private Configuration getSpengoConf(Configuration conf) { conf = new Configuration(); conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, AuthenticationFilterInitializer.class.getName()); conf.set(PREFIX + "type", "kerberos"); conf.setBoolean(PREFIX + "simple.anonymous.allowed", false); conf.set(PREFIX + "signature.secret.file", secretFile.getAbsolutePath()); conf.set(PREFIX + "kerberos.keytab", httpSpnegoKeytabFile.getAbsolutePath()); conf.set(PREFIX + "kerberos.principal", httpSpnegoPrincipal); conf.set(PREFIX + "cookie.domain", realm); conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true); return conf; }
private static Properties getFilterProperties(Configuration conf, String prefix) { Properties prop = new Properties(); Map<String, String> filterConfig = AuthenticationFilterInitializer .getFilterConfigMap(conf, prefix); prop.putAll(filterConfig); return prop; }
private static void setupAndStartRM() throws Exception { Configuration rmconf = new Configuration(); rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS); rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class, ResourceScheduler.class); rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true); String httpPrefix = "hadoop.http.authentication."; rmconf.setStrings(httpPrefix + "type", "kerberos"); rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL, httpSpnegoPrincipal); rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB, httpSpnegoKeytabFile.getAbsolutePath()); // use any file for signature secret rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file", httpSpnegoKeytabFile.getAbsolutePath()); rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER, true); rmconf.set("hadoop.http.filter.initializers", AuthenticationFilterInitializer.class.getName()); rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY, httpSpnegoPrincipal); rmconf.set(YarnConfiguration.RM_KEYTAB, httpSpnegoKeytabFile.getAbsolutePath()); rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY, httpSpnegoKeytabFile.getAbsolutePath()); rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY, httpSpnegoPrincipal); rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY, httpSpnegoKeytabFile.getAbsolutePath()); rmconf.setBoolean("mockrm.webapp.enabled", true); rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*"); rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*"); UserGroupInformation.setConfiguration(rmconf); rm = new MockRM(rmconf); rm.start(); }
@Test(timeout = 240000) public void testFilterOverrides() throws Exception { HashMap<String, String> driver = new HashMap<String, String>(); driver.put("", TimelineAuthenticationFilterInitializer.class.getName()); driver.put(StaticUserWebFilter.class.getName(), TimelineAuthenticationFilterInitializer.class.getName() + "," + StaticUserWebFilter.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + "," + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + ", " + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); for (Map.Entry<String, String> entry : driver.entrySet()) { String filterInitializer = entry.getKey(); String expectedValue = entry.getValue(); ApplicationHistoryServer historyServer = new ApplicationHistoryServer(); Configuration config = new YarnConfiguration(); config.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE, MemoryTimelineStore.class, TimelineStore.class); config.setClass(YarnConfiguration.TIMELINE_SERVICE_STATE_STORE_CLASS, MemoryTimelineStateStore.class, TimelineStateStore.class); config.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, "localhost:0"); try { config.set("hadoop.http.filter.initializers", filterInitializer); historyServer.init(config); historyServer.start(); Configuration tmp = historyServer.getConfig(); assertEquals(expectedValue, tmp.get("hadoop.http.filter.initializers")); } finally { historyServer.stop(); } } }
@Test(timeout = 240000) public void testFilterOverrides() throws Exception { HashMap<String, String> driver = new HashMap<String, String>(); driver.put("", TimelineAuthenticationFilterInitializer.class.getName()); driver.put(StaticUserWebFilter.class.getName(), StaticUserWebFilter.class.getName() + "," + TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + "," + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + ", " + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); for (Map.Entry<String, String> entry : driver.entrySet()) { String filterInitializer = entry.getKey(); String expectedValue = entry.getValue(); ApplicationHistoryServer historyServer = new ApplicationHistoryServer(); Configuration config = new YarnConfiguration(); config.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE, MemoryTimelineStore.class, TimelineStore.class); config.setClass(YarnConfiguration.TIMELINE_SERVICE_STATE_STORE_CLASS, MemoryTimelineStateStore.class, TimelineStateStore.class); config.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, "localhost:0"); try { config.set("hadoop.http.filter.initializers", filterInitializer); historyServer.init(config); historyServer.start(); Configuration tmp = historyServer.getConfig(); assertEquals(expectedValue, tmp.get("hadoop.http.filter.initializers")); } finally { historyServer.stop(); } } }
@Test(timeout = 240000) public void testFilterOverrides() throws Exception { HashMap<String, String> driver = new HashMap<String, String>(); driver.put("", TimelineAuthenticationFilterInitializer.class.getName()); driver.put(StaticUserWebFilter.class.getName(), TimelineAuthenticationFilterInitializer.class.getName() + "," + StaticUserWebFilter.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + "," + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); driver.put(AuthenticationFilterInitializer.class.getName() + ", " + TimelineAuthenticationFilterInitializer.class.getName(), TimelineAuthenticationFilterInitializer.class.getName()); for (Map.Entry<String, String> entry : driver.entrySet()) { String filterInitializer = entry.getKey(); String expectedValue = entry.getValue(); ApplicationHistoryServer historyServer = new ApplicationHistoryServer(); Configuration config = new YarnConfiguration(); config.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE, MemoryTimelineStore.class, TimelineStore.class); config.set(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, "localhost:0"); try { config.set("hadoop.http.filter.initializers", filterInitializer); historyServer.init(config); historyServer.start(); Configuration tmp = historyServer.getConfig(); assertEquals(expectedValue, tmp.get("hadoop.http.filter.initializers")); } finally { historyServer.stop(); } } }
private void startWebApp() { Configuration conf = getConfig(); TimelineAuthenticationFilter.setTimelineDelegationTokenSecretManager( secretManagerService.getTimelineDelegationTokenSecretManager()); // Always load pseudo authentication filter to parse "user.name" in an URL // to identify a HTTP request's user in insecure mode. // When Kerberos authentication type is set (i.e., secure mode is turned on), // the customized filter will be loaded by the timeline server to do Kerberos // + DT authentication. String initializers = conf.get("hadoop.http.filter.initializers"); boolean modifiedInitializers = false; initializers = initializers == null || initializers.length() == 0 ? "" : initializers; if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) { if(conf.getBoolean(YarnConfiguration .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) { initializers = CrossOriginFilterInitializer.class.getName() + "," + initializers; modifiedInitializers = true; } } if (!initializers.contains(TimelineAuthenticationFilterInitializer.class .getName())) { initializers = TimelineAuthenticationFilterInitializer.class.getName() + "," + initializers; modifiedInitializers = true; } String[] parts = initializers.split(","); ArrayList<String> target = new ArrayList<String>(); for (String filterInitializer : parts) { filterInitializer = filterInitializer.trim(); if (filterInitializer.equals(AuthenticationFilterInitializer.class .getName())) { modifiedInitializers = true; continue; } target.add(filterInitializer); } String actualInitializers = org.apache.commons.lang.StringUtils.join(target, ","); if (modifiedInitializers) { conf.set("hadoop.http.filter.initializers", actualInitializers); } String bindAddress = WebAppUtils.getWebAppBindURL(conf, YarnConfiguration.TIMELINE_SERVICE_BIND_HOST, WebAppUtils.getAHSWebAppURLWithoutScheme(conf)); LOG.info("Instantiating AHSWebApp at " + bindAddress); try { webApp = WebApps .$for("applicationhistory", ApplicationHistoryClientService.class, ahsClientService, "ws") .with(conf).at(bindAddress).start( new AHSWebApp(timelineDataManager, ahsClientService)); } catch (Exception e) { String msg = "AHSWebApp failed to start."; LOG.error(msg, e); throw new YarnRuntimeException(msg, e); } }
private void startWebApp() { Configuration conf = getConfig(); TimelineAuthenticationFilter.setTimelineDelegationTokenSecretManager( secretManagerService.getTimelineDelegationTokenSecretManager()); // Always load pseudo authentication filter to parse "user.name" in an URL // to identify a HTTP request's user in insecure mode. // When Kerberos authentication type is set (i.e., secure mode is turned on), // the customized filter will be loaded by the timeline server to do Kerberos // + DT authentication. String initializers = conf.get("hadoop.http.filter.initializers"); boolean modifiedInitializers = false; initializers = initializers == null || initializers.length() == 0 ? "" : initializers; if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) { if(conf.getBoolean(YarnConfiguration .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration .TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) { initializers = CrossOriginFilterInitializer.class.getName() + "," + initializers; modifiedInitializers = true; } } if (!initializers.contains(TimelineAuthenticationFilterInitializer.class .getName())) { initializers = TimelineAuthenticationFilterInitializer.class.getName() + "," + initializers; modifiedInitializers = true; } String[] parts = initializers.split(","); ArrayList<String> target = new ArrayList<String>(); for (String filterInitializer : parts) { filterInitializer = filterInitializer.trim(); if (filterInitializer.equals(AuthenticationFilterInitializer.class .getName())) { modifiedInitializers = true; continue; } target.add(filterInitializer); } String actualInitializers = org.apache.commons.lang.StringUtils.join(target, ","); if (modifiedInitializers) { conf.set("hadoop.http.filter.initializers", actualInitializers); } String bindAddress = WebAppUtils.getWebAppBindURL(conf, YarnConfiguration.TIMELINE_SERVICE_BIND_HOST, WebAppUtils.getAHSWebAppURLWithoutScheme(conf)); LOG.info("Instantiating AHSWebApp at " + bindAddress); try { webApp = WebApps .$for("applicationhistory", ApplicationHistoryClientService.class, ahsClientService, "ws") .with(conf).at(bindAddress).start( new AHSWebApp(timelineDataManager, historyManager)); } catch (Exception e) { String msg = "AHSWebApp failed to start."; LOG.error(msg, e); throw new YarnRuntimeException(msg, e); } }
