public class ClientAuthUtils extends Object
Modifier and Type | Field and Description |
---|---|
static String |
LOGIN_CONTEXT_CLIENT |
static String |
LOGIN_CONTEXT_PACEMAKER_CLIENT |
static String |
LOGIN_CONTEXT_PACEMAKER_DIGEST |
static String |
LOGIN_CONTEXT_PACEMAKER_SERVER |
static String |
LOGIN_CONTEXT_SERVER |
static String |
SERVICE |
Constructor and Description |
---|
ClientAuthUtils() |
Modifier and Type | Method and Description |
---|---|
static boolean |
areWorkerTokensEnabledServer(ThriftConnectionType connectionType,
Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not (for a given server).
|
static boolean |
areWorkerTokensEnabledServer(ThriftServer server,
Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not.
|
static KerberosTicket |
cloneKerberosTicket(KerberosTicket kerberosTicket) |
static KerberosTicket |
deserializeKerberosTicket(byte[] tgtBytes) |
static WorkerToken |
findWorkerToken(Subject subject,
WorkerTokenServiceType type)
Find a worker token in a given subject with a given token type.
|
static String |
get(Map<String,Object> topoConf,
String section,
String key)
Pull a the value given section and key from Configuration.
|
static Collection<IAutoCredentials> |
getAutoCredentials(Map<String,Object> topoConf)
Get all of the configured AutoCredential Plugins.
|
static Configuration |
getConfiguration(Map<String,Object> topoConf)
Construct a JAAS configuration object per storm configuration file.
|
static Collection<ICredentialsRenewer> |
getCredentialRenewers(Map<String,Object> conf)
Get all of the configured Credential Renewer Plugins.
|
static AppConfigurationEntry[] |
getEntries(Configuration configuration,
String section)
Get configurations for a section.
|
static IGroupMappingServiceProvider |
getGroupMappingServiceProviderPlugin(Map<String,Object> conf)
Construct a group mapping service provider plugin.
|
static String |
getJaasConf(Map<String,Object> topoConf) |
static Collection<INimbusCredentialPlugin> |
getNimbusAutoCredPlugins(Map<String,Object> conf)
Get all the Nimbus Auto cred plugins.
|
static IPrincipalToLocal |
getPrincipalToLocalPlugin(Map<String,Object> topoConf)
Construct a principal to local plugin.
|
static ITransportPlugin |
getTransportPlugin(ThriftConnectionType type,
Map<String,Object> topoConf)
Construct a transport plugin per storm configuration.
|
static WorkerTokenInfo |
getWorkerTokenInfo(WorkerToken wt)
Get and deserialize the WorkerTokenInfo in the worker token.
|
static String |
makeDigestPayload(Map<String,Object> topoConf,
String configSection) |
static Subject |
populateSubject(Subject subject,
Collection<IAutoCredentials> autos,
Map<String,String> credentials)
Populate a subject from credentials using the IAutoCredentials.
|
static SortedMap<String,?> |
pullConfig(Map<String,Object> topoConf,
String section)
Pull a set of keys out of a Configuration.
|
static WorkerToken |
readWorkerToken(Map<String,String> credentials,
WorkerTokenServiceType type)
Read a WorkerToken out of credentials for the given type.
|
static byte[] |
serializeKerberosTicket(KerberosTicket tgt) |
static byte[] |
serializeWorkerTokenInfo(WorkerTokenInfo wti)
Turn a WorkerTokenInfo in a byte array.
|
static void |
setWorkerToken(Map<String,String> credentials,
WorkerToken token)
Store a worker token in some credentials.
|
static void |
updateSubject(Subject subject,
Collection<IAutoCredentials> autos,
Map<String,String> credentials)
Update a subject from credentials using the IAutoCredentials.
|
static String |
workerTokenCredentialsKey(WorkerTokenServiceType type)
Get the key used to store a WorkerToken in the credentials map.
