@Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { Properties props = new Properties(); Configuration conf = KMSWebApp.getConfiguration(); for (Map.Entry<String, String> entry : conf) { String name = entry.getKey(); if (name.startsWith(CONFIG_PREFIX)) { String value = conf.get(name); name = name.substring(CONFIG_PREFIX.length()); props.setProperty(name, value); } } String authType = props.getProperty(AUTH_TYPE); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { props.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) { props.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); } props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND, KMSClientProvider.TOKEN_KIND); return props; }
@Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { Properties props = new Properties(); Configuration conf = KMSWebApp.getConfiguration(); for (Map.Entry<String, String> entry : conf) { String name = entry.getKey(); if (name.startsWith(CONFIG_PREFIX)) { String value = conf.get(name); name = name.substring(CONFIG_PREFIX.length()); props.setProperty(name, value); } } String authType = props.getProperty(AUTH_TYPE); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { props.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) { props.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); } props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND, KMSDelegationToken.TOKEN_KIND_STR); return props; }
/** * Returns the hadoop-auth configuration from HttpFSServer's configuration. * <p> * It returns all HttpFSServer's configuration properties prefixed with * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code> * prefix is removed from the returned property names. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * * @return hadoop-auth configuration read from HttpFSServer's configuration. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException{ Properties props = new Properties(); Configuration conf = HttpFSServerWebApp.get().getConfig(); props.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); for (Map.Entry<String, String> entry : conf) { String name = entry.getKey(); if (name.startsWith(CONF_PREFIX)) { String value = conf.get(name); name = name.substring(CONF_PREFIX.length()); props.setProperty(name, value); } } String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null); if (signatureSecretFile == null) { throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE); } try { StringBuilder secret = new StringBuilder(); Reader reader = new InputStreamReader(new FileInputStream( signatureSecretFile), Charsets.UTF_8); int c = reader.read(); while (c > -1) { secret.append((char)c); c = reader.read(); } reader.close(); props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString()); } catch (IOException ex) { throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile); } setAuthHandlerClass(props); props.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND, WebHdfsConstants.WEBHDFS_TOKEN_KIND.toString()); return props; }
@Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties properties = new Properties(); MapContext mapContext = SqoopConfiguration.getInstance().getContext(); String type = mapContext.getString( SecurityConstants.AUTHENTICATION_TYPE, SecurityConstants.TYPE.SIMPLE.name()).trim(); if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) { properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); String keytab = mapContext.getString( SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim(); if (keytab.length() == 0) { throw new SqoopException(SecurityError.AUTH_0005, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB); } String principal = mapContext.getString( SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim(); if (principal.length() == 0) { throw new SqoopException(SecurityError.AUTH_0006, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL); } String hostPrincipal = ""; try { hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); } catch (IOException e) { throw new SqoopException(SecurityError.AUTH_0006, SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL); } properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal); properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab); } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) { properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim()); } else { throw new SqoopException(SecurityError.AUTH_0004, type); } properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND, SecurityConstants.TOKEN_KIND); return properties; }
