Example 1 with TTransportFactory
use of org.apache.storm.thrift.transport.TTransportFactory in project storm by apache.
the class SaslTransportPlugin method getServer.
@Override
public TServer getServer(TProcessor processor) throws IOException, TTransportException {
int configuredPort = type.getPort(conf);
Integer socketTimeout = type.getSocketTimeOut(conf);
TTransportFactory serverTransportFactory = getServerTransportFactory(type.isImpersonationAllowed());
TServerSocket serverTransport = null;
if (socketTimeout != null) {
serverTransport = new TServerSocket(configuredPort, socketTimeout);
} else {
serverTransport = new TServerSocket(configuredPort);
}
this.port = serverTransport.getServerSocket().getLocalPort();
int numWorkerThreads = type.getNumThreads(conf);
Integer queueSize = type.getQueueSize(conf);
TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport).processor(new TUGIWrapProcessor(processor)).minWorkerThreads(numWorkerThreads).maxWorkerThreads(numWorkerThreads).protocolFactory(new TBinaryProtocol.Factory(false, true));
if (serverTransportFactory != null) {
serverArgs.transportFactory(serverTransportFactory);
}
BlockingQueue<Runnable> workQueue = new SynchronousQueue<>();
if (queueSize != null) {
workQueue = new ArrayBlockingQueue<>(queueSize);
}
ThreadPoolExecutor executorService = new ExtendedThreadPoolExecutor(numWorkerThreads, numWorkerThreads, 60, TimeUnit.SECONDS, workQueue);
serverArgs.executorService(executorService);
return new TThreadPoolServer(serverArgs);
}
Also used :
TTransportFactory(org.apache.storm.thrift.transport.TTransportFactory)
ExtendedThreadPoolExecutor(org.apache.storm.utils.ExtendedThreadPoolExecutor)
TServerSocket(org.apache.storm.thrift.transport.TServerSocket)
TBinaryProtocol(org.apache.storm.thrift.protocol.TBinaryProtocol)
SynchronousQueue(java.util.concurrent.SynchronousQueue)
ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)
ExtendedThreadPoolExecutor(org.apache.storm.utils.ExtendedThreadPoolExecutor)
TThreadPoolServer(org.apache.storm.thrift.server.TThreadPoolServer)
Example 2 with TTransportFactory
use of org.apache.storm.thrift.transport.TTransportFactory in project storm by apache.
the class KerberosSaslTransportPlugin method getServerTransportFactory.
@Override
public TTransportFactory getServerTransportFactory(boolean impersonationAllowed) throws IOException {
if (workerTokenAuthorizer == null) {
workerTokenAuthorizer = new WorkerTokenAuthorizer(conf, type);
}
// create an authentication callback handler
CallbackHandler serverCallbackHandler = new ServerCallbackHandler(conf, impersonationAllowed);
String jaasConfFile = ClientAuthUtils.getJaasConf(conf);
// login our principal
Subject subject = null;
try {
// now login
Login login = new Login(ClientAuthUtils.LOGIN_CONTEXT_SERVER, serverCallbackHandler, jaasConfFile);
subject = login.getSubject();
login.startThreadIfNeeded();
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
// check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
throw new RuntimeException("Fail to verify user principal with section \"" + ClientAuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + jaasConfFile);
}
String principal = ClientAuthUtils.get(conf, ClientAuthUtils.LOGIN_CONTEXT_SERVER, "principal");
LOG.debug("principal:" + principal);
KerberosName serviceKerberosName = new KerberosName(principal);
String serviceName = serviceKerberosName.getServiceName();
String hostName = serviceKerberosName.getHostName();
Map<String, String> props = new TreeMap<>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(KERBEROS, serviceName, hostName, props, serverCallbackHandler);
// Also add in support for worker tokens
factory.addServerDefinition(DIGEST, ClientAuthUtils.SERVICE, hostName, null, new SimpleSaslServerCallbackHandler(impersonationAllowed, workerTokenAuthorizer));
// create a wrap transport factory so that we could apply user credential during connections
TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
LOG.info("SASL GSSAPI transport factory will be used");
return wrapFactory;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
WorkerTokenClientCallbackHandler(org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
WorkerTokenAuthorizer(org.apache.storm.security.auth.workertoken.WorkerTokenAuthorizer)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.storm.thrift.transport.TTransportFactory)
Login(org.apache.storm.messaging.netty.Login)
KerberosName(org.apache.storm.shade.org.apache.zookeeper.server.auth.KerberosName)
TreeMap(java.util.TreeMap)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
Subject(javax.security.auth.Subject)
TSaslServerTransport(org.apache.storm.thrift.transport.TSaslServerTransport)
LoginException(javax.security.auth.login.LoginException)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
Example 3 with TTransportFactory
use of org.apache.storm.thrift.transport.TTransportFactory in project storm by apache.
the class PlainSaslTransportPlugin method getServerTransportFactory.
@Override
protected TTransportFactory getServerTransportFactory(boolean impersonationAllowed) throws IOException {
// create an authentication callback handler
CallbackHandler serverCallbackHandler = new SimpleSaslServerCallbackHandler(impersonationAllowed, (userName) -> Optional.of("password".toCharArray()));
if (Security.getProvider(SaslPlainServer.SecurityProvider.SASL_PLAIN_SERVER) == null) {
Security.addProvider(new SaslPlainServer.SecurityProvider());
}
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(PLAIN, ClientAuthUtils.SERVICE, "localhost", null, serverCallbackHandler);
LOG.error("SASL PLAIN transport factory will be used. This is totally insecure. Please do not use this.");
return factory;
}
Also used :
TSaslServerTransport(org.apache.storm.thrift.transport.TSaslServerTransport)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.storm.thrift.transport.TTransportFactory)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
Example 4 with TTransportFactory
use of org.apache.storm.thrift.transport.TTransportFactory in project storm by apache.
the class DigestSaslTransportPlugin method getServerTransportFactory.
@Override
protected TTransportFactory getServerTransportFactory(boolean impersonationAllowed) throws IOException {
if (workerTokenAuthorizer == null) {
workerTokenAuthorizer = new WorkerTokenAuthorizer(conf, type);
}
// create an authentication callback handler
CallbackHandler serverCallbackHandler = new SimpleSaslServerCallbackHandler(impersonationAllowed, workerTokenAuthorizer, new JassPasswordProvider(conf));
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(DIGEST, ClientAuthUtils.SERVICE, "localhost", null, serverCallbackHandler);
LOG.info("SASL DIGEST-MD5 transport factory will be used");
return factory;
}
Also used :
TSaslServerTransport(org.apache.storm.thrift.transport.TSaslServerTransport)
SimpleSaslClientCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslClientCallbackHandler)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
WorkerTokenClientCallbackHandler(org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler)
WorkerTokenAuthorizer(org.apache.storm.security.auth.workertoken.WorkerTokenAuthorizer)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.storm.thrift.transport.TTransportFactory)
SimpleSaslServerCallbackHandler(org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)
Aggregations
TTransportFactory (org.apache.storm.thrift.transport.TTransportFactory)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)3
SimpleSaslServerCallbackHandler (org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler)3
TSaslServerTransport (org.apache.storm.thrift.transport.TSaslServerTransport)3
LoggerFactory (org.slf4j.LoggerFactory)3
WorkerTokenAuthorizer (org.apache.storm.security.auth.workertoken.WorkerTokenAuthorizer)2
WorkerTokenClientCallbackHandler (org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler)2
TreeMap (java.util.TreeMap)1
SynchronousQueue (java.util.concurrent.SynchronousQueue)1
ThreadPoolExecutor (java.util.concurrent.ThreadPoolExecutor)1
Subject (javax.security.auth.Subject)1
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1
LoginException (javax.security.auth.login.LoginException)1
Login (org.apache.storm.messaging.netty.Login)1
SimpleSaslClientCallbackHandler (org.apache.storm.security.auth.sasl.SimpleSaslClientCallbackHandler)1
KerberosName (org.apache.storm.shade.org.apache.zookeeper.server.auth.KerberosName)1
TBinaryProtocol (org.apache.storm.thrift.protocol.TBinaryProtocol)1
TThreadPoolServer (org.apache.storm.thrift.server.TThreadPoolServer)1
TServerSocket (org.apache.storm.thrift.transport.TServerSocket)1
ExtendedThreadPoolExecutor (org.apache.storm.utils.ExtendedThreadPoolExecutor)1
