TServlet thriftHttpServlet = new ThriftHttpServlet(processor, protocolFactory, authType, serviceUGI, httpUGI, hiveAuthFactory);
clientUserName = validateCookie(request); requireNewCookie = (clientUserName == null); if (requireNewCookie) { if (isKerberosAuthMode(authType)) { String delegationToken = request.getHeader(HIVE_DELEGATION_TOKEN_HEADER); clientUserName = doTokenAuth(request, response); } else { clientUserName = doKerberosAuth(request); clientUserName = doPasswdAuth(request, authType); String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); if (doAsQueryParam != null) { SessionManager.setProxyUserName(doAsQueryParam); !authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) { String cookieToken = HttpAuthUtils.createCookieToken(clientUserName); Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken)); response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(hs2Cookie)); } else { response.addCookie(hs2Cookie); if(isKerberosAuthMode(authType)) { response.addHeader(HttpAuthUtils.WWW_AUTHENTICATE, HttpAuthUtils.NEGOTIATE);
private String[] getAuthHeaderTokens(HttpServletRequest request, String authType) throws HttpAuthenticationException { String authHeaderBase64 = getAuthHeader(request, authType); String authHeaderString = StringUtils.newStringUtf8( Base64.decodeBase64(authHeaderBase64.getBytes())); String[] creds = authHeaderString.split(":"); return creds; }
/** * Validate the request cookie. This function iterates over the request cookie headers * and finds a cookie that represents a valid client/server session. If it finds one, it * returns the client name associated with the session. Else, it returns null. * @param request The HTTP Servlet Request send by the client * @return Client Username if the request has valid HS2 cookie, else returns null */ private String validateCookie(HttpServletRequest request) { // Find all the valid cookies associated with the request. Cookie[] cookies = request.getCookies(); if (cookies == null) { if (LOG.isDebugEnabled()) { LOG.debug("No valid cookies associated with the request " + request); } return null; } if (LOG.isDebugEnabled()) { LOG.debug("Received cookies: " + toCookieStr(cookies)); } return getClientNameFromCookie(cookies); }
/** * Do the LDAP/PAM authentication * @param request * @param authType * @throws HttpAuthenticationException */ private String doPasswdAuth(HttpServletRequest request, String authType) throws HttpAuthenticationException { String userName = getUsername(request, authType); // No-op when authType is NOSASL if (!authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) { try { AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType); PasswdAuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(authMethod, hiveConf); provider.Authenticate(userName, getPassword(request, authType)); } catch (Exception e) { throw new HttpAuthenticationException(e); } } return userName; }
private String getUsername(HttpServletRequest request, String authType) throws HttpAuthenticationException { String creds[] = getAuthHeaderTokens(request, authType); // Username must be present if (creds[0] == null || creds[0].isEmpty()) { throw new HttpAuthenticationException("Authorization header received " + "from the client does not contain username."); } return creds[0]; }
/** * Validate the request cookie. This function iterates over the request cookie headers * and finds a cookie that represents a valid client/server session. If it finds one, it * returns the client name associated with the session. Else, it returns null. * @param request The HTTP Servlet Request send by the client * @return Client Username if the request has valid HS2 cookie, else returns null * @throws UnsupportedEncodingException */ private String validateCookie(HttpServletRequest request) throws UnsupportedEncodingException { // Find all the valid cookies associated with the request. Cookie[] cookies = request.getCookies(); if (cookies == null) { if (LOG.isDebugEnabled()) { LOG.debug("No valid cookies associated with the request " + request); } return null; } if (LOG.isDebugEnabled()) { LOG.debug("Received cookies: " + toCookieStr(cookies)); } return getClientNameFromCookie(cookies); }
/** * Do the LDAP/PAM authentication * @param request * @param authType * @throws HttpAuthenticationException */ private String doPasswdAuth(HttpServletRequest request, String authType) throws HttpAuthenticationException { String userName = getUsername(request, authType); // No-op when authType is NOSASL if (!authType.equalsIgnoreCase(HiveAuthConstants.AuthTypes.NOSASL.toString())) { try { AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType); PasswdAuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(authMethod, hiveConf); provider.Authenticate(userName, getPassword(request, authType)); } catch (Exception e) { throw new HttpAuthenticationException(e); } } return userName; }
private String getPassword(HttpServletRequest request, String authType) throws HttpAuthenticationException { String creds[] = getAuthHeaderTokens(request, authType); // Password must be present if (creds[1] == null || creds[1].isEmpty()) { throw new HttpAuthenticationException("Authorization header received " + "from the client does not contain username."); } return creds[1]; }
clientUserName = validateCookie(request); requireNewCookie = (clientUserName == null); if (requireNewCookie) { if (isKerberosAuthMode(authType)) { clientUserName = doKerberosAuth(request); clientUserName = doPasswdAuth(request, authType); String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); if (doAsQueryParam != null) { SessionManager.setProxyUserName(doAsQueryParam); !authType.equalsIgnoreCase(HiveAuthFactory.AuthTypes.NOSASL.toString())) { String cookieToken = HttpAuthUtils.createCookieToken(clientUserName); Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken)); response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(hs2Cookie)); } else { response.addCookie(hs2Cookie); if(isKerberosAuthMode(authType)) { response.addHeader(HttpAuthUtils.WWW_AUTHENTICATE, HttpAuthUtils.NEGOTIATE);
