@Override public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken( RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request) throws ServiceException { LOG.debug("Authentication token request from " + RpcServer.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> callback = new BlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse>(); getAuthenticationToken(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Override public AuthenticationProtos.WhoAmIResponse whoAmI( RpcController controller, AuthenticationProtos.WhoAmIRequest request) throws ServiceException { LOG.debug("whoAmI() request from " + RpcServer.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback = new BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse>(); whoAmI(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
private void testTokenAuth(Class<? extends RpcClient> rpcImplClass) throws IOException, ServiceException { TEST_UTIL.getConfiguration().set(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY, rpcImplClass.getName()); try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); Table table = conn.getTable(TableName.META_TABLE_NAME)) { CoprocessorRpcChannel rpcChannel = table.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); WhoAmIResponse response = service.whoAmI(null, WhoAmIRequest.getDefaultInstance()); assertEquals(USERNAME, response.getUsername()); assertEquals(AuthenticationMethod.TOKEN.name(), response.getAuthMethod()); try { service.getAuthenticationToken(null, GetAuthenticationTokenRequest.getDefaultInstance()); } catch (ServiceException e) { AccessDeniedException exc = (AccessDeniedException) ProtobufUtil.getRemoteException(e); assertTrue(exc.getMessage().contains( "Token generation only allowed for Kerberos authenticated clients")); } } }
/** * Obtain and return an authentication token for the current user. * @param conn The HBase cluster connection * @return the authentication token instance */ public static Token<AuthenticationTokenIdentifier> obtainToken( Connection conn) throws IOException { Table meta = null; try { meta = conn.getTable(TableName.META_TABLE_NAME); CoprocessorRpcChannel rpcChannel = meta.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); AuthenticationProtos.GetAuthenticationTokenResponse response = service.getAuthenticationToken(null, AuthenticationProtos.GetAuthenticationTokenRequest.getDefaultInstance()); return ProtobufUtil.toToken(response.getToken()); } catch (ServiceException se) { ProtobufUtil.toIOException(se); } finally { if (meta != null) { meta.close(); } } // dummy return for ServiceException block return null; }
public TokenServer(Configuration conf) throws IOException { this.conf = conf; this.startcode = EnvironmentEdgeManager.currentTime(); // Server to handle client requests. String hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost("default", "default")); int port = 0; // Creation of an ISA will force a resolve. InetSocketAddress initialIsa = new InetSocketAddress(hostname, port); if (initialIsa.getAddress() == null) { throw new IllegalArgumentException("Failed resolve of " + initialIsa); } final List<BlockingServiceAndInterface> sai = new ArrayList<BlockingServiceAndInterface>(1); BlockingService service = AuthenticationProtos.AuthenticationService.newReflectiveBlockingService(this); sai.add(new BlockingServiceAndInterface(service, AuthenticationProtos.AuthenticationService.BlockingInterface.class)); this.rpcServer = new RpcServer(this, "tokenServer", sai, initialIsa, conf, new FifoRpcScheduler(conf, 1)); this.isa = this.rpcServer.getListenerAddress(); this.sleeper = new Sleeper(1000, this); }
@Override public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken( RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request) throws ServiceException { LOG.debug("Authentication token request from "+RequestContext.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> callback = new BlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse>(); getAuthenticationToken(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Override public AuthenticationProtos.WhoAmIResponse whoAmI( RpcController controller, AuthenticationProtos.WhoAmIRequest request) throws ServiceException { LOG.debug("whoAmI() request from "+RequestContext.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback = new BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse>(); whoAmI(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
