Examples with AuthenticatorFactory org.apache.drill.exec.rpc.security.AuthenticatorFactory used on opensource projects

Search in sources :

Example 6 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by axbaretto.

the class UserClient method prepareSaslHandshake.

@Override
protected void prepareSaslHandshake(final RpcConnectionHandler<UserToBitConnection> connectionHandler, List<String> serverAuthMechanisms) {
    try {
        final Map<String, String> saslProperties = properties.stringPropertiesAsMap();
        // Set correct QOP property and Strength based on server needs encryption or not.
        // If ChunkMode is enabled then negotiate for buffer size equal to wrapChunkSize,
        // If ChunkMode is disabled then negotiate for MAX_WRAPPED_SIZE buffer size.
        saslProperties.putAll(SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize()));
        final AuthenticatorFactory factory = getAuthenticatorFactory(properties, serverAuthMechanisms);
        final String mechanismName = factory.getSimpleName();
        logger.trace("Will try to authenticate to server using {} mechanism with encryption context {}", mechanismName, connection.getEncryptionCtxtString());
        // Update the thread context class loader to current class loader
        // See DRILL-6063 for detailed description
        final ClassLoader oldThreadCtxtCL = Thread.currentThread().getContextClassLoader();
        final ClassLoader newThreadCtxtCL = this.getClass().getClassLoader();
        Thread.currentThread().setContextClassLoader(newThreadCtxtCL);
        final UserGroupInformation ugi = factory.createAndLoginUser(saslProperties);
        // Reset the thread context class loader to original one
        Thread.currentThread().setContextClassLoader(oldThreadCtxtCL);
        startSaslHandshake(connectionHandler, saslProperties, ugi, factory, RpcType.SASL_MESSAGE);
    } catch (final IOException e) {
        logger.error("Failed while doing setup for starting SASL handshake for connection", connection.getName());
        final Exception ex = new RpcException(String.format("Failed to initiate authentication for connection %s", connection.getName()), e);
        connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
    }
}
Also used : RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) IOException(java.io.IOException) AuthenticatorFactory(org.apache.drill.exec.rpc.security.AuthenticatorFactory) RpcException(org.apache.drill.exec.rpc.RpcException) TimeoutException(java.util.concurrent.TimeoutException) SaslException(javax.security.sasl.SaslException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) InvalidConnectionInfoException(org.apache.drill.exec.client.InvalidConnectionInfoException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) DrillException(org.apache.drill.common.exceptions.DrillException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 7 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by apache.

the class UserClient method prepareSaslHandshake.

@Override
protected void prepareSaslHandshake(final RpcConnectionHandler<UserToBitConnection> connectionHandler, List<String> serverAuthMechanisms) {
    try {
        final Map<String, String> saslProperties = properties.stringPropertiesAsMap();
        // Set correct QOP property and Strength based on server needs encryption or not.
        // If ChunkMode is enabled then negotiate for buffer size equal to wrapChunkSize,
        // If ChunkMode is disabled then negotiate for MAX_WRAPPED_SIZE buffer size.
        saslProperties.putAll(SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize()));
        final AuthenticatorFactory factory = getAuthenticatorFactory(properties, serverAuthMechanisms);
        final String mechanismName = factory.getSimpleName();
        logger.trace("Will try to authenticate to server using {} mechanism with encryption context {}", mechanismName, connection.getEncryptionCtxtString());
        // Update the thread context class loader to current class loader
        // See DRILL-6063 for detailed description
        final ClassLoader oldThreadCtxtCL = Thread.currentThread().getContextClassLoader();
        final ClassLoader newThreadCtxtCL = this.getClass().getClassLoader();
        Thread.currentThread().setContextClassLoader(newThreadCtxtCL);
        final UserGroupInformation ugi = factory.createAndLoginUser(saslProperties);
        // Reset the thread context class loader to original one
        Thread.currentThread().setContextClassLoader(oldThreadCtxtCL);
        startSaslHandshake(connectionHandler, saslProperties, ugi, factory, RpcType.SASL_MESSAGE);
    } catch (IOException e) {
        logger.error("Failed while doing setup for starting SASL handshake for connection {}", connection.getName());
        final Exception ex = new RpcException(String.format("Failed to initiate authentication for connection %s", connection.getName()), e);
        connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
    }
}
Also used : RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) IOException(java.io.IOException) AuthenticatorFactory(org.apache.drill.exec.rpc.security.AuthenticatorFactory) RpcException(org.apache.drill.exec.rpc.RpcException) TimeoutException(java.util.concurrent.TimeoutException) SaslException(javax.security.sasl.SaslException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) InvalidConnectionInfoException(org.apache.drill.exec.client.InvalidConnectionInfoException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) DrillException(org.apache.drill.common.exceptions.DrillException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 8 with AuthenticatorFactory

