org.apache.storm.security.auth

Class ClientAuthUtils

java.lang.Object

org.apache.storm.security.auth.ClientAuthUtils

public class ClientAuthUtils
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
static String	LOGIN_CONTEXT_CLIENT
static String	LOGIN_CONTEXT_PACEMAKER_CLIENT
static String	LOGIN_CONTEXT_PACEMAKER_DIGEST
static String	LOGIN_CONTEXT_PACEMAKER_SERVER
static String	LOGIN_CONTEXT_SERVER
static String	SERVICE

Constructor Summary

Constructors

Constructor and Description
ClientAuthUtils()

Method Summary

Modifier and Type	Method and Description
static boolean	areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String,Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).
static boolean	areWorkerTokensEnabledServer(ThriftServer server, Map<String,Object> conf) Check if worker tokens should be enabled on the server side or not.
static KerberosTicket	cloneKerberosTicket(KerberosTicket kerberosTicket)
static KerberosTicket	deserializeKerberosTicket(byte[] tgtBytes)
static WorkerToken	findWorkerToken(Subject subject, WorkerTokenServiceType type) Find a worker token in a given subject with a given token type.
static String	get(Map<String,Object> topoConf, String section, String key) Pull a the value given section and key from Configuration.
static Collection<IAutoCredentials>	getAutoCredentials(Map<String,Object> topoConf) Get all of the configured AutoCredential Plugins.
static Configuration	getConfiguration(Map<String,Object> topoConf) Construct a JAAS configuration object per storm configuration file.
static Collection<ICredentialsRenewer>	getCredentialRenewers(Map<String,Object> conf) Get all of the configured Credential Renewer Plugins.
static AppConfigurationEntry[]	getEntries(Configuration configuration, String section) Get configurations for a section.
static IGroupMappingServiceProvider	getGroupMappingServiceProviderPlugin(Map<String,Object> conf) Construct a group mapping service provider plugin.
static String	getJaasConf(Map<String,Object> topoConf)
static Collection<INimbusCredentialPlugin>	getNimbusAutoCredPlugins(Map<String,Object> conf) Get all the Nimbus Auto cred plugins.
static IPrincipalToLocal	getPrincipalToLocalPlugin(Map<String,Object> topoConf) Construct a principal to local plugin.
static ITransportPlugin	getTransportPlugin(ThriftConnectionType type, Map<String,Object> topoConf) Construct a transport plugin per storm configuration.
static WorkerTokenInfo	getWorkerTokenInfo(WorkerToken wt) Get and deserialize the WorkerTokenInfo in the worker token.
static String	makeDigestPayload(Map<String,Object> topoConf, String configSection)
static Subject	populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials) Populate a subject from credentials using the IAutoCredentials.
static SortedMap<String,?>	pullConfig(Map<String,Object> topoConf, String section) Pull a set of keys out of a Configuration.
static WorkerToken	readWorkerToken(Map<String,String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.
static byte[]	serializeKerberosTicket(KerberosTicket tgt)
static byte[]	serializeWorkerTokenInfo(WorkerTokenInfo wti) Turn a WorkerTokenInfo in a byte array.
static void	setWorkerToken(Map<String,String> credentials, WorkerToken token) Store a worker token in some credentials.
static void	updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials) Update a subject from credentials using the IAutoCredentials.
static String	workerTokenCredentialsKey(WorkerTokenServiceType type) Get the key used to store a WorkerToken in the credentials map.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGIN_CONTEXT_SERVER

public static final String LOGIN_CONTEXT_SERVER

See Also:

Constant Field Values

LOGIN_CONTEXT_CLIENT

public static final String LOGIN_CONTEXT_CLIENT

See Also:

Constant Field Values

LOGIN_CONTEXT_PACEMAKER_DIGEST

public static final String LOGIN_CONTEXT_PACEMAKER_DIGEST

See Also:

Constant Field Values

LOGIN_CONTEXT_PACEMAKER_SERVER

public static final String LOGIN_CONTEXT_PACEMAKER_SERVER

See Also:

Constant Field Values

LOGIN_CONTEXT_PACEMAKER_CLIENT

public static final String LOGIN_CONTEXT_PACEMAKER_CLIENT

See Also:

Constant Field Values

SERVICE

public static final String SERVICE

See Also:

Constant Field Values

Constructor Detail

ClientAuthUtils

public ClientAuthUtils()

Method Detail

getJaasConf

public static String getJaasConf(Map<String,Object> topoConf)

getConfiguration

public static Configuration getConfiguration(Map<String,Object> topoConf)

Construct a JAAS configuration object per storm configuration file.

Parameters:

topoConf - Storm configuration

Returns:

JAAS configuration object

getEntries

public static AppConfigurationEntry[] getEntries(Configuration configuration,
                                                 String section)
                                          throws IOException

Get configurations for a section.

Parameters:

configuration - The config to pull the key/value pairs out of.

section - The app configuration entry name to get stuff from.

Returns:

Return array of config entries or null if configuration is null

Throws:

IOException

pullConfig

public static SortedMap<String,?> pullConfig(Map<String,Object> topoConf,
                                             String section)
                                      throws IOException

Pull a set of keys out of a Configuration.

Parameters:

topoConf - The config containing the jaas conf file.

section - The app configuration entry name to get stuff from.