/** * Obtain and return an authentication token for the current user. * @param conf The configuration for connecting to the cluster * @return the authentication token instance */ public static Token<AuthenticationTokenIdentifier> obtainToken( Configuration conf) throws IOException { HTable meta = null; try { meta = new HTable(conf, TableName.META_TABLE_NAME); CoprocessorRpcChannel rpcChannel = meta.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); AuthenticationProtos.GetAuthenticationTokenResponse response = service.getAuthenticationToken(null, AuthenticationProtos.GetAuthenticationTokenRequest.getDefaultInstance()); return ProtobufUtil.toToken(response.getToken()); } catch (ServiceException se) { ProtobufUtil.toIOException(se); } finally { if (meta != null) { meta.close(); } } // dummy return for ServiceException catch block return null; }
public TokenServer(Configuration conf) throws IOException { this.conf = conf; this.startcode = EnvironmentEdgeManager.currentTimeMillis(); // Server to handle client requests. String hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost("default", "default")); int port = 0; // Creation of an ISA will force a resolve. InetSocketAddress initialIsa = new InetSocketAddress(hostname, port); if (initialIsa.getAddress() == null) { throw new IllegalArgumentException("Failed resolve of " + initialIsa); } final List<BlockingServiceAndInterface> sai = new ArrayList<BlockingServiceAndInterface>(1); BlockingService service = AuthenticationProtos.AuthenticationService.newReflectiveBlockingService(this); sai.add(new BlockingServiceAndInterface(service, AuthenticationProtos.AuthenticationService.BlockingInterface.class)); this.rpcServer = new RpcServer(this, "tokenServer", sai, initialIsa, conf, new FifoRpcScheduler(conf, 1)); this.isa = this.rpcServer.getListenerAddress(); this.sleeper = new Sleeper(1000, this); }
/** * Obtain and return an authentication token for the current user. * @param conn The HBase cluster connection * @throws IOException if a remote error or serialization problem occurs. * @return the authentication token instance */ public static Token<AuthenticationTokenIdentifier> obtainToken( Connection conn) throws IOException { Table meta = null; try { meta = conn.getTable(TableName.META_TABLE_NAME); CoprocessorRpcChannel rpcChannel = meta.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); AuthenticationProtos.GetAuthenticationTokenResponse response = service.getAuthenticationToken(null, AuthenticationProtos.GetAuthenticationTokenRequest.getDefaultInstance()); return toToken(response.getToken()); } catch (ServiceException se) { throw ProtobufUtil.handleRemoteException(se); } finally { if (meta != null) { meta.close(); } } }
@Override public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken( RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request) throws ServiceException { LOG.debug("Authentication token request from " + RpcServer.getRequestUserName().orElse(null)); // Ignore above passed in controller -- it is always null ServerRpcController serverController = new ServerRpcController(); final NonShadedBlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> callback = new NonShadedBlockingRpcCallback<>(); getAuthenticationToken(null, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Override public AuthenticationProtos.WhoAmIResponse whoAmI( RpcController controller, AuthenticationProtos.WhoAmIRequest request) throws ServiceException { LOG.debug("whoAmI() request from " + RpcServer.getRequestUserName().orElse(null)); // Ignore above passed in controller -- it is always null ServerRpcController serverController = new ServerRpcController(); NonShadedBlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback = new NonShadedBlockingRpcCallback<>(); whoAmI(null, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Test public void test() throws Exception { try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); Table table = conn.getTable(TableName.META_TABLE_NAME)) { CoprocessorRpcChannel rpcChannel = table.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); WhoAmIResponse response = service.whoAmI(null, WhoAmIRequest.getDefaultInstance()); assertEquals(USERNAME, response.getUsername()); assertEquals(AuthenticationMethod.TOKEN.name(), response.getAuthMethod()); try { service.getAuthenticationToken(null, GetAuthenticationTokenRequest.getDefaultInstance()); } catch (ServiceException e) { IOException ioe = ProtobufUtil.getRemoteException(e); assertThat(ioe, instanceOf(AccessDeniedException.class)); assertThat(ioe.getMessage(), containsString("Token generation only allowed for Kerberos authenticated clients")); } } }
