hadoop-common-project/hadoop-auth/src/site/apt/Examples.apt.vm - hadoop - Git at Google

 ~~ Licensed under the Apache License, Version 2.0 (the "License");
 ~~ you may not use this file except in compliance with the License.
 ~~ You may obtain a copy of the License at
 ~~
 ~~   http://www.apache.org/licenses/LICENSE-2.0
 ~~
 ~~ Unless required by applicable law or agreed to in writing, software
 ~~ distributed under the License is distributed on an "AS IS" BASIS,
 ~~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ~~ See the License for the specific language governing permissions and
 ~~ limitations under the License. See accompanying LICENSE file.

   ---
   Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples
   ---
   ---
   ${maven.build.timestamp}

 Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples

   \[ {{{./index.html}Go Back}} \]

 * Accessing a Hadoop Auth protected URL Using a browser

   <<IMPORTANT:>> The browser must support HTTP Kerberos SPNEGO. For example,
   Firefox or Internet Explorer.

   For Firefox access the low level configuration page by loading the
   <<<about:config>>> page. Then go to the
   <<<network.negotiate-auth.trusted-uris>>> preference and add the hostname or
   the domain of the web server that is HTTP Kerberos SPNEGO protected (if using
   multiple domains and hostname use comma to separate them).

 * Accessing a Hadoop Auth protected URL Using <<<curl>>>

   <<IMPORTANT:>> The <<<curl>>> version must support GSS, run <<<curl -V>>>.

 +---+
 $ curl -V
 curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
 Protocols: tftp ftp telnet dict ldap http file https ftps
 Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
 +---+

   Login to the KDC using <<kinit>> and then use <<<curl>>> to fetch protected
   URL:

 +---+
 $ kinit
 Please enter the password for tucu@LOCALHOST:
 $ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
 Enter host password for user 'tucu':

 Hello Hadoop Auth Examples!
 +---+

   * The <<<--negotiate>>> option enables SPNEGO in <<<curl>>>.

   * The <<<-u foo>>> option is required but the user ignored (the principal
     that has been kinit-ed is used).

   * The <<<-b>>> and <<<-c>>> are use to store and send HTTP Cookies.

 * Using the Java Client

   Use the <<<AuthenticatedURL>>> class to obtain an authenticated HTTP
   connection:

 +---+
 ...
 URL url = new URL("http://localhost:8080/hadoop-auth/kerberos/who");
 AuthenticatedURL.Token token = new AuthenticatedURL.Token();
 ...
 HttpURLConnection conn = new AuthenticatedURL(url, token).openConnection();
 ...
 conn = new AuthenticatedURL(url, token).openConnection();
 ...
 +---+

 * Building and Running the Examples

   Download Hadoop-Auth's source code, the examples are in the
   <<<src/main/examples>>> directory.

 ** Server Example:

   Edit the <<<hadoop-auth-examples/src/main/webapp/WEB-INF/web.xml>>> and set the
   right configuration init parameters for the <<<AuthenticationFilter>>>
   definition configured for Kerberos (the right Kerberos principal and keytab
   file must be specified). Refer to the {{{./Configuration.html}Configuration
   document}} for details.

   Create the web application WAR file by running the <<<mvn package>>> command.

   Deploy the WAR file in a servlet container. For example, if using Tomcat,
   copy the WAR file to Tomcat's <<<webapps/>>> directory.

   Start the servlet container.

 ** Accessing the server using <<<curl>>>

   Try accessing protected resources using <<<curl>>>. The protected resources
   are:

 +---+
 $ kinit
 Please enter the password for tucu@LOCALHOST:

 $ curl http://localhost:8080/hadoop-auth-examples/anonymous/who

 $ curl http://localhost:8080/hadoop-auth-examples/simple/who?user.name=foo

 $ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
 +---+

 ** Accessing the server using the Java client example

 +---+
 $ kinit
 Please enter the password for tucu@LOCALHOST:

 $ cd examples

 $ mvn exec:java -Durl=http://localhost:8080/hadoop-auth-examples/kerberos/who

 ....

 Token value: "u=tucu,p=tucu@LOCALHOST,t=kerberos,e=1295305313146,s=sVZ1mpSnC5TKhZQE3QLN5p2DWBo="
 Status code: 200 OK

 You are: user[tucu] principal[tucu@LOCALHOST]

 ....

