public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password) { this.httpfsUrl = httpfsUrl; this.principal = principal; this.password = password; Configuration conf = new Configuration(); conf.addResource("conf/hdfs-site.xml"); conf.addResource("conf/core-site.xml"); newToken = new AuthenticatedURL.Token(); KerberosAuthenticator ka = new KerberosAuthenticator(); ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf); ka.setConnectionConfigurator(connectionConfigurator); try{ URL url = new URL(httpfsUrl); ka.authenticate(url,newToken); }catch(Exception e){ e.printStackTrace(); } this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator); // this.authenticatedURL = new AuthenticatedURL( // new KerberosAuthenticator2(principal, password)); }
/** * Performs SPNEGO authentication against the specified URL. * <p/> * If a token is given it does a NOP and returns the given token. * <p/> * If no token is given, it will perform the SPNEGO authentication sequence * using an HTTP <code>OPTIONS</code> request. * * @param url the URl to authenticate against. * @param token the authentication token being used for the user. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication error occurred. */ public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException { if (!token.isSet()) { this.url = url; base64 = new Base64(0); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod(AUTH_HTTP_METHOD); conn.connect(); if (isNegotiate()) { doSpnegoSequence(token); } else { getFallBackAuthenticator().authenticate(url, token); } } }
public static synchronized Token generateToken(String srvUrl, String princ, String passwd) { AuthenticatedURL.Token newToken = new AuthenticatedURL.Token(); Authenticator authenticator = new PseudoAuthenticator(princ); try { String spec = MessageFormat.format( "/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name={0}", princ); HttpURLConnection conn = new AuthenticatedURL(authenticator) .openConnection(new URL(new URL(srvUrl), spec), newToken); conn.connect(); conn.disconnect(); } catch (Exception ex) { logger.error(ex.getMessage()); logger.error("[" + princ + ":" + passwd + "]@" + srvUrl, ex); } return newToken; }
@Test @TestDir @TestJetty @TestHdfs public void testValidHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); return null; } }); }
/** * Opens a url with read and connect timeouts * * @param url * URL to open * @param isSpnego * whether the url should be authenticated via SPNEGO * @return URLConnection * @throws IOException * @throws AuthenticationException */ public URLConnection openConnection(URL url, boolean isSpnego) throws IOException, AuthenticationException { if (isSpnego) { if (LOG.isDebugEnabled()) { LOG.debug("open AuthenticatedURL connection" + url); } UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).openConnection(url, authToken); } else { if (LOG.isDebugEnabled()) { LOG.debug("open URL connection"); } URLConnection connection = url.openConnection(); if (connection instanceof HttpURLConnection) { connConfigurator.configure((HttpURLConnection) connection); } return connection; } }
/** * Opens a url with read and connect timeouts * * @param url * URL to open * @param isSpnego * whether the url should be authenticated via SPNEGO * @return URLConnection * @throws IOException * @throws AuthenticationException */ public URLConnection openConnection(URL url, boolean isSpnego) throws IOException, AuthenticationException { if (isSpnego) { LOG.debug("open AuthenticatedURL connection {}", url); UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).openConnection(url, authToken); } else { LOG.debug("open URL connection"); URLConnection connection = url.openConnection(); if (connection instanceof HttpURLConnection) { connConfigurator.configure((HttpURLConnection) connection); } return connection; } }
/** * Requests a delegation token using the configured <code>Authenticator</code> * for authentication. * * @param url the URL to get the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token being used for the user where the * Delegation token will be stored. * @param renewer the renewer user. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, AuthenticatedURL.Token token, String renewer, String doAsUser) throws IOException, AuthenticationException { Map json = doDelegationTokenOperation(url, token, DelegationTokenOperation.GETDELEGATIONTOKEN, renewer, null, true, doAsUser); json = (Map) json.get(DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(DELEGATION_TOKEN_URL_STRING_JSON); Token<AbstractDelegationTokenIdentifier> dToken = new Token<AbstractDelegationTokenIdentifier>(); dToken.decodeFromUrlString(tokenStr); InetSocketAddress service = new InetSocketAddress(url.getHost(), url.getPort()); SecurityUtil.setTokenService(dToken, service); return dToken; }
public static synchronized Token generateToken(String srvUrl, String princ, String passwd) { AuthenticatedURL.Token newToken = new AuthenticatedURL.Token(); Authenticator authenticator = new PseudoAuthenticator2(princ); try { String spec = MessageFormat.format( "/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name={0}", princ); HttpURLConnection conn = new AuthenticatedURL(authenticator) .openConnection(new URL(new URL(srvUrl), spec), newToken); conn.connect(); conn.disconnect(); } catch (Exception ex) { logger.error(ex.getMessage()); logger.error("[" + princ + ":" + passwd + "]@" + srvUrl, ex); // WARN // throws MalformedURLException, IOException, // AuthenticationException, InterruptedException } return newToken; }
/** * Opens a url with read and connect timeouts * * @param url * URL to open * @param isSpnego * whether the url should be authenticated via SPNEGO * @return URLConnection * @throws IOException * @throws AuthenticationException */ public URLConnection openConnection(URL url, boolean isSpnego) throws IOException, AuthenticationException { if (isSpnego) { if (LOG.isDebugEnabled()) { LOG.debug("open AuthenticatedURL connection" + url); } UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return new AuthenticatedURL(AUTH, connConfigurator).openConnection(url, authToken); } else { if (LOG.isDebugEnabled()) { LOG.debug("open URL connection"); } URLConnection connection = url.openConnection(); if (connection instanceof HttpURLConnection) { connConfigurator.configure((HttpURLConnection) connection); } return connection; } }