use of org.apache.drill.exec.rpc.security.AuthenticatorFactory in project drill by apache.

the class DrillRestLoginService method login.

@Override
public UserIdentity login(String username, Object credentials, ServletRequest request) {
    if (!(credentials instanceof String)) {
        return null;
    }
    try {
        // Authenticate WebUser locally using UserAuthenticator. If WebServer is started that guarantees the PLAIN
        // mechanism is configured and authenticator is also available
        final AuthenticatorFactory plainFactory = drillbitContext.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
        final UserAuthenticator userAuthenticator = ((PlainFactory) plainFactory).getAuthenticator();
        // Authenticate the user with configured Authenticator
        userAuthenticator.authenticate(username, credentials.toString());
        logger.info("WebUser {} logged in from {}:{}", username, request.getRemoteHost(), request.getRemotePort());
        final SystemOptionManager sysOptions = drillbitContext.getOptionManager();
        final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(username, ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions));
        // Create the UserPrincipal corresponding to logged in user.
        final Principal userPrincipal = new DrillUserPrincipal(username, isAdmin);
        final Subject subject = new Subject();
        subject.getPrincipals().add(userPrincipal);
        subject.getPrivateCredentials().add(credentials);
        if (isAdmin) {
            subject.getPrincipals().addAll(DrillUserPrincipal.ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.ADMIN_USER_ROLES);
        } else {
            subject.getPrincipals().addAll(DrillUserPrincipal.NON_ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
        }
    } catch (final Exception e) {
        if (e instanceof UserAuthenticationException) {
            logger.debug("Authentication failed for WebUser '{}'", username, e);
        } else {
            logger.error("Unexpected failure occurred for WebUser {} during login.", username, e);
        }
        return null;
    }
}
Also used : UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException) SystemOptionManager(org.apache.drill.exec.server.options.SystemOptionManager) UserAuthenticator(org.apache.drill.exec.rpc.user.security.UserAuthenticator) PlainFactory(org.apache.drill.exec.rpc.security.plain.PlainFactory) AuthenticatorFactory(org.apache.drill.exec.rpc.security.AuthenticatorFactory) Principal(java.security.Principal) Subject(javax.security.auth.Subject) UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)

Aggregations

AuthenticatorFactory (org.apache.drill.exec.rpc.security.AuthenticatorFactory)8 IOException (java.io.IOException)5 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5 Principal (java.security.Principal)3 ExecutionException (java.util.concurrent.ExecutionException)3 Subject (javax.security.auth.Subject)3 SaslException (javax.security.sasl.SaslException)3 NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)3 RpcException (org.apache.drill.exec.rpc.RpcException)3 PlainFactory (org.apache.drill.exec.rpc.security.plain.PlainFactory)3 UserAuthenticationException (org.apache.drill.exec.rpc.user.security.UserAuthenticationException)3 UserAuthenticator (org.apache.drill.exec.rpc.user.security.UserAuthenticator)3 SystemOptionManager (org.apache.drill.exec.server.options.SystemOptionManager)3 TimeoutException (java.util.concurrent.TimeoutException)2 DrillException (org.apache.drill.common.exceptions.DrillException)2 InvalidConnectionInfoException (org.apache.drill.exec.client.InvalidConnectionInfoException)2 AbstractCheckedFuture (com.google.common.util.concurrent.AbstractCheckedFuture)1 ByteBuf (io.netty.buffer.ByteBuf)1 SaslClient (javax.security.sasl.SaslClient)1 RpcOutcomeListener (org.apache.drill.exec.rpc.RpcOutcomeListener)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial