public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException { // populating request context ReqContext req_context = ReqContext.context(); TTransport trans = inProt.getTransport(); // Sasl transport TSaslServerTransport saslTrans = (TSaslServerTransport) trans; // remote address TSocket tsocket = (TSocket) saslTrans.getUnderlyingTransport(); Socket socket = tsocket.getSocket(); req_context.setRemoteAddress(socket.getInetAddress()); // remote subject SaslServer saslServer = saslTrans.getSaslServer(); String authId = saslServer.getAuthorizationID(); Subject remoteUser = new Subject(); remoteUser.getPrincipals().add(new User(authId)); req_context.setSubject(remoteUser); // invoke service handler return wrapped.process(inProt, outProt); } }
/** * Creates a <code>SaslServer</code> using the given SASL-specific parameters. * See the Java documentation for <code>Sasl.createSaslServer</code> for the * details of the parameters. * * @param transport * The underlying Thrift transport. */ public TSaslServerTransport(String mechanism, String protocol, String serverName, Map<String, String> props, CallbackHandler cbh, TTransport transport) { super(transport); addServerDefinition(mechanism, protocol, serverName, props, cbh); }
private void setUserName(final TProtocol in) { TTransport transport = in.getTransport(); if (transport instanceof TSaslServerTransport) { String userName = ((TSaslServerTransport) transport).getSaslServer().getAuthorizationID(); THREAD_LOCAL_USER_NAME.set(userName); } }
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
/** * Performs the server side of the initial portion of the Thrift SASL protocol. * Receives the initial response from the client, creates a SASL server using * the mechanism requested by the client (if this server supports it), and * sends the first challenge back to the client. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslResponse message = receiveSaslMessage(); LOGGER.debug("Received start message with status {}", message.status); if (message.status != NegotiationStatus.START) { throw sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status); } // Get the mechanism name. String mechanismName; try { mechanismName = new String(message.payload, "UTF-8"); } catch (UnsupportedEncodingException e) { throw new TTransportException("JVM DOES NOT SUPPORT UTF-8"); } TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName); LOGGER.debug("Received mechanism name '{}'", mechanismName); if (serverDefinition == null) { throw sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName); } SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism, serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props, serverDefinition.cbh); setSaslServer(saslServer); }
/** * Get a new <code>TSaslServerTransport</code> instance, or reuse the * existing one if a <code>TSaslServerTransport</code> has already been * created before using the given <code>TTransport</code> as an underlying * transport. This ensures that a given underlying transport instance * receives the same <code>TSaslServerTransport</code>. */ @Override public TTransport getTransport(TTransport base) { WeakReference<TSaslServerTransport> ret = transportMap.get(base); if (ret == null || ret.get() == null) { LOGGER.debug("transport map does not contain key", base); ret = new WeakReference<TSaslServerTransport>(new TSaslServerTransport(serverDefinitionMap, base)); try { ret.get().open(); } catch (TTransportException e) { LOGGER.debug("failed to open server transport", e); throw new RuntimeException(e); } transportMap.put(base, ret); // No need for putIfAbsent(). // Concurrent calls to getTransport() will pass in different TTransports. } else { LOGGER.debug("transport map does contain key {}", base); } return ret.get(); } }
TSaslServerTransport saslServerTransport = (TSaslServerTransport)inProt.getTransport(); SaslServer saslServer = saslServerTransport.getSaslServer(); String principal = saslServer.getAuthorizationID(); hbaseServiceHandler.setEffectiveUser(principal);
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
/** * Performs the server side of the initial portion of the Thrift SASL protocol. * Receives the initial response from the client, creates a SASL server using * the mechanism requested by the client (if this server supports it), and * sends the first challenge back to the client. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslResponse message = receiveSaslMessage(); LOGGER.debug("Received start message with status {}", message.status); if (message.status != NegotiationStatus.START) { sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status); } // Get the mechanism name. String mechanismName = new String(message.payload); TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName); LOGGER.debug("Received mechanism name '{}'", mechanismName); if (serverDefinition == null) { sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName); } SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism, serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props, serverDefinition.cbh); setSaslServer(saslServer); }
