Examples with AuthenticatorFactory org.apache.drill.exec.rpc.security.AuthenticatorFactory used on opensource projects

Example 1 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by apache.

the class UserClient method authenticate.

private CheckedFuture<Void, SaslException> authenticate(final DrillProperties properties) {
    final Map<String, String> propertiesMap = properties.stringPropertiesAsMap();
    // Set correct QOP property and Strength based on server needs encryption or not.
    // If ChunkMode is enabled then negotiate for buffer size equal to wrapChunkSize,
    // If ChunkMode is disabled then negotiate for MAX_WRAPPED_SIZE buffer size.
    propertiesMap.putAll(SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize()));
    // use handleAuthFailure to setException
    final SettableFuture<Void> authSettable = SettableFuture.create();
    final CheckedFuture<Void, SaslException> authFuture = new AbstractCheckedFuture<Void, SaslException>(authSettable) {

        @Override
        protected SaslException mapException(Exception e) {
            if (e instanceof ExecutionException) {
                final Throwable cause = Throwables.getRootCause(e);
                if (cause instanceof SaslException) {
                    return new SaslException(String.format("Authentication failed. [Details: %s, Error %s]", connection.getEncryptionCtxtString(), cause.getMessage()), cause);
                }
            }
            return new SaslException(String.format("Authentication failed unexpectedly. [Details: %s, Error %s]", connection.getEncryptionCtxtString(), e.getMessage()), e);
        }
    };
    final AuthenticatorFactory factory;
    final String mechanismName;
    final UserGroupInformation ugi;
    final SaslClient saslClient;
    try {
        factory = getAuthenticatorFactory(properties);
        mechanismName = factory.getSimpleName();
        logger.trace("Will try to authenticate to server using {} mechanism with encryption context {}", mechanismName, connection.getEncryptionCtxtString());
        ugi = factory.createAndLoginUser(propertiesMap);
        saslClient = factory.createSaslClient(ugi, propertiesMap);
        if (saslClient == null) {
            throw new SaslException(String.format("Cannot initiate authentication using %s mechanism. Insufficient " + "credentials or selected mechanism doesn't support configured security layers?", factory.getSimpleName()));
        }
        connection.setSaslClient(saslClient);
    } catch (final IOException e) {
        authSettable.setException(e);
        return authFuture;
    }
    logger.trace("Initiating SASL exchange.");
    new AuthenticationOutcomeListener<>(this, connection, RpcType.SASL_MESSAGE, ugi, new RpcOutcomeListener<Void>() {

        @Override
        public void failed(RpcException ex) {
            authSettable.setException(ex);
        }

        @Override
        public void success(Void value, ByteBuf buffer) {
            authComplete = true;
            authSettable.set(null);
        }

        @Override
        public void interrupted(InterruptedException e) {
            authSettable.setException(e);
        }
    }).initiate(mechanismName);
    return authFuture;
}

Example 2 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by apache.

the class BitRpcUtility method prepareSaslHandshake.

/**
 * Creates various instances needed to start the SASL handshake. This is called from
 * {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} only for
 * {@link org.apache.drill.exec.rpc.data.DataClient} and {@link org.apache.drill.exec.rpc.control.ControlClient}
 *
 * @param connectionHandler    - Connection handler used by client's to know about success/failure conditions.
 * @param serverAuthMechanisms - List of auth mechanisms configured on server side
 * @param connection - ClientConnection used for authentication
 * @param config - ClientConnection config
 * @param endpoint - Remote DrillbitEndpoint
 * @param client - Either of DataClient/ControlClient instance
 * @param saslRpcType - SASL_MESSAGE RpcType for Data and Control channel
 */
public static <T extends EnumLite, CC extends ClientConnection, HS extends MessageLite, HR extends MessageLite> void prepareSaslHandshake(final RpcConnectionHandler<CC> connectionHandler, List<String> serverAuthMechanisms, CC connection, BitConnectionConfig config, DrillbitEndpoint endpoint, final BasicClient<T, CC, HS, HR> client, T saslRpcType) {
    try {
        final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize());
        final UserGroupInformation ugi = UserGroupInformation.getLoginUser();
        final AuthenticatorFactory factory = config.getAuthFactory(serverAuthMechanisms);
        client.startSaslHandshake(connectionHandler, config.getSaslClientProperties(endpoint, saslProperties), ugi, factory, saslRpcType);
    } catch (final IOException e) {
        logger.error("Failed while doing setup for starting sasl handshake for connection {}", connection.getName());
        final Exception ex = new RpcException(String.format("Failed to initiate authentication to %s", endpoint.getAddress()), e);
        connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
    }
}

Example 3 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by apache.

the class DrillRestLoginService method login.

