Java 类org.apache.thrift.transport.TSaslServerTransport 实例源码

项目:flume-release-1.7.0    文件:ThriftSource.java   
private TTransportFactory getSASLTransportFactory() {
  String[] names;
  try {
    names = FlumeAuthenticationUtil.splitKerberosName(principal);
  } catch (IOException e) {
    throw new FlumeException(
            "Error while trying to resolve Principal name - " + principal, e);
  }
  Map<String, String> saslProperties = new HashMap<String, String>();
  saslProperties.put(Sasl.QOP, "auth");
  TSaslServerTransport.Factory saslTransportFactory =
          new TSaslServerTransport.Factory();
  saslTransportFactory.addServerDefinition(
          "GSSAPI", names[0], names[1], saslProperties,
          FlumeAuthenticationUtil.getSaslGssCallbackHandler());
  return saslTransportFactory;
}
项目:jstrom    文件:SaslTransportPlugin.java   
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
    // populating request context
    ReqContext req_context = ReqContext.context();

    TTransport trans = inProt.getTransport();
    // Sasl transport
    TSaslServerTransport saslTrans = (TSaslServerTransport) trans;
    // remote address
    TSocket tsocket = (TSocket) saslTrans.getUnderlyingTransport();
    Socket socket = tsocket.getSocket();
    req_context.setRemoteAddress(socket.getInetAddress());

    // remote subject
    SaslServer saslServer = saslTrans.getSaslServer();
    String authId = saslServer.getAuthorizationID();
    Subject remoteUser = new Subject();
    remoteUser.getPrincipals().add(new User(authId));
    req_context.setSubject(remoteUser);

    // invoke service handler
    return wrapped.process(inProt, outProt);
}
项目:incubator-storm    文件:SaslTransportPlugin.java   
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
    //populating request context 
    ReqContext req_context = ReqContext.context();

    TTransport trans = inProt.getTransport();
    //Sasl transport
    TSaslServerTransport saslTrans = (TSaslServerTransport)trans;

    //remote address
    TSocket tsocket = (TSocket)saslTrans.getUnderlyingTransport();
    Socket socket = tsocket.getSocket();
    req_context.setRemoteAddress(socket.getInetAddress());

    //remote subject 
    SaslServer saslServer = saslTrans.getSaslServer();
    String authId = saslServer.getAuthorizationID();
    Subject remoteUser = new Subject();
    remoteUser.getPrincipals().add(new User(authId));
    req_context.setSubject(remoteUser);

    //invoke service handler
    return wrapped.process(inProt, outProt);
}
项目:storm-resa    文件:SaslTransportPlugin.java   
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
    //populating request context 
    ReqContext req_context = ReqContext.context();

    TTransport trans = inProt.getTransport();
    //Sasl transport
    TSaslServerTransport saslTrans = (TSaslServerTransport)trans;

    //remote address
    TSocket tsocket = (TSocket)saslTrans.getUnderlyingTransport();
    Socket socket = tsocket.getSocket();
    req_context.setRemoteAddress(socket.getInetAddress());

    //remote subject 
    SaslServer saslServer = saslTrans.getSaslServer();
    String authId = saslServer.getAuthorizationID();
    Subject remoteUser = new Subject();
    remoteUser.getPrincipals().add(new User(authId));
    req_context.setSubject(remoteUser);

    //invoke service handler
    return wrapped.process(inProt, outProt);
}
项目:jstorm    文件:SaslTransportPlugin.java   
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
    // populating request context
    ReqContext req_context = ReqContext.context();

    TTransport trans = inProt.getTransport();
    // Sasl transport
    TSaslServerTransport saslTrans = (TSaslServerTransport) trans;
    // remote address
    TSocket tsocket = (TSocket) saslTrans.getUnderlyingTransport();
    Socket socket = tsocket.getSocket();
    req_context.setRemoteAddress(socket.getInetAddress());

    // remote subject
    SaslServer saslServer = saslTrans.getSaslServer();
    String authId = saslServer.getAuthorizationID();
    Subject remoteUser = new Subject();
    remoteUser.getPrincipals().add(new User(authId));
    req_context.setSubject(remoteUser);

    // invoke service handler
    return wrapped.process(inProt, outProt);
}
项目:jstrom    文件:DigestSaslTransportPlugin.java   
protected TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);

    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
项目:incubator-storm    文件:DigestSaslTransportPlugin.java   
protected TTransportFactory getServerTransportFactory() throws IOException {        
    //create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);

    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);

    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
项目:storm-resa    文件:DigestSaslTransportPlugin.java   
protected TTransportFactory getServerTransportFactory() throws IOException {        
    //create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);

    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);

    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
项目:incubator-sentry    文件:ThriftUtil.java   
public static void setImpersonator(final TProtocol in) {
  try {
    TTransport transport = in.getTransport();
    if (transport instanceof TSaslServerTransport) {
      String impersonator = ((TSaslServerTransport) transport).getSaslServer()
          .getAuthorizationID();
      setImpersonator(impersonator);
    }
  } catch (Exception e) {
    // If there has exception when get impersonator info, log the error information.
    LOGGER.warn("There is an error when get the impersonator:" + e.getMessage());
  }
}
项目:incubator-sentry    文件:ThriftUtil.java   
/**
 * Returns the underlying TSocket from the transport, or null of the transport type is unknown.
 */
private static TSocket getUnderlyingSocketFromTransport(TTransport transport) {
  Preconditions.checkNotNull(transport);
  if (transport instanceof TSaslServerTransport) {
    return (TSocket) ((TSaslServerTransport) transport).getUnderlyingTransport();
  } else if (transport instanceof TSaslClientTransport) {
    return (TSocket) ((TSaslClientTransport) transport).getUnderlyingTransport();
  } else if (transport instanceof TSocket) {
    return (TSocket) transport;
  }
  return null;
}
项目:jstorm    文件:DigestSaslTransportPlugin.java   
protected TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);

    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
项目:jstrom    文件:KerberosSaslTransportPlugin.java   
public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);

    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file "
                + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}
项目:krb-thrift    文件:TUGIAssumingProcessor.java   
@Override
public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException {
  TTransport trans = inProt.getTransport();
  if (!(trans instanceof TSaslServerTransport)) {
    throw new TException("Unexpected non-SASL transport " + trans.getClass());
  }
  TSaslServerTransport saslTrans = (TSaslServerTransport) trans;
  SaslServer saslServer = saslTrans.getSaslServer();
  String authId = saslServer.getAuthorizationID();
  String endUser = authId;

  UserGroupInformation clientUgi = null;
  try {
    clientUgi = UserGroupInformation.createProxyUser(endUser, UserGroupInformation.getLoginUser());
    final String remoteUser = clientUgi.getShortUserName();
    log.debug("Executing action as {}", remoteUser);
    return clientUgi.doAs(new PrivilegedExceptionAction<Boolean>() {
      @Override
      public Boolean run() {
        try {
          return wrapped.process(inProt, outProt);
        } catch (TException te) {
          throw new RuntimeException(te);
        }
      }
    });
  } catch (RuntimeException rte) {
    if (rte.getCause() instanceof TException) {
      log.error("Failed to invoke wrapped processor", rte.getCause());
      throw (TException) rte.getCause();
    }
    throw rte;
  } catch (InterruptedException | IOException e) {
    log.error("Failed to invoke wrapped processor", e);
    throw new RuntimeException(e);
  } finally {
    if (clientUgi != null) {
      try {
        FileSystem.closeAllForUGI(clientUgi);
      } catch (IOException exception) {
        log.error("Could not clean up file-system handles for UGI: {}", clientUgi, exception);
      }
    }
  }
}
项目:jstorm    文件:KerberosSaslTransportPlugin.java   
public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);

    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file "
                + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}