001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security.provider.example; 019 020import java.io.IOException; 021import java.net.InetAddress; 022import java.util.Map; 023import javax.security.auth.callback.Callback; 024import javax.security.auth.callback.CallbackHandler; 025import javax.security.auth.callback.NameCallback; 026import javax.security.auth.callback.PasswordCallback; 027import javax.security.auth.callback.UnsupportedCallbackException; 028import javax.security.sasl.RealmCallback; 029import javax.security.sasl.RealmChoiceCallback; 030import javax.security.sasl.Sasl; 031import javax.security.sasl.SaslClient; 032import org.apache.hadoop.conf.Configuration; 033import org.apache.hadoop.hbase.security.SaslUtil; 034import org.apache.hadoop.hbase.security.SecurityInfo; 035import org.apache.hadoop.hbase.security.User; 036import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider; 037import org.apache.hadoop.hbase.util.Bytes; 038import org.apache.hadoop.security.token.Token; 039import org.apache.hadoop.security.token.TokenIdentifier; 040import org.apache.yetus.audience.InterfaceAudience; 041 042import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation; 043 044@InterfaceAudience.Private 045public class ShadeSaslClientAuthenticationProvider extends ShadeSaslAuthenticationProvider 046 implements SaslClientAuthenticationProvider { 047 048 @Override 049 public SaslClient createClient(Configuration conf, InetAddress serverAddr, 050 SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed, 051 Map<String, String> saslProps) throws IOException { 052 return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null, 053 null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new ShadeSaslClientCallbackHandler(token)); 054 } 055 056 @Override 057 public UserInformation getUserInfo(User user) { 058 UserInformation.Builder userInfoPB = UserInformation.newBuilder(); 059 userInfoPB.setEffectiveUser(user.getUGI().getUserName()); 060 return userInfoPB.build(); 061 } 062 063 static class ShadeSaslClientCallbackHandler implements CallbackHandler { 064 private final String username; 065 private final char[] password; 066 067 public ShadeSaslClientCallbackHandler(Token<? extends TokenIdentifier> token) 068 throws IOException { 069 TokenIdentifier id = token.decodeIdentifier(); 070 if (id == null) { 071 // Something is wrong with the environment if we can't get our Identifier back out. 072 throw new IllegalStateException("Could not extract Identifier from Token"); 073 } 074 this.username = id.getUser().getUserName(); 075 this.password = Bytes.toString(token.getPassword()).toCharArray(); 076 } 077 078 @Override 079 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 080 NameCallback nc = null; 081 PasswordCallback pc = null; 082 RealmCallback rc = null; 083 for (Callback callback : callbacks) { 084 if (callback instanceof RealmChoiceCallback) { 085 continue; 086 } else if (callback instanceof NameCallback) { 087 nc = (NameCallback) callback; 088 } else if (callback instanceof PasswordCallback) { 089 pc = (PasswordCallback) callback; 090 } else if (callback instanceof RealmCallback) { 091 rc = (RealmCallback) callback; 092 } else { 093 throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback"); 094 } 095 } 096 if (nc != null) { 097 nc.setName(username); 098 } 099 if (pc != null) { 100 pc.setPassword(password); 101 } 102 if (rc != null) { 103 rc.setText(rc.getDefaultText()); 104 } 105 } 106 } 107}