001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.fs.http.server; 019 020import org.apache.hadoop.classification.InterfaceAudience; 021import org.apache.hadoop.conf.Configuration; 022import org.apache.hadoop.security.authentication.server.AuthenticationFilter; 023import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter; 024 025import javax.servlet.FilterConfig; 026import javax.servlet.ServletException; 027import java.io.FileReader; 028import java.io.IOException; 029import java.io.Reader; 030import java.util.Map; 031import java.util.Properties; 032 033/** 034 * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its configuration 035 * from HttpFSServer's server configuration. 036 */ 037@InterfaceAudience.Private 038public class HttpFSAuthenticationFilter 039 extends DelegationTokenAuthenticationFilter { 040 041 private static final String CONF_PREFIX = "httpfs.authentication."; 042 043 private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET + ".file"; 044 045 /** 046 * Returns the hadoop-auth configuration from HttpFSServer's configuration. 047 * <p/> 048 * It returns all HttpFSServer's configuration properties prefixed with 049 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code> 050 * prefix is removed from the returned property names. 051 * 052 * @param configPrefix parameter not used. 053 * @param filterConfig parameter not used. 054 * 055 * @return hadoop-auth configuration read from HttpFSServer's configuration. 056 */ 057 @Override 058 protected Properties getConfiguration(String configPrefix, 059 FilterConfig filterConfig) throws ServletException{ 060 Properties props = new Properties(); 061 Configuration conf = HttpFSServerWebApp.get().getConfig(); 062 063 props.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); 064 for (Map.Entry<String, String> entry : conf) { 065 String name = entry.getKey(); 066 if (name.startsWith(CONF_PREFIX)) { 067 String value = conf.get(name); 068 name = name.substring(CONF_PREFIX.length()); 069 props.setProperty(name, value); 070 } 071 } 072 073 String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null); 074 if (signatureSecretFile == null) { 075 throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE); 076 } 077 078 try { 079 StringBuilder secret = new StringBuilder(); 080 Reader reader = new FileReader(signatureSecretFile); 081 int c = reader.read(); 082 while (c > -1) { 083 secret.append((char)c); 084 c = reader.read(); 085 } 086 reader.close(); 087 props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString()); 088 } catch (IOException ex) { 089 throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile); 090 } 091 return props; 092 } 093 094 protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) { 095 Map<String, String> proxyuserConf = HttpFSServerWebApp.get().getConfig(). 096 getValByRegex("httpfs\\.proxyuser\\."); 097 Configuration conf = new Configuration(false); 098 for (Map.Entry<String, String> entry : proxyuserConf.entrySet()) { 099 conf.set(entry.getKey().substring("httpfs.".length()), entry.getValue()); 100 } 101 return conf; 102 } 103 104}