public TokenServer(Configuration conf) throws IOException { this.conf = conf; this.startcode = EnvironmentEdgeManager.currentTimeMillis(); // Server to handle client requests. String hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost("default", "default")); int port = 0; // Creation of an ISA will force a resolve. InetSocketAddress initialIsa = new InetSocketAddress(hostname, port); if (initialIsa.getAddress() == null) { throw new IllegalArgumentException("Failed resolve of " + initialIsa); } final List<BlockingServiceAndInterface> sai = new ArrayList<BlockingServiceAndInterface>(1); BlockingService service = AuthenticationProtos.AuthenticationService.newReflectiveBlockingService(this); sai.add(new BlockingServiceAndInterface(service, AuthenticationProtos.AuthenticationService.BlockingInterface.class)); this.rpcServer = new RpcServer(this, "tokenServer", sai, initialIsa, 3, 1, conf, HConstants.QOS_THRESHOLD); this.isa = this.rpcServer.getListenerAddress(); this.sleeper = new Sleeper(1000, this); }
/** * Obtain and return an authentication token for the current user. * @param conf The configuration for connecting to the cluster * @return the authentication token instance */ public static Token<AuthenticationTokenIdentifier> obtainToken( Configuration conf) throws IOException { HTable meta = null; try { meta = new HTable(conf, ".META."); CoprocessorRpcChannel rpcChannel = meta.coprocessorService(HConstants.EMPTY_START_ROW); AuthenticationProtos.AuthenticationService.BlockingInterface service = AuthenticationProtos.AuthenticationService.newBlockingStub(rpcChannel); AuthenticationProtos.TokenResponse response = service.getAuthenticationToken(null, AuthenticationProtos.TokenRequest.getDefaultInstance()); return ProtobufUtil.toToken(response.getToken()); } catch (ServiceException se) { ProtobufUtil.toIOException(se); } finally { if (meta != null) { meta.close(); } } // dummy return for ServiceException catch block return null; }
public TokenServer(Configuration conf) throws IOException { this.conf = conf; this.startcode = EnvironmentEdgeManager.currentTimeMillis(); // Server to handle client requests. String hostname = Strings.domainNamePointerToHostName( DNS.getDefaultHost("default", "default")); int port = 0; // Creation of an ISA will force a resolve. InetSocketAddress initialIsa = new InetSocketAddress(hostname, port); if (initialIsa.getAddress() == null) { throw new IllegalArgumentException("Failed resolve of " + initialIsa); } this.rpcServer = HBaseServerRPC.getServer(TokenServer.class, this, new Class<?>[]{AuthenticationProtos.AuthenticationService.Interface.class}, initialIsa.getHostName(), // BindAddress is IP we got for this server. initialIsa.getPort(), 3, // handlers 1, // meta handlers (not used) true, this.conf, HConstants.QOS_THRESHOLD); // Set our address. this.isa = this.rpcServer.getListenerAddress(); this.sleeper = new Sleeper(1000, this); }
@Override public AuthenticationProtos.TokenResponse getAuthenticationToken( RpcController controller, AuthenticationProtos.TokenRequest request) throws ServiceException { LOG.debug("Authentication token request from "+RequestContext.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.TokenResponse> callback = new BlockingRpcCallback<AuthenticationProtos.TokenResponse>(); getAuthenticationToken(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Override public AuthenticationProtos.WhoAmIResponse whoami( RpcController controller, AuthenticationProtos.WhoAmIRequest request) throws ServiceException { LOG.debug("whoami() request from "+RequestContext.getRequestUserName()); // ignore passed in controller -- it's always null ServerRpcController serverController = new ServerRpcController(); BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback = new BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse>(); whoami(serverController, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
@Override public void getAuthenticationToken(RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request, RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) { AuthenticationProtos.GetAuthenticationTokenResponse.Builder response = AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder(); try { if (secretManager == null) { throw new IOException( "No secret manager configured for token authentication"); } User currentUser = RpcServer.getRequestUser(); UserGroupInformation ugi = null; if (currentUser != null) { ugi = currentUser.getUGI(); } if (currentUser == null) { throw new AccessDeniedException("No authenticated user for request!"); } else if (!isAllowedDelegationTokenOp(ugi)) { LOG.warn("Token generation denied for user="+currentUser.getName() +", authMethod="+ugi.getAuthenticationMethod()); throw new AccessDeniedException( "Token generation only allowed for Kerberos authenticated clients"); } Token<AuthenticationTokenIdentifier> token = secretManager.generateToken(currentUser.getName()); response.setToken(ProtobufUtil.toToken(token)).build(); } catch (IOException ioe) { ResponseConverter.setControllerException(controller, ioe); } done.run(response.build()); }