|
public static final String LOGIN_CONTEXT_SERVER
public static final String LOGIN_CONTEXT_CLIENT
public static final String LOGIN_CONTEXT_PACEMAKER_DIGEST
public static final String LOGIN_CONTEXT_PACEMAKER_SERVER
public static final String LOGIN_CONTEXT_PACEMAKER_CLIENT
public static final String SERVICE
public static Configuration getConfiguration(Map<String,Object> topoConf)
Construct a JAAS configuration object per storm configuration file.
topoConf
- Storm configurationpublic static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException
Get configurations for a section.
configuration
- The config to pull the key/value pairs out of.section
- The app configuration entry name to get stuff from.IOException
public static SortedMap<String,?> pullConfig(Map<String,Object> topoConf, String section) throws IOException
Pull a set of keys out of a Configuration.
topoConf
- The config containing the jaas conf file.section
- The app configuration entry name to get stuff from.IOException
public static String get(Map<String,Object> topoConf, String section, String key) throws IOException
Pull a the value given section and key from Configuration.
topoConf
- The config containing the jaas conf file.section
- The app configuration entry name to get stuff from.key
- The key to look up inside of the sectionIOException
public static IPrincipalToLocal getPrincipalToLocalPlugin(Map<String,Object> topoConf)
Construct a principal to local plugin.
topoConf
- storm configurationpublic static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String,Object> conf)
Construct a group mapping service provider plugin.
conf
- daemon configurationpublic static Collection<ICredentialsRenewer> getCredentialRenewers(Map<String,Object> conf)
Get all of the configured Credential Renewer Plugins.
conf
- the storm configuration to use.public static Collection<INimbusCredentialPlugin> getNimbusAutoCredPlugins(Map<String,Object> conf)
Get all the Nimbus Auto cred plugins.
conf
- nimbus configuration to use.public static Collection<IAutoCredentials> getAutoCredentials(Map<String,Object> topoConf)
Get all of the configured AutoCredential Plugins.
topoConf
- the storm configuration to use.public static String workerTokenCredentialsKey(WorkerTokenServiceType type)
Get the key used to store a WorkerToken in the credentials map.
type
- the type of service to get.public static WorkerToken readWorkerToken(Map<String,String> credentials, WorkerTokenServiceType type)
Read a WorkerToken out of credentials for the given type.
credentials
- the credentials map.type
- the type of service we are looking for.public static void setWorkerToken(Map<String,String> credentials, WorkerToken token)
Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.
credentials
- the credentials map.token
- the token you want to store.public static WorkerToken findWorkerToken(Subject subject, WorkerTokenServiceType type)
Find a worker token in a given subject with a given token type.
subject
- what to look in.type
- the type of token to look for.public static boolean areWorkerTokensEnabledServer(ThriftServer server, Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not.
server
- a Thrift server to know if the transport support tokens or not. No need to create a token if the transport does not support it.conf
- the daemon configuration to be sure the tokens are secure.public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String,Object> conf)
Check if worker tokens should be enabled on the server side or not (for a given server).
connectionType
- the type of server this is for.conf
- the daemon configuration to be sure the tokens are secure.public static byte[] serializeWorkerTokenInfo(WorkerTokenInfo wti)
Turn a WorkerTokenInfo in a byte array.
wti
- what to serialize.public static WorkerTokenInfo getWorkerTokenInfo(WorkerToken wt)
Get and deserialize the WorkerTokenInfo in the worker token.
wt
- the token.public static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
Populate a subject from credentials using the IAutoCredentials.
subject
- the subject to populate or null if a new Subject should be created.autos
- the IAutoCredentials to call to populate the subject.credentials
- the credentials to pull frompublic static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
Update a subject from credentials using the IAutoCredentials.
subject
- the subject to updateautos
- the IAutoCredentials to call to update the subject.credentials
- the credentials to pull frompublic static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String,Object> topoConf)
Construct a transport plugin per storm configuration.
public static String makeDigestPayload(Map<String,Object> topoConf, String configSection)
public static byte[] serializeKerberosTicket(KerberosTicket tgt) throws Exception
Exception
public static KerberosTicket deserializeKerberosTicket(byte[] tgtBytes)
public static KerberosTicket cloneKerberosTicket(KerberosTicket kerberosTicket)
Copyright © 2020 The Apache Software Foundation. All rights reserved.