Returns:

Return a map of the configs in conf.

Throws:

IOException

get

public static String get(Map<String,Object> topoConf,
                         String section,
                         String key)
                  throws IOException

Pull a the value given section and key from Configuration.

Parameters:

topoConf - The config containing the jaas conf file.

section - The app configuration entry name to get stuff from.

key - The key to look up inside of the section

Returns:

Return a the String value of the configuration value

Throws:

IOException

getPrincipalToLocalPlugin

public static IPrincipalToLocal getPrincipalToLocalPlugin(Map<String,Object> topoConf)

Construct a principal to local plugin.

Parameters:

topoConf - storm configuration

Returns:

the plugin

getGroupMappingServiceProviderPlugin

public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String,Object> conf)

Construct a group mapping service provider plugin.

Parameters:

conf - daemon configuration

Returns:

the plugin

getCredentialRenewers

public static Collection<ICredentialsRenewer> getCredentialRenewers(Map<String,Object> conf)

Get all of the configured Credential Renewer Plugins.

Parameters:

conf - the storm configuration to use.

Returns:

the configured credential renewers.

getNimbusAutoCredPlugins

public static Collection<INimbusCredentialPlugin> getNimbusAutoCredPlugins(Map<String,Object> conf)

Get all the Nimbus Auto cred plugins.

Parameters:

conf - nimbus configuration to use.

Returns:

nimbus auto credential plugins.

getAutoCredentials

public static Collection<IAutoCredentials> getAutoCredentials(Map<String,Object> topoConf)

Get all of the configured AutoCredential Plugins.

Parameters:

topoConf - the storm configuration to use.

Returns:

the configured auto credentials.

workerTokenCredentialsKey

public static String workerTokenCredentialsKey(WorkerTokenServiceType type)

Get the key used to store a WorkerToken in the credentials map.

Parameters:

type - the type of service to get.

Returns:

the key as a String.

readWorkerToken

public static WorkerToken readWorkerToken(Map<String,String> credentials,
                                          WorkerTokenServiceType type)

Read a WorkerToken out of credentials for the given type.

Parameters:

credentials - the credentials map.

type - the type of service we are looking for.

Returns:

the deserialized WorkerToken or null if none could be found.

setWorkerToken

public static void setWorkerToken(Map<String,String> credentials,
                                  WorkerToken token)

Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.

Parameters:

credentials - the credentials map.

token - the token you want to store.

findWorkerToken

public static WorkerToken findWorkerToken(Subject subject,
                                          WorkerTokenServiceType type)

Find a worker token in a given subject with a given token type.

Parameters:

subject - what to look in.

type - the type of token to look for.

Returns:

the token or null.

areWorkerTokensEnabledServer

public static boolean areWorkerTokensEnabledServer(ThriftServer server,
                                                   Map<String,Object> conf)

Check if worker tokens should be enabled on the server side or not.

Parameters:

server - a Thrift server to know if the transport support tokens or not. No need to create a token if the transport does not support it.

conf - the daemon configuration to be sure the tokens are secure.

Returns:

true if we can enable them, else false.

areWorkerTokensEnabledServer

public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType,
                                                   Map<String,Object> conf)

Check if worker tokens should be enabled on the server side or not (for a given server).

Parameters:

connectionType - the type of server this is for.

conf - the daemon configuration to be sure the tokens are secure.

Returns:

true if we can enable them, else false.

serializeWorkerTokenInfo

public static byte[] serializeWorkerTokenInfo(WorkerTokenInfo wti)

Turn a WorkerTokenInfo in a byte array.

Parameters:

wti - what to serialize.

Returns:

the resulting byte array.

getWorkerTokenInfo

public static WorkerTokenInfo getWorkerTokenInfo(WorkerToken wt)

Get and deserialize the WorkerTokenInfo in the worker token.

Parameters:

wt - the token.

Returns:

the deserialized info.

populateSubject

public static Subject populateSubject(Subject subject,
                                      Collection<IAutoCredentials> autos,
                                      Map<String,String> credentials)

Populate a subject from credentials using the IAutoCredentials.

Parameters:

subject - the subject to populate or null if a new Subject should be created.

autos - the IAutoCredentials to call to populate the subject.

credentials - the credentials to pull from

Returns:

the populated subject.

updateSubject

public static void updateSubject(Subject subject,
                                 Collection<IAutoCredentials> autos,
                                 Map<String,String> credentials)

Update a subject from credentials using the IAutoCredentials.

Parameters:

subject - the subject to update

autos - the IAutoCredentials to call to update the subject.

credentials - the credentials to pull from

getTransportPlugin

public static ITransportPlugin getTransportPlugin(ThriftConnectionType type,
                                                  Map<String,Object> topoConf)

Construct a transport plugin per storm configuration.

makeDigestPayload

public static String makeDigestPayload(Map<String,Object> topoConf,
                                       String configSection)

serializeKerberosTicket

public static byte[] serializeKerberosTicket(KerberosTicket tgt)
                                      throws Exception

Throws:

Exception

deserializeKerberosTicket

public static KerberosTicket deserializeKerberosTicket(byte[] tgtBytes)

cloneKerberosTicket

public static KerberosTicket cloneKerberosTicket(KerberosTicket kerberosTicket)