storm-client/src/jvm/org/apache/storm/security/auth/workertoken/WorkerTokenClientCallbackHandler.java - storm - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.  The ASF licenses this file to you under the Apache License, Version
  * 2.0 (the "License"); you may not use this file except in compliance with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
  * and limitations under the License.
  */

 package org.apache.storm.security.auth.workertoken;

 import java.security.AccessController;
 import java.util.Base64;
 import javax.security.auth.Subject;
 import org.apache.storm.generated.WorkerToken;
 import org.apache.storm.generated.WorkerTokenServiceType;
 import org.apache.storm.security.auth.ClientAuthUtils;
 import org.apache.storm.security.auth.ThriftConnectionType;
 import org.apache.storm.security.auth.sasl.SimpleSaslClientCallbackHandler;

 /**
  * A Client callback handler for a WorkerToken.  In general a client that wants to support worker tokens should first check if a WorkerToken
  * is available for the specific connection type by calling findWorkerTokenInSubject.  If that returns a token, then proceed to create and
  * use this with a DIGEST-MD5 SaslClient. If not you should fall back to whatever other client auth you want to do.
  */
 public class WorkerTokenClientCallbackHandler extends SimpleSaslClientCallbackHandler {

     /**
      * Constructor.
      *
      * @param token the token to use to authenticate.  This was probably retrieved by calling findWorkerTokenInSubject.
      */
     public WorkerTokenClientCallbackHandler(WorkerToken token) {
         super(Base64.getEncoder().encodeToString(token.get_info()),
               Base64.getEncoder().encodeToString(token.get_signature()));
     }

     /**
      * Look in the current subject for a WorkerToken.  This should really only happen when we are in a worker, because the tokens will not
      * be placed in anything else.
      *
      * @param type the type of connection we need a token for.
      * @return the found token or null.
      */
     public static WorkerToken findWorkerTokenInSubject(ThriftConnectionType type) {
         WorkerTokenServiceType serviceType = type.getWtType();
         WorkerToken ret = null;
         if (serviceType != null) {
             Subject subject = Subject.getSubject(AccessController.getContext());
             if (subject != null) {
                 ret = ClientAuthUtils.findWorkerToken(subject, serviceType);
             }
         }
         return ret;
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version
	* 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
	* and limitations under the License.
	*/

	package org.apache.storm.security.auth.workertoken;

	import java.security.AccessController;
	import java.util.Base64;
	import javax.security.auth.Subject;
	import org.apache.storm.generated.WorkerToken;
	import org.apache.storm.generated.WorkerTokenServiceType;
	import org.apache.storm.security.auth.ClientAuthUtils;
	import org.apache.storm.security.auth.ThriftConnectionType;
	import org.apache.storm.security.auth.sasl.SimpleSaslClientCallbackHandler;

	/**
	* A Client callback handler for a WorkerToken. In general a client that wants to support worker tokens should first check if a WorkerToken
	* is available for the specific connection type by calling findWorkerTokenInSubject. If that returns a token, then proceed to create and
	* use this with a DIGEST-MD5 SaslClient. If not you should fall back to whatever other client auth you want to do.
	*/
	public class WorkerTokenClientCallbackHandler extends SimpleSaslClientCallbackHandler {

	/**
	* Constructor.
	*
	* @param token the token to use to authenticate. This was probably retrieved by calling findWorkerTokenInSubject.
	*/
	public WorkerTokenClientCallbackHandler(WorkerToken token) {
	super(Base64.getEncoder().encodeToString(token.get_info()),
	Base64.getEncoder().encodeToString(token.get_signature()));
	}

	/**
	* Look in the current subject for a WorkerToken. This should really only happen when we are in a worker, because the tokens will not
	* be placed in anything else.
	*
	* @param type the type of connection we need a token for.
	* @return the found token or null.
	*/
	public static WorkerToken findWorkerTokenInSubject(ThriftConnectionType type) {
	WorkerTokenServiceType serviceType = type.getWtType();
	WorkerToken ret = null;
	if (serviceType != null) {
	Subject subject = Subject.getSubject(AccessController.getContext());
	if (subject != null) {
	ret = ClientAuthUtils.findWorkerToken(subject, serviceType);
	}
	}
	return ret;
	}
	}