/** * Validate the request cookie. This function iterates over the request cookie headers * and finds a cookie that represents a valid client/server session. If it finds one, it * returns the client name associated with the session. Else, it returns null. * @param request The HTTP Servlet Request send by the client * @return Client Username if the request has valid HS2 cookie, else returns null * @throws UnsupportedEncodingException */ private String validateCookie(HttpServletRequest request) throws UnsupportedEncodingException { // Find all the valid cookies associated with the request. Cookie[] cookies = request.getCookies(); if (cookies == null) { if (LOG.isDebugEnabled()) { LOG.debug("No valid cookies associated with the request " + request); } return null; } if (LOG.isDebugEnabled()) { LOG.debug("Received cookies: " + toCookieStr(cookies)); } return getClientNameFromCookie(cookies); }
/** * Do the LDAP/PAM authentication * @param request * @param authType * @throws HttpAuthenticationException */ private String doPasswdAuth(HttpServletRequest request, String authType) throws HttpAuthenticationException { String userName = getUsername(request, authType); // No-op when authType is NOSASL if (!authType.equalsIgnoreCase(HiveAuthFactory.AuthTypes.NOSASL.toString())) { try { AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType); PasswdAuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(authMethod); provider.Authenticate(userName, getPassword(request, authType)); } catch (Exception e) { throw new HttpAuthenticationException(e); } } return userName; }
private String getUsername(HttpServletRequest request, String authType) throws HttpAuthenticationException { String[] creds = getAuthHeaderTokens(request, authType); // Username must be present if (creds[0] == null || creds[0].isEmpty()) { throw new HttpAuthenticationException("Authorization header received " + "from the client does not contain username."); } return creds[0]; }
private String[] getAuthHeaderTokens(HttpServletRequest request, String authType) throws HttpAuthenticationException { String authHeaderBase64 = getAuthHeader(request, authType); String authHeaderString = StringUtils.newStringUtf8( Base64.decodeBase64(authHeaderBase64.getBytes())); String[] creds = authHeaderString.split(":"); return creds; }
TServlet thriftHttpServlet = new ThriftHttpServlet(processor, protocolFactory, authType, serviceUGI, httpUGI);
clientUserName = validateCookie(request); requireNewCookie = (clientUserName == null); if (requireNewCookie) { if (isKerberosAuthMode(authType)) { clientUserName = doKerberosAuth(request); clientUserName = doPasswdAuth(request, authType); String doAsQueryParam = getDoAsQueryParam(request.getQueryString()); if (doAsQueryParam != null) { SessionManager.setProxyUserName(doAsQueryParam); !authType.equalsIgnoreCase(HiveAuthFactory.AuthTypes.NOSASL.toString())) { String cookieToken = HttpAuthUtils.createCookieToken(clientUserName); Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken)); response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(hs2Cookie)); } else { response.addCookie(hs2Cookie); if(isKerberosAuthMode(authType)) { response.addHeader(HttpAuthUtils.WWW_AUTHENTICATE, HttpAuthUtils.NEGOTIATE);
/** * Validate the request cookie. This function iterates over the request cookie headers * and finds a cookie that represents a valid client/server session. If it finds one, it * returns the client name associated with the session. Else, it returns null. * @param request The HTTP Servlet Request send by the client * @return Client Username if the request has valid HS2 cookie, else returns null * @throws UnsupportedEncodingException */ private String validateCookie(HttpServletRequest request) throws UnsupportedEncodingException { // Find all the valid cookies associated with the request. Cookie[] cookies = request.getCookies(); if (cookies == null) { if (LOG.isDebugEnabled()) { LOG.debug("No valid cookies associated with the request " + request); } return null; } if (LOG.isDebugEnabled()) { LOG.debug("Received cookies: " + toCookieStr(cookies)); } return getClientNameFromCookie(cookies); }
/** * Do the LDAP/PAM authentication * @param request * @param authType * @throws HttpAuthenticationException */ private String doPasswdAuth(HttpServletRequest request, String authType) throws HttpAuthenticationException { String userName = getUsername(request, authType); // No-op when authType is NOSASL if (!authType.equalsIgnoreCase(HiveAuthFactory.AuthTypes.NOSASL.toString())) { try { AuthMethods authMethod = AuthMethods.getValidAuthMethod(authType); PasswdAuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(authMethod); provider.Authenticate(userName, getPassword(request, authType)); } catch (Exception e) { throw new HttpAuthenticationException(e); } } return userName; }
private String getUsername(HttpServletRequest request, String authType) throws HttpAuthenticationException { String creds[] = getAuthHeaderTokens(request, authType); // Username must be present if (creds[0] == null || creds[0].isEmpty()) { throw new HttpAuthenticationException("Authorization header received " + "from the client does not contain username."); } return creds[0]; }
private String[] getAuthHeaderTokens(HttpServletRequest request, String authType) throws HttpAuthenticationException { String authHeaderBase64 = getAuthHeader(request, authType); String authHeaderString = StringUtils.newStringUtf8( Base64.decodeBase64(authHeaderBase64.getBytes())); String[] creds = authHeaderString.split(":"); return creds; }