View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import java.util.concurrent.ConcurrentHashMap;
21  import java.util.concurrent.ConcurrentMap;
22  
23  import org.apache.hadoop.hbase.classification.InterfaceAudience;
24  import org.apache.hadoop.hbase.protobuf.generated.AdminProtos;
25  import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
26  import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
27  import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
28  import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos;
29  
30  /**
31   * Maps RPC protocol interfaces to required configuration
32   */
33  @InterfaceAudience.Private
34  public class SecurityInfo {
35    /** Maps RPC service names to authentication information */
36    private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>();
37    // populate info for known services
38    static {
39      infos.put(AdminProtos.AdminService.getDescriptor().getName(),
40          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
41      infos.put(ClientProtos.ClientService.getDescriptor().getName(),
42          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
43      infos.put(MasterService.getDescriptor().getName(),
44          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
45      infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
46          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
47    }
48  
49    /**
50     * Adds a security configuration for a new service name.  Note that this will have no effect if
51     * the service name was already registered.
52     */
53    public static void addInfo(String serviceName, SecurityInfo securityInfo) {
54      infos.putIfAbsent(serviceName, securityInfo);
55    }
56  
57    /**
58     * Returns the security configuration associated with the given service name.
59     */
60    public static SecurityInfo getInfo(String serviceName) {
61      return infos.get(serviceName);
62    }
63  
64    private final String serverPrincipal;
65    private final Kind tokenKind;
66  
67    public SecurityInfo(String serverPrincipal, Kind tokenKind) {
68      this.serverPrincipal = serverPrincipal;
69      this.tokenKind = tokenKind;
70    }
71  
72    public String getServerPrincipal() {
73      return serverPrincipal;
74    }
75  
76    public Kind getTokenKind() {
77      return tokenKind;
78    }
79  }