/** * Get a new <code>TSaslServerTransport</code> instance, or reuse the * existing one if a <code>TSaslServerTransport</code> has already been * created before using the given <code>TTransport</code> as an underlying * transport. This ensures that a given underlying transport instance * receives the same <code>TSaslServerTransport</code>. */ @Override public TTransport getTransport(TTransport base) { TSaslServerTransport ret = transportMap.get(base); if (ret == null) { LOGGER.debug("transport map does not contain key", base); ret = new TSaslServerTransport(serverDefinitionMap, base); try { ret.open(); } catch (TTransportException e) { LOGGER.debug("failed to open server transport", e); throw new RuntimeException(e); } transportMap.put(base, ret); } else { LOGGER.debug("transport map does contain key {}", base); } return ret; } }
SaslServer saslServer = saslTrans.getSaslServer(); String authId = saslServer.getAuthorizationID(); LOG.debug("AUTH ID ======>" + authId); String endUser = authId; Socket socket = ((TSocket)(saslTrans.getUnderlyingTransport())).getSocket(); remoteAddress.set(socket.getInetAddress());
SaslServer saslServer = saslTrans.getSaslServer(); String endUser = saslServer.getAuthorizationID();
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
/** * Performs the server side of the initial portion of the Thrift SASL protocol. * Receives the initial response from the client, creates a SASL server using * the mechanism requested by the client (if this server supports it), and * sends the first challenge back to the client. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslResponse message = receiveSaslMessage(); LOGGER.debug("Received start message with status {}", message.status); if (message.status != NegotiationStatus.START) { sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status); } // Get the mechanism name. String mechanismName = new String(message.payload); TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName); LOGGER.debug("Received mechanism name '{}'", mechanismName); if (serverDefinition == null) { sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName); } SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism, serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props, serverDefinition.cbh); setSaslServer(saslServer); }
/** * Get a new <code>TSaslServerTransport</code> instance, or reuse the * existing one if a <code>TSaslServerTransport</code> has already been * created before using the given <code>TTransport</code> as an underlying * transport. This ensures that a given underlying transport instance * receives the same <code>TSaslServerTransport</code>. */ @Override public TTransport getTransport(TTransport base) { TSaslServerTransport ret = transportMap.get(base); if (ret == null) { LOGGER.debug("transport map does not contain key", base); ret = new TSaslServerTransport(serverDefinitionMap, base); try { ret.open(); } catch (TTransportException e) { LOGGER.debug("failed to open server transport", e); throw new RuntimeException(e); } transportMap.put(base, ret); } else { LOGGER.debug("transport map does contain key {}", base); } return ret; } }
/** * Creates a <code>SaslServer</code> using the given SASL-specific parameters. * See the Java documentation for <code>Sasl.createSaslServer</code> for the * details of the parameters. * * @param transport * The underlying Thrift transport. */ public TSaslServerTransport(String mechanism, String protocol, String serverName, Map<String, String> props, CallbackHandler cbh, TTransport transport) { super(transport); addServerDefinition(mechanism, protocol, serverName, props, cbh); }
SaslServer saslServer = saslTrans.getSaslServer(); String authId = saslServer.getAuthorizationID(); authenticationMethod.set(AuthenticationMethod.KERBEROS); Socket socket = ((TSocket)(saslTrans.getUnderlyingTransport())).getSocket(); remoteAddress.set(socket.getInetAddress()); UserGroupInformation clientUgi = null;
private void setUserName(final TProtocol in) { TTransport transport = in.getTransport(); if (transport instanceof TSaslServerTransport) { String userName = ((TSaslServerTransport) transport).getSaslServer().getAuthorizationID(); THREAD_LOCAL_USER_NAME.set(userName); } }
/** * Returns the underlying TSocket from the transport, or null of the transport type is unknown. */ private static TSocket getUnderlyingSocketFromTransport(TTransport transport) { Preconditions.checkNotNull(transport); if (transport instanceof TSaslServerTransport) { return (TSocket) ((TSaslServerTransport) transport).getUnderlyingTransport(); } else if (transport instanceof TSaslClientTransport) { return (TSocket) ((TSaslClientTransport) transport).getUnderlyingTransport(); } else if (transport instanceof TSocket) { return (TSocket) transport; } return null; }
/** * Creates a <code>SaslServer</code> using the given SASL-specific parameters. * See the Java documentation for <code>Sasl.createSaslServer</code> for the * details of the parameters. * * @param transport * The underlying Thrift transport. */ public TSaslServerTransport(String mechanism, String protocol, String serverName, Map<String, String> props, CallbackHandler cbh, TTransport transport) { super(transport); addServerDefinition(mechanism, protocol, serverName, props, cbh); }