Examples with Authenticator org.apache.hadoop.security.authentication.client.Authenticator used on opensource projects

Search in sources :

Example 1 with Authenticator

use of org.apache.hadoop.security.authentication.client.Authenticator in project atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}
Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with Authenticator

use of org.apache.hadoop.security.authentication.client.Authenticator in project incubator-atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}
Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 3 with Authenticator

use of org.apache.hadoop.security.authentication.client.Authenticator in project oozie by apache.

the class AuthOozieClient method createConnection.

/**
 * Create an authenticated connection to the Oozie server.
 * <p>
 * It uses Hadoop-auth client authentication which by default supports
 * Kerberos HTTP SPNEGO, Pseudo/Simple and anonymous.
 * <p>
 * if the Java system property {@link #USE_AUTH_TOKEN_CACHE_SYS_PROP} is set to true Hadoop-auth
 * authentication token will be cached/used in/from the '.oozie-auth-token' file in the user
 * home directory.
 *
 * @param url the URL to open a HTTP connection to.
 * @param method the HTTP method for the HTTP connection.
 * @return an authenticated connection to the Oozie server.
 * @throws IOException if an IO error occurred.
 * @throws OozieClientException if an oozie client error occurred.
 */
@Override
protected HttpURLConnection createConnection(URL url, String method) throws IOException, OozieClientException {
    boolean useAuthFile = System.getProperty(USE_AUTH_TOKEN_CACHE_SYS_PROP, "false").equalsIgnoreCase("true");
    AuthenticatedURL.Token readToken = null;
    AuthenticatedURL.Token currentToken = null;
    // Read the token in from the file
    if (useAuthFile) {
        readToken = readAuthToken();
    }
    if (readToken == null) {
        currentToken = new AuthenticatedURL.Token();
    } else {
        currentToken = new AuthenticatedURL.Token(readToken.toString());
    }
    // it)
    if (currentToken.isSet()) {
        long expires = getExpirationTime(currentToken);
        if (expires < System.currentTimeMillis() + 300000) {
            if (useAuthFile) {
                AUTH_TOKEN_CACHE_FILE.delete();
            }
            currentToken = new AuthenticatedURL.Token();
        }
    }
    // If we have a token, double check with the Server to make sure it hasn't expired yet
    if (currentToken.isSet()) {
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod("OPTIONS");
        AuthenticatedURL.injectToken(conn, currentToken);
        if (conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED || conn.getResponseCode() == HttpURLConnection.HTTP_FORBIDDEN) {
            if (useAuthFile) {
                AUTH_TOKEN_CACHE_FILE.delete();
            }
            currentToken = new AuthenticatedURL.Token();
        } else {
            // one later.
            try {
                AuthenticatedURL.extractToken(conn, currentToken);
            } catch (AuthenticationException ex) {
                if (useAuthFile) {
                    AUTH_TOKEN_CACHE_FILE.delete();
                }
                currentToken = new AuthenticatedURL.Token();
            }
        }
    }
    // If we didn't have a token, or it had expired, let's get a new one from the Server using the configured Authenticator
    if (!currentToken.isSet()) {
        Authenticator authenticator = getAuthenticator();
        try {
            authenticator.authenticate(url, currentToken);
        } catch (AuthenticationException ex) {
            if (useAuthFile) {
                AUTH_TOKEN_CACHE_FILE.delete();
            }
            throw new OozieClientException(OozieClientException.AUTHENTICATION, "Could not authenticate, " + ex.getMessage(), ex);
        }
    }
    // If we got a new token, save it to the cache file
    if (useAuthFile && currentToken.isSet() && !currentToken.equals(readToken)) {
        writeAuthToken(currentToken);
    }
    // Now create a connection using the token and return it to the caller
    HttpURLConnection conn = super.createConnection(url, method);
    AuthenticatedURL.injectToken(conn, currentToken);
    return conn;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) KerberosAuthenticator(org.apache.hadoop.security.authentication.client.KerberosAuthenticator) PseudoAuthenticator(org.apache.hadoop.security.authentication.client.PseudoAuthenticator) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)

Aggregations

HttpURLConnection (java.net.HttpURLConnection)3 Authenticator (org.apache.hadoop.security.authentication.client.Authenticator)3 HttpURLConnectionFactory (com.sun.jersey.client.urlconnection.HttpURLConnectionFactory)2 URLConnectionClientHandler (com.sun.jersey.client.urlconnection.URLConnectionClientHandler)2 IOException (java.io.IOException)2 URL (java.net.URL)2 GeneralSecurityException (java.security.GeneralSecurityException)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 AtlasException (org.apache.atlas.AtlasException)2 Configuration (org.apache.hadoop.conf.Configuration)2 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)2 ConnectionConfigurator (org.apache.hadoop.security.authentication.client.ConnectionConfigurator)2 DelegationTokenAuthenticatedURL (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL)2 DelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator)2 KerberosDelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator)2 AuthenticatedURL (org.apache.hadoop.security.authentication.client.AuthenticatedURL)1 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)1 KerberosAuthenticator (org.apache.hadoop.security.authentication.client.KerberosAuthenticator)1 PseudoAuthenticator (org.apache.hadoop.security.authentication.client.PseudoAuthenticator)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial