hbase-examples/src/main/java/org/apache/hadoop/hbase/security/provider/example/ShadeSaslClientAuthenticationProvider.java - hbase - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.hbase.security.provider.example;

 import java.io.IOException;
 import java.net.InetAddress;
 import java.util.Map;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.sasl.RealmCallback;
 import javax.security.sasl.RealmChoiceCallback;
 import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslClient;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.security.SaslUtil;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.yetus.audience.InterfaceAudience;

 import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation;

 @InterfaceAudience.Private
 public class ShadeSaslClientAuthenticationProvider extends ShadeSaslAuthenticationProvider
   implements SaslClientAuthenticationProvider {

   @Override
   public SaslClient createClient(Configuration conf, InetAddress serverAddr, String serverPrincipal,
     Token<? extends TokenIdentifier> token, boolean fallbackAllowed, Map<String, String> saslProps)
     throws IOException {
     return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null,
       null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new ShadeSaslClientCallbackHandler(token));
   }

   @Override
   public UserInformation getUserInfo(User user) {
     UserInformation.Builder userInfoPB = UserInformation.newBuilder();
     userInfoPB.setEffectiveUser(user.getUGI().getUserName());
     return userInfoPB.build();
   }

   @Override
   public boolean canRetry() {
     // A static username/password either works or it doesn't. No kind of relogin/retry necessary.
     return false;
   }

   static class ShadeSaslClientCallbackHandler implements CallbackHandler {
     private final String username;
     private final char[] password;

     public ShadeSaslClientCallbackHandler(Token<? extends TokenIdentifier> token)
       throws IOException {
       TokenIdentifier id = token.decodeIdentifier();
       if (id == null) {
         // Something is wrong with the environment if we can't get our Identifier back out.
         throw new IllegalStateException("Could not extract Identifier from Token");
       }
       this.username = id.getUser().getUserName();
       this.password = Bytes.toString(token.getPassword()).toCharArray();
     }

     @Override
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
       NameCallback nc = null;
       PasswordCallback pc = null;
       RealmCallback rc = null;
       for (Callback callback : callbacks) {
         if (callback instanceof RealmChoiceCallback) {
           continue;
         } else if (callback instanceof NameCallback) {
           nc = (NameCallback) callback;
         } else if (callback instanceof PasswordCallback) {
           pc = (PasswordCallback) callback;
         } else if (callback instanceof RealmCallback) {
           rc = (RealmCallback) callback;
         } else {
           throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
         }
       }
       if (nc != null) {
         nc.setName(username);
       }
       if (pc != null) {
         pc.setPassword(password);
       }
       if (rc != null) {
         rc.setText(rc.getDefaultText());
       }
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.hbase.security.provider.example;

	import java.io.IOException;
	import java.net.InetAddress;
	import java.util.Map;
	import javax.security.auth.callback.Callback;
	import javax.security.auth.callback.CallbackHandler;
	import javax.security.auth.callback.NameCallback;
	import javax.security.auth.callback.PasswordCallback;
	import javax.security.auth.callback.UnsupportedCallbackException;
	import javax.security.sasl.RealmCallback;
	import javax.security.sasl.RealmChoiceCallback;
	import javax.security.sasl.Sasl;
	import javax.security.sasl.SaslClient;
	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.hbase.security.SaslUtil;
	import org.apache.hadoop.hbase.security.User;
	import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;
	import org.apache.hadoop.hbase.util.Bytes;
	import org.apache.hadoop.security.token.Token;
	import org.apache.hadoop.security.token.TokenIdentifier;
	import org.apache.yetus.audience.InterfaceAudience;

	import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation;

	@InterfaceAudience.Private
	public class ShadeSaslClientAuthenticationProvider extends ShadeSaslAuthenticationProvider
	implements SaslClientAuthenticationProvider {

	@Override
	public SaslClient createClient(Configuration conf, InetAddress serverAddr, String serverPrincipal,
	Token<? extends TokenIdentifier> token, boolean fallbackAllowed, Map<String, String> saslProps)
	throws IOException {
	return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null,
	null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new ShadeSaslClientCallbackHandler(token));
	}

	@Override
	public UserInformation getUserInfo(User user) {
	UserInformation.Builder userInfoPB = UserInformation.newBuilder();
	userInfoPB.setEffectiveUser(user.getUGI().getUserName());
	return userInfoPB.build();
	}

	@Override
	public boolean canRetry() {
	// A static username/password either works or it doesn't. No kind of relogin/retry necessary.
	return false;
	}

	static class ShadeSaslClientCallbackHandler implements CallbackHandler {
	private final String username;
	private final char[] password;

	public ShadeSaslClientCallbackHandler(Token<? extends TokenIdentifier> token)
	throws IOException {
	TokenIdentifier id = token.decodeIdentifier();
	if (id == null) {
	// Something is wrong with the environment if we can't get our Identifier back out.
	throw new IllegalStateException("Could not extract Identifier from Token");
	}
	this.username = id.getUser().getUserName();
	this.password = Bytes.toString(token.getPassword()).toCharArray();
	}

	@Override
	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
	NameCallback nc = null;
	PasswordCallback pc = null;
	RealmCallback rc = null;
	for (Callback callback : callbacks) {
	if (callback instanceof RealmChoiceCallback) {
	continue;
	} else if (callback instanceof NameCallback) {
	nc = (NameCallback) callback;
	} else if (callback instanceof PasswordCallback) {
	pc = (PasswordCallback) callback;
	} else if (callback instanceof RealmCallback) {
	rc = (RealmCallback) callback;
	} else {
	throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
	}
	}
	if (nc != null) {
	nc.setName(username);
	}
	if (pc != null) {
	pc.setPassword(password);
	}
	if (rc != null) {
	rc.setText(rc.getDefaultText());
	}
	}
	}
	}