Example 1 with Pattern
use of com.google.re2j.Pattern in project hadoop by apache.
the class SaslRpcClient method getServerPrincipal.
/**
* Get the remote server's principal. The value will be obtained from
* the config and cross-checked against the server's advertised principal.
*
* @param authType of the SASL client
* @return String of the server's principal
* @throws IOException - error determining configured principal
*/
@VisibleForTesting
String getServerPrincipal(SaslAuth authType) throws IOException {
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
LOG.debug("Get kerberos info proto:" + protocol + " info:" + krbInfo);
if (krbInfo == null) {
// protocol has no support for kerberos
return null;
}
String serverKey = krbInfo.serverPrincipal();
if (serverKey == null) {
throw new IllegalArgumentException("Can't obtain server Kerberos config key from protocol=" + protocol.getCanonicalName());
}
// construct server advertised principal for comparision
String serverPrincipal = new KerberosPrincipal(authType.getProtocol() + "/" + authType.getServerId(), KerberosPrincipal.KRB_NT_SRV_HST).getName();
// use the pattern if defined
String serverKeyPattern = conf.get(serverKey + ".pattern");
if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) {
Pattern pattern = GlobPattern.compile(serverKeyPattern);
if (!pattern.matcher(serverPrincipal).matches()) {
throw new IllegalArgumentException(String.format("Server has invalid Kerberos principal: %s," + " doesn't match the pattern: %s", serverPrincipal, serverKeyPattern));
}
} else {
// check that the server advertised principal matches our conf
String confPrincipal = SecurityUtil.getServerPrincipal(conf.get(serverKey), serverAddr.getAddress());
if (LOG.isDebugEnabled()) {
LOG.debug("getting serverKey: " + serverKey + " conf value: " + conf.get(serverKey) + " principal: " + confPrincipal);
}
if (confPrincipal == null || confPrincipal.isEmpty()) {
throw new IllegalArgumentException("Failed to specify server's Kerberos principal name");
}
KerberosName name = new KerberosName(confPrincipal);
if (name.getHostName() == null) {
throw new IllegalArgumentException("Kerberos principal name does NOT have the expected hostname part: " + confPrincipal);
}
if (!serverPrincipal.equals(confPrincipal)) {
throw new IllegalArgumentException(String.format("Server has invalid Kerberos principal: %s, expecting: %s", serverPrincipal, confPrincipal));
}
}
return serverPrincipal;
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Pattern(com.google.re2j.Pattern)
GlobPattern(org.apache.hadoop.fs.GlobPattern)
ByteString(com.google.protobuf.ByteString)
KerberosName(org.apache.hadoop.security.authentication.util.KerberosName)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Example 2 with Pattern
use of com.google.re2j.Pattern in project hadoop by apache.
the class AbstractPatternFilter method accepts.
@Override
public boolean accepts(MetricsTag tag) {
// Accept if whitelisted
Pattern ipat = includeTagPatterns.get(tag.name());
if (ipat != null && ipat.matcher(tag.value()).matches()) {
return true;
}
// Reject if blacklisted
Pattern epat = excludeTagPatterns.get(tag.name());
if (epat != null && epat.matcher(tag.value()).matches()) {
return false;
}
// Reject if no match in whitelist only mode
if (!includeTagPatterns.isEmpty() && excludeTagPatterns.isEmpty()) {
return false;
}
return true;
}
Also used :
Pattern(com.google.re2j.Pattern)
Aggregations
Pattern (com.google.re2j.Pattern)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
ByteString (com.google.protobuf.ByteString)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
GlobPattern (org.apache.hadoop.fs.GlobPattern)1
KerberosName (org.apache.hadoop.security.authentication.util.KerberosName)1
