TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslRpcServer.SaslGssCallbackHandler() { @Override
TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslGssCallbackHandler() { @Override
conf.get("hbase.thrift.kerberos.principal")); Map<String, String> saslProperties = SaslUtil.initSaslProperties(qop.name()); TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslGssCallbackHandler() { @Override
TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); saslTransportFactory.addServerDefinition(ThriftUtil.GSSAPI, params.getKerberosServerPrimary(), hostname, params.getSaslProperties(), new SaslRpcServer.SaslGssCallbackHandler()); saslTransportFactory.addServerDefinition(ThriftUtil.DIGEST_MD5, params.getKerberosServerPrimary(), hostname, params.getSaslProperties(), new SaslServerDigestCallbackHandler(params.getSecretManager()));
TTransportFactory transportFactory = null; if (kerberos) { TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS .getMechanismName(), principalParts[0], principalParts[1], ServerConfig.SASL_PROPERTIES, new GSSCallback(conf));
TTransportFactory transportFactory = null; if (kerberos) { TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS .getMechanismName(), principalParts[0], principalParts[1], ServerConfig.SASL_PROPERTIES, new GSSCallback(conf));
} else { Map<String, String> saslProperties = SaslUtil.initSaslProperties(qop.name()); TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslGssCallbackHandler() { @Override
} else { Map<String, String> saslProperties = SaslUtil.initSaslProperties(qop.name()); TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new SaslGssCallbackHandler() { @Override
authTypeStr.equalsIgnoreCase(HiveAuthConstants.AuthTypes.CUSTOM.getAuthName())) { try { serverTransportFactory.addServerDefinition("PLAIN", authTypeStr, null, new HashMap<String, String>(), new PlainSaslHelper.PlainServerCallbackHandler(authTypeStr));
/** * Create a TTransportFactory that, upon connection of a client socket, negotiates a Kerberized * SASL transport. The resulting TTransportFactory can be passed as both the input and output * transport factory when instantiating a TThreadPoolServer, for example. * * @param saslProps Map of SASL properties */ @Override public TTransportFactory createTransportFactory(Map<String, String> saslProps, int saslMessageLimit) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = realUgi.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory saslTransportFactory; if (saslMessageLimit > 0) { saslTransportFactory = new HadoopThriftAuthBridge.HiveSaslServerTransportFactory(saslMessageLimit); } else { saslTransportFactory = new TSaslServerTransport.Factory(); } saslTransportFactory.addServerDefinition(AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], saslProps, new SaslRpcServer.SaslGssCallbackHandler()); saslTransportFactory .addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler( secretManager)); return new TUGIAssumingTransportFactory(saslTransportFactory, realUgi); }
/** * Create a TTransportFactory that, upon connection of a client socket, * negotiates a Kerberized SASL transport. The resulting TTransportFactory * can be passed as both the input and output transport factory when * instantiating a TThreadPoolServer, for example. * * @param saslProps Map of SASL properties */ @Override public TTransportFactory createTransportFactory(Map<String, String> saslProps) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = realUgi.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory transFactory = new TSaslServerTransport.Factory(); transFactory.addServerDefinition( AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], // two parts of kerberos principal saslProps, new SaslRpcServer.SaslGssCallbackHandler()); transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); return new TUGIAssumingTransportFactory(transFactory, realUgi); }
/** * Create a TTransportFactory that, upon connection of a client socket, * negotiates a Kerberized SASL transport. The resulting TTransportFactory * can be passed as both the input and output transport factory when * instantiating a TThreadPoolServer, for example. * * @param saslProps Map of SASL properties */ public TTransportFactory createTransportFactory(Map<String, String> saslProps) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = realUgi.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory transFactory = new TSaslServerTransport.Factory(); transFactory.addServerDefinition( AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], // two parts of kerberos principal saslProps, new SaslRpcServer.SaslGssCallbackHandler()); transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); return new TUGIAssumingTransportFactory(transFactory, realUgi); }
