Examples with ConnectionConfigurator - org.apache.hadoop.security.authentication.client.ConnectionConfigurator

Example 6 with ConnectionConfigurator

use of org.apache.hadoop.security.authentication.client.ConnectionConfigurator in project incubator-atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}

Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 7 with ConnectionConfigurator

use of org.apache.hadoop.security.authentication.client.ConnectionConfigurator in project incubator-atlas by apache.

the class SecureClientUtils method newSslConnConfigurator.

private static ConnectionConfigurator newSslConnConfigurator(final int timeout, Configuration conf) throws IOException, GeneralSecurityException {
    final SSLFactory factory;
    final SSLSocketFactory sf;
    final HostnameVerifier hv;
    factory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
    factory.init();
    sf = factory.createSSLSocketFactory();
    hv = factory.getHostnameVerifier();
    return new ConnectionConfigurator() {

        @Override
        public HttpURLConnection configure(HttpURLConnection conn) throws IOException {
            if (conn instanceof HttpsURLConnection) {
                HttpsURLConnection c = (HttpsURLConnection) conn;
                c.setSSLSocketFactory(sf);
                c.setHostnameVerifier(hv);
            }
            setTimeouts(conn, timeout);
            return conn;
        }
    };
}

Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) SSLFactory(org.apache.hadoop.security.ssl.SSLFactory) HttpURLConnection(java.net.HttpURLConnection) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) HostnameVerifier(javax.net.ssl.HostnameVerifier)

Aggregations

ConnectionConfigurator (org.apache.hadoop.security.authentication.client.ConnectionConfigurator)7 HttpURLConnection (java.net.HttpURLConnection)6 IOException (java.io.IOException)4 URL (java.net.URL)3 HostnameVerifier (javax.net.ssl.HostnameVerifier)3 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)3 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)3 GeneralSecurityException (java.security.GeneralSecurityException)2 Configuration (org.apache.hadoop.conf.Configuration)2 OAuth2ConnectionConfigurator (org.apache.hadoop.hdfs.web.oauth2.OAuth2ConnectionConfigurator)2 SSLFactory (org.apache.hadoop.security.ssl.SSLFactory)2 Test (org.junit.Test)2 HttpURLConnectionFactory (com.sun.jersey.client.urlconnection.HttpURLConnectionFactory)1 URLConnectionClientHandler (com.sun.jersey.client.urlconnection.URLConnectionClientHandler)1 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1 AtlasException (org.apache.atlas.AtlasException)1 HdfsConfiguration (org.apache.hadoop.hdfs.HdfsConfiguration)1 MiniDFSCluster (org.apache.hadoop.hdfs.MiniDFSCluster)1 DelegationTokenIdentifier (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)1 Text (org.apache.hadoop.io.Text)1