Example 11 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hive by apache.
the class Main method makeAuthFilter.
// Configure the AuthFilter with the Kerberos params iff security
// is enabled.
public FilterHolder makeAuthFilter() {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
if (UserGroupInformation.isSecurityEnabled()) {
//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
authFilter.setInitParameter("dfs.web.authentication.signature.secret", conf.kerberosSecret());
//https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
authFilter.setInitParameter("dfs.web.authentication.kerberos.principal", conf.kerberosPrincipal());
//http://https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.2/src/packages/templates/conf/hdfs-site.xml
authFilter.setInitParameter("dfs.web.authentication.kerberos.keytab", conf.kerberosKeytab());
}
return authFilter;
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Example 12 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hive by apache.
the class Main method makeXSRFFilter.
public FilterHolder makeXSRFFilter() {
// The header to look for. We use "X-XSRF-HEADER" if this is null.
String customHeader = null;
// Methods to not filter. By default: "GET,OPTIONS,HEAD,TRACE" if null.
String methodsToIgnore = null;
FilterHolder fHolder = new FilterHolder(Utils.getXSRFFilter());
if (customHeader != null) {
fHolder.setInitParameter(Utils.XSRF_CUSTOM_HEADER_PARAM, customHeader);
}
if (methodsToIgnore != null) {
fHolder.setInitParameter(Utils.XSRF_CUSTOM_METHODS_TO_IGNORE_PARAM, methodsToIgnore);
}
FilterHolder xsrfFilter = fHolder;
return xsrfFilter;
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Example 13 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hive by apache.
the class Main method runServer.
public Server runServer(int port) throws Exception {
//Authenticate using keytab
if (UserGroupInformation.isSecurityEnabled()) {
UserGroupInformation.loginUserFromKeytab(conf.kerberosPrincipal(), conf.kerberosKeytab());
}
// Create the Jetty server. If jetty conf file exists, use that to create server
// to have more control.
Server server = null;
if (StringUtils.isEmpty(conf.jettyConfiguration())) {
server = new Server(port);
} else {
FileInputStream jettyConf = new FileInputStream(conf.jettyConfiguration());
XmlConfiguration configuration = new XmlConfiguration(jettyConf);
server = (Server) configuration.configure();
}
ServletContextHandler root = new ServletContextHandler(server, "/");
// Add the Auth filter
FilterHolder fHolder = makeAuthFilter();
/*
* We add filters for each of the URIs supported by templeton.
* If we added the entire sub-structure using '/*', the mapreduce
* notification cannot give the callback to templeton in secure mode.
* This is because mapreduce does not use secure credentials for
* callbacks. So jetty would fail the request as unauthorized.
*/
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/ddl/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/pig/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/hive/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/sqoop/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/queue/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/jobs/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/mapreduce/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/status/*", FilterMapping.REQUEST);
root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/version/*", FilterMapping.REQUEST);
if (conf.getBoolean(AppConfig.XSRF_FILTER_ENABLED, false)) {
root.addFilter(makeXSRFFilter(), "/" + SERVLET_PATH + "/*", FilterMapping.REQUEST);
LOG.debug("XSRF filter enabled");
} else {
LOG.warn("XSRF filter disabled");
}
// Connect Jersey
ServletHolder h = new ServletHolder(new ServletContainer(makeJerseyConfig()));
root.addServlet(h, "/" + SERVLET_PATH + "/*");
// Add any redirects
addRedirects(server);
// Start the server
server.start();
this.server = server;
return server;
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
ServletContainer(com.sun.jersey.spi.container.servlet.ServletContainer)
XmlConfiguration(org.eclipse.jetty.xml.XmlConfiguration)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
FileInputStream(java.io.FileInputStream)
Example 14 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hive by apache.
the class HttpServer method setupSpnegoFilter.
/**
* Secure the web server with kerberos (AuthenticationFilter).
*/
void setupSpnegoFilter(Builder b) throws IOException {
Map<String, String> params = new HashMap<String, String>();
params.put("kerberos.principal", SecurityUtil.getServerPrincipal(b.spnegoPrincipal, b.host));
params.put("kerberos.keytab", b.spnegoKeytab);
params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
FilterHolder holder = new FilterHolder();
holder.setClassName(AuthenticationFilter.class.getName());
holder.setInitParameters(params);
ServletHandler handler = webAppContext.getServletHandler();
handler.addFilterWithMapping(holder, "/*", FilterMapping.ALL);
}
Also used :
ServletHandler(org.eclipse.jetty.servlet.ServletHandler)
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
HashMap(java.util.HashMap)
AuthenticationFilter(org.apache.hadoop.security.authentication.server.AuthenticationFilter)
Example 15 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project storm by apache.
the class UIHelpers method configFilters.
public static void configFilters(ServletContextHandler context, List<FilterConfiguration> filtersConfs) {
context.addFilter(corsFilterHandle(), "/*", EnumSet.allOf(DispatcherType.class));
for (FilterConfiguration filterConf : filtersConfs) {
String filterName = filterConf.getFilterName();
String filterClass = filterConf.getFilterClass();
Map filterParams = filterConf.getFilterParams();
if (filterClass != null) {
FilterHolder filterHolder = new FilterHolder();
filterHolder.setClassName(filterClass);
if (filterName != null) {
filterHolder.setName(filterName);
} else {
filterHolder.setName(filterClass);
}
if (filterParams != null) {
filterHolder.setInitParameters(filterParams);
} else {
filterHolder.setInitParameters(new HashMap<String, String>());
}
context.addFilter(filterHolder, "/*", FilterMapping.ALL);
}
}
context.addFilter(mkAccessLoggingFilterHandle(), "/*", EnumSet.allOf(DispatcherType.class));
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
DispatcherType(org.eclipse.jetty.server.DispatcherType)
ImmutableMap(com.google.common.collect.ImmutableMap)
Aggregations
FilterHolder (org.eclipse.jetty.servlet.FilterHolder)84
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)44
Test (org.junit.Test)35
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)32
Server (org.eclipse.jetty.server.Server)21
CountDownLatch (java.util.concurrent.CountDownLatch)18
Filter (javax.servlet.Filter)11
IOException (java.io.IOException)10
URL (java.net.URL)10
DispatcherType (javax.servlet.DispatcherType)9
ServletException (javax.servlet.ServletException)8
AuthenticationToken (org.apache.hadoop.security.authentication.server.AuthenticationToken)8
ServerConnector (org.eclipse.jetty.server.ServerConnector)8
File (java.io.File)7
HttpURLConnection (java.net.HttpURLConnection)7
PrivilegedActionException (java.security.PrivilegedActionException)7
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)7
FilterMapping (org.eclipse.jetty.servlet.FilterMapping)7
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)7
List (java.util.List)6
