sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-1982: Sqoop2: Provide username globally via AuthenticationProvider
Date Fri, 06 Feb 2015 01:40:33 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 d3efcd22a -> 98544cc97


SQOOP-1982: Sqoop2: Provide username globally via AuthenticationProvider

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/98544cc9
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/98544cc9
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/98544cc9

Branch: refs/heads/sqoop2
Commit: 98544cc975fd7007ebf68dc24f7853e8287d893d
Parents: d3efcd2
Author: Abraham Elmahrek <abe@apache.org>
Authored: Thu Feb 5 17:38:59 2015 -0800
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Thu Feb 5 17:38:59 2015 -0800

----------------------------------------------------------------------
 .../sqoop/security/AuthenticationHandler.java   |  9 ++++
 .../sqoop/security/AuthenticationProvider.java  | 30 +++++++++++
 .../sqoop/security/AuthorizationHandler.java    |  2 +-
 .../sqoop/security/AuthorizationManager.java    | 14 ++++-
 .../sqoop/security/SecurityConstants.java       |  8 +++
 .../apache/sqoop/security/SecurityError.java    |  8 ++-
 .../apache/sqoop/security/SecurityFactory.java  | 19 +++++++
 dist/src/main/server/conf/sqoop.properties      |  2 +-
 .../DefaultAuthenticationProvider.java          | 54 ++++++++++++++++++++
 .../DefaultAuthorizationHandler.java            | 14 ++++-
 10 files changed, 154 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/AuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationHandler.java
index 6fb6d1d..6ac8192 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandler.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationHandler.java
@@ -33,10 +33,19 @@ public abstract class AuthenticationHandler {
    */
   protected boolean securityEnabled = false;
 
+  /**
+   * AuthenticationProvider is an authentication to get userNames and groupNames.
+   */
+  protected AuthenticationProvider authenticationProvider;
+
   public boolean isSecurityEnabled() {
     return securityEnabled;
   }
 
+  public AuthenticationProvider getAuthenticationProvider() {
+    return authenticationProvider;
+  }
+
   public abstract void doInitialize();
 
   public abstract void secureLogin();

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationProvider.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationProvider.java
new file mode 100644
index 0000000..b4450fc
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationProvider.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sqoop.security;
+
+/**
+ * AuthenticationProvider is an abstract class for authentication. The
+ * implementation should return userNames and groupNames.
+ */
+public abstract class AuthenticationProvider {
+
+  public abstract String getUserName();
+
+  public abstract String[] getGroupNames();
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
index 51fc2dc..5f3231b 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
@@ -31,7 +31,7 @@ import java.util.List;
  */
 public abstract class AuthorizationHandler {
 
-  public abstract void doInitialize() throws ClassNotFoundException, IllegalAccessException,
InstantiationException;
+  public abstract void doInitialize(AuthenticationProvider provider) throws ClassNotFoundException,
IllegalAccessException, InstantiationException;
 
   /**
    * Role related function

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
index cfa7a66..7f0fe27 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
@@ -22,7 +22,7 @@ import org.apache.sqoop.common.MapContext;
 import org.apache.sqoop.core.Reconfigurable;
 import org.apache.sqoop.core.SqoopConfiguration;
 
-/***
+/**
  * AuthorizationManager is responsible for managing AuthorizationHandler.
  */
 public class AuthorizationManager implements Reconfigurable {
@@ -35,6 +35,11 @@ public class AuthorizationManager implements Reconfigurable {
   public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler";
 
   /**
+   * Default authentication provider
+   */
+  public static final String DEFAULT_AUTHENTICATION_PROVIDER = "org.apache.sqoop.security.Authorization.DefaultAuthenticationProvider";
+
+  /**
    * Default authorization auto upgrade option value
    */
   protected static boolean DEFAULT_AUTO_UPGRADE = false;
@@ -93,7 +98,12 @@ public class AuthorizationManager implements Reconfigurable {
             SecurityConstants.AUTHORIZATION_HANDLER,
             DEFAULT_AUTHORIZATION_HANDLER).trim();
     authorizationHandler = SecurityFactory.getAuthorizationHandler(handler);
-    authorizationHandler.doInitialize();
+
+    String provider = SqoopConfiguration.getInstance().getContext().getString(
+            SecurityConstants.AUTHENTICATION_PROVIDER,
+            DEFAULT_AUTHENTICATION_PROVIDER).trim();
+
+    authorizationHandler.doInitialize(SecurityFactory.getAuthenticationProvider(provider));
 
     LOG.info("Authorization loaded.");
   }

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
index 3db8f43..a9ace27 100644
--- a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
@@ -133,6 +133,14 @@ public final class SecurityConstants {
           PREFIX_AUTHORIZATION_CONFIG + "validator";
 
   /**
+   * The config specifies the sqoop authentication provider class.
+   * The default type is org.apache.sqoop.security.DefaultAuthenticationProvider
+   * <tt>org.apache.sqoop.security.authorization.authentication_provider</tt>.
+   */
+  public static final String AUTHENTICATION_PROVIDER =
+          PREFIX_AUTHORIZATION_CONFIG + "authentication_provider";
+
+  /**
    * The config specifies the token kind in delegation token.
    */
   public static final String TOKEN_KIND = "sqoop_token_kind";

