Google Git
Sign in
apache / knox / b144016b629be5fd4c526e25e5d40d2c4265c761 / . / gateway-admin-ui / admin-ui / app / provider-config-wizard / kerberos-provider-config.ts
blob: 37c2dda2bde87a99c7e1f835b0fcd7857772bb56 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import {AuthenticationProviderConfig} from './authentication-provider-config';
import {ValidationUtils} from '../utils/validation-utils';
export class KerberosProviderConfig extends AuthenticationProviderConfig {
static CONFIG_PREFIX = 'Config Prefix';
static SIG_SECRET = 'Signature Secret';
static TYPE = 'Type';
static ANON_ALLOWED = 'Allow Anonymous';
static TOKEN_VALIDITY = 'Token Expiration';
static COOKIE_DOMAIN = 'Domain';
static COOKIE_PATH = 'Path';
static KRB_PRINCIPAL = 'Principal';
static KRB_KEYTAB = 'KeyTab';
static KRB_RULES = 'Name Rules';
private static displayPropertyNames = [KerberosProviderConfig.CONFIG_PREFIX,
KerberosProviderConfig.SIG_SECRET,
KerberosProviderConfig.ANON_ALLOWED,
KerberosProviderConfig.TOKEN_VALIDITY,
KerberosProviderConfig.COOKIE_DOMAIN,
KerberosProviderConfig.COOKIE_PATH,
KerberosProviderConfig.KRB_PRINCIPAL,
KerberosProviderConfig.KRB_KEYTAB,
KerberosProviderConfig.KRB_RULES
];
private static displayPropertyNameBindings: Map<string, string> =
new Map([
[KerberosProviderConfig.CONFIG_PREFIX, 'config.prefix'],
[KerberosProviderConfig.SIG_SECRET, 'signature.secret'],
[KerberosProviderConfig.TYPE, 'type'],
[KerberosProviderConfig.ANON_ALLOWED, 'simple.anonymous.allowed'],
[KerberosProviderConfig.TOKEN_VALIDITY, 'token.validity'],
[KerberosProviderConfig.COOKIE_DOMAIN, 'cookie.domain'],
[KerberosProviderConfig.COOKIE_PATH, 'cookie.path'],
[KerberosProviderConfig.KRB_PRINCIPAL, 'kerberos.principal'],
[KerberosProviderConfig.KRB_KEYTAB, 'kerberos.keytab'],
[KerberosProviderConfig.KRB_RULES, 'kerberos.name.rules']
]);
constructor() {
super('HadoopAuth');
this.setParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX), 'hadoop.auth.config');
this.setParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.TYPE), 'kerberos');
}
getDisplayPropertyNames(): string[] {
return KerberosProviderConfig.displayPropertyNames;
}
getDisplayNamePropertyBinding(name: string) {
let propName: string;
if (name === KerberosProviderConfig.CONFIG_PREFIX) {
propName = KerberosProviderConfig.displayPropertyNameBindings.get(name);
} else {
let prefix = this.getParam(KerberosProviderConfig.displayPropertyNameBindings.get(KerberosProviderConfig.CONFIG_PREFIX));
if (prefix) {
propName = prefix + '.' + KerberosProviderConfig.displayPropertyNameBindings.get(name);
} else {
propName = KerberosProviderConfig.displayPropertyNameBindings.get(name);
}
}
return propName;
}
isPasswordParam(name: string): boolean {
return (name === KerberosProviderConfig.SIG_SECRET);
}
setParam(name: string, value: string) {
console.debug('KerberosProviderConfig --> setParam(' + name + ', ' + value + ')'); // TODO: PJZ: DELETE ME
if (name === this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX)) {
// If the config prefix property has changed, then the properties need to be modified accordingly
let prevPrefix = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX));
if (value !== prevPrefix) {
// Iterate over those properties which have already been set
for (let propName of this.getParamNames()) {
console.debug('\tPrevious property ' + propName);
if (propName.startsWith(prevPrefix)) { // If the property name includes the previous config prefix
let suffix = propName.substring(prevPrefix.length + 1); // prefix + '.'
let newPropName = value + '.' + suffix;
this.setParam(newPropName, this.getParam(propName));
console.debug('\tRenamed ' + propName + ' to ' + newPropName + ' because config prefix changed.');
this.removeParam(propName);
console.debug('\tDeleted ' + propName + ' because config prefix changed.');
}
}
super.setParam(name, value); // Update the config prefix property itself
}
} else {
super.setParam(name, value);
}
}
isValidParamValue(paramName: string): boolean {
let isValid = true;
switch (paramName) {
case KerberosProviderConfig.ANON_ALLOWED:
isValid = this.isValidAllowAnon();
break;
case KerberosProviderConfig.TOKEN_VALIDITY:
isValid = this.isValidTokenExpiration();
break;
default:
isValid = true;
}
return isValid;
}
private isValidTokenExpiration(): boolean {
let isValid = true;
let tokenExpiration = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.TOKEN_VALIDITY));
if (tokenExpiration) {
isValid = ValidationUtils.isValidNumber(tokenExpiration);
if (!isValid) {
console.debug(KerberosProviderConfig.TOKEN_VALIDITY + ' value is not valid.');
}
}
return isValid;
}
private isValidAllowAnon(): boolean {
let isValid = true;
let allowAnon = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.ANON_ALLOWED));
if (allowAnon) {
isValid = ValidationUtils.isValidBoolean(allowAnon);
if (!isValid) {
console.debug(KerberosProviderConfig.ANON_ALLOWED + ' value is not valid.');
}
}
return isValid;
}
}