001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.fs.http.server; 019 020import org.apache.commons.io.Charsets; 021import org.apache.hadoop.classification.InterfaceAudience; 022import org.apache.hadoop.conf.Configuration; 023import org.apache.hadoop.security.authentication.server.AuthenticationFilter; 024import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter; 025 026import javax.servlet.FilterConfig; 027import javax.servlet.ServletException; 028 029import java.io.FileInputStream; 030import java.io.IOException; 031import java.io.InputStreamReader; 032import java.io.Reader; 033import java.util.Map; 034import java.util.Properties; 035 036/** 037 * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its configuration 038 * from HttpFSServer's server configuration. 039 */ 040@InterfaceAudience.Private 041public class HttpFSAuthenticationFilter 042 extends DelegationTokenAuthenticationFilter { 043 044 private static final String CONF_PREFIX = "httpfs.authentication."; 045 046 private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET + ".file"; 047 048 /** 049 * Returns the hadoop-auth configuration from HttpFSServer's configuration. 050 * <p> 051 * It returns all HttpFSServer's configuration properties prefixed with 052 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code> 053 * prefix is removed from the returned property names. 054 * 055 * @param configPrefix parameter not used. 056 * @param filterConfig parameter not used. 057 * 058 * @return hadoop-auth configuration read from HttpFSServer's configuration. 059 */ 060 @Override 061 protected Properties getConfiguration(String configPrefix, 062 FilterConfig filterConfig) throws ServletException{ 063 Properties props = new Properties(); 064 Configuration conf = HttpFSServerWebApp.get().getConfig(); 065 066 props.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); 067 for (Map.Entry<String, String> entry : conf) { 068 String name = entry.getKey(); 069 if (name.startsWith(CONF_PREFIX)) { 070 String value = conf.get(name); 071 name = name.substring(CONF_PREFIX.length()); 072 props.setProperty(name, value); 073 } 074 } 075 076 String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null); 077 if (signatureSecretFile == null) { 078 throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE); 079 } 080 081 try { 082 StringBuilder secret = new StringBuilder(); 083 Reader reader = new InputStreamReader(new FileInputStream( 084 signatureSecretFile), Charsets.UTF_8); 085 int c = reader.read(); 086 while (c > -1) { 087 secret.append((char)c); 088 c = reader.read(); 089 } 090 reader.close(); 091 props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString()); 092 } catch (IOException ex) { 093 throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile); 094 } 095 return props; 096 } 097 098 protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) { 099 Map<String, String> proxyuserConf = HttpFSServerWebApp.get().getConfig(). 100 getValByRegex("httpfs\\.proxyuser\\."); 101 Configuration conf = new Configuration(false); 102 for (Map.Entry<String, String> entry : proxyuserConf.entrySet()) { 103 conf.set(entry.getKey().substring("httpfs.".length()), entry.getValue()); 104 } 105 return conf; 106 } 107 108}