseInt(cmd.getOptionValue("s"));
}
if (cmd.hasOption("q")) {
maxCallQueueSize = Integer.parseInt(cmd.getOptionValue("q"));
}
// check for user-defined info server port setting, if so override the conf
try {
if (cmd.hasOption("infoport")) {
String val = cmd.getOptionValue("infoport");
conf.setInt("hbase.thrift.info.port", Integer.parseInt(val));
log.debug("Web UI port set to " + val);
}
} catch (NumberFormatException e) {
log.error("Could not parse the value provided for the infoport option", e);
printUsage();
System.exit(1);
}
// Put up info server.
int port = conf.getInt("hbase.thrift.info.port", 9095);
if (port >= 0) {
conf.setLong("startcode", System.currentTimeMillis());
String a = conf.get("hbase.thrift.info.bindAddress", "0.0.0.0");
InfoServer infoServer = new InfoServer("thrift", a, port, false, conf);
infoServer.setAttribute("hbase.conf", conf);
infoServer.start();
}
if (nonblocking) {
server = getTNonBlockingServer(protocolFactory, processor, transportFactory, inetSocketAddress);
} else if (hsha) {
server = getTHsHaServer(protocolFactory, processor, transportFactory, workerThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else if (selector) {
server = getTThreadedSelectorServer(protocolFactory, processor, transportFactory, workerThreads, selectorThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else {
server = getTThreadPoolServer(protocolFactory, processor, transportFactory, workerThreads, inetSocketAddress, backlog, readTimeout, metrics);
}
final TServer tserver = server;
realUser.doAs(new PrivilegedAction<Object>() {
@Override
public Object run() {
pauseMonitor.start();
try {
tserver.serve();
return null;
} finally {
pauseMonitor.stop();
}
}
});
// when tserver.stop eventually happens we'll get here.
return 0;
}
Also used :
TException(org.apache.thrift.TException)
Options(org.apache.commons.cli.Options)
TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory)
TProcessor(org.apache.thrift.TProcessor)
Configuration(org.apache.hadoop.conf.Configuration)
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
TServer(org.apache.thrift.server.TServer)
InetSocketAddress(java.net.InetSocketAddress)
SaslServer(javax.security.sasl.SaslServer)
JvmPauseMonitor(org.apache.hadoop.hbase.util.JvmPauseMonitor)
TProcessor(org.apache.thrift.TProcessor)
UserProvider(org.apache.hadoop.hbase.security.UserProvider)
TProtocol(org.apache.thrift.protocol.TProtocol)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
THBaseService(org.apache.hadoop.hbase.thrift2.generated.THBaseService)
IOException(java.io.IOException)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
CommandLine(org.apache.commons.cli.CommandLine)
ThriftMetrics(org.apache.hadoop.hbase.thrift.ThriftMetrics)
InfoServer(org.apache.hadoop.hbase.http.InfoServer)
SaslUtil(org.apache.hadoop.hbase.security.SaslUtil)
Aggregations
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)3
InetSocketAddress (java.net.InetSocketAddress)2
SaslServer (javax.security.sasl.SaslServer)2
TProcessor (org.apache.thrift.TProcessor)2
TProtocol (org.apache.thrift.protocol.TProtocol)2
TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)2
TTransportFactory (org.apache.thrift.transport.TTransportFactory)2
IOException (java.io.IOException)1
InetAddress (java.net.InetAddress)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
TreeMap (java.util.TreeMap)1
ExecutorService (java.util.concurrent.ExecutorService)1
LinkedBlockingQueue (java.util.concurrent.LinkedBlockingQueue)1
Callback (javax.security.auth.callback.Callback)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1
CommandLine (org.apache.commons.cli.CommandLine)1
Options (org.apache.commons.cli.Options)1
LogFactory (org.apache.commons.logging.LogFactory)1
