Examples with WorkerToken org.apache.storm.generated.WorkerToken used on opensource projects

Search in sources :

Example 1 with WorkerToken

use of org.apache.storm.generated.WorkerToken in project storm by apache.

the class WorkerTokenTest method testBasicGenerateAndAuthorize.

@Test
public void testBasicGenerateAndAuthorize() {
    final AtomicReference<PrivateWorkerKey> privateKey = new AtomicReference<>();
    final String topoId = "topo-1";
    final String userName = "user";
    final WorkerTokenServiceType type = WorkerTokenServiceType.NIMBUS;
    final long versionNumber = 0L;
    // Simulate time starts out at 0, so we are going to just leave it here.
    try (Time.SimulatedTime sim = new Time.SimulatedTime()) {
        IStormClusterState mockState = mock(IStormClusterState.class);
        Map<String, Object> conf = new HashMap<>();
        WorkerTokenManager wtm = new WorkerTokenManager(conf, mockState);
        when(mockState.getNextPrivateWorkerKeyVersion(type, topoId)).thenReturn(versionNumber);
        doAnswer((invocation) -> {
            // Save the private worker key away so we can test it too.
            privateKey.set(invocation.getArgument(3));
            return null;
        }).when(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
        // Answer when we ask for a private key...
        when(mockState.getPrivateWorkerKey(type, topoId, versionNumber)).thenAnswer((invocation) -> privateKey.get());
        WorkerToken wt = wtm.createOrUpdateTokenFor(type, userName, topoId);
        verify(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
        assertTrue(wt.is_set_serviceType());
        assertEquals(type, wt.get_serviceType());
        assertTrue(wt.is_set_info());
        assertTrue(wt.is_set_signature());
        PrivateWorkerKey pwk = privateKey.get();
        assertNotNull(pwk);
        assertTrue(pwk.is_set_expirationTimeMillis());
        assertEquals(ONE_DAY_MILLIS, pwk.get_expirationTimeMillis());
        WorkerTokenInfo info = ClientAuthUtils.getWorkerTokenInfo(wt);
        assertTrue(info.is_set_topologyId());
        assertTrue(info.is_set_userName());
        assertTrue(info.is_set_expirationTimeMillis());
        assertTrue(info.is_set_secretVersion());
        assertEquals(topoId, info.get_topologyId());
        assertEquals(userName, info.get_userName());
        assertEquals(ONE_DAY_MILLIS, info.get_expirationTimeMillis());
        assertEquals(versionNumber, info.get_secretVersion());
        try (WorkerTokenAuthorizer wta = new WorkerTokenAuthorizer(type, mockState)) {
            // Verify the signature...
            byte[] signature = wta.getSignedPasswordFor(wt.get_info(), info);
            assertArrayEquals(wt.get_signature(), signature);
        }
    }
}
Also used : WorkerToken(org.apache.storm.generated.WorkerToken) HashMap(java.util.HashMap) WorkerTokenServiceType(org.apache.storm.generated.WorkerTokenServiceType) PrivateWorkerKey(org.apache.storm.generated.PrivateWorkerKey) AtomicReference(java.util.concurrent.atomic.AtomicReference) Time(org.apache.storm.utils.Time) WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo) IStormClusterState(org.apache.storm.cluster.IStormClusterState) Test(org.junit.Test)

Example 2 with WorkerToken

use of org.apache.storm.generated.WorkerToken in project storm by apache.

the class WorkerTokenClientCallbackHandler method findWorkerTokenInSubject.

/**
 * Look in the current subject for a WorkerToken.  This should really only happen when we are in a worker, because the tokens will not
 * be placed in anything else.
 *
 * @param type the type of connection we need a token for.
 * @return the found token or null.
 */
public static WorkerToken findWorkerTokenInSubject(ThriftConnectionType type) {
    WorkerTokenServiceType serviceType = type.getWtType();
    WorkerToken ret = null;
    if (serviceType != null) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject != null) {
            ret = ClientAuthUtils.findWorkerToken(subject, serviceType);
        }
    }
    return ret;
}
Also used : WorkerToken(org.apache.storm.generated.WorkerToken) WorkerTokenServiceType(org.apache.storm.generated.WorkerTokenServiceType) Subject(javax.security.auth.Subject)

Example 3 with WorkerToken

use of org.apache.storm.generated.WorkerToken in project storm by apache.

the class ClientAuthUtils method insertWorkerTokens.

