Examples with DelegationTokenAuthenticator org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator used on opensource projects

Search in sources :

Example 1 with DelegationTokenAuthenticator

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator in project hadoop by apache.

the class HttpFSFileSystem method initialize.

/**
   * Called after a new FileSystem instance is constructed.
   *
   * @param name a uri whose authority section names the host, port, etc. for this FileSystem
   * @param conf the configuration
   */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    //the real use is the one that has the Kerberos credentials needed for
    //SPNEGO to work
    realUser = ugi.getRealUser();
    if (realUser == null) {
        realUser = UserGroupInformation.getLoginUser();
    }
    super.initialize(name, conf);
    try {
        uri = new URI(name.getScheme() + "://" + name.getAuthority());
    } catch (URISyntaxException ex) {
        throw new IOException(ex);
    }
    Class<? extends DelegationTokenAuthenticator> klass = getConf().getClass("httpfs.authenticator.class", KerberosDelegationTokenAuthenticator.class, DelegationTokenAuthenticator.class);
    DelegationTokenAuthenticator authenticator = ReflectionUtils.newInstance(klass, getConf());
    authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
Also used : DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) URI(java.net.URI) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with DelegationTokenAuthenticator

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator in project atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}
Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 3 with DelegationTokenAuthenticator

use of org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator in project incubator-atlas by apache.

the class SecureClientUtils method getClientConnectionHandler.

public static URLConnectionClientHandler getClientConnectionHandler(DefaultClientConfig config, org.apache.commons.configuration.Configuration clientConfig, String doAsUser, final UserGroupInformation ugi) {
    config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
    Configuration conf = new Configuration();
    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
    UserGroupInformation.setConfiguration(conf);
    final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
    Authenticator authenticator = new KerberosDelegationTokenAuthenticator();
    authenticator.setConnectionConfigurator(connConfigurator);
    final DelegationTokenAuthenticator finalAuthenticator = (DelegationTokenAuthenticator) authenticator;
    final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
    HttpURLConnectionFactory httpURLConnectionFactory = null;
    try {
        UserGroupInformation ugiToUse = ugi != null ? ugi : UserGroupInformation.getCurrentUser();
        final UserGroupInformation actualUgi = (ugiToUse.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? ugiToUse.getRealUser() : ugiToUse;
        LOG.info("Real User: {}, is from ticket cache? {}", actualUgi, actualUgi.isLoginTicketBased());
        if (StringUtils.isEmpty(doAsUser)) {
            doAsUser = actualUgi.getShortUserName();
        }
        LOG.info("doAsUser: {}", doAsUser);
        final String finalDoAsUser = doAsUser;
        httpURLConnectionFactory = new HttpURLConnectionFactory() {

            @Override
            public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
                try {
                    return actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

                        @Override
                        public HttpURLConnection run() throws Exception {
                            try {
                                return new DelegationTokenAuthenticatedURL(finalAuthenticator, connConfigurator).openConnection(url, token, finalDoAsUser);
                            } catch (Exception e) {
                                throw new IOException(e);
                            }
                        }
                    });
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw (IOException) e;
                    } else {
                        throw new IOException(e);
                    }
                }
            }
        };
    } catch (IOException e) {
        LOG.warn("Error obtaining user", e);
    }
    return new URLConnectionClientHandler(httpURLConnectionFactory);
}
Also used : ConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) IOException(java.io.IOException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URL(java.net.URL) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AtlasException(org.apache.atlas.AtlasException) HttpURLConnectionFactory(com.sun.jersey.client.urlconnection.HttpURLConnectionFactory) HttpURLConnection(java.net.HttpURLConnection) URLConnectionClientHandler(com.sun.jersey.client.urlconnection.URLConnectionClientHandler) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) Authenticator(org.apache.hadoop.security.authentication.client.Authenticator) DelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator) KerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

IOException (java.io.IOException)3 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)3 DelegationTokenAuthenticatedURL (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL)3 DelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator)3 KerberosDelegationTokenAuthenticator (org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator)3 HttpURLConnectionFactory (com.sun.jersey.client.urlconnection.HttpURLConnectionFactory)2 URLConnectionClientHandler (com.sun.jersey.client.urlconnection.URLConnectionClientHandler)2 HttpURLConnection (java.net.HttpURLConnection)2 URL (java.net.URL)2 GeneralSecurityException (java.security.GeneralSecurityException)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 AtlasException (org.apache.atlas.AtlasException)2 Configuration (org.apache.hadoop.conf.Configuration)2 Authenticator (org.apache.hadoop.security.authentication.client.Authenticator)2 ConnectionConfigurator (org.apache.hadoop.security.authentication.client.ConnectionConfigurator)2 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial