Example 6 with TTransportFactory
use of org.apache.thrift.transport.TTransportFactory in project storm by apache.
the class KerberosSaslTransportPlugin method getServerTransportFactory.
public TTransportFactory getServerTransportFactory() throws IOException {
//create an authentication callback handler
CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
//login our principal
Subject subject = null;
try {
//specify a configuration object to be used
Configuration.setConfiguration(login_conf);
//now login
Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
subject = login.getSubject();
login.startThreadIfNeeded();
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
//check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
}
String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
LOG.debug("principal:" + principal);
KerberosName serviceKerberosName = new KerberosName(principal);
String serviceName = serviceKerberosName.getServiceName();
String hostName = serviceKerberosName.getHostName();
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
//create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
//create a wrap transport factory so that we could apply user credential during connections
TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
LOG.info("SASL GSSAPI transport factory will be used");
return wrapFactory;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
Login(org.apache.storm.messaging.netty.Login)
KerberosName(org.apache.zookeeper.server.auth.KerberosName)
TreeMap(java.util.TreeMap)
Subject(javax.security.auth.Subject)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
LoginException(javax.security.auth.login.LoginException)
Example 7 with TTransportFactory
use of org.apache.thrift.transport.TTransportFactory in project jstorm by alibaba.
the class KerberosSaslTransportPlugin method getServerTransportFactory.
public TTransportFactory getServerTransportFactory() throws IOException {
// create an authentication callback handler
CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
// login our principal
Subject subject = null;
try {
// specify a configuration object to be used
Configuration.setConfiguration(login_conf);
// now login
Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
subject = login.getSubject();
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
// check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
}
String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
LOG.debug("principal:" + principal);
KerberosName serviceKerberosName = new KerberosName(principal);
String serviceName = serviceKerberosName.getServiceName();
String hostName = serviceKerberosName.getHostName();
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
// create a wrap transport factory so that we could apply user credential during connections
TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
LOG.info("SASL GSSAPI transport factory will be used");
return wrapFactory;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
Login(org.apache.zookeeper.Login)
KerberosName(org.apache.zookeeper.server.auth.KerberosName)
TreeMap(java.util.TreeMap)
Subject(javax.security.auth.Subject)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
LoginException(javax.security.auth.login.LoginException)
Example 8 with TTransportFactory
use of org.apache.thrift.transport.TTransportFactory in project jstorm by alibaba.
the class DigestSaslTransportPlugin method getServerTransportFactory.
protected TTransportFactory getServerTransportFactory() throws IOException {
// create an authentication callback handler
CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
LOG.info("SASL DIGEST-MD5 transport factory will be used");
return factory;
}
Also used :
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
LoggerFactory(org.slf4j.LoggerFactory)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
Example 9 with TTransportFactory
use of org.apache.thrift.transport.TTransportFactory in project alluxio by Alluxio.
the class DefaultAlluxioWorker method createThriftServer.
/**
* Helper method to create a {@link org.apache.thrift.server.TThreadPoolServer} for handling
* incoming RPC requests.
*
* @return a thrift server
*/
private TThreadPoolServer createThriftServer() {
int minWorkerThreads = Configuration.getInt(PropertyKey.WORKER_BLOCK_THREADS_MIN);
int maxWorkerThreads = Configuration.getInt(PropertyKey.WORKER_BLOCK_THREADS_MAX);
TMultiplexedProcessor processor = new TMultiplexedProcessor();
registerServices(processor, mBlockWorker.getServices());
registerServices(processor, mFileSystemWorker.getServices());
// register additional workers for RPC service
for (Worker worker : mAdditionalWorkers) {
registerServices(processor, worker.getServices());
}
// Return a TTransportFactory based on the authentication type
TTransportFactory tTransportFactory;
try {
tTransportFactory = mTransportProvider.getServerTransportFactory();
} catch (IOException e) {
throw Throwables.propagate(e);
}
TThreadPoolServer.Args args = new TThreadPoolServer.Args(mThriftServerSocket).minWorkerThreads(minWorkerThreads).maxWorkerThreads(maxWorkerThreads).processor(processor).transportFactory(tTransportFactory).protocolFactory(new TBinaryProtocol.Factory(true, true));
if (Configuration.getBoolean(PropertyKey.TEST_MODE)) {
args.stopTimeoutVal = 0;
} else {
args.stopTimeoutVal = Constants.THRIFT_STOP_TIMEOUT_SECONDS;
}
return new TThreadPoolServer(args);
}
Also used :
TBinaryProtocol(org.apache.thrift.protocol.TBinaryProtocol)
TMultiplexedProcessor(org.apache.thrift.TMultiplexedProcessor)
BlockWorker(alluxio.worker.block.BlockWorker)
DefaultBlockWorker(alluxio.worker.block.DefaultBlockWorker)
DefaultFileSystemWorker(alluxio.worker.file.DefaultFileSystemWorker)
FileSystemWorker(alluxio.worker.file.FileSystemWorker)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
IOException(java.io.IOException)
TThreadPoolServer(org.apache.thrift.server.TThreadPoolServer)
Example 10 with TTransportFactory
use of org.apache.thrift.transport.TTransportFactory in project hbase by apache.
the class ThriftServer method run.
@Override
public int run(String[] args) throws Exception {
final Configuration conf = getConf();
TServer server = null;
Options options = getOptions();
CommandLine cmd = parseArguments(conf, options, args);
int workerThreads = 0;
int selectorThreads = 0;
// use unbounded queue by default
int maxCallQueueSize = -1;
/**
* This is to please both bin/hbase and bin/hbase-daemon. hbase-daemon provides "start" and "stop" arguments hbase
* should print the help if no argument is provided
*/
List<?> argList = cmd.getArgList();
if (cmd.hasOption("help") || !argList.contains("start") || argList.contains("stop")) {
printUsage();
return 1;
}
// Get address to bind
String bindAddress;
if (cmd.hasOption("bind")) {
bindAddress = cmd.getOptionValue("bind");
conf.set("hbase.thrift.info.bindAddress", bindAddress);
} else {
bindAddress = conf.get("hbase.thrift.info.bindAddress");
}
// Get read timeout
int readTimeout = THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT;
if (cmd.hasOption(READ_TIMEOUT_OPTION)) {
try {
readTimeout = Integer.parseInt(cmd.getOptionValue(READ_TIMEOUT_OPTION));
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the timeout option", e);
}
} else {
readTimeout = conf.getInt(THRIFT_SERVER_SOCKET_READ_TIMEOUT_KEY, THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT);
}
// Get port to bind to
int listenPort = 0;
try {
if (cmd.hasOption("port")) {
listenPort = Integer.parseInt(cmd.getOptionValue("port"));
} else {
listenPort = conf.getInt("hbase.regionserver.thrift.port", DEFAULT_LISTEN_PORT);
}
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the port option", e);
}
// Thrift's implementation uses '0' as a placeholder for 'use the default.'
int backlog = conf.getInt(BACKLOG_CONF_KEY, 0);
// Local hostname and user name,
// used only if QOP is configured.
String host = null;
String name = null;
UserProvider userProvider = UserProvider.instantiate(conf);
// login the server principal (if using secure Hadoop)
boolean securityEnabled = userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
if (securityEnabled) {
host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"), conf.get("hbase.thrift.dns.nameserver", "default")));
userProvider.login("hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal", host);
}
UserGroupInformation realUser = userProvider.getCurrent().getUGI();
String stringQop = conf.get(THRIFT_QOP_KEY);
SaslUtil.QualityOfProtection qop = null;
if (stringQop != null) {
qop = SaslUtil.getQop(stringQop);
if (!securityEnabled) {
throw new IOException("Thrift server must" + " run in secure mode to support authentication");
}
// Extract the name from the principal
name = SecurityUtil.getUserFromPrincipal(conf.get("hbase.thrift.kerberos.principal"));
}
boolean nonblocking = cmd.hasOption("nonblocking");
boolean hsha = cmd.hasOption("hsha");
boolean selector = cmd.hasOption("selector");
ThriftMetrics metrics = new ThriftMetrics(conf, ThriftMetrics.ThriftServerType.TWO);
final JvmPauseMonitor pauseMonitor = new JvmPauseMonitor(conf, metrics.getSource());
String implType = "threadpool";
if (nonblocking) {
implType = "nonblocking";
} else if (hsha) {
implType = "hsha";
} else if (selector) {
implType = "selector";
}
conf.set("hbase.regionserver.thrift.server.type", implType);
conf.setInt("hbase.regionserver.thrift.port", listenPort);
registerFilters(conf);
// Construct correct ProtocolFactory
boolean compact = cmd.hasOption("compact") || conf.getBoolean("hbase.regionserver.thrift.compact", false);
TProtocolFactory protocolFactory = getTProtocolFactory(compact);
final ThriftHBaseServiceHandler hbaseHandler = new ThriftHBaseServiceHandler(conf, userProvider);
THBaseService.Iface handler = ThriftHBaseServiceHandler.newInstance(hbaseHandler, metrics);
final THBaseService.Processor p = new THBaseService.Processor(handler);
conf.setBoolean("hbase.regionserver.thrift.compact", compact);
TProcessor processor = p;
boolean framed = cmd.hasOption("framed") || conf.getBoolean("hbase.regionserver.thrift.framed", false) || nonblocking || hsha;
TTransportFactory transportFactory = getTTransportFactory(qop, name, host, framed, conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb", 2) * 1024 * 1024);
InetSocketAddress inetSocketAddress = bindToPort(bindAddress, listenPort);
conf.setBoolean("hbase.regionserver.thrift.framed", framed);
if (qop != null) {
// Create a processor wrapper, to get the caller
processor = new TProcessor() {
@Override
public boolean process(TProtocol inProt, TProtocol outProt) throws TException {
TSaslServerTransport saslServerTransport = (TSaslServerTransport) inProt.getTransport();
SaslServer saslServer = saslServerTransport.getSaslServer();
String principal = saslServer.getAuthorizationID();
hbaseHandler.setEffectiveUser(principal);
return p.process(inProt, outProt);
}
};
}
if (cmd.hasOption("w")) {
workerThreads = Integer.parseInt(cmd.getOptionValue("w"));
}
if (cmd.hasOption("s")) {
selectorThreads = Integer.parseInt(cmd.getOptionValue("s"));
}
if (cmd.hasOption("q")) {
maxCallQueueSize = Integer.parseInt(cmd.getOptionValue("q"));
}
// check for user-defined info server port setting, if so override the conf
try {
if (cmd.hasOption("infoport")) {
String val = cmd.getOptionValue("infoport");
conf.setInt("hbase.thrift.info.port", Integer.parseInt(val));
log.debug("Web UI port set to " + val);
}
} catch (NumberFormatException e) {
log.error("Could not parse the value provided for the infoport option", e);
printUsage();
System.exit(1);
}
// Put up info server.
