public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password) { this.httpfsUrl = httpfsUrl; this.principal = principal; this.password = password; Configuration conf = new Configuration(); conf.addResource("conf/hdfs-site.xml"); conf.addResource("conf/core-site.xml"); newToken = new AuthenticatedURL.Token(); KerberosAuthenticator ka = new KerberosAuthenticator(); ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf); ka.setConnectionConfigurator(connectionConfigurator); try{ URL url = new URL(httpfsUrl); ka.authenticate(url,newToken); }catch(Exception e){ e.printStackTrace(); } this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator); // this.authenticatedURL = new AuthenticatedURL( // new KerberosAuthenticator2(principal, password)); }
@Test public void testConnConfiguratior() throws IOException { final URL u = new URL("http://localhost"); final List<HttpURLConnection> conns = Lists.newArrayList(); URLConnectionFactory fc = new URLConnectionFactory(new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { Assert.assertEquals(u, conn.getURL()); conns.add(conn); return conn; } }); fc.openConnection(u); Assert.assertEquals(1, conns.size()); }
private ConnectionConfigurator initSslConnConfigurator(final int timeout, Configuration conf) throws IOException, GeneralSecurityException { final SSLSocketFactory sf; final HostnameVerifier hv; sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslFactory.init(); sf = sslFactory.createSSLSocketFactory(); hv = sslFactory.getHostnameVerifier(); return new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { if (conn instanceof HttpsURLConnection) { HttpsURLConnection c = (HttpsURLConnection) conn; c.setSSLSocketFactory(sf); c.setHostnameVerifier(hv); } setTimeouts(conn, timeout); return conn; } }; }
@Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { try { AuthenticatedURL authenticatedURL= ReflectionUtils.createClazzInstance( DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME, new Class[] { delegationTokenAuthenticatorClazz, ConnectionConfigurator.class }, new Object[] { authenticator, connConfigurator }); return ReflectionUtils.invokeMethod(authenticatedURL, delegationTokenAuthenticateURLOpenConnectionMethod, url, token, doAsUser); } catch (Exception e) { throw new IOException(e); } }
private static DelegationTokenAuthenticator obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator dta, ConnectionConfigurator connConfigurator) { try { if (dta == null) { dta = DEFAULT_AUTHENTICATOR.newInstance(); dta.setConnectionConfigurator(connConfigurator); } return dta; } catch (Exception ex) { throw new IllegalArgumentException(ex); } }
private static ConnectionConfigurator newConnConfigurator(Configuration conf) { try { return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); } catch (Exception e) { LOG.debug("Cannot load customized ssl related configuration. " + "Fallback to system-generic settings.", e); return DEFAULT_TIMEOUT_CONN_CONFIGURATOR; } }
/** * Construct a new URLConnectionFactory based on the configuration. It will * try to load SSL certificates when it is specified. */ public static URLConnectionFactory newDefaultURLConnectionFactory(Configuration conf) { ConnectionConfigurator conn = null; try { conn = newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); } catch (Exception e) { LOG.debug( "Cannot load customized ssl related configuration. Fallback to system-generic settings.", e); conn = DEFAULT_TIMEOUT_CONN_CONFIGURATOR; } return new URLConnectionFactory(conn); }
/** * Construct a new URLConnectionFactory based on the configuration. It will * try to load SSL certificates when it is specified. */ public static URLConnectionFactory newDefaultURLConnectionFactory( Configuration conf) { ConnectionConfigurator conn = getSSLConnectionConfiguration(conf); return new URLConnectionFactory(conn); }
private static ConnectionConfigurator getSSLConnectionConfiguration( Configuration conf) { ConnectionConfigurator conn; try { conn = newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); } catch (Exception e) { LOG.debug( "Cannot load customized ssl related configuration. Fallback to" + " system-generic settings.", e); conn = DEFAULT_TIMEOUT_CONN_CONFIGURATOR; } return conn; }
/** * Construct a new URLConnectionFactory that supports OAut-based connections. * It will also try to load the SSL configuration when they are specified. */ public static URLConnectionFactory newOAuth2URLConnectionFactory( Configuration conf) throws IOException { ConnectionConfigurator conn; try { ConnectionConfigurator sslConnConfigurator = newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); conn = new OAuth2ConnectionConfigurator(conf, sslConnConfigurator); } catch (Exception e) { throw new IOException("Unable to load OAuth2 connection factory.", e); } return new URLConnectionFactory(conn); }
