Examples with UnauthenticatedException alluxio.exception.status.UnauthenticatedException used on opensource projects

Example 1 with UnauthenticatedException

use of alluxio.exception.status.UnauthenticatedException in project alluxio by Alluxio.

the class ConfigurationUtils method loadConfiguration.

/**
 * Loads configuration from meta master in one RPC.
 *
 * @param address the meta master address
 * @param conf the existing configuration
 * @param ignoreClusterConf do not load cluster configuration related information
 * @param ignorePathConf do not load path configuration related information
 * @return the RPC response
 */
public static GetConfigurationPResponse loadConfiguration(InetSocketAddress address, AlluxioConfiguration conf, boolean ignoreClusterConf, boolean ignorePathConf) throws AlluxioStatusException {
    GrpcChannel channel = null;
    try {
        LOG.debug("Alluxio client (version {}) is trying to load configuration from meta master {}", RuntimeConstants.VERSION, address);
        channel = GrpcChannelBuilder.newBuilder(GrpcServerAddress.create(address), conf).setClientType("ConfigurationUtils").disableAuthentication().build();
        MetaMasterConfigurationServiceGrpc.MetaMasterConfigurationServiceBlockingStub client = MetaMasterConfigurationServiceGrpc.newBlockingStub(channel);
        GetConfigurationPResponse response = client.getConfiguration(GetConfigurationPOptions.newBuilder().setRawValue(true).setIgnoreClusterConf(ignoreClusterConf).setIgnorePathConf(ignorePathConf).build());
        LOG.debug("Alluxio client has loaded configuration from meta master {}", address);
        return response;
    } catch (io.grpc.StatusRuntimeException e) {
        throw new UnavailableException(String.format("Failed to handshake with master %s to load cluster default configuration values: %s", address, e.getMessage()), e);
    } catch (UnauthenticatedException e) {
        throw new RuntimeException(String.format("Received authentication exception during boot-strap connect with host:%s", address), e);
    } finally {
        if (channel != null) {
            channel.shutdown();
        }
    }
}

Example 2 with UnauthenticatedException

use of alluxio.exception.status.UnauthenticatedException in project alluxio by Alluxio.

the class AuthenticatedUserInjector method authenticateCall.

/**
 * Authenticates given call against auth-server state.
 * Fails the call if it's not originating from an authenticated client channel.
 * It sets thread-local authentication information for the call with the user information
 * that is kept on auth-server.
 *
 * @return {@code true} if call was authenticated successfully
 */
private <ReqT, RespT> boolean authenticateCall(ServerCall<ReqT, RespT> call, Metadata headers) {
    // Fail validation for cancelled server calls.
    if (call.isCancelled()) {
        LOG.debug("Server call has been cancelled: {}", call.getMethodDescriptor().getFullMethodName());
        return false;
    }
    // Try to fetch channel Id from the metadata.
    UUID channelId = headers.get(ChannelIdInjector.S_CLIENT_ID_KEY);
    boolean callAuthenticated = false;
    if (channelId != null) {
        try {
            // Fetch authenticated username for this channel and set it.
            AuthenticatedUserInfo userInfo = mAuthenticationServer.getUserInfoForChannel(channelId);
            LOG.debug("Acquiring credentials for service-method: {} on channel: {}", call.getMethodDescriptor().getFullMethodName(), channelId);
            if (userInfo != null) {
                AuthenticatedClientUser.set(userInfo.getAuthorizedUserName());
                AuthenticatedClientUser.setConnectionUser(userInfo.getConnectionUserName());
                AuthenticatedClientUser.setAuthMethod(userInfo.getAuthMethod());
            } else {
                AuthenticatedClientUser.remove();
            }
            callAuthenticated = true;
        } catch (UnauthenticatedException e) {
            String message = String.format("Channel: %s is not authenticated for call: %s", channelId.toString(), call.getMethodDescriptor().getFullMethodName());
            closeQuietly(call, Status.UNAUTHENTICATED.withDescription(message), headers);
        }
    } else {
        String message = String.format("Channel Id is missing for call: %s.", call.getMethodDescriptor().getFullMethodName());
        closeQuietly(call, Status.UNAUTHENTICATED.withDescription(message), headers);
    }
    return callAuthenticated;
}

Example 3 with UnauthenticatedException

use of alluxio.exception.status.UnauthenticatedException in project alluxio by Alluxio.

the class SimpleUserState method login.

@Override
public User login() throws UnauthenticatedException {
    String username = "";
    if (mConf.isSet(PropertyKey.SECURITY_LOGIN_USERNAME)) {
        username = mConf.getString(PropertyKey.SECURITY_LOGIN_USERNAME);
    }
    try {
        // Use the class loader of User.class to construct the LoginContext. LoginContext uses this
        // class loader to dynamically instantiate login modules. This enables
        // Subject#getPrincipals to use reflection to search for User.class instances.
        LoginContext loginContext = SecurityUtils.createLoginContext(AuthType.SIMPLE, mSubject, User.class.getClassLoader(), new LoginModuleConfiguration(), new AppLoginModule.AppCallbackHandler(username));
        loginContext.login();
    } catch (LoginException e) {
        throw new UnauthenticatedException("Failed to login: " + e.getMessage(), e);
    }
    LOG.debug("login subject: {}", mSubject);
    Set<User> userSet = mSubject.getPrincipals(User.class);
    if (userSet.isEmpty()) {
        throw new UnauthenticatedException("Failed to login: No Alluxio User is found.");
    }
    if (userSet.size() > 1) {
        StringBuilder msg = new StringBuilder("Failed to login: More than one Alluxio Users are found:");
        for (User user : userSet) {
            msg.append(" ").append(user.toString());
        }
        throw new UnauthenticatedException(msg.toString());
    }
    return userSet.iterator().next();
}

Example 4 with UnauthenticatedException

use of alluxio.exception.status.UnauthenticatedException in project alluxio by Alluxio.

the class AbstractClient method connect.

