001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.rest.filter;
019
020import static org.apache.hadoop.hbase.rest.Constants.REST_AUTHENTICATION_PRINCIPAL;
021import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_INTERFACE;
022import static org.apache.hadoop.hbase.rest.Constants.REST_DNS_NAMESERVER;
023
024import java.io.IOException;
025import java.util.Map;
026import java.util.Properties;
027import javax.servlet.FilterConfig;
028import javax.servlet.ServletException;
029import org.apache.hadoop.conf.Configuration;
030import org.apache.hadoop.hbase.HBaseConfiguration;
031import org.apache.hadoop.hbase.rest.RESTServer;
032import org.apache.hadoop.hbase.util.DNS;
033import org.apache.hadoop.hbase.util.Strings;
034import org.apache.hadoop.security.SecurityUtil;
035import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
036import org.apache.yetus.audience.InterfaceAudience;
037import org.slf4j.Logger;
038import org.slf4j.LoggerFactory;
039
040@InterfaceAudience.Private
041public class AuthFilter extends AuthenticationFilter {
042  private static final Logger LOG = LoggerFactory.getLogger(AuthFilter.class);
043  private static final String REST_PREFIX = "hbase.rest.authentication.";
044  private static final int REST_PREFIX_LEN = REST_PREFIX.length();
045
046  /**
047   * Returns the configuration to be used by the authentication filter to initialize the
048   * authentication handler. This filter retrieves all HBase configurations and passes those started
049   * with REST_PREFIX to the authentication handler. It is useful to support plugging different
050   * authentication handlers.
051   */
052  @Override
053  protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig)
054    throws ServletException {
055    Properties props = super.getConfiguration(configPrefix, filterConfig);
056    // setting the cookie path to root '/' so it is used for all resources.
057    props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
058
059    Configuration conf = null;
060    // Dirty hack to get at the RESTServer's configuration. These should be pulled out
061    // of the FilterConfig.
062    if (RESTServer.conf != null) {
063      conf = RESTServer.conf;
064    } else {
065      conf = HBaseConfiguration.create();
066    }
067    for (Map.Entry<String, String> entry : conf) {
068      String name = entry.getKey();
069      if (name.startsWith(REST_PREFIX)) {
070        String value = entry.getValue();
071        if (name.equals(REST_AUTHENTICATION_PRINCIPAL)) {
072          try {
073            String machineName = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
074              conf.get(REST_DNS_INTERFACE, "default"), conf.get(REST_DNS_NAMESERVER, "default")));
075            value = SecurityUtil.getServerPrincipal(value, machineName);
076          } catch (IOException ie) {
077            throw new ServletException("Failed to retrieve server principal", ie);
078          }
079        }
080        if (LOG.isTraceEnabled()) {
081          LOG.trace("Setting property " + name + "=" + value);
082        }
083        name = name.substring(REST_PREFIX_LEN);
084        props.setProperty(name, value);
085      }
086    }
087    return props;
088  }
089}