/** * Create a TTransportFactory that, upon connection of a client socket, * negotiates a Kerberized SASL transport. The resulting TTransportFactory * can be passed as both the input and output transport factory when * instantiating a TThreadPoolServer, for example. * * @param saslProps Map of SASL properties */ public TTransportFactory createTransportFactory(Map<String, String> saslProps) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = realUgi.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory transFactory = new TSaslServerTransport.Factory(); transFactory.addServerDefinition( AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], // two parts of kerberos principal saslProps, new SaslRpcServer.SaslGssCallbackHandler()); transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); return new TUGIAssumingTransportFactory(transFactory, realUgi); }
/** * Create a TSaslServerTransport.Factory that, upon connection of a client * socket, negotiates a Kerberized SASL transport. * * @param saslProps Map of SASL properties */ public TSaslServerTransport.Factory createSaslServerTransportFactory( Map<String, String> saslProps) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = clientValidationUGI.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory transFactory = new TSaslServerTransport.Factory(); transFactory.addServerDefinition( AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], // two parts of kerberos principal saslProps, new SaslRpcServer.SaslGssCallbackHandler()); transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); return transFactory; }
public static TTransportFactory createTTransportFactory( ServerConfiguration conf) { TTransportFactory factory; if (Security.isSecure(conf)) { Map<String, String> saslProperties = new HashMap<String, String>(); saslProperties.put(Sasl.QOP, conf.getThriftQOP()); String principal = conf.getServerPrincipalName(); String name = extractPrincipalName(principal); String host = extractPrincipalHost(principal); if (host == null) { throw new IllegalArgumentException(FastFormat.format( "Kerberos principal '{}' must have a hostname part", principal)); } TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties, new GssCallback()); factory = saslFactory; } else { factory = new TTransportFactory(); } return factory; }
private TTransportFactory getSASLTransportFactory() { String[] names; try { names = FlumeAuthenticationUtil.splitKerberosName(principal); } catch (IOException e) { throw new FlumeException( "Error while trying to resolve Principal name - " + principal, e); } Map<String, String> saslProperties = new HashMap<String, String>(); saslProperties.put(Sasl.QOP, "auth"); TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); saslTransportFactory.addServerDefinition( "GSSAPI", names[0], names[1], saslProperties, FlumeAuthenticationUtil.getSaslGssCallbackHandler()); return saslTransportFactory; }
@Override public TTransportFactory getServerTransportFactory(Runnable runnable, String serverName) throws SaslException { AuthType authType = Configuration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory(); AuthenticationProvider provider = AuthenticationProvider.Factory.create(authType); saslFactory .addServerDefinition(PlainSaslServerProvider.MECHANISM, null, null, new HashMap<String, String>(), new PlainSaslServerCallbackHandler(provider, runnable)); return saslFactory; } }
TServerSocket serverTransport = new TServerSocket(7911); // new server on port 7911 HelloWorldService.Processor<Iface> processor = new HelloWorldService.Processer<Iface>(new ThriftServerImpl()); // This is my thrift implementation for my server Map<String, String> saslProperties = new HashMap<String, String>(); // need a map for properties saslProperties.put(Sasl.QOP, "true"); saslProperties.put(Sasl.QOP, "auth-conf"); // authorization and confidentiality TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); // Creating the server definition saslTransportFactory.addServerDefinition( "GSSAPI", // tell SASL to use GSSAPI, which supports Kerberos "myserviceprincipal", // base kerberos principal name - myprincipal/my.server.com@MY.REALM "my.server.com", // kerberos principal server - myprincipal/my.server.com@MY.REALM saslProps, // Properties set, above new SaslRpcServer.SaslGssCallbackHandler())); // I don't know what this really does... but I stole it from Hadoop and it works.. so there. Tserver server = new TThreadPoolServer(newTThreadPoolSErver.Args(serverTransport).transportFactory(saslTrasnportFactory).processor(processor)); server.serve(); // Thrift server start
/** * Create a new <code>Factory</code>, initially with the single server * definition given. You may still call <code>addServerDefinition</code> * later. See the Java documentation for <code>Sasl.createSaslServer</code> * for the details of the parameters. */ public Factory(String mechanism, String protocol, String serverName, Map<String, String> props, CallbackHandler cbh) { super(); addServerDefinition(mechanism, protocol, serverName, props, cbh); }
/** * Create a new <code>Factory</code>, initially with the single server * definition given. You may still call <code>addServerDefinition</code> * later. See the Java documentation for <code>Sasl.createSaslServer</code> * for the details of the parameters. */ public Factory(String mechanism, String protocol, String serverName, Map<String, String> props, CallbackHandler cbh) { super(); addServerDefinition(mechanism, protocol, serverName, props, cbh); }