@Override public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request, RpcCallback<AuthenticationProtos.WhoAmIResponse> done) { User requestUser = RpcServer.getRequestUser(); AuthenticationProtos.WhoAmIResponse.Builder response = AuthenticationProtos.WhoAmIResponse.newBuilder(); if (requestUser != null) { response.setUsername(requestUser.getShortName()); AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod(); if (method != null) { response.setAuthMethod(method.name()); } } done.run(response.build()); }
public TokenServer(Configuration conf) throws IOException { this.conf = conf; this.startcode = EnvironmentEdgeManager.currentTime(); // Server to handle client requests. String hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost("default", "default")); int port = 0; // Creation of an ISA will force a resolve. InetSocketAddress initialIsa = new InetSocketAddress(hostname, port); if (initialIsa.getAddress() == null) { throw new IllegalArgumentException("Failed resolve of " + initialIsa); } final List<BlockingServiceAndInterface> sai = new ArrayList<BlockingServiceAndInterface>(1); BlockingService service = AuthenticationProtos.AuthenticationService.newReflectiveBlockingService(this); sai.add(new BlockingServiceAndInterface(service, AuthenticationProtos.AuthenticationService.BlockingInterface.class)); this.rpcServer = new RpcServer(this, "tokenServer", sai, initialIsa, conf, new FifoRpcScheduler(conf, 1)); InetSocketAddress address = rpcServer.getListenerAddress(); if (address == null) { throw new IOException("Listener channel is closed"); } this.isa = address; this.sleeper = new Sleeper(1000, this); }
@BeforeClass public static void setupBeforeClass() throws Exception { TEST_UTIL = new HBaseTestingUtility(); TEST_UTIL.startMiniZKCluster(); // register token type for protocol SecurityInfo.addInfo(AuthenticationProtos.AuthenticationService.getDescriptor().getName(), new SecurityInfo("hbase.test.kerberos.principal", AuthenticationProtos.TokenIdentifier.Kind.HBASE_AUTH_TOKEN)); // security settings only added after startup so that ZK does not require SASL Configuration conf = TEST_UTIL.getConfiguration(); conf.set("hadoop.security.authentication", "kerberos"); conf.set("hbase.security.authentication", "kerberos"); conf.setBoolean(HADOOP_SECURITY_AUTHORIZATION, true); server = new TokenServer(conf); serverThread = new Thread(server); Threads.setDaemonThreadRunning(serverThread, "TokenServer:"+server.getServerName().toString()); // wait for startup while (!server.isStarted() && !server.isStopped()) { Thread.sleep(10); } server.rpcServer.refreshAuthManager(new PolicyProvider() { @Override public Service[] getServices() { return new Service [] { new Service("security.client.protocol.acl", AuthenticationProtos.AuthenticationService.BlockingInterface.class)}; } }); ZKClusterId.setClusterId(server.getZooKeeper(), clusterId); secretManager = (AuthenticationTokenSecretManager)server.getSecretManager(); while(secretManager.getCurrentKey() == null) { Thread.sleep(1); } }
@Test public void testTokenAuthentication() throws Exception { UserGroupInformation testuser = UserGroupInformation.createUserForTesting("testuser", new String[]{"testgroup"}); testuser.setAuthenticationMethod( UserGroupInformation.AuthenticationMethod.TOKEN); final Configuration conf = TEST_UTIL.getConfiguration(); UserGroupInformation.setConfiguration(conf); Token<AuthenticationTokenIdentifier> token = secretManager.generateToken("testuser"); LOG.debug("Got token: " + token.toString()); testuser.addToken(token); // verify the server authenticates us as this token user testuser.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws Exception { Configuration c = server.getConfiguration(); RpcClient rpcClient = RpcClientFactory.createClient(c, clusterId.toString()); ServerName sn = ServerName.valueOf(server.getAddress().getHostName(), server.getAddress().getPort(), System.currentTimeMillis()); try { BlockingRpcChannel channel = rpcClient.createBlockingRpcChannel(sn, User.getCurrent(), HConstants.DEFAULT_HBASE_RPC_TIMEOUT); AuthenticationProtos.AuthenticationService.BlockingInterface stub = AuthenticationProtos.AuthenticationService.newBlockingStub(channel); AuthenticationProtos.WhoAmIResponse response = stub.whoAmI(null, AuthenticationProtos.WhoAmIRequest.getDefaultInstance()); String myname = response.getUsername(); assertEquals("testuser", myname); String authMethod = response.getAuthMethod(); assertEquals("TOKEN", authMethod); } finally { rpcClient.close(); } return null; } }); }
