kumaab commented on code in PR #442:
URL: https://github.com/apache/ranger/pull/442#discussion_r1880725593
##########
agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java:
##########
@@ -26,172 +39,186 @@
import java.util.Map;
import java.util.Set;
-import javax.security.auth.Subject;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
+public class SecureClientLogin {
+ private static final Logger LOG =
LoggerFactory.getLogger(SecureClientLogin.class);
-import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
-import org.apache.hadoop.security.authentication.util.KerberosUtil;
-import org.apache.hadoop.security.authentication.util.KerberosName;
-import org.apache.hadoop.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+ public static final String HOSTNAME_PATTERN = "_HOST";
-public class SecureClientLogin {
- private static final Logger LOG =
LoggerFactory.getLogger(SecureClientLogin.class);
- public static final String HOSTNAME_PATTERN = "_HOST";
-
- public synchronized static Subject loginUserFromKeytab(String user,
String path) throws IOException {
- try {
- Subject subject = new Subject();
- SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(true, user, path);
- LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
- subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
- login.login();
- return login.getSubject();
- } catch (LoginException le) {
- throw new IOException("Login failure for " + user + "
from keytab " + path, le);
- }
- }
-
- public synchronized static Subject loginUserFromKeytab(String user,
String path, String nameRules) throws IOException {
- try {
- Subject subject = new Subject();
- SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(true, user, path);
- LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
- KerberosName.setRules(nameRules);
- subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
- login.login();
- return login.getSubject();
- } catch (LoginException le) {
- throw new IOException("Login failure for " + user + "
from keytab " + path, le);
- }
- }
-
- public synchronized static Subject loginUserWithPassword(String user,
String password) throws IOException {
- try {
- Subject subject = new Subject();
- SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(false, user, password);
- LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
- subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
- login.login();
- return login.getSubject();
- } catch (LoginException le) {
- throw new IOException("Login failure for " + user + "
using password ****", le);
- }
- }
-
- public synchronized static Subject login(String user) throws
IOException {
- Subject subject = new Subject();
- subject.getPrincipals().add(new User(user));
- return subject;
- }
-
- public static Set<Principal> getUserPrincipals(Subject aSubject) {
- if (aSubject != null) {
- Set<User> list = aSubject.getPrincipals(User.class);
- if (list != null) {
- Set<Principal> ret = new HashSet<>();
- ret.addAll(list);
- return ret;
- } else {
- return null;
- }
- } else {
- return null;
- }
- }
-
- public static Principal createUserPrincipal(String aLoginName) {