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/SecurityError.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityError.java b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
index c68b666..322a98f 100644
--- a/core/src/main/java/org/apache/sqoop/security/SecurityError.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
@@ -49,7 +49,13 @@ public enum SecurityError implements ErrorCode {
   AUTH_0008("Unable to find authorization access controller"),
 
   /** The system was not able to find authorization validator. */
-  AUTH_0009("Unable to find authorization validator");
+  AUTH_0009("Unable to find authorization validator"),
+
+  /** The system was not able to find authentication provider. */
+  AUTH_0010("Unable to find authentication provider"),
+
+  /** The system was not able to get authentication from http request. */
+  AUTH_0011("Unable to get remote authentication from http request");
 
   private final String message;
 

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
index b427410..727d3be 100644
--- a/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
@@ -100,4 +100,23 @@ public class SecurityFactory {
     }
     return newValidator;
   }
+
+  public static AuthenticationProvider getAuthenticationProvider(String provider) throws
ClassNotFoundException, IllegalAccessException, InstantiationException {
+
+    Class<?> providerClass = ClassUtils.loadClass(provider);
+
+    if (providerClass == null) {
+      throw new SqoopException(SecurityError.AUTH_0010,
+              "Authentication Provider Class is null: " + provider);
+    }
+
+    AuthenticationProvider newProvider;
+    try {
+      newProvider = (AuthenticationProvider) providerClass.newInstance();
+    } catch (Exception ex) {
+      throw new SqoopException(SecurityError.AUTH_0010,
+              "Authentication Provider Class is null: " + provider, ex);
+    }
+    return newProvider;
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/dist/src/main/server/conf/sqoop.properties
----------------------------------------------------------------------
diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties
index fbcb1fa..f116e17 100755
--- a/dist/src/main/server/conf/sqoop.properties
+++ b/dist/src/main/server/conf/sqoop.properties
@@ -164,7 +164,7 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
 #org.apache.sqoop.security.authorization.handler=org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler
 #org.apache.sqoop.security.authorization.access_controller=org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController
 #org.apache.sqoop.security.authorization.validator=org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator
-
+#org.apache.sqoop.security.authorization.authentication_provider=org.apache.sqoop.security.Authorization.DefaultAuthenticationProvider
 
 # External connectors load path
 # "/path/to/external/connectors/": Add all the connector JARs in the specified folder

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java
new file mode 100644
index 0000000..547040b
--- /dev/null
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sqoop.security.Authorization;
+
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.security.AuthenticationProvider;
+import org.apache.sqoop.security.SecurityError;
+
+public class DefaultAuthenticationProvider extends AuthenticationProvider {
+
+  @Override
+  public String[] getGroupNames() {
+    return getRemoteUGI().getGroupNames();
+  }
+
+  @Override
+  public String getUserName() {
+    return getRemoteUGI().getShortUserName();
+  }
+
+  private UserGroupInformation getRemoteUGI() {
+    UserGroupInformation ugi = null;
+    try {
+      ugi = HttpUserGroupInformation.get();
+    } catch (Exception e) {
+      throw new SqoopException(SecurityError.AUTH_0011,
+              "Unable to get remote authentication from http request", e);
+    }
+
+    if (ugi == null) {
+      throw new SqoopException(SecurityError.AUTH_0011,
+              "Unable to get remote authentication from http request");
+    }
+    return ugi;
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/98544cc9/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
index 9cd2e33..8e63b86 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
@@ -47,6 +47,8 @@ public class DefaultAuthorizationHandler extends AuthorizationHandler {
 
   protected AuthorizationValidator authorizationValidator;
 
+  protected AuthenticationProvider authenticationProvider;
+
   public AuthorizationValidator getAuthorizationValidator() {
     return authorizationValidator;
   }
@@ -63,7 +65,15 @@ public class DefaultAuthorizationHandler extends AuthorizationHandler {
     this.authorizationAccessController = authorizationAccessController;
   }
 
-  public void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException
{
+  public AuthenticationProvider getAuthenticationProvider() {
+    return authenticationProvider;
+  }
+
+  public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
+    this.authenticationProvider = authenticationProvider;
+  }
+
+  public void doInitialize(AuthenticationProvider provider) throws ClassNotFoundException,
IllegalAccessException, InstantiationException {
     MapContext mapContext = SqoopConfiguration.getInstance().getContext();
     String accessController = mapContext.getString(
             SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
@@ -74,6 +84,8 @@ public class DefaultAuthorizationHandler extends AuthorizationHandler {
             SecurityConstants.AUTHORIZATION_VALIDATOR,
             DEFAULT_AUTHORIZATION_VALIDATOR).trim();
     this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator);
+
+    this.authenticationProvider = provider;
   }
 
   /**


Mime
View raw message