001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security; 019 020import java.util.concurrent.ConcurrentHashMap; 021import java.util.concurrent.ConcurrentMap; 022import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind; 023import org.apache.yetus.audience.InterfaceAudience; 024 025import org.apache.hadoop.hbase.shaded.protobuf.generated.AdminProtos; 026import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos; 027import org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos; 028import org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos.MasterService; 029import org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos; 030import org.apache.hadoop.hbase.shaded.protobuf.generated.RegistryProtos; 031 032/** 033 * Maps RPC protocol interfaces to required configuration 034 */ 035@InterfaceAudience.Private 036public class SecurityInfo { 037 /** Maps RPC service names to authentication information */ 038 private static ConcurrentMap<String, SecurityInfo> infos = new ConcurrentHashMap<>(); 039 // populate info for known services 040 static { 041 infos.put(AdminProtos.AdminService.getDescriptor().getName(), 042 new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 043 infos.put(ClientProtos.ClientService.getDescriptor().getName(), 044 new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 045 infos.put(MasterService.getDescriptor().getName(), 046 new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 047 infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(), 048 new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 049 infos.put(MasterProtos.HbckService.getDescriptor().getName(), 050 new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 051 infos.put(RegistryProtos.ClientMetaService.getDescriptor().getName(), 052 new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN)); 053 // NOTE: IF ADDING A NEW SERVICE, BE SURE TO UPDATE HBasePolicyProvider ALSO ELSE 054 // new Service will not be found when all is Kerberized!!!! 055 } 056 057 /** 058 * Adds a security configuration for a new service name. Note that this will have no effect if the 059 * service name was already registered. 060 */ 061 public static void addInfo(String serviceName, SecurityInfo securityInfo) { 062 infos.putIfAbsent(serviceName, securityInfo); 063 } 064 065 /** 066 * Returns the security configuration associated with the given service name. 067 */ 068 public static SecurityInfo getInfo(String serviceName) { 069 return infos.get(serviceName); 070 } 071 072 private final String serverPrincipal; 073 private final Kind tokenKind; 074 075 public SecurityInfo(String serverPrincipal, Kind tokenKind) { 076 this.serverPrincipal = serverPrincipal; 077 this.tokenKind = tokenKind; 078 } 079 080 public String getServerPrincipal() { 081 return serverPrincipal; 082 } 083 084 public Kind getTokenKind() { 085 return tokenKind; 086 } 087}