001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.rest.filter;
019
020import static org.apache.hadoop.hbase.rest.Constants.REST_AUTHENTICATION_PRINCIPAL;
021import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_INTERFACE;
022import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_NAMESERVER;
023
024import java.io.IOException;
025import java.util.Map;
026import java.util.Properties;
027import javax.servlet.FilterConfig;
028import javax.servlet.ServletException;
029import org.apache.hadoop.conf.Configuration;
030import org.apache.hadoop.hbase.HBaseConfiguration;
031import org.apache.hadoop.hbase.rest.RESTServer;
032import org.apache.hadoop.hbase.util.DNS;
033import org.apache.hadoop.hbase.util.Strings;
034import org.apache.hadoop.security.SecurityUtil;
035import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
036import org.apache.yetus.audience.InterfaceAudience;
037import org.slf4j.Logger;
038import org.slf4j.LoggerFactory;
039
040@InterfaceAudience.Private
041public class AuthFilter extends AuthenticationFilter {
042  private static final Logger LOG = LoggerFactory.getLogger(AuthFilter.class);
043  private static final String REST_PREFIX = "hbase.rest.authentication.";
044  private static final int REST_PREFIX_LEN = REST_PREFIX.length();
045
046  /**
047   * Returns the configuration to be used by the authentication filter
048   * to initialize the authentication handler.
049   *
050   * This filter retrieves all HBase configurations and passes those started
051   * with REST_PREFIX to the authentication handler.  It is useful to support
052   * plugging different authentication handlers.
053  */
054  @Override
055  protected Properties getConfiguration(
056      String configPrefix, FilterConfig filterConfig) throws ServletException {
057    Properties props = super.getConfiguration(configPrefix, filterConfig);
058    //setting the cookie path to root '/' so it is used for all resources.
059    props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
060
061    Configuration conf = null;
062    // Dirty hack to get at the RESTServer's configuration. These should be pulled out
063    // of the FilterConfig.
064    if (RESTServer.conf != null) {
065      conf = RESTServer.conf;
066    } else {
067      conf = HBaseConfiguration.create();
068    }
069    for (Map.Entry<String, String> entry : conf) {
070      String name = entry.getKey();
071      if (name.startsWith(REST_PREFIX)) {
072        String value = entry.getValue();
073        if(name.equals(REST_AUTHENTICATION_PRINCIPAL))  {
074          try {
075            String machineName = Strings.domainNamePointerToHostName(
076              DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
077                conf.get(REST_DNS_NAMESERVER, "default")));
078            value = SecurityUtil.getServerPrincipal(value, machineName);
079          } catch (IOException ie) {
080            throw new ServletException("Failed to retrieve server principal", ie);
081          }
082        }
083        if (LOG.isTraceEnabled()) {
084          LOG.trace("Setting property " + name + "=" + value);
085        }
086        name = name.substring(REST_PREFIX_LEN);
087        props.setProperty(name, value);
088      }
089    }
090    return props;
091  }
092}