exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserConnectionConfig.java - drill - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.drill.exec.rpc.user;

 import org.apache.drill.common.config.DrillConfig;
 import org.apache.drill.exec.ExecConstants;
 import org.apache.drill.exec.exception.DrillbitStartupException;
 import org.apache.drill.exec.memory.BufferAllocator;
 import org.apache.drill.exec.rpc.AbstractConnectionConfig;
 import org.apache.drill.exec.rpc.RequestHandler;
 import org.apache.drill.exec.rpc.RpcConstants;
 import org.apache.drill.exec.rpc.security.AuthenticatorProvider;
 import org.apache.drill.exec.server.BootStrapContext;

 // config for bit to user connection
 // package private
 class UserConnectionConfig extends AbstractConnectionConfig {
   private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(UserConnectionConfig.class);

   private final boolean authEnabled;
   private final boolean sslEnabled;
   private final InboundImpersonationManager impersonationManager;

   private final UserServerRequestHandler handler;

   UserConnectionConfig(BufferAllocator allocator, BootStrapContext context, UserServerRequestHandler handler)
     throws DrillbitStartupException {
     super(allocator, context);
     this.handler = handler;

     final DrillConfig config = context.getConfig();
     final AuthenticatorProvider authProvider = getAuthProvider();

     if (config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
       if (authProvider.getAllFactoryNames().isEmpty()) {
         throw new DrillbitStartupException("Authentication enabled, but no mechanisms found. Please check " +
             "authentication configuration.");
       }
       authEnabled = true;

       // Update encryption related parameters.
       encryptionContext.setEncryption(config.getBoolean(ExecConstants.USER_ENCRYPTION_SASL_ENABLED));
       final int maxWrappedSize = config.getInt(ExecConstants.USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE);

       if (maxWrappedSize <= 0) {
         throw new DrillbitStartupException(String.format("Invalid value configured for " +
             "user.encryption.sasl.max_wrapped_size. Must be a positive integer in bytes with a recommended max value " +
             "of %s", RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE));
       } else if (maxWrappedSize > RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE) {
         logger.warn("The configured value of user.encryption.sasl.max_wrapped_size: {} is too big. This may cause " +
             "higher memory pressure. [Details: Recommended max value is {}]",
             maxWrappedSize, RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE);
       }
       encryptionContext.setMaxWrappedSize(maxWrappedSize);

       logger.info("Configured all user connections to require authentication with encryption: {} using: {}",
           encryptionContext.getEncryptionCtxtString(), authProvider.getAllFactoryNames());
     } else if (config.getBoolean(ExecConstants.USER_ENCRYPTION_SASL_ENABLED)) {
       throw new DrillbitStartupException("Invalid security configuration. Encryption using SASL is enabled with " +
           "authentication disabled. Please check the security.user configurations.");
     } else {
       authEnabled = false;
     }
     impersonationManager = !config.getBoolean(ExecConstants.IMPERSONATION_ENABLED)
         ? null
         : new InboundImpersonationManager();

     sslEnabled = config.getBoolean(ExecConstants.USER_SSL_ENABLED);

     if(isSSLEnabled() && isAuthEnabled() && isEncryptionEnabled()){
       logger.warn("The server is configured to use both SSL and SASL encryption (only one should be configured).");
     }

   }

   @Override
   public String getName() {
     return "user server";
   }

   boolean isAuthEnabled() {
     return authEnabled;
   }

   boolean isSSLEnabled() {
     return sslEnabled;
   }

   InboundImpersonationManager getImpersonationManager() {
     return impersonationManager;
   }

   RequestHandler<UserServer.BitToUserConnection> getMessageHandler() {
     return handler;
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.drill.exec.rpc.user;

	import org.apache.drill.common.config.DrillConfig;
	import org.apache.drill.exec.ExecConstants;
	import org.apache.drill.exec.exception.DrillbitStartupException;
	import org.apache.drill.exec.memory.BufferAllocator;
	import org.apache.drill.exec.rpc.AbstractConnectionConfig;
	import org.apache.drill.exec.rpc.RequestHandler;
	import org.apache.drill.exec.rpc.RpcConstants;
	import org.apache.drill.exec.rpc.security.AuthenticatorProvider;
	import org.apache.drill.exec.server.BootStrapContext;

	// config for bit to user connection
	// package private
	class UserConnectionConfig extends AbstractConnectionConfig {
	private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(UserConnectionConfig.class);

	private final boolean authEnabled;
	private final boolean sslEnabled;
	private final InboundImpersonationManager impersonationManager;

	private final UserServerRequestHandler handler;

	UserConnectionConfig(BufferAllocator allocator, BootStrapContext context, UserServerRequestHandler handler)
	throws DrillbitStartupException {
	super(allocator, context);
	this.handler = handler;

	final DrillConfig config = context.getConfig();
	final AuthenticatorProvider authProvider = getAuthProvider();

	if (config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
	if (authProvider.getAllFactoryNames().isEmpty()) {
	throw new DrillbitStartupException("Authentication enabled, but no mechanisms found. Please check " +
	"authentication configuration.");
	}
	authEnabled = true;

	// Update encryption related parameters.
	encryptionContext.setEncryption(config.getBoolean(ExecConstants.USER_ENCRYPTION_SASL_ENABLED));
	final int maxWrappedSize = config.getInt(ExecConstants.USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE);

	if (maxWrappedSize <= 0) {
	throw new DrillbitStartupException(String.format("Invalid value configured for " +
	"user.encryption.sasl.max_wrapped_size. Must be a positive integer in bytes with a recommended max value " +
	"of %s", RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE));
	} else if (maxWrappedSize > RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE) {
	logger.warn("The configured value of user.encryption.sasl.max_wrapped_size: {} is too big. This may cause " +
	"higher memory pressure. [Details: Recommended max value is {}]",
	maxWrappedSize, RpcConstants.MAX_RECOMMENDED_WRAPPED_SIZE);
	}
	encryptionContext.setMaxWrappedSize(maxWrappedSize);

	logger.info("Configured all user connections to require authentication with encryption: {} using: {}",
	encryptionContext.getEncryptionCtxtString(), authProvider.getAllFactoryNames());
	} else if (config.getBoolean(ExecConstants.USER_ENCRYPTION_SASL_ENABLED)) {
	throw new DrillbitStartupException("Invalid security configuration. Encryption using SASL is enabled with " +
	"authentication disabled. Please check the security.user configurations.");
	} else {
	authEnabled = false;
	}
	impersonationManager = !config.getBoolean(ExecConstants.IMPERSONATION_ENABLED)
	? null
	: new InboundImpersonationManager();

	sslEnabled = config.getBoolean(ExecConstants.USER_SSL_ENABLED);

	if(isSSLEnabled() && isAuthEnabled() && isEncryptionEnabled()){
	logger.warn("The server is configured to use both SSL and SASL encryption (only one should be configured).");
	}

	}

	@Override
	public String getName() {
	return "user server";
	}

	boolean isAuthEnabled() {
	return authEnabled;
	}

	boolean isSSLEnabled() {
	return sslEnabled;
	}

	InboundImpersonationManager getImpersonationManager() {
	return impersonationManager;
	}

	RequestHandler<UserServer.BitToUserConnection> getMessageHandler() {
	return handler;
	}
	}