Example 6 with DelegationTokenImpl
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class SaslConnectionParamsTest method testDelegationTokenImpl.
@Test
public void testDelegationTokenImpl() throws Exception {
final DelegationTokenImpl token = new DelegationTokenImpl(new byte[0], new AuthenticationTokenIdentifier(createTAuthIdentifier("user", 1, 10L, 20L, "instanceid")));
testUser.doAs((PrivilegedExceptionAction<Void>) () -> {
final SaslConnectionParams saslParams = createSaslParams(token);
assertEquals(primary, saslParams.getKerberosServerPrimary());
final QualityOfProtection defaultQop = QualityOfProtection.get(Property.RPC_SASL_QOP.getDefaultValue());
assertEquals(defaultQop, saslParams.getQualityOfProtection());
assertEquals(SaslMechanism.DIGEST_MD5, saslParams.getMechanism());
assertNotNull(saslParams.getCallbackHandler());
assertEquals(SaslClientDigestCallbackHandler.class, saslParams.getCallbackHandler().getClass());
Map<String, String> properties = saslParams.getSaslProperties();
assertEquals(1, properties.size());
assertEquals(defaultQop.getQuality(), properties.get(Sasl.QOP));
assertEquals(username, saslParams.getPrincipal());
return null;
});
}
Also used :
QualityOfProtection(org.apache.accumulo.core.rpc.SaslConnectionParams.QualityOfProtection)
DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
Map(java.util.Map)
Test(org.junit.jupiter.api.Test)
Example 7 with DelegationTokenImpl
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class SaslConnectionParamsTest method testEquality.
@Test
public void testEquality() throws Exception {
final KerberosToken token = EasyMock.createMock(KerberosToken.class);
SaslConnectionParams params1 = testUser.doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token));
SaslConnectionParams params2 = testUser.doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token));
assertEquals(params1, params2);
assertEquals(params1.hashCode(), params2.hashCode());
final DelegationTokenImpl delToken1 = new DelegationTokenImpl(new byte[0], new AuthenticationTokenIdentifier(createTAuthIdentifier("user", 1, 10L, 20L, "instanceid")));
SaslConnectionParams params3 = testUser.doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(delToken1));
assertNotEquals(params1, params3);
assertNotEquals(params1.hashCode(), params3.hashCode());
assertNotEquals(params2, params3);
assertNotEquals(params2.hashCode(), params3.hashCode());
final DelegationTokenImpl delToken2 = new DelegationTokenImpl(new byte[0], new AuthenticationTokenIdentifier(createTAuthIdentifier("user", 1, 10L, 20L, "instanceid")));
SaslConnectionParams params4 = testUser.doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(delToken2));
assertNotEquals(params1, params4);
assertNotEquals(params1.hashCode(), params4.hashCode());
assertNotEquals(params2, params4);
assertNotEquals(params2.hashCode(), params4.hashCode());
assertEquals(params3, params4);
assertEquals(params3.hashCode(), params4.hashCode());
}
Also used :
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
Test(org.junit.jupiter.api.Test)
Example 8 with DelegationTokenImpl
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class AbstractInputFormat method setConnectorInfo.
/**
* Sets the connector information needed to communicate with Accumulo in this job.
*
* <p>
* <b>WARNING:</b> Some tokens, when serialized, divulge sensitive information in the
* configuration as a means to pass the token to MapReduce tasks. This information is BASE64
* encoded to provide a charset safe conversion to a string, but this conversion is not intended
* to be secure. {@link PasswordToken} is one example that is insecure in this way; however
* {@link DelegationToken}s, acquired using
* {@link SecurityOperations#getDelegationToken(DelegationTokenConfig)}, is not subject to this
* concern.
*
* @param job
* the Hadoop job instance to be configured
* @param principal
* a valid Accumulo user name (user must have Table.CREATE permission)
* @param token
* the user's password
* @since 1.5.0
*/
public static void setConnectorInfo(JobConf job, String principal, AuthenticationToken token) throws AccumuloSecurityException {
if (token instanceof KerberosToken) {
log.info("Received KerberosToken, attempting to fetch DelegationToken");
try {
ClientContext client = InputConfigurator.client(CLASS, job);
token = client.securityOperations().getDelegationToken(new DelegationTokenConfig());
} catch (Exception e) {
log.warn("Failed to automatically obtain DelegationToken, Mappers/Reducers will likely" + " fail to communicate with Accumulo", e);
}
}
// the configuration
if (token instanceof DelegationTokenImpl) {
DelegationTokenImpl delegationToken = (DelegationTokenImpl) token;
// Convert it into a Hadoop Token
AuthenticationTokenIdentifier identifier = delegationToken.getIdentifier();
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
// Add the Hadoop Token to the Job so it gets serialized and passed along.
job.getCredentials().addToken(hadoopToken.getService(), hadoopToken);
}
InputConfigurator.setConnectorInfo(CLASS, job, principal, token);
}
Also used :
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)
ClientContext(org.apache.accumulo.core.clientImpl.ClientContext)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
DelegationToken(org.apache.accumulo.core.client.security.tokens.DelegationToken)
Token(org.apache.hadoop.security.token.Token)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
IOException(java.io.IOException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
Example 9 with DelegationTokenImpl
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class AccumuloOutputFormat method setConnectorInfo.
/**
* Sets the connector information needed to communicate with Accumulo in this job.
