@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
ugi = UserGroupInformation.createRemoteUser(realUser, handlerAuthMethod); String doAsUser = getDoAs(request); if (doAsUser != null) { ugi = UserGroupInformation.createProxyUser(doAsUser, ugi);
/** * Returns the remote {@link UserGroupInformation} in context for the current * HTTP request, taking into account proxy user requests. * * @return the remote {@link UserGroupInformation}, <code>NULL</code> if none. */ public static UserGroupInformation get() { return DelegationTokenAuthenticationFilter. getHttpUserGroupInformationInContext(); }
/** * Initialize the filter. * * @param filterConfig filter configuration. * @throws ServletException thrown if the filter could not be initialized. */ @Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); }
/** * It delegates to * {@link AuthenticationFilter#getConfiguration(String, FilterConfig)} and * then overrides the {@link AuthenticationHandler} to use if authentication * type is set to <code>simple</code> or <code>kerberos</code> in order to use * the corresponding implementation with delegation token support. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * @return hadoop-auth de-prefixed configuration for the filter and handler. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig); setAuthHandlerClass(props); return props; }
/** * Enforces authentication using Hadoop-auth AuthenticationFilter. * * @param request http request. * @param response http response. * @param filterChain filter chain. * @throws IOException thrown if an IO error occurs. * @throws ServletException thrown if a servlet error occurs. */ @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { FilterChain filterChainWrapper = new FilterChain() { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; httpRequest.setAttribute(USER_NAME, httpRequest.getRemoteUser()); filterChain.doFilter(servletRequest, servletResponse); } }; super.doFilter(request, response, filterChainWrapper); } }
@Override public void init(FilterConfig filterConfig) throws ServletException { filterConfig.getServletContext().setAttribute( DelegationTokenAuthenticationFilter.DELEGATION_TOKEN_SECRET_MANAGER_ATTR, manager); super.init(filterConfig); }
/** * It delegates to * {@link AuthenticationFilter#getConfiguration(String, FilterConfig)} and * then overrides the {@link AuthenticationHandler} to use if authentication * type is set to <code>simple</code> or <code>kerberos</code> in order to use * the corresponding implementation with delegation token support. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * @return hadoop-auth de-prefixed configuration for the filter and handler. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig); setAuthHandlerClass(props); return props; }
/** * {@inheritDoc} */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; String newHeader = req.getHeader(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER); if (newHeader == null || newHeader.isEmpty()) { // For backward compatibility, allow use of the old header field // only when the new header doesn't exist final String oldHeader = req.getHeader(OLD_HEADER); if (oldHeader != null && !oldHeader.isEmpty()) { request = new HttpServletRequestWrapper(req) { @Override public String getHeader(String name) { if (name .equals(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER)) { return oldHeader; } return super.getHeader(name); } }; } } super.doFilter(request, response, filterChain); }
@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
: null; String doAsUser = DelegationTokenAuthenticationFilter.getDoAs(request); if (requestUgi != null && doAsUser != null) { requestUgi = UserGroupInformation.createProxyUser(
@Override public void init(FilterConfig filterConfig) throws ServletException { filterConfig.getServletContext().setAttribute( DelegationTokenAuthenticationFilter.DELEGATION_TOKEN_SECRET_MANAGER_ATTR, manager); super.init(filterConfig); }
/** * Returns the remote {@link UserGroupInformation} in context for the current * HTTP request, taking into account proxy user requests. * * @return the remote {@link UserGroupInformation}, <code>NULL</code> if none. */ public static UserGroupInformation get() { return DelegationTokenAuthenticationFilter. getHttpUserGroupInformationInContext(); }
/** * It delegates to * {@link AuthenticationFilter#getConfiguration(String, FilterConfig)} and * then overrides the {@link AuthenticationHandler} to use if authentication * type is set to <code>simple</code> or <code>kerberos</code> in order to use * the corresponding implementation with delegation token support. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * @return hadoop-auth de-prefixed configuration for the filter and handler. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig); setAuthHandlerClass(props); return props; }
/** * {@inheritDoc} */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; String newHeader = req.getHeader(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER); if (newHeader == null || newHeader.isEmpty()) { // For backward compatibility, allow use of the old header field // only when the new header doesn't exist final String oldHeader = req.getHeader(OLD_HEADER); if (oldHeader != null && !oldHeader.isEmpty()) { request = new HttpServletRequestWrapper(req) { @Override public String getHeader(String name) { if (name .equals(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER)) { return oldHeader; } return super.getHeader(name); } }; } } super.doFilter(request, response, filterChain); }
@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
ugi = UserGroupInformation.createRemoteUser(realUser, handlerAuthMethod); String doAsUser = getDoAs(request); if (doAsUser != null) { ugi = UserGroupInformation.createProxyUser(doAsUser, ugi);
@Override public void init(FilterConfig filterConfig) throws ServletException { filterConfig.getServletContext().setAttribute( DelegationTokenAuthenticationFilter.DELEGATION_TOKEN_SECRET_MANAGER_ATTR, manager); super.init(filterConfig); }
/** * Returns the remote {@link UserGroupInformation} in context for the current * HTTP request, taking into account proxy user requests. * * @return the remote {@link UserGroupInformation}, <code>NULL</code> if none. */ public static UserGroupInformation get() { return DelegationTokenAuthenticationFilter. getHttpUserGroupInformationInContext(); }
/** * It delegates to * {@link AuthenticationFilter#getConfiguration(String, FilterConfig)} and * then overrides the {@link AuthenticationHandler} to use if authentication * type is set to <code>simple</code> or <code>kerberos</code> in order to use * the corresponding implementation with delegation token support. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * @return hadoop-auth de-prefixed configuration for the filter and handler. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig); setAuthHandlerClass(props); return props; }