public static long renewDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<String, String>(); params.put(OP_PARAM, DelegationTokenOperation.RENEWDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.RENEWDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) ((JSONObject) HttpFSUtils.jsonParse(conn)).get(DELEGATION_TOKEN_JSON); return (Long)(json.get(RENEW_DELEGATION_TOKEN_JSON)); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
public static void cancelDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<String, String>(); params.put(OP_PARAM, DelegationTokenOperation.CANCELDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.CANCELDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
/** * Convenience method that creates a <code>HttpURLConnection</code> for the specified URL. * <p/> * This methods performs and injects any needed authentication credentials. * * @param url url to connect to. * @param method the HTTP method. * * @return a <code>HttpURLConnection</code> for the HttpFSServer server, authenticated and ready to use for * the specified path and file system operation. * * @throws IOException thrown if an IO error occurrs. */ private HttpURLConnection getConnection(URL url, String method) throws IOException { Class<? extends Authenticator> klass = getConf().getClass("httpfs.authenticator.class", HttpFSKerberosAuthenticator.class, Authenticator.class); Authenticator authenticator = ReflectionUtils.newInstance(klass, getConf()); try { HttpURLConnection conn = new AuthenticatedURL(authenticator).openConnection(url, authToken); conn.setRequestMethod(method); if (method.equals(HTTP_POST) || method.equals(HTTP_PUT)) { conn.setDoOutput(true); } return conn; } catch (Exception ex) { throw new IOException(ex); } }
private HttpURLConnection openHttpUrlConnection(final URL url) throws IOException { final HttpURLConnection conn; try { if (op.getRequireAuth()) { LOG.debug("open AuthenticatedURL connection"); UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); conn = new AuthenticatedURL(AUTH, CONN_CONFIGURATOR).openConnection( url, authToken); URLUtils.setTimeouts(conn); } else { LOG.debug("open URL connection"); conn = (HttpURLConnection)URLUtils.openConnection(url); } } catch (AuthenticationException e) { throw new IOException(e); } return conn; }
public static Token<?> getDelegationToken(URI fsURI, InetSocketAddress httpFSAddr, AuthenticatedURL.Token token, String renewer) throws IOException { DelegationTokenOperation op = DelegationTokenOperation.GETDELEGATIONTOKEN; Map<String, String> params = new HashMap<>(); params.put(OP_PARAM, op.toString()); params.put(RENEWER_PARAM, renewer); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod(op.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) ((JSONObject) HttpFSUtils.jsonParse(conn)) .get(DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(DELEGATION_TOKEN_URL_STRING_JSON); Token<AbstractDelegationTokenIdentifier> dToken = new Token<>(); dToken.decodeFromUrlString(tokenStr); SecurityUtil.setTokenService(dToken, httpFSAddr); return dToken; } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
public static long renewDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<>(); params.put(OP_PARAM, DelegationTokenOperation.RENEWDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.RENEWDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) ((JSONObject) HttpFSUtils.jsonParse(conn)) .get(DELEGATION_TOKEN_JSON); return (Long) (json.get(RENEW_DELEGATION_TOKEN_JSON)); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
public static void cancelDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<>(); params.put(OP_PARAM, DelegationTokenOperation.CANCELDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.CANCELDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
/** * Convenience method that creates a <code>HttpURLConnection</code> for the * specified URL. * <p/> * This methods performs and injects any needed authentication credentials. * * @param url * url to connect to. * @param method * the HTTP method. * @return a <code>HttpURLConnection</code> for the HttpFSServer server, * authenticated and ready to use for * the specified path and file system operation. * @throws IOException * thrown if an IO error occurrs. */ private HttpURLConnection getConnection(URL url, String method) throws IOException { Class<? extends Authenticator> klass = getConf() .getClass("httpfs.authenticator.class", HttpFSKerberosAuthenticator.class, Authenticator.class); Authenticator authenticator = ReflectionUtils.newInstance(klass, getConf()); try { HttpURLConnection conn = new AuthenticatedURL(authenticator).openConnection(url, authToken); conn.setRequestMethod(method); if (method.equals(HTTP_POST) || method.equals(HTTP_PUT)) { conn.setDoOutput(true); } return conn; } catch (Exception ex) { throw new IOException(ex); } }
@Test @TestDir @TestJetty @TestHdfs @Ignore public void testValidHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); return null; } }); }
public static long renewDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<String, String>(); params.put(OP_PARAM, DelegationTokenOperation.RENEWDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.RENEWDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) ((JSONObject) HttpFSUtils.jsonParse(conn)).get(DELEGATION_TOKEN_JSON); return (Long)(json.get(RENEW_DELEGATION_TOKEN_JSON)); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
public static void cancelDelegationToken(URI fsURI, AuthenticatedURL.Token token, Token<?> dToken) throws IOException { Map<String, String> params = new HashMap<String, String>(); params.put(OP_PARAM, DelegationTokenOperation.CANCELDELEGATIONTOKEN.toString()); params.put(TOKEN_PARAM, dToken.encodeToUrlString()); URL url = HttpFSUtils.createURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod( DelegationTokenOperation.CANCELDELEGATIONTOKEN.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