*
* <p>
* <b>WARNING:</b> Some tokens, when serialized, divulge sensitive information in the
* configuration as a means to pass the token to MapReduce tasks. This information is BASE64
* encoded to provide a charset safe conversion to a string, but this conversion is not intended
* to be secure. {@link PasswordToken} is one example that is insecure in this way; however
* {@link DelegationToken}s, acquired using
* {@link SecurityOperations#getDelegationToken(DelegationTokenConfig)}, is not subject to this
* concern.
*
* @param job
* the Hadoop job instance to be configured
* @param principal
* a valid Accumulo user name (user must have Table.CREATE permission if
* {@link #setCreateTables(JobConf, boolean)} is set to true)
* @param token
* the user's password
* @since 1.5.0
*/
public static void setConnectorInfo(JobConf job, String principal, AuthenticationToken token) throws AccumuloSecurityException {
if (token instanceof KerberosToken) {
log.info("Received KerberosToken, attempting to fetch DelegationToken");
try {
ClientContext client = OutputConfigurator.client(CLASS, job);
token = client.securityOperations().getDelegationToken(new DelegationTokenConfig());
} catch (Exception e) {
log.warn("Failed to automatically obtain DelegationToken, " + "Mappers/Reducers will likely fail to communicate with Accumulo", e);
}
}
// the configuration
if (token instanceof DelegationTokenImpl) {
DelegationTokenImpl delegationToken = (DelegationTokenImpl) token;
// Convert it into a Hadoop Token
AuthenticationTokenIdentifier identifier = delegationToken.getIdentifier();
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
// Add the Hadoop Token to the Job so it gets serialized and passed along.
job.getCredentials().addToken(hadoopToken.getService(), hadoopToken);
}
OutputConfigurator.setConnectorInfo(CLASS, job, principal, token);
}
Also used :
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)
ClientContext(org.apache.accumulo.core.clientImpl.ClientContext)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
DelegationToken(org.apache.accumulo.core.client.security.tokens.DelegationToken)
AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken)
Token(org.apache.hadoop.security.token.Token)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
TableExistsException(org.apache.accumulo.core.client.TableExistsException)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
MutationsRejectedException(org.apache.accumulo.core.client.MutationsRejectedException)
IOException(java.io.IOException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
Example 10 with DelegationTokenImpl
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class AccumuloOutputFormat method setConnectorInfo.
/**
* Sets the connector information needed to communicate with Accumulo in this job.
*
* <p>
* <b>WARNING:</b> Some tokens, when serialized, divulge sensitive information in the
* configuration as a means to pass the token to MapReduce tasks. This information is BASE64
* encoded to provide a charset safe conversion to a string, but this conversion is not intended
* to be secure. {@link PasswordToken} is one example that is insecure in this way; however
* {@link DelegationToken}s, acquired using
* {@link SecurityOperations#getDelegationToken(DelegationTokenConfig)}, is not subject to this
* concern.
*
* @param job
* the Hadoop job instance to be configured
* @param principal
* a valid Accumulo user name (user must have Table.CREATE permission if
* {@link #setCreateTables(Job, boolean)} is set to true)
* @param token
* the user's password
* @since 1.5.0
*/
public static void setConnectorInfo(Job job, String principal, AuthenticationToken token) throws AccumuloSecurityException {
if (token instanceof KerberosToken) {
log.info("Received KerberosToken, attempting to fetch DelegationToken");
try {
ClientContext client = OutputConfigurator.client(CLASS, job.getConfiguration());
token = client.securityOperations().getDelegationToken(new DelegationTokenConfig());
} catch (Exception e) {
log.warn("Failed to automatically obtain DelegationToken, " + "Mappers/Reducers will likely fail to communicate with Accumulo", e);
}
}
// the configuration
if (token instanceof DelegationTokenImpl) {
DelegationTokenImpl delegationToken = (DelegationTokenImpl) token;
// Convert it into a Hadoop Token
AuthenticationTokenIdentifier identifier = delegationToken.getIdentifier();
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
// Add the Hadoop Token to the Job so it gets serialized and passed along.
job.getCredentials().addToken(hadoopToken.getService(), hadoopToken);
}
OutputConfigurator.setConnectorInfo(CLASS, job.getConfiguration(), principal, token);
}
Also used :
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)
ClientContext(org.apache.accumulo.core.clientImpl.ClientContext)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
DelegationToken(org.apache.accumulo.core.client.security.tokens.DelegationToken)
AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken)
Token(org.apache.hadoop.security.token.Token)
KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
TableExistsException(org.apache.accumulo.core.client.TableExistsException)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
MutationsRejectedException(org.apache.accumulo.core.client.MutationsRejectedException)
IOException(java.io.IOException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
Aggregations
DelegationTokenImpl (org.apache.accumulo.core.clientImpl.DelegationTokenImpl)14
AuthenticationTokenIdentifier (org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)11
KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)8
IOException (java.io.IOException)6
DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)6
AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)6
AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)5
AccumuloException (org.apache.accumulo.core.client.AccumuloException)4
TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)4
DelegationToken (org.apache.accumulo.core.client.security.tokens.DelegationToken)4
PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)4
ClientContext (org.apache.accumulo.core.clientImpl.ClientContext)4
Token (org.apache.hadoop.security.token.Token)4
Test (org.junit.jupiter.api.Test)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
DataInputStream (java.io.DataInputStream)3
AccumuloClient (org.apache.accumulo.core.client.AccumuloClient)2
MutationsRejectedException (org.apache.accumulo.core.client.MutationsRejectedException)2
TableExistsException (org.apache.accumulo.core.client.TableExistsException)2
Text (org.apache.hadoop.io.Text)2