/**
 * Connects with the remote.
 */
@Override
public synchronized void connect() throws AlluxioStatusException {
    if (mConnected) {
        return;
    }
    disconnect();
    Preconditions.checkState(!mClosed, "Client is closed, will not try to connect.");
    IOException lastConnectFailure = null;
    RetryPolicy retryPolicy = mRetryPolicySupplier.get();
    while (retryPolicy.attempt()) {
        if (mClosed) {
            throw new FailedPreconditionException("Failed to connect: client has been closed");
        }
        // failover).
        try {
            mAddress = getAddress();
        } catch (UnavailableException e) {
            LOG.debug("Failed to determine {} rpc address ({}): {}", getServiceName(), retryPolicy.getAttemptCount(), e.toString());
            continue;
        }
        try {
            beforeConnect();
            LOG.debug("Alluxio client (version {}) is trying to connect with {} @ {}", RuntimeConstants.VERSION, getServiceName(), mAddress);
            mChannel = GrpcChannelBuilder.newBuilder(GrpcServerAddress.create(mAddress), mContext.getClusterConf()).setSubject(mContext.getSubject()).setClientType(getServiceName()).build();
            // Create stub for version service on host
            mVersionService = ServiceVersionClientServiceGrpc.newBlockingStub(mChannel);
            mConnected = true;
            afterConnect();
            checkVersion(getServiceVersion());
            LOG.debug("Alluxio client (version {}) is connected with {} @ {}", RuntimeConstants.VERSION, getServiceName(), mAddress);
            return;
        } catch (IOException e) {
            LOG.debug("Failed to connect ({}) with {} @ {}", retryPolicy.getAttemptCount(), getServiceName(), mAddress, e);
            lastConnectFailure = e;
            if (e instanceof UnauthenticatedException) {
                // If there has been a failure in opening GrpcChannel, it's possible because
                // the authentication credential has expired. Relogin.
                mContext.getUserState().relogin();
            }
            if (e instanceof NotFoundException) {
                // service is not found in the server, skip retry
                break;
            }
        }
    }
    if (mChannel != null) {
        mChannel.shutdown();
    }
    if (mAddress == null) {
        throw new UnavailableException(String.format("Failed to determine address for %s after %s attempts", getServiceName(), retryPolicy.getAttemptCount()));
    }
    /*
     * Throw as-is if {@link UnauthenticatedException} occurred.
     */
    if (lastConnectFailure instanceof UnauthenticatedException) {
        throw (AlluxioStatusException) lastConnectFailure;
    }
    if (lastConnectFailure instanceof NotFoundException) {
        throw new NotFoundException(lastConnectFailure.getMessage(), new ServiceNotFoundException(lastConnectFailure.getMessage(), lastConnectFailure));
    }
    throw new UnavailableException(String.format("Failed to connect to master (%s) after %s attempts." + "Please check if Alluxio master is currently running on \"%s\". Service=\"%s\"", mAddress, retryPolicy.getAttemptCount(), mAddress, getServiceName()), lastConnectFailure);
}

Example 5 with UnauthenticatedException

use of alluxio.exception.status.UnauthenticatedException in project alluxio by Alluxio.

the class GrpcSecurityTest method testAuthenticationClosed.

@Test
public void testAuthenticationClosed() throws Exception {
    mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
    GrpcServer server = createServer(AuthType.SIMPLE);
    try {
        server.start();
        UserState us = UserState.Factory.create(mConfiguration);
        GrpcChannel channel = GrpcChannelBuilder.newBuilder(getServerConnectAddress(server), mConfiguration).setSubject(us.getSubject()).build();
        // Grab internal channel-Id.
        GrpcConnection connection = Whitebox.getInternalState(channel, "mConnection");
        UUID channelId = connection.getChannelKey().getChannelId();
        // Assert that authentication server has a login info for the channel.
        Assert.assertNotNull(server.getAuthenticationServer().getUserInfoForChannel(channelId));
        // Shutdown channel.
        channel.shutdown();
        // Assert that authentication server doesn't contain login info for the channel anymore.
        // Wait in a loop. Because closing the authentication will propagate asynchronously.
        CommonUtils.waitFor("login state removed", () -> {
            try {
                server.getAuthenticationServer().getUserInfoForChannel(channelId);
                return false;
            } catch (UnauthenticatedException exc) {
                return true;
            }
        }, WaitForOptions.defaults().setTimeoutMs(S_AUTHENTICATION_PROPOGATE_TIMEOUT));
    } finally {
        server.shutdown();
    }
}