@SuppressWarnings("unchecked") public OAuth2ConnectionConfigurator(Configuration conf, ConnectionConfigurator sslConfigurator) { this.sslConfigurator = sslConfigurator; notNull(conf, ACCESS_TOKEN_PROVIDER_KEY); Class accessTokenProviderClass = conf.getClass(ACCESS_TOKEN_PROVIDER_KEY, ConfCredentialBasedAccessTokenProvider.class, AccessTokenProvider.class); accessTokenProvider = (AccessTokenProvider) ReflectionUtils .newInstance(accessTokenProviderClass, conf); accessTokenProvider.setConf(conf); }
public Token<?>[] addDelegationTokens(String strURL, String renewer, Credentials credentials) throws IOException { Token<?>[] tokens = null; Text dtService = getDelegationTokenService(strURL); Token<?> token = credentials.getToken(dtService); if (token == null) { URL url = new URL(strURL); DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { return conn; } }); try { token = authUrl.getDelegationToken(url, authToken, renewer); if (token != null) { credentials.addToken(token.getService(), token); tokens = new Token<?>[]{token}; } else { throw new IOException("Got NULL as delegation token"); } } catch (AuthenticationException ex) { throw new IOException(ex); } } return tokens; }
private static ConnectionConfigurator newConnConfigurator(Configuration conf) { try { return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT_IN_MSECS, conf); } catch (Exception e) { LOG.debug("Cannot load customized ssl related configuration. " + "Fallback to system-generic settings.", e); return DEFAULT_TIMEOUT_CONN_CONFIGURATOR; } }
private ConnectionConfigurator initConnConfigurator(Configuration conf) { try { return initSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); } catch (Exception e) { LOG.debug("Cannot load customized ssl related configuration. " + "Fallback to system-generic settings.", e); return DEFAULT_TIMEOUT_CONN_CONFIGURATOR; } }
public TokenAuthenticatedURLConnectionFactory(ConnectionConfigurator connConfigurator, Authenticator authenticator, UserGroupInformation authUgi, String doAsUser) throws TezException { this.connConfigurator = connConfigurator; this.authenticator = authenticator; this.authUgi = authUgi; this.doAsUser = doAsUser; this.token = ReflectionUtils.createClazzInstance( DELEGATION_TOKEN_AUTHENTICATED_URL_TOKEN_CLASS_NAME, null, null); }
@Test(timeout = 5000) public void testPseudoAuthenticatorConnectionUrlShouldHaveUserName() throws Exception { ConnectionConfigurator connConf = mock(ConnectionConfigurator.class); TimelineReaderPseudoAuthenticatedStrategy.PseudoAuthenticatedURLConnectionFactory connectionFactory = new TimelineReaderPseudoAuthenticatedStrategy .PseudoAuthenticatedURLConnectionFactory(connConf); String inputUrl = "http://host:8080/path"; String expectedUrl = inputUrl + "?user.name=" + UserGroupInformation.getCurrentUser().getShortUserName(); HttpURLConnection httpURLConnection = connectionFactory.getHttpURLConnection(new URL(inputUrl)); Assert.assertEquals(expectedUrl, httpURLConnection.getURL().toString()); }
@Override public void setConnectionConfigurator(ConnectionConfigurator configurator) { authenticator.setConnectionConfigurator(configurator); connConfigurator = configurator; }
public void setConnectionConfigurator(ConnectionConfigurator arg0) { // TODO Auto-generated method stub }
@VisibleForTesting URLConnectionFactory(ConnectionConfigurator connConfigurator) { this.connConfigurator = connConfigurator; }
@Test public void testSetTokenServiceAndKind() throws Exception { MiniDFSCluster cluster = null; try { final Configuration clusterConf = new HdfsConfiguration(conf); SecurityUtil.setAuthenticationMethod(SIMPLE, clusterConf); clusterConf.setBoolean(DFSConfigKeys .DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true); // trick the NN into thinking s[ecurity is enabled w/o it trying // to login from a keytab UserGroupInformation.setConfiguration(clusterConf); cluster = new MiniDFSCluster.Builder(clusterConf).numDataNodes(0).build(); cluster.waitActive(); SecurityUtil.setAuthenticationMethod(KERBEROS, clusterConf); final WebHdfsFileSystem fs = WebHdfsTestUtil.getWebHdfsFileSystem (clusterConf, "webhdfs"); Whitebox.setInternalState(fs, "canRefreshDelegationToken", true); URLConnectionFactory factory = new URLConnectionFactory(new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { return conn; } }) { @Override public URLConnection openConnection(URL url) throws IOException { return super.openConnection(new URL(url + "&service=foo&kind=bar")); } }; Whitebox.setInternalState(fs, "connectionFactory", factory); Token<?> token1 = fs.getDelegationToken(); Assert.assertEquals(new Text("bar"), token1.getKind()); final HttpOpParam.Op op = GetOpParam.Op.GETDELEGATIONTOKEN; Token<DelegationTokenIdentifier> token2 = fs.new FsPathResponseRunner<Token<DelegationTokenIdentifier>>( op, null, new RenewerParam(null)) { @Override Token<DelegationTokenIdentifier> decodeResponse(Map<?, ?> json) throws IOException { return JsonUtil.toDelegationToken(json); } }.run(); Assert.assertEquals(new Text("bar"), token2.getKind()); Assert.assertEquals(new Text("foo"), token2.getService()); } finally { if (cluster != null) { cluster.shutdown(); } } }
