Examples with Properties org.apache.accumulo.core.client.security.tokens.AuthenticationToken.Properties used on opensource projects

Example 6 with Properties

use of org.apache.accumulo.core.client.security.tokens.AuthenticationToken.Properties in project accumulo by apache.

the class TracesResource method getScanner.

protected Pair<Scanner, UserGroupInformation> getScanner() throws AccumuloException, AccumuloSecurityException {
    AccumuloConfiguration conf = Monitor.getContext().getConfiguration();
    final boolean saslEnabled = conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED);
    UserGroupInformation traceUgi = null;
    final String principal;
    final AuthenticationToken at;
    Map<String, String> loginMap = conf.getAllPropertiesWithPrefix(Property.TRACE_TOKEN_PROPERTY_PREFIX);
    // May be null
    String keytab = loginMap.get(Property.TRACE_TOKEN_PROPERTY_PREFIX.getKey() + "keytab");
    if (keytab == null || keytab.length() == 0) {
        keytab = conf.getPath(Property.GENERAL_KERBEROS_KEYTAB);
    }
    if (saslEnabled && null != keytab) {
        principal = SecurityUtil.getServerPrincipal(conf.get(Property.TRACE_USER));
        try {
            traceUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab);
        } catch (IOException e) {
            throw new RuntimeException("Failed to login as trace user", e);
        }
    } else {
        principal = conf.get(Property.TRACE_USER);
    }
    if (!saslEnabled) {
        if (loginMap.isEmpty()) {
            Property p = Property.TRACE_PASSWORD;
            at = new PasswordToken(conf.get(p).getBytes(UTF_8));
        } else {
            Properties props = new Properties();
            int prefixLength = Property.TRACE_TOKEN_PROPERTY_PREFIX.getKey().length();
            for (Entry<String, String> entry : loginMap.entrySet()) {
                props.put(entry.getKey().substring(prefixLength), entry.getValue());
            }
            AuthenticationToken token = Property.createInstanceFromPropertyName(conf, Property.TRACE_TOKEN_TYPE, AuthenticationToken.class, new PasswordToken());
            token.init(props);
            at = token;
        }
    } else {
        at = null;
    }
    final String table = conf.get(Property.TRACE_TABLE);
    Scanner scanner;
    if (null != traceUgi) {
        try {
            scanner = traceUgi.doAs(new PrivilegedExceptionAction<Scanner>() {

                @Override
                public Scanner run() throws Exception {
                    // Make the KerberosToken inside the doAs
                    AuthenticationToken token = at;
                    if (null == token) {
                        token = new KerberosToken();
                    }
                    return getScanner(table, principal, token);
                }
            });
        } catch (IOException | InterruptedException e) {
            throw new RuntimeException("Failed to obtain scanner", e);
        }
    } else {
        if (null == at) {
            throw new AssertionError("AuthenticationToken should not be null");
        }
        scanner = getScanner(table, principal, at);
    }
    return new Pair<>(scanner, traceUgi);
}

Example 7 with Properties

use of org.apache.accumulo.core.client.security.tokens.AuthenticationToken.Properties in project accumulo by apache.

the class CreateToken method execute.

@Override
public void execute(String[] args) {
    Opts opts = new Opts();
    opts.parseArgs("accumulo create-token", args);
    Password pass = opts.password;
    if (pass == null && opts.securePassword != null) {
        pass = opts.securePassword;
    }
    try {
        String principal = opts.principal;
        if (principal == null) {
            principal = getConsoleReader().readLine("Username (aka principal): ");
        }
        AuthenticationToken token = Class.forName(opts.tokenClassName).asSubclass(AuthenticationToken.class).newInstance();
        Properties props = new Properties();
        for (TokenProperty tp : token.getProperties()) {
            String input;
            if (pass != null && tp.getKey().equals("password")) {
                input = pass.toString();
            } else {
                if (tp.getMask()) {
                    input = getConsoleReader().readLine(tp.getDescription() + ": ", '*');
                } else {
                    input = getConsoleReader().readLine(tp.getDescription() + ": ");
                }
            }
            props.put(tp.getKey(), input);
            token.init(props);
        }
        String tokenBase64 = Base64.getEncoder().encodeToString(AuthenticationTokenSerializer.serialize(token));
        String tokenFile = opts.tokenFile;
        if (tokenFile == null) {
            tokenFile = getConsoleReader().readLine("File to save auth token to: ");
        }
        File tf = new File(tokenFile);
        if (!tf.exists()) {
            if (!tf.createNewFile()) {
                throw new IOException("Couldn't create " + tf.getCanonicalPath());
            }
        }
        PrintStream out = new PrintStream(new FileOutputStream(tf, true), true, UTF_8.name());
        String outString = principal + ":" + opts.tokenClassName + ":" + tokenBase64;
        out.println(outString);
        out.close();
        System.out.println("Token written to " + tokenFile + ". Remember to upload it to hdfs.");
    } catch (IOException | InstantiationException | IllegalAccessException | ClassNotFoundException e) {
        throw new RuntimeException(e);
    }
}

Example 8 with Properties

use of org.apache.accumulo.core.client.security.tokens.AuthenticationToken.Properties in project accumulo by apache.

the class ClientOpts method getToken.

public AuthenticationToken getToken() {
    if (null != tokenClassName) {
        final Properties props = new Properties();
        if (!loginProps.isEmpty()) {
            for (Entry<String, String> loginOption : loginProps.entrySet()) props.put(loginOption.getKey(), loginOption.getValue());
        }
        // It's expected that the user is already logged in via UserGroupInformation or external to this program (kinit).
        try {
            AuthenticationToken token = Class.forName(tokenClassName).asSubclass(AuthenticationToken.class).newInstance();
            token.init(props);
            return token;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
    // other token types should have resolved by this point, so return PasswordToken
    Password pass = null;
    if (securePassword != null) {
        pass = securePassword;
    } else if (password != null) {
        pass = password;
    } else {
        try {
            pass = Password.promptUser();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    return new PasswordToken(pass.value);
}