View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.rest.filter;
19  
20  import static org.apache.hadoop.hbase.rest.Constants.REST_AUTHENTICATION_PRINCIPAL;
21  import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_INTERFACE;
22  import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_NAMESERVER;
23  
24  import java.io.IOException;
25  import java.util.Map;
26  import java.util.Properties;
27  
28  import javax.servlet.FilterConfig;
29  import javax.servlet.ServletException;
30  
31  import org.apache.commons.logging.Log;
32  import org.apache.commons.logging.LogFactory;
33  import org.apache.hadoop.conf.Configuration;
34  import org.apache.hadoop.hbase.HBaseConfiguration;
35  import org.apache.hadoop.hbase.util.DNS;
36  import org.apache.hadoop.hbase.util.Strings;
37  import org.apache.hadoop.security.SecurityUtil;
38  import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
39  
40  public class AuthFilter extends AuthenticationFilter {
41    private static final Log LOG = LogFactory.getLog(AuthFilter.class);
42    private static final String REST_PREFIX = "hbase.rest.authentication.";
43    private static final int REST_PREFIX_LEN = REST_PREFIX.length();
44  
45    /**
46     * Returns the configuration to be used by the authentication filter
47     * to initialize the authentication handler.
48     *
49     * This filter retrieves all HBase configurations and passes those started
50     * with REST_PREFIX to the authentication handler.  It is useful to support
51     * plugging different authentication handlers.
52    */
53    @Override
54    protected Properties getConfiguration(
55        String configPrefix, FilterConfig filterConfig) throws ServletException {
56      Properties props = super.getConfiguration(configPrefix, filterConfig);
57      //setting the cookie path to root '/' so it is used for all resources.
58      props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
59  
60      Configuration conf = HBaseConfiguration.create();
61      for (Map.Entry<String, String> entry : conf) {
62        String name = entry.getKey();
63        if (name.startsWith(REST_PREFIX)) {
64          String value = entry.getValue();
65          if(name.equals(REST_AUTHENTICATION_PRINCIPAL))  {
66            try {
67              String machineName = Strings.domainNamePointerToHostName(
68                DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
69                  conf.get(REST_DNS_NAMESERVER, "default")));
70              value = SecurityUtil.getServerPrincipal(value, machineName);
71            } catch (IOException ie) {
72              throw new ServletException("Failed to retrieve server principal", ie);
73            }
74          }
75          if (LOG.isTraceEnabled()) {
76            LOG.trace("Setting property " + name + "=" + value);
77          }
78          name = name.substring(REST_PREFIX_LEN);
79          props.setProperty(name, value);
80        }
81      }
82      return props;
83    }
84  }