001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.fs.http.server; 019 020import org.apache.hadoop.classification.InterfaceAudience; 021import org.apache.hadoop.conf.Configuration; 022import org.apache.hadoop.hdfs.web.WebHdfsFileSystem; 023import org.apache.hadoop.security.authentication.server.AuthenticationFilter; 024import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter; 025import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler; 026 027import javax.servlet.FilterConfig; 028import javax.servlet.ServletException; 029import java.io.FileReader; 030import java.io.IOException; 031import java.io.Reader; 032import java.util.Map; 033import java.util.Properties; 034 035/** 036 * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its configuration 037 * from HttpFSServer's server configuration. 038 */ 039@InterfaceAudience.Private 040public class HttpFSAuthenticationFilter 041 extends DelegationTokenAuthenticationFilter { 042 043 private static final String CONF_PREFIX = "httpfs.authentication."; 044 045 private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET + ".file"; 046 047 /** 048 * Returns the hadoop-auth configuration from HttpFSServer's configuration. 049 * <p/> 050 * It returns all HttpFSServer's configuration properties prefixed with 051 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code> 052 * prefix is removed from the returned property names. 053 * 054 * @param configPrefix parameter not used. 055 * @param filterConfig parameter not used. 056 * 057 * @return hadoop-auth configuration read from HttpFSServer's configuration. 058 */ 059 @Override 060 protected Properties getConfiguration(String configPrefix, 061 FilterConfig filterConfig) throws ServletException{ 062 Properties props = new Properties(); 063 Configuration conf = HttpFSServerWebApp.get().getConfig(); 064 065 props.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); 066 for (Map.Entry<String, String> entry : conf) { 067 String name = entry.getKey(); 068 if (name.startsWith(CONF_PREFIX)) { 069 String value = conf.get(name); 070 name = name.substring(CONF_PREFIX.length()); 071 props.setProperty(name, value); 072 } 073 } 074 075 String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null); 076 if (signatureSecretFile == null) { 077 throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE); 078 } 079 080 try { 081 StringBuilder secret = new StringBuilder(); 082 Reader reader = new FileReader(signatureSecretFile); 083 int c = reader.read(); 084 while (c > -1) { 085 secret.append((char)c); 086 c = reader.read(); 087 } 088 reader.close(); 089 props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString()); 090 } catch (IOException ex) { 091 throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile); 092 } 093 setAuthHandlerClass(props); 094 props.setProperty(KerberosDelegationTokenAuthenticationHandler.TOKEN_KIND, 095 WebHdfsFileSystem.TOKEN_KIND.toString()); 096 return props; 097 } 098 099 protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) { 100 Map<String, String> proxyuserConf = HttpFSServerWebApp.get().getConfig(). 101 getValByRegex("httpfs\\.proxyuser\\."); 102 Configuration conf = new Configuration(false); 103 for (Map.Entry<String, String> entry : proxyuserConf.entrySet()) { 104 conf.set(entry.getKey().substring("httpfs.".length()), entry.getValue()); 105 } 106 return conf; 107 } 108 109}