 +---+

   \[ {{{./index.html}Go Back}} \]
	~~ Licensed under the Apache License, Version 2.0 (the "License");
	~~ you may not use this file except in compliance with the License.
	~~ You may obtain a copy of the License at
	~~
	~~ http://www.apache.org/licenses/LICENSE-2.0
	~~
	~~ Unless required by applicable law or agreed to in writing, software
	~~ distributed under the License is distributed on an "AS IS" BASIS,
	~~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	~~ See the License for the specific language governing permissions and
	~~ limitations under the License. See accompanying LICENSE file.

	---
	Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples
	---
	---
	${maven.build.timestamp}

	Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples

	\[ {{{./index.html}Go Back}} \]

	* Accessing a Hadoop Auth protected URL Using a browser

	<<IMPORTANT:>> The browser must support HTTP Kerberos SPNEGO. For example,
	Firefox or Internet Explorer.

	For Firefox access the low level configuration page by loading the
	<<<about:config>>> page. Then go to the
	<<<network.negotiate-auth.trusted-uris>>> preference and add the hostname or
	the domain of the web server that is HTTP Kerberos SPNEGO protected (if using
	multiple domains and hostname use comma to separate them).

	* Accessing a Hadoop Auth protected URL Using <<<curl>>>

	<<IMPORTANT:>> The <<<curl>>> version must support GSS, run <<<curl -V>>>.

	+---+
	$ curl -V
	curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
	Protocols: tftp ftp telnet dict ldap http file https ftps
	Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
	+---+

	Login to the KDC using <<kinit>> and then use <<<curl>>> to fetch protected
	URL:

	+---+
	$ kinit
	Please enter the password for tucu@LOCALHOST:
	$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
	Enter host password for user 'tucu':

	Hello Hadoop Auth Examples!
	+---+

	* The <<<--negotiate>>> option enables SPNEGO in <<<curl>>>.

	* The <<<-u foo>>> option is required but the user ignored (the principal
	that has been kinit-ed is used).

	* The <<<-b>>> and <<<-c>>> are use to store and send HTTP Cookies.

	* Using the Java Client

	Use the <<<AuthenticatedURL>>> class to obtain an authenticated HTTP
	connection:

	+---+
	...
	URL url = new URL("http://localhost:8080/hadoop-auth/kerberos/who");
	AuthenticatedURL.Token token = new AuthenticatedURL.Token();
	...
	HttpURLConnection conn = new AuthenticatedURL(url, token).openConnection();
	...
	conn = new AuthenticatedURL(url, token).openConnection();
	...
	+---+

	* Building and Running the Examples

	Download Hadoop-Auth's source code, the examples are in the
	<<<src/main/examples>>> directory.

	** Server Example:

	Edit the <<<hadoop-auth-examples/src/main/webapp/WEB-INF/web.xml>>> and set the
	right configuration init parameters for the <<<AuthenticationFilter>>>
	definition configured for Kerberos (the right Kerberos principal and keytab
	file must be specified). Refer to the {{{./Configuration.html}Configuration
	document}} for details.

	Create the web application WAR file by running the <<<mvn package>>> command.

	Deploy the WAR file in a servlet container. For example, if using Tomcat,
	copy the WAR file to Tomcat's <<<webapps/>>> directory.

	Start the servlet container.

	** Accessing the server using <<<curl>>>

	Try accessing protected resources using <<<curl>>>. The protected resources
	are:

	+---+
	$ kinit
	Please enter the password for tucu@LOCALHOST:

	$ curl http://localhost:8080/hadoop-auth-examples/anonymous/who

	$ curl http://localhost:8080/hadoop-auth-examples/simple/who?user.name=foo

	$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
	+---+

	** Accessing the server using the Java client example

	+---+
	$ kinit
	Please enter the password for tucu@LOCALHOST:

	$ cd examples

	$ mvn exec:java -Durl=http://localhost:8080/hadoop-auth-examples/kerberos/who

	....

	Token value: "u=tucu,p=tucu@LOCALHOST,t=kerberos,e=1295305313146,s=sVZ1mpSnC5TKhZQE3QLN5p2DWBo="
	Status code: 200 OK

	You are: user[tucu] principal[tucu@LOCALHOST]

	....

	+---+

	\[ {{{./index.html}Go Back}} \]