private Module kerberosInternalCommunicationModule() { return binder -> { InternalCommunicationConfig clientKerberosConfig = buildConfigObject(InternalCommunicationConfig.class); com.facebook.presto.server.security.KerberosConfig serverKerberosConfig = buildConfigObject(com.facebook.presto.server.security.KerberosConfig.class); verify(serverKerberosConfig.getKeytab() != null, "%s must be set when %s is true", HTTP_SERVER_AUTHENTICATION_KRB5_KEYTAB, INTERNAL_COMMUNICATION_KERBEROS_ENABLED); configBinder(binder).bindConfigGlobalDefaults(KerberosConfig.class, kerberosConfig -> { kerberosConfig.setConfig(serverKerberosConfig.getKerberosConfig()); kerberosConfig.setKeytab(serverKerberosConfig.getKeytab()); kerberosConfig.setUseCanonicalHostname(clientKerberosConfig.isKerberosUseCanonicalHostname()); }); String kerberosPrincipal = serverKerberosConfig.getServiceName() + "/" + getLocalCanonicalHostName(); configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, httpClientConfig -> { httpClientConfig.setAuthenticationEnabled(true); httpClientConfig.setKerberosPrincipal(kerberosPrincipal); httpClientConfig.setKerberosRemoteServiceName(serverKerberosConfig.getServiceName()); }); }; }
@Override protected HttpClientConfig createClientConfig() { return super.createClientConfig() .setAuthenticationEnabled(true) .setKerberosPrincipal("invalid-for-testing") .setKerberosRemoteServiceName("test"); }
@Override protected HttpClientConfig createClientConfig() { return super.createClientConfig() .setAuthenticationEnabled(true) .setKerberosPrincipal("invalid-for-testing") .setKerberosRemoteServiceName("test"); }
.setTrustStorePassword("trust-store-password") .setAuthenticationEnabled(true) .setKerberosRemoteServiceName("airlift") .setKerberosPrincipal("airlift-client");
.setHttpsExcludedCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") .setAuthenticationEnabled(true) .setKerberosRemoteServiceName("airlift") .setKerberosPrincipal("airlift-client") .setHttp2InitialSessionReceiveWindowSize(new DataSize(7, MEGABYTE))
.setHttpsExcludedCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") .setAuthenticationEnabled(true) .setKerberosRemoteServiceName("airlift") .setKerberosPrincipal("airlift-client") .setHttp2InitialSessionReceiveWindowSize(new DataSize(7, MEGABYTE))
@Test public void testDefaults() { ConfigAssertions.assertRecordedDefaults(ConfigAssertions.recordDefaults(HttpClientConfig.class) .setHttp2Enabled(false) .setConnectTimeout(new Duration(1, TimeUnit.SECONDS)) .setRequestTimeout(new Duration(5, TimeUnit.MINUTES)) .setIdleTimeout(new Duration(1, TimeUnit.MINUTES)) .setKeepAliveInterval(null) .setMaxConnections(200) .setMaxConnectionsPerServer(20) .setMaxRequestsQueuedPerDestination(1024) .setMaxContentLength(new DataSize(16, Unit.MEGABYTE)) .setSocksProxy(null) .setKeyStorePath(System.getProperty(JAVAX_NET_SSL_KEY_STORE)) .setKeyStorePassword(System.getProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD)) .setTrustStorePath(System.getProperty(JAVAX_NET_SSL_TRUST_STORE)) .setTrustStorePassword(System.getProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD)) .setAuthenticationEnabled(false) .setKerberosRemoteServiceName(null) .setKerberosPrincipal(null)); }
private Module kerberosInternalCommunicationModule() { return binder -> { InternalCommunicationConfig clientKerberosConfig = buildConfigObject(InternalCommunicationConfig.class); io.prestosql.server.security.KerberosConfig serverKerberosConfig = buildConfigObject(io.prestosql.server.security.KerberosConfig.class); verify(serverKerberosConfig.getKeytab() != null, "%s must be set when %s is true", HTTP_SERVER_AUTHENTICATION_KRB5_KEYTAB, INTERNAL_COMMUNICATION_KERBEROS_ENABLED); configBinder(binder).bindConfigGlobalDefaults(KerberosConfig.class, kerberosConfig -> { kerberosConfig.setConfig(serverKerberosConfig.getKerberosConfig()); kerberosConfig.setKeytab(serverKerberosConfig.getKeytab()); kerberosConfig.setUseCanonicalHostname(clientKerberosConfig.isKerberosUseCanonicalHostname()); }); String kerberosPrincipal = serverKerberosConfig.getServiceName() + "/" + getLocalCanonicalHostName(); configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, httpClientConfig -> { httpClientConfig.setAuthenticationEnabled(true); httpClientConfig.setKerberosPrincipal(kerberosPrincipal); httpClientConfig.setKerberosRemoteServiceName(serverKerberosConfig.getServiceName()); }); }; }
private Module kerberosInternalCommunicationModule() { return binder -> { InternalCommunicationConfig clientKerberosConfig = buildConfigObject(InternalCommunicationConfig.class); io.prestosql.server.security.KerberosConfig serverKerberosConfig = buildConfigObject(io.prestosql.server.security.KerberosConfig.class); verify(serverKerberosConfig.getKeytab() != null, "%s must be set when %s is true", HTTP_SERVER_AUTHENTICATION_KRB5_KEYTAB, INTERNAL_COMMUNICATION_KERBEROS_ENABLED); configBinder(binder).bindConfigGlobalDefaults(KerberosConfig.class, kerberosConfig -> { kerberosConfig.setConfig(serverKerberosConfig.getKerberosConfig()); kerberosConfig.setKeytab(serverKerberosConfig.getKeytab()); kerberosConfig.setUseCanonicalHostname(clientKerberosConfig.isKerberosUseCanonicalHostname()); }); String kerberosPrincipal = serverKerberosConfig.getServiceName() + "/" + getLocalCanonicalHostName(); configBinder(binder).bindConfigGlobalDefaults(HttpClientConfig.class, httpClientConfig -> { httpClientConfig.setAuthenticationEnabled(true); httpClientConfig.setKerberosPrincipal(kerberosPrincipal); httpClientConfig.setKerberosRemoteServiceName(serverKerberosConfig.getServiceName()); }); }; }