Package org.apache.storm.security.auth
Class ClientAuthUtils
java.lang.Object
org.apache.storm.security.auth.ClientAuthUtils
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic booleanareWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not.static booleanareWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).static KerberosTicketcloneKerberosTicket(KerberosTicket kerberosTicket) static KerberosTicketdeserializeKerberosTicket(byte[] tgtBytes) static WorkerTokenfindWorkerToken(Subject subject, WorkerTokenServiceType type) Find a worker token in a given subject with a given token type.static StringPull a the value given section and key from Configuration.static Collection<IAutoCredentials>getAutoCredentials(Map<String, Object> topoConf) Get all of the configured AutoCredential Plugins.static ConfigurationgetConfiguration(Map<String, Object> topoConf) Construct a JAAS configuration object per storm configuration file.static Collection<ICredentialsRenewer>getCredentialRenewers(Map<String, Object> conf) Get all of the configured Credential Renewer Plugins.static AppConfigurationEntry[]getEntries(Configuration configuration, String section) Get configurations for a section.static IGroupMappingServiceProviderConstruct a group mapping service provider plugin.static StringgetJaasConf(Map<String, Object> topoConf) static Collection<INimbusCredentialPlugin>getNimbusAutoCredPlugins(Map<String, Object> conf) Get all the Nimbus Auto cred plugins.static IPrincipalToLocalgetPrincipalToLocalPlugin(Map<String, Object> topoConf) Construct a principal to local plugin.static ITransportPlugingetTransportPlugin(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration.static WorkerTokenInfoGet and deserialize the WorkerTokenInfo in the worker token.static StringmakeDigestPayload(Map<String, Object> topoConf, String configSection) static SubjectpopulateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.pullConfig(Map<String, Object> topoConf, String section) Pull a set of keys out of a Configuration.static WorkerTokenreadWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.static byte[]static byte[]Turn a WorkerTokenInfo in a byte array.static voidsetWorkerToken(Map<String, String> credentials, WorkerToken token) Store a worker token in some credentials.static voidupdateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.static StringGet the key used to store a WorkerToken in the credentials map.
-
Field Details
-
LOGIN_CONTEXT_SERVER
- See Also:
-
LOGIN_CONTEXT_CLIENT
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_DIGEST
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_SERVER
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_CLIENT
- See Also:
-
SERVICE
- See Also:
-
-
Constructor Details
-
ClientAuthUtils
public ClientAuthUtils()
-
-
Method Details
-
getJaasConf
-
getConfiguration
Construct a JAAS configuration object per storm configuration file.- Parameters:
topoConf- Storm configuration- Returns:
- JAAS configuration object
-
getEntries
public static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException Get configurations for a section.- Parameters:
configuration- The config to pull the key/value pairs out of.section- The app configuration entry name to get stuff from.- Returns:
- Return array of config entries or null if configuration is null
- Throws:
IOException
-
pullConfig
public static SortedMap<String,?> pullConfig(Map<String, Object> topoConf, String section) throws IOExceptionPull a set of keys out of a Configuration.- Parameters:
topoConf- The config containing the jaas conf file.section- The app configuration entry name to get stuff from.- Returns:
- Return a map of the configs in conf.
- Throws:
IOException
-
get
public static String get(Map<String, Object> topoConf, String section, String key) throws IOExceptionPull a the value given section and key from Configuration.- Parameters:
topoConf- The config containing the jaas conf file.section- The app configuration entry name to get stuff from.key- The key to look up inside of the section- Returns:
- Return a the String value of the configuration value
- Throws:
IOException
-
getPrincipalToLocalPlugin
Construct a principal to local plugin.- Parameters:
topoConf- storm configuration- Returns:
- the plugin
-
getGroupMappingServiceProviderPlugin
public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String, Object> conf) Construct a group mapping service provider plugin.- Parameters:
conf- daemon configuration- Returns:
- the plugin
-
getCredentialRenewers
Get all of the configured Credential Renewer Plugins.- Parameters:
conf- the storm configuration to use.- Returns:
- the configured credential renewers.
-
getNimbusAutoCredPlugins
Get all the Nimbus Auto cred plugins.- Parameters:
conf- nimbus configuration to use.- Returns:
- nimbus auto credential plugins.
-
getAutoCredentials
Get all of the configured AutoCredential Plugins.- Parameters:
topoConf- the storm configuration to use.- Returns:
- the configured auto credentials.
-
workerTokenCredentialsKey
Get the key used to store a WorkerToken in the credentials map.- Parameters:
type- the type of service to get.- Returns:
- the key as a String.
-
readWorkerToken
public static WorkerToken readWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.- Parameters:
credentials- the credentials map.type- the type of service we are looking for.- Returns:
- the deserialized WorkerToken or null if none could be found.
-
setWorkerToken
Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.- Parameters:
credentials- the credentials map.token- the token you want to store.
-
findWorkerToken
Find a worker token in a given subject with a given token type.- Parameters:
subject- what to look in.type- the type of token to look for.- Returns:
- the token or null.
-
areWorkerTokensEnabledServer
public static boolean areWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not.- Parameters:
multiThriftServer- a collection of Thrift servers to know if the transport support tokens or not. No need to create a token if the transport does not support it.conf- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
areWorkerTokensEnabledServer
public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).- Parameters:
connectionType- the type of server this is for.conf- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
serializeWorkerTokenInfo
Turn a WorkerTokenInfo in a byte array.- Parameters:
wti- what to serialize.- Returns:
- the resulting byte array.
-
getWorkerTokenInfo
Get and deserialize the WorkerTokenInfo in the worker token.- Parameters:
wt- the token.- Returns:
- the deserialized info.
-
populateSubject
public static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.- Parameters:
subject- the subject to populate or null if a new Subject should be created.autos- the IAutoCredentials to call to populate the subject.credentials- the credentials to pull from- Returns:
- the populated subject.
-
updateSubject
public static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.- Parameters:
subject- the subject to updateautos- the IAutoCredentials to call to update the subject.credentials- the credentials to pull from
-
getTransportPlugin
public static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration. -
makeDigestPayload
-
serializeKerberosTicket
- Throws:
Exception
-
deserializeKerberosTicket
-
cloneKerberosTicket
-