// Support for worker tokens Similar to an IAutoCredentials implementation
private static Subject insertWorkerTokens(Subject subject, Map<String, String> credentials) {
    if (credentials == null) {
        return subject;
    }
    for (WorkerTokenServiceType type : WorkerTokenServiceType.values()) {
        WorkerToken token = readWorkerToken(credentials, type);
        if (token != null) {
            Set<Object> creds = subject.getPrivateCredentials();
            synchronized (creds) {
                WorkerToken previous = findWorkerToken(subject, type);
                boolean notAlreadyContained = creds.add(token);
                if (notAlreadyContained) {
                    if (previous != null) {
                        // this means token is not equal to previous so we should remove previous
                        creds.remove(previous);
                        LOG.info("Replaced WorkerToken for service type {}", type);
                    } else {
                        LOG.info("Added new WorkerToken for service type {}", type);
                    }
                } else {
                    LOG.info("The new WorkerToken for service type {} is the same as the previous token", type);
                }
            }
        }
    }
    return subject;
}
Also used : WorkerToken(org.apache.storm.generated.WorkerToken) WorkerTokenServiceType(org.apache.storm.generated.WorkerTokenServiceType)

Example 4 with WorkerToken

use of org.apache.storm.generated.WorkerToken in project storm by apache.

the class ClientAuthUtils method readWorkerToken.

/**
 * Read a WorkerToken out of credentials for the given type.
 *
 * @param credentials the credentials map.
 * @param type        the type of service we are looking for.
 * @return the deserialized WorkerToken or null if none could be found.
 */
public static WorkerToken readWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) {
    WorkerToken ret = null;
    String key = workerTokenCredentialsKey(type);
    String tokenStr = credentials.get(key);
    if (tokenStr != null) {
        ret = Utils.deserializeFromString(tokenStr, WorkerToken.class);
    }
    return ret;
}
Also used : WorkerToken(org.apache.storm.generated.WorkerToken)

Example 5 with WorkerToken

use of org.apache.storm.generated.WorkerToken in project storm by apache.

the class KerberosSaslTransportPlugin method connect.

@Override
public TTransport connect(TTransport transport, String serverHost, String asUser) throws IOException, TTransportException {
    WorkerToken token = WorkerTokenClientCallbackHandler.findWorkerTokenInSubject(type);
    if (token != null) {
        CallbackHandler clientCallbackHandler = new WorkerTokenClientCallbackHandler(token);
        TSaslClientTransport wrapperTransport = new TSaslClientTransport(DIGEST, null, ClientAuthUtils.SERVICE, serverHost, null, clientCallbackHandler, transport);
        wrapperTransport.open();
        LOG.debug("SASL DIGEST-MD5 WorkerToken client transport has been established");
        return wrapperTransport;
    }
    return kerberosConnect(transport, serverHost, asUser);
}
Also used : WorkerToken(org.apache.storm.generated.WorkerToken) CallbackHandler(javax.security.auth.callback.CallbackHandler) WorkerTokenClientCallbackHandler(org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler) SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler) WorkerTokenClientCallbackHandler(org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler) TSaslClientTransport(org.apache.storm.thrift.transport.TSaslClientTransport)

Aggregations

WorkerToken (org.apache.storm.generated.WorkerToken)10 WorkerTokenInfo (org.apache.storm.generated.WorkerTokenInfo)4 WorkerTokenServiceType (org.apache.storm.generated.WorkerTokenServiceType)4 PrivateWorkerKey (org.apache.storm.generated.PrivateWorkerKey)3 HashMap (java.util.HashMap)2 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 Subject (javax.security.auth.Subject)2 CallbackHandler (javax.security.auth.callback.CallbackHandler)2 IStormClusterState (org.apache.storm.cluster.IStormClusterState)2 SimpleSaslServerCallbackHandler (org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)2 WorkerTokenClientCallbackHandler (org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler)2 TSaslClientTransport (org.apache.storm.thrift.transport.TSaslClientTransport)2 Time (org.apache.storm.utils.Time)2 Test (org.junit.Test)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Map (java.util.Map)1 SecretKey (javax.crypto.SecretKey)1 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial