Example 6 with AuthenticatedURL
use of org.apache.hadoop.security.authentication.client.AuthenticatedURL in project hadoop by apache.
the class DelegationTokenAuthenticator method doDelegationTokenOperation.
private Map doDelegationTokenOperation(URL url, AuthenticatedURL.Token token, DelegationTokenOperation operation, String renewer, Token<?> dToken, boolean hasResponse, String doAsUser) throws IOException, AuthenticationException {
Map ret = null;
Map<String, String> params = new HashMap<String, String>();
params.put(OP_PARAM, operation.toString());
if (renewer != null) {
params.put(RENEWER_PARAM, renewer);
}
if (dToken != null) {
params.put(TOKEN_PARAM, dToken.encodeToUrlString());
}
// proxyuser
if (doAsUser != null) {
params.put(DelegationTokenAuthenticatedURL.DO_AS, URLEncoder.encode(doAsUser, "UTF-8"));
}
String urlStr = url.toExternalForm();
StringBuilder sb = new StringBuilder(urlStr);
String separator = (urlStr.contains("?")) ? "&" : "?";
for (Map.Entry<String, String> entry : params.entrySet()) {
sb.append(separator).append(entry.getKey()).append("=").append(URLEncoder.encode(entry.getValue(), "UTF8"));
separator = "&";
}
url = new URL(sb.toString());
AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator);
org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> dt = null;
if (token instanceof DelegationTokenAuthenticatedURL.Token && operation.requiresKerberosCredentials()) {
// Unset delegation token to trigger fall-back authentication.
dt = ((DelegationTokenAuthenticatedURL.Token) token).getDelegationToken();
((DelegationTokenAuthenticatedURL.Token) token).setDelegationToken(null);
}
try {
HttpURLConnection conn = aUrl.openConnection(url, token);
conn.setRequestMethod(operation.getHttpMethod());
HttpExceptionUtils.validateResponse(conn, HttpURLConnection.HTTP_OK);
if (hasResponse) {
String contentType = conn.getHeaderField(CONTENT_TYPE);
contentType = (contentType != null) ? StringUtils.toLowerCase(contentType) : null;
if (contentType != null && contentType.contains(APPLICATION_JSON_MIME)) {
try {
ObjectMapper mapper = new ObjectMapper();
ret = mapper.readValue(conn.getInputStream(), Map.class);
} catch (Exception ex) {
throw new AuthenticationException(String.format("'%s' did not handle the '%s' delegation token operation: %s", url.getAuthority(), operation, ex.getMessage()), ex);
}
} else {
throw new AuthenticationException(String.format("'%s' did not " + "respond with JSON to the '%s' delegation token operation", url.getAuthority(), operation));
}
}
} finally {
if (dt != null) {
((DelegationTokenAuthenticatedURL.Token) token).setDelegationToken(dt);
}
}
return ret;
}
Also used :
HashMap(java.util.HashMap)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
Token(org.apache.hadoop.security.token.Token)
URL(java.net.URL)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
IOException(java.io.IOException)
AbstractDelegationTokenIdentifier(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier)
HttpURLConnection(java.net.HttpURLConnection)
HashMap(java.util.HashMap)
Map(java.util.Map)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
Example 7 with AuthenticatedURL
use of org.apache.hadoop.security.authentication.client.AuthenticatedURL in project hadoop by apache.
the class TestHttpFSWithKerberos method testValidHttpFSAccess.
@Test
@TestDir
@TestJetty
@TestHdfs
public void testValidHttpFSAccess() throws Exception {
createHttpFSServer();
KerberosTestUtils.doAsClient(new Callable<Void>() {
@Override
public Void call() throws Exception {
URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
AuthenticatedURL aUrl = new AuthenticatedURL();
AuthenticatedURL.Token aToken = new AuthenticatedURL.Token();
HttpURLConnection conn = aUrl.openConnection(url, aToken);
Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK);
return null;
}
});
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
Token(org.apache.hadoop.security.token.Token)
URL(java.net.URL)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
TestJetty(org.apache.hadoop.test.TestJetty)
TestHdfs(org.apache.hadoop.test.TestHdfs)
TestDir(org.apache.hadoop.test.TestDir)
Test(org.junit.Test)
Example 8 with AuthenticatedURL
use of org.apache.hadoop.security.authentication.client.AuthenticatedURL in project hadoop by apache.
the class TopCLI method connect.
private URLConnection connect(URL url) throws Exception {
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
AuthenticatedURL authUrl;
SSLFactory clientSslFactory;
URLConnection connection;
// If https is chosen, configures SSL client.
if (YarnConfiguration.useHttps(getConf())) {
clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, getConf());
clientSslFactory.init();
SSLSocketFactory sslSocktFact = clientSslFactory.createSSLSocketFactory();
authUrl = new AuthenticatedURL(new KerberosAuthenticator(), clientSslFactory);
connection = authUrl.openConnection(url, token);
HttpsURLConnection httpsConn = (HttpsURLConnection) connection;
httpsConn.setSSLSocketFactory(sslSocktFact);
} else {
authUrl = new AuthenticatedURL(new KerberosAuthenticator());
connection = authUrl.openConnection(url, token);
}
connection.connect();
return connection;
}
Also used :
SSLFactory(org.apache.hadoop.security.ssl.SSLFactory)
KerberosAuthenticator(org.apache.hadoop.security.authentication.client.KerberosAuthenticator)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
URLConnection(java.net.URLConnection)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
Aggregations
AuthenticatedURL (org.apache.hadoop.security.authentication.client.AuthenticatedURL)8
HttpURLConnection (java.net.HttpURLConnection)6
URL (java.net.URL)6
Token (org.apache.hadoop.security.token.Token)3
Test (org.junit.Test)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
IOException (java.io.IOException)2
InputStreamReader (java.io.InputStreamReader)2
URLConnection (java.net.URLConnection)2
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)2
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)2
TestDir (org.apache.hadoop.test.TestDir)2
TestHdfs (org.apache.hadoop.test.TestHdfs)2
TestJetty (org.apache.hadoop.test.TestJetty)2
BufferedReader (java.io.BufferedReader)1
InputStream (java.io.InputStream)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)1
Configuration (org.apache.hadoop.conf.Configuration)1
