Package org.apache.storm.security.auth
Class ClientAuthUtils
- java.lang.Object
-
- org.apache.storm.security.auth.ClientAuthUtils
-
public class ClientAuthUtils extends Object
-
-
Field Summary
Fields Modifier and Type Field Description static StringLOGIN_CONTEXT_CLIENTstatic StringLOGIN_CONTEXT_PACEMAKER_CLIENTstatic StringLOGIN_CONTEXT_PACEMAKER_DIGESTstatic StringLOGIN_CONTEXT_PACEMAKER_SERVERstatic StringLOGIN_CONTEXT_SERVERstatic StringSERVICE
-
Constructor Summary
Constructors Constructor Description ClientAuthUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static booleanareWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String,Object> conf)Check if worker tokens should be enabled on the server side or not.static booleanareWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String,Object> conf)Check if worker tokens should be enabled on the server side or not (for a given server).static KerberosTicketcloneKerberosTicket(KerberosTicket kerberosTicket)static KerberosTicketdeserializeKerberosTicket(byte[] tgtBytes)static WorkerTokenfindWorkerToken(Subject subject, WorkerTokenServiceType type)Find a worker token in a given subject with a given token type.static Stringget(Map<String,Object> topoConf, String section, String key)Pull a the value given section and key from Configuration.static Collection<IAutoCredentials>getAutoCredentials(Map<String,Object> topoConf)Get all of the configured AutoCredential Plugins.static ConfigurationgetConfiguration(Map<String,Object> topoConf)Construct a JAAS configuration object per storm configuration file.static Collection<ICredentialsRenewer>getCredentialRenewers(Map<String,Object> conf)Get all of the configured Credential Renewer Plugins.static AppConfigurationEntry[]getEntries(Configuration configuration, String section)Get configurations for a section.static IGroupMappingServiceProvidergetGroupMappingServiceProviderPlugin(Map<String,Object> conf)Construct a group mapping service provider plugin.static StringgetJaasConf(Map<String,Object> topoConf)static Collection<INimbusCredentialPlugin>getNimbusAutoCredPlugins(Map<String,Object> conf)Get all the Nimbus Auto cred plugins.static IPrincipalToLocalgetPrincipalToLocalPlugin(Map<String,Object> topoConf)Construct a principal to local plugin.static ITransportPlugingetTransportPlugin(ThriftConnectionType type, Map<String,Object> topoConf)Construct a transport plugin per storm configuration.static WorkerTokenInfogetWorkerTokenInfo(WorkerToken wt)Get and deserialize the WorkerTokenInfo in the worker token.static StringmakeDigestPayload(Map<String,Object> topoConf, String configSection)static SubjectpopulateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)Populate a subject from credentials using the IAutoCredentials.static SortedMap<String,?>pullConfig(Map<String,Object> topoConf, String section)Pull a set of keys out of a Configuration.static WorkerTokenreadWorkerToken(Map<String,String> credentials, WorkerTokenServiceType type)Read a WorkerToken out of credentials for the given type.static byte[]serializeKerberosTicket(KerberosTicket tgt)static byte[]serializeWorkerTokenInfo(WorkerTokenInfo wti)Turn a WorkerTokenInfo in a byte array.static voidsetWorkerToken(Map<String,String> credentials, WorkerToken token)Store a worker token in some credentials.static voidupdateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)Update a subject from credentials using the IAutoCredentials.static StringworkerTokenCredentialsKey(WorkerTokenServiceType type)Get the key used to store a WorkerToken in the credentials map.
-
-
-
Field Detail
-
LOGIN_CONTEXT_SERVER
public static final String LOGIN_CONTEXT_SERVER
- See Also:
- Constant Field Values
-
LOGIN_CONTEXT_CLIENT
public static final String LOGIN_CONTEXT_CLIENT
- See Also:
- Constant Field Values
-
LOGIN_CONTEXT_PACEMAKER_DIGEST
public static final String LOGIN_CONTEXT_PACEMAKER_DIGEST
- See Also:
- Constant Field Values
-
LOGIN_CONTEXT_PACEMAKER_SERVER
public static final String LOGIN_CONTEXT_PACEMAKER_SERVER
- See Also:
- Constant Field Values
-
LOGIN_CONTEXT_PACEMAKER_CLIENT
public static final String LOGIN_CONTEXT_PACEMAKER_CLIENT
- See Also:
- Constant Field Values
-
SERVICE
public static final String SERVICE
- See Also:
- Constant Field Values
-
-
Method Detail
-
getConfiguration
public static Configuration getConfiguration(Map<String,Object> topoConf)
Construct a JAAS configuration object per storm configuration file.- Parameters:
topoConf- Storm configuration- Returns:
- JAAS configuration object
-
getEntries
public static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException
Get configurations for a section.- Parameters:
configuration- The config to pull the key/value pairs out of.section- The app configuration entry name to get stuff from.- Returns:
- Return array of config entries or null if configuration is null
- Throws:
IOException
-
pullConfig
public static SortedMap<String,?> pullConfig(Map<String,Object> topoConf, String section) throws IOException
Pull a set of keys out of a Configuration.- Parameters:
topoConf- The config containing the jaas conf file.section- The app configuration entry name to get stuff from.- Returns:
- Return a map of the configs in conf.
- Throws:
IOException
-
get
public static String get(Map<String,Object> topoConf, String section, String key) throws IOException
Pull a the value given section and key from Configuration.- Parameters:
topoConf- The config containing the jaas conf file.section- The app configuration entry name to get stuff from.key- The key to look up inside of the section- Returns:
- Return a the String value of the configuration value
- Throws:
IOException
-
getPrincipalToLocalPlugin
public static IPrincipalToLocal getPrincipalToLocalPlugin(Map<String,Object> topoConf)
Construct a principal to local plugin.- Parameters:
topoConf- storm configuration- Returns:
- the plugin
-
getGroupMappingServiceProviderPlugin
public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String,Object> conf)
Construct a group mapping service provider plugin.- Parameters:
conf- daemon configuration- Returns:
- the plugin
-
getCredentialRenewers
public static Collection<ICredentialsRenewer> getCredentialRenewers(Map<String,Object> conf)
Get all of the configured Credential Renewer Plugins.- Parameters:
conf- the storm configuration to use.- Returns:
- the configured credential renewers.
-
getNimbusAutoCredPlugins
public static Collection<INimbusCredentialPlugin> getNimbusAutoCredPlugins(Map<String,Object> conf)
Get all the Nimbus Auto cred plugins.- Parameters:
conf- nimbus configuration to use.- Returns:
- nimbus auto credential plugins.
-
getAutoCredentials
public static Collection<IAutoCredentials> getAutoCredentials(Map<String,Object> topoConf)
Get all of the configured AutoCredential Plugins.- Parameters:
topoConf- the storm configuration to use.- Returns:
- the configured auto credentials.
-
workerTokenCredentialsKey
public static String workerTokenCredentialsKey(WorkerTokenServiceType type)
Get the key used to store a WorkerToken in the credentials map.- Parameters:
type- the type of service to get.- Returns:
- the key as a String.
-
readWorkerToken
public static WorkerToken readWorkerToken(Map<String,String> credentials, WorkerTokenServiceType type)
Read a WorkerToken out of credentials for the given type.- Parameters:
credentials- the credentials map.type- the type of service we are looking for.- Returns:
- the deserialized WorkerToken or null if none could be found.
-
setWorkerToken
public static void setWorkerToken(Map<String,String> credentials, WorkerToken token)
Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.- Parameters:
credentials- the credentials map.token- the token you want to store.
-
findWorkerToken
public static WorkerToken findWorkerToken(Subject subject, WorkerTokenServiceType type)
Find a worker token in a given subject with a given token type.- Parameters:
subject- what to look in.type- the type of token to look for.- Returns:
- the token or null.
-
areWorkerTokensEnabledServer
public static boolean areWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not.- Parameters:
multiThriftServer- a collection of Thrift servers to know if the transport support tokens or not. No need to create a token if the transport does not support it.conf- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
areWorkerTokensEnabledServer
public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not (for a given server).- Parameters:
connectionType- the type of server this is for.conf- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
serializeWorkerTokenInfo
public static byte[] serializeWorkerTokenInfo(WorkerTokenInfo wti)
Turn a WorkerTokenInfo in a byte array.- Parameters:
wti- what to serialize.- Returns:
- the resulting byte array.
-
getWorkerTokenInfo
public static WorkerTokenInfo getWorkerTokenInfo(WorkerToken wt)
Get and deserialize the WorkerTokenInfo in the worker token.- Parameters:
wt- the token.- Returns:
- the deserialized info.
-
populateSubject
public static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
Populate a subject from credentials using the IAutoCredentials.- Parameters:
subject- the subject to populate or null if a new Subject should be created.autos- the IAutoCredentials to call to populate the subject.credentials- the credentials to pull from- Returns:
- the populated subject.
-
updateSubject
public static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
Update a subject from credentials using the IAutoCredentials.- Parameters:
subject- the subject to updateautos- the IAutoCredentials to call to update the subject.credentials- the credentials to pull from
-
getTransportPlugin
public static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String,Object> topoConf)
Construct a transport plugin per storm configuration.
-
makeDigestPayload
public static String makeDigestPayload(Map<String,Object> topoConf, String configSection)
-
serializeKerberosTicket
public static byte[] serializeKerberosTicket(KerberosTicket tgt) throws Exception
- Throws:
Exception
-
deserializeKerberosTicket
public static KerberosTicket deserializeKerberosTicket(byte[] tgtBytes)
-
cloneKerberosTicket
public static KerberosTicket cloneKerberosTicket(KerberosTicket kerberosTicket)
-
-