int port = conf.getInt("hbase.thrift.info.port", 9095);
if (port >= 0) {
conf.setLong("startcode", System.currentTimeMillis());
String a = conf.get("hbase.thrift.info.bindAddress", "0.0.0.0");
InfoServer infoServer = new InfoServer("thrift", a, port, false, conf);
infoServer.setAttribute("hbase.conf", conf);
infoServer.start();
}
if (nonblocking) {
server = getTNonBlockingServer(protocolFactory, processor, transportFactory, inetSocketAddress);
} else if (hsha) {
server = getTHsHaServer(protocolFactory, processor, transportFactory, workerThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else if (selector) {
server = getTThreadedSelectorServer(protocolFactory, processor, transportFactory, workerThreads, selectorThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else {
server = getTThreadPoolServer(protocolFactory, processor, transportFactory, workerThreads, inetSocketAddress, backlog, readTimeout, metrics);
}
final TServer tserver = server;
realUser.doAs(new PrivilegedAction<Object>() {
@Override
public Object run() {
pauseMonitor.start();
try {
tserver.serve();
return null;
} finally {
pauseMonitor.stop();
}
}
});
// when tserver.stop eventually happens we'll get here.
return 0;
}
Also used :
TException(org.apache.thrift.TException)
Options(org.apache.commons.cli.Options)
TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory)
TProcessor(org.apache.thrift.TProcessor)
Configuration(org.apache.hadoop.conf.Configuration)
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
TServer(org.apache.thrift.server.TServer)
InetSocketAddress(java.net.InetSocketAddress)
SaslServer(javax.security.sasl.SaslServer)
JvmPauseMonitor(org.apache.hadoop.hbase.util.JvmPauseMonitor)
TProcessor(org.apache.thrift.TProcessor)
UserProvider(org.apache.hadoop.hbase.security.UserProvider)
TProtocol(org.apache.thrift.protocol.TProtocol)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
THBaseService(org.apache.hadoop.hbase.thrift2.generated.THBaseService)
IOException(java.io.IOException)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
CommandLine(org.apache.commons.cli.CommandLine)
ThriftMetrics(org.apache.hadoop.hbase.thrift.ThriftMetrics)
InfoServer(org.apache.hadoop.hbase.http.InfoServer)
SaslUtil(org.apache.hadoop.hbase.security.SaslUtil)
Aggregations
TTransportFactory (org.apache.thrift.transport.TTransportFactory)16
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)9
TBinaryProtocol (org.apache.thrift.protocol.TBinaryProtocol)8
TThreadPoolServer (org.apache.thrift.server.TThreadPoolServer)7
LoggerFactory (org.slf4j.LoggerFactory)6
CallbackHandler (javax.security.auth.callback.CallbackHandler)5
TServerSocket (org.apache.thrift.transport.TServerSocket)5
IOException (java.io.IOException)4
TProtocol (org.apache.thrift.protocol.TProtocol)4
TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)4
HashMap (java.util.HashMap)3
TreeMap (java.util.TreeMap)3
LoginException (javax.security.auth.login.LoginException)3
InetSocketAddress (java.net.InetSocketAddress)2
ArrayList (java.util.ArrayList)2
Map (java.util.Map)2
ArrayBlockingQueue (java.util.concurrent.ArrayBlockingQueue)2
BlockingQueue (java.util.concurrent.BlockingQueue)2
ExecutorService (java.util.concurrent.ExecutorService)2
SynchronousQueue (java.util.concurrent.SynchronousQueue)2
