Package org.apache.storm.security.auth
Class ClientAuthUtils
java.lang.Object
org.apache.storm.security.auth.ClientAuthUtils
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
areWorkerTokensEnabledServer
(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).static boolean
areWorkerTokensEnabledServer
(ThriftServer server, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not.static KerberosTicket
cloneKerberosTicket
(KerberosTicket kerberosTicket) static KerberosTicket
deserializeKerberosTicket
(byte[] tgtBytes) static WorkerToken
findWorkerToken
(Subject subject, WorkerTokenServiceType type) Find a worker token in a given subject with a given token type.static String
Pull a the value given section and key from Configuration.static Collection<IAutoCredentials>
getAutoCredentials
(Map<String, Object> topoConf) Get all of the configured AutoCredential Plugins.static Configuration
getConfiguration
(Map<String, Object> topoConf) Construct a JAAS configuration object per storm configuration file.static Collection<ICredentialsRenewer>
getCredentialRenewers
(Map<String, Object> conf) Get all of the configured Credential Renewer Plugins.static AppConfigurationEntry[]
getEntries
(Configuration configuration, String section) Get configurations for a section.static IGroupMappingServiceProvider
Construct a group mapping service provider plugin.static String
getJaasConf
(Map<String, Object> topoConf) static Collection<INimbusCredentialPlugin>
getNimbusAutoCredPlugins
(Map<String, Object> conf) Get all the Nimbus Auto cred plugins.static IPrincipalToLocal
getPrincipalToLocalPlugin
(Map<String, Object> topoConf) Construct a principal to local plugin.static ITransportPlugin
getTransportPlugin
(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration.static WorkerTokenInfo
Get and deserialize the WorkerTokenInfo in the worker token.static String
makeDigestPayload
(Map<String, Object> topoConf, String configSection) static Subject
populateSubject
(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.pullConfig
(Map<String, Object> topoConf, String section) Pull a set of keys out of a Configuration.static WorkerToken
readWorkerToken
(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.static byte[]
static byte[]
Turn a WorkerTokenInfo in a byte array.static void
setWorkerToken
(Map<String, String> credentials, WorkerToken token) Store a worker token in some credentials.static void
updateSubject
(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.static String
Get the key used to store a WorkerToken in the credentials map.
-
Field Details
-
LOGIN_CONTEXT_SERVER
- See Also:
-
LOGIN_CONTEXT_CLIENT
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_DIGEST
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_SERVER
- See Also:
-
LOGIN_CONTEXT_PACEMAKER_CLIENT
- See Also:
-
SERVICE
- See Also:
-
-
Constructor Details
-
ClientAuthUtils
public ClientAuthUtils()
-
-
Method Details
-
getJaasConf
-
getConfiguration
Construct a JAAS configuration object per storm configuration file.- Parameters:
topoConf
- Storm configuration- Returns:
- JAAS configuration object
-
getEntries
public static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException Get configurations for a section.- Parameters:
configuration
- The config to pull the key/value pairs out of.section
- The app configuration entry name to get stuff from.- Returns:
- Return array of config entries or null if configuration is null
- Throws:
IOException
-
pullConfig
public static SortedMap<String,?> pullConfig(Map<String, Object> topoConf, String section) throws IOExceptionPull a set of keys out of a Configuration.- Parameters:
topoConf
- The config containing the jaas conf file.section
- The app configuration entry name to get stuff from.- Returns:
- Return a map of the configs in conf.
- Throws:
IOException
-
get
public static String get(Map<String, Object> topoConf, String section, String key) throws IOExceptionPull a the value given section and key from Configuration.- Parameters:
topoConf
- The config containing the jaas conf file.section
- The app configuration entry name to get stuff from.key
- The key to look up inside of the section- Returns:
- Return a the String value of the configuration value
- Throws:
IOException
-
getPrincipalToLocalPlugin
Construct a principal to local plugin.- Parameters:
topoConf
- storm configuration- Returns:
- the plugin
-
getGroupMappingServiceProviderPlugin
public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String, Object> conf) Construct a group mapping service provider plugin.- Parameters:
conf
- daemon configuration- Returns:
- the plugin
-
getCredentialRenewers
Get all of the configured Credential Renewer Plugins.- Parameters:
conf
- the storm configuration to use.- Returns:
- the configured credential renewers.
-
getNimbusAutoCredPlugins
Get all the Nimbus Auto cred plugins.- Parameters:
conf
- nimbus configuration to use.- Returns:
- nimbus auto credential plugins.
-
getAutoCredentials
Get all of the configured AutoCredential Plugins.- Parameters:
topoConf
- the storm configuration to use.- Returns:
- the configured auto credentials.
-
workerTokenCredentialsKey
Get the key used to store a WorkerToken in the credentials map.- Parameters:
type
- the type of service to get.- Returns:
- the key as a String.
-
readWorkerToken
public static WorkerToken readWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.- Parameters:
credentials
- the credentials map.type
- the type of service we are looking for.- Returns:
- the deserialized WorkerToken or null if none could be found.
-
setWorkerToken
Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.- Parameters:
credentials
- the credentials map.token
- the token you want to store.
-
findWorkerToken
Find a worker token in a given subject with a given token type.- Parameters:
subject
- what to look in.type
- the type of token to look for.- Returns:
- the token or null.
-
areWorkerTokensEnabledServer
Check if worker tokens should be enabled on the server side or not.- Parameters:
server
- a Thrift server to know if the transport support tokens or not. No need to create a token if the transport does not support it.conf
- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
areWorkerTokensEnabledServer
public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).- Parameters:
connectionType
- the type of server this is for.conf
- the daemon configuration to be sure the tokens are secure.- Returns:
- true if we can enable them, else false.
-
serializeWorkerTokenInfo
Turn a WorkerTokenInfo in a byte array.- Parameters:
wti
- what to serialize.- Returns:
- the resulting byte array.
-
getWorkerTokenInfo
Get and deserialize the WorkerTokenInfo in the worker token.- Parameters:
wt
- the token.- Returns:
- the deserialized info.
-
populateSubject
public static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.- Parameters:
subject
- the subject to populate or null if a new Subject should be created.autos
- the IAutoCredentials to call to populate the subject.credentials
- the credentials to pull from- Returns:
- the populated subject.
-
updateSubject
public static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.- Parameters:
subject
- the subject to updateautos
- the IAutoCredentials to call to update the subject.credentials
- the credentials to pull from
-
getTransportPlugin
public static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration. -
makeDigestPayload
-
serializeKerberosTicket
- Throws:
Exception
-
deserializeKerberosTicket
-
cloneKerberosTicket
-