Example 6 with AuthenticationException
use of javax.security.sasl.AuthenticationException in project hive by apache.
the class LdapAuthenticationProviderImpl method Authenticate.
@Override
public void Authenticate(String user, String password) throws AuthenticationException {
DirSearch search = null;
String bindUser = this.conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER);
String bindPassword = null;
try {
char[] rawPassword = this.conf.getPassword(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD.toString());
if (rawPassword != null) {
bindPassword = new String(rawPassword);
}
} catch (IOException e) {
bindPassword = null;
}
boolean usedBind = bindUser != null && bindPassword != null;
if (!usedBind) {
// If no bind user or bind password was specified,
// we assume the user we are authenticating has the ability to search
// the LDAP tree, so we use it as the "binding" account.
// This is the way it worked before bind users were allowed in the LDAP authenticator,
// so we keep existing systems working.
bindUser = user;
bindPassword = password;
}
try {
search = createDirSearch(bindUser, bindPassword);
applyFilter(search, user);
if (usedBind) {
// If we used the bind user, then we need to authenticate again,
// this time using the full user name we got during the bind process.
createDirSearch(search.findUserDn(user), password);
}
} catch (NamingException e) {
throw new AuthenticationException("Unable to find the user in the LDAP tree. " + e.getMessage());
} finally {
ServiceUtils.cleanup(LOG, search);
}
}
Also used :
AuthenticationException(javax.security.sasl.AuthenticationException)
NamingException(javax.naming.NamingException)
DirSearch(org.apache.hive.service.auth.ldap.DirSearch)
IOException(java.io.IOException)
Example 7 with AuthenticationException
use of javax.security.sasl.AuthenticationException in project hive by apache.
the class PamAuthenticationProviderImpl method Authenticate.
@Override
public void Authenticate(String user, String password) throws AuthenticationException {
if (pamServiceNames == null || pamServiceNames.trim().isEmpty()) {
throw new AuthenticationException("No PAM services are set.");
}
String errorMsg = "Error authenticating with the PAM service: ";
String[] pamServices = pamServiceNames.split(",");
for (String pamService : pamServices) {
try {
Pam pam = new Pam(pamService);
boolean isAuthenticated = pam.authenticateSuccessful(user, password);
if (!isAuthenticated) {
throw new AuthenticationException(errorMsg + pamService);
}
} catch (Throwable e) {
// the client nicely
throw new AuthenticationException(errorMsg + pamService, e);
}
}
}
Also used :
AuthenticationException(javax.security.sasl.AuthenticationException)
Pam(net.sf.jpam.Pam)
Example 8 with AuthenticationException
use of javax.security.sasl.AuthenticationException in project hive by apache.
the class MetaStoreLdapAuthenticationProviderImpl method authenticate.
@Override
public void authenticate(String user, String password) throws AuthenticationException {
DirSearch search = null;
String bindUser = MetastoreConf.getVar(this.conf, MetastoreConf.ConfVars.METASTORE_PLAIN_LDAP_BIND_USER);
if (StringUtils.isBlank(bindUser)) {
bindUser = null;
}
String bindPassword;
try {
bindPassword = MetastoreConf.getPassword(this.conf, MetastoreConf.ConfVars.METASTORE_PLAIN_LDAP_BIND_PASSWORD);
if (StringUtils.isBlank(bindPassword)) {
bindPassword = null;
}
} catch (IOException e) {
bindPassword = null;
}
boolean usedBind = bindUser != null && bindPassword != null;
if (!usedBind) {
// If no bind user or bind password was specified,
// we assume the user we are authenticating has the ability to search
// the LDAP tree, so we use it as the "binding" account.
// This is the way it worked before bind users were allowed in the LDAP authenticator,
// so we keep existing systems working.
bindUser = user;
bindPassword = password;
}
try {
search = createDirSearch(bindUser, bindPassword);
applyFilter(search, user);
if (usedBind) {
// If we used the bind user, then we need to authenticate again,
// this time using the full user name we got during the bind process.
createDirSearch(search.findUserDn(user), password);
}
} catch (NamingException e) {
throw new AuthenticationException("Unable to find the user in the LDAP tree. " + e.getMessage());
} finally {
ServiceUtils.cleanup(LOG, search);
}
}
Also used :
AuthenticationException(javax.security.sasl.AuthenticationException)
NamingException(javax.naming.NamingException)
DirSearch(org.apache.hadoop.hive.metastore.ldap.DirSearch)
IOException(java.io.IOException)
Aggregations
AuthenticationException (javax.security.sasl.AuthenticationException)8
IOException (java.io.IOException)3
HashMap (java.util.HashMap)2
NamingException (javax.naming.NamingException)2
LoginException (javax.security.auth.login.LoginException)2
Pam (net.sf.jpam.Pam)2
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)2
TTransportException (org.apache.thrift.transport.TTransportException)2
TTransportFactory (org.apache.thrift.transport.TTransportFactory)2
ConnectionProperties (io.crate.protocols.postgres.ConnectionProperties)1
Channel (io.netty.channel.Channel)1
InetAddress (java.net.InetAddress)1
DirSearch (org.apache.hadoop.hive.metastore.ldap.DirSearch)1
TUGIContainingTransport (org.apache.hadoop.hive.metastore.security.TUGIContainingTransport)1
DirSearch (org.apache.hive.service.auth.ldap.DirSearch)1
TFramedTransport (org.apache.thrift.transport.layered.TFramedTransport)1
CloseableChannel (org.elasticsearch.common.network.CloseableChannel)1
LoggerFactory (org.slf4j.LoggerFactory)1