public byte[] toBytes() { AuthenticationProtos.TokenIdentifier.Builder builder = AuthenticationProtos.TokenIdentifier.newBuilder(); builder.setKind(AuthenticationProtos.TokenIdentifier.Kind.HBASE_AUTH_TOKEN); if (username != null) { builder.setUsername(ByteString.copyFromUtf8(username)); } builder.setIssueDate(issueDate) .setExpirationDate(expirationDate) .setKeyId(keyId) .setSequenceNumber(sequenceNumber); return builder.build().toByteArray(); }
@Override public void readFields(DataInput in) throws IOException { int len = in.readInt(); byte[] inBytes = new byte[len]; in.readFully(inBytes); AuthenticationProtos.TokenIdentifier.Builder builder = AuthenticationProtos.TokenIdentifier.newBuilder(); ProtobufUtil.mergeFrom(builder, inBytes); AuthenticationProtos.TokenIdentifier identifier = builder.build(); // sanity check on type if (!identifier.hasKind() || identifier.getKind() != AuthenticationProtos.TokenIdentifier.Kind.HBASE_AUTH_TOKEN) { throw new IOException("Invalid TokenIdentifier kind from input "+identifier.getKind()); } // copy the field values if (identifier.hasUsername()) { username = identifier.getUsername().toStringUtf8(); } if (identifier.hasKeyId()) { keyId = identifier.getKeyId(); } if (identifier.hasIssueDate()) { issueDate = identifier.getIssueDate(); } if (identifier.hasExpirationDate()) { expirationDate = identifier.getExpirationDate(); } if (identifier.hasSequenceNumber()) { sequenceNumber = identifier.getSequenceNumber(); } }
/** * Converts a Token instance (with embedded identifier) to the protobuf representation. * * @param token the Token instance to copy * @return the protobuf Token message */ public static AuthenticationProtos.Token toToken(Token<AuthenticationTokenIdentifier> token) { AuthenticationProtos.Token.Builder builder = AuthenticationProtos.Token.newBuilder(); builder.setIdentifier(ByteStringer.wrap(token.getIdentifier())); builder.setPassword(ByteStringer.wrap(token.getPassword())); if (token.getService() != null) { builder.setService(ByteString.copyFromUtf8(token.getService().toString())); } return builder.build(); }
/** * Converts a protobuf Token message back into a Token instance. * * @param proto the protobuf Token message * @return the Token instance */ public static Token<AuthenticationTokenIdentifier> toToken(AuthenticationProtos.Token proto) { return new Token<AuthenticationTokenIdentifier>( proto.hasIdentifier() ? proto.getIdentifier().toByteArray() : null, proto.hasPassword() ? proto.getPassword().toByteArray() : null, AuthenticationTokenIdentifier.AUTH_TOKEN_TYPE, proto.hasService() ? new Text(proto.getService().toStringUtf8()) : null); }
@Override public void getAuthenticationToken(RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request, RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) { AuthenticationProtos.GetAuthenticationTokenResponse.Builder response = AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder(); try { if (secretManager == null) { throw new IOException( "No secret manager configured for token authentication"); } User currentUser = RequestContext.getRequestUser(); UserGroupInformation ugi = null; if (currentUser != null) { ugi = currentUser.getUGI(); } if (currentUser == null) { throw new AccessDeniedException("No authenticated user for request!"); } else if (!isAllowedDelegationTokenOp(ugi)) { LOG.warn("Token generation denied for user="+currentUser.getName() +", authMethod="+ugi.getAuthenticationMethod()); throw new AccessDeniedException( "Token generation only allowed for Kerberos authenticated clients"); } Token<AuthenticationTokenIdentifier> token = secretManager.generateToken(currentUser.getName()); response.setToken(ProtobufUtil.toToken(token)).build(); } catch (IOException ioe) { ResponseConverter.setControllerException(controller, ioe); } done.run(response.build()); }
@Override public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request, RpcCallback<AuthenticationProtos.WhoAmIResponse> done) { User requestUser = RequestContext.getRequestUser(); AuthenticationProtos.WhoAmIResponse.Builder response = AuthenticationProtos.WhoAmIResponse.newBuilder(); if (requestUser != null) { response.setUsername(requestUser.getShortName()); AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod(); if (method != null) { response.setAuthMethod(method.name()); } } done.run(response.build()); }