@Override
public UserIdentity login(String username, Object credentials) {
    if (!(credentials instanceof String)) {
        return null;
    }
    try {
        // Authenticate WebUser locally using UserAuthenticator. If WebServer is started that guarantees the PLAIN
        // mechanism is configured and authenticator is also available
        final AuthenticatorFactory plainFactory = drillbitContext.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
        final UserAuthenticator userAuthenticator = ((PlainFactory) plainFactory).getAuthenticator();
        // Authenticate the user with configured Authenticator
        userAuthenticator.authenticate(username, credentials.toString());
        logger.debug("WebUser {} is successfully authenticated", username);
        final SystemOptionManager sysOptions = drillbitContext.getOptionManager();
        final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(username, sysOptions.getOption(ExecConstants.ADMIN_USERS_KEY).string_val, sysOptions.getOption(ExecConstants.ADMIN_USER_GROUPS_KEY).string_val);
        // Create the UserPrincipal corresponding to logged in user.
        final Principal userPrincipal = new DrillUserPrincipal(username, isAdmin);
        final Subject subject = new Subject();
        subject.getPrincipals().add(userPrincipal);
        subject.getPrivateCredentials().add(credentials);
        if (isAdmin) {
            subject.getPrincipals().addAll(DrillUserPrincipal.ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.ADMIN_USER_ROLES);
        } else {
            subject.getPrincipals().addAll(DrillUserPrincipal.NON_ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
        }
    } catch (final Exception e) {
        if (e instanceof UserAuthenticationException) {
            logger.debug("Authentication failed for WebUser '{}'", username, e);
        } else {
            logger.error("UnExpected failure occurred for WebUser {} during login.", username, e);
        }
        return null;
    }
}

Example 4 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by axbaretto.

the class DrillRestLoginService method login.

@Override
public UserIdentity login(String username, Object credentials) {
    if (!(credentials instanceof String)) {
        return null;
    }
    try {
        // Authenticate WebUser locally using UserAuthenticator. If WebServer is started that guarantees the PLAIN
        // mechanism is configured and authenticator is also available
        final AuthenticatorFactory plainFactory = drillbitContext.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
        final UserAuthenticator userAuthenticator = ((PlainFactory) plainFactory).getAuthenticator();
        // Authenticate the user with configured Authenticator
        userAuthenticator.authenticate(username, credentials.toString());
        logger.debug("WebUser {} is successfully authenticated", username);
        final SystemOptionManager sysOptions = drillbitContext.getOptionManager();
        final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(username, ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions));
        // Create the UserPrincipal corresponding to logged in user.
        final Principal userPrincipal = new DrillUserPrincipal(username, isAdmin);
        final Subject subject = new Subject();
        subject.getPrincipals().add(userPrincipal);
        subject.getPrivateCredentials().add(credentials);
        if (isAdmin) {
            subject.getPrincipals().addAll(DrillUserPrincipal.ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.ADMIN_USER_ROLES);
        } else {
            subject.getPrincipals().addAll(DrillUserPrincipal.NON_ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
        }
    } catch (final Exception e) {
        if (e instanceof UserAuthenticationException) {
            logger.debug("Authentication failed for WebUser '{}'", username, e);
        } else {
            logger.error("UnExpected failure occurred for WebUser {} during login.", username, e);
        }
        return null;
    }
}

Example 5 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by axbaretto.

the class BitRpcUtility method prepareSaslHandshake.

/**
 * Creates various instances needed to start the SASL handshake. This is called from
 * {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} only for
 * {@link org.apache.drill.exec.rpc.data.DataClient} and {@link org.apache.drill.exec.rpc.control.ControlClient}
 *
 * @param connectionHandler    - Connection handler used by client's to know about success/failure conditions.
 * @param serverAuthMechanisms - List of auth mechanisms configured on server side
 * @param connection - ClientConnection used for authentication
 * @param config - ClientConnection config
 * @param endpoint - Remote DrillbitEndpoint
 * @param client - Either of DataClient/ControlClient instance
 * @param saslRpcType - SASL_MESSAGE RpcType for Data and Control channel
 */
public static <T extends EnumLite, CC extends ClientConnection, HS extends MessageLite, HR extends MessageLite> void prepareSaslHandshake(final RpcConnectionHandler<CC> connectionHandler, List<String> serverAuthMechanisms, CC connection, BitConnectionConfig config, DrillbitEndpoint endpoint, final BasicClient<T, CC, HS, HR> client, T saslRpcType) {
    try {
        final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize());
        final UserGroupInformation ugi = UserGroupInformation.getLoginUser();
        final AuthenticatorFactory factory = config.getAuthFactory(serverAuthMechanisms);
        client.startSaslHandshake(connectionHandler, config.getSaslClientProperties(endpoint, saslProperties), ugi, factory, saslRpcType);
    } catch (final IOException e) {
        logger.error("Failed while doing setup for starting sasl handshake for connection", connection.getName());
        final Exception ex = new RpcException(String.format("Failed to initiate authentication to %s", endpoint.getAddress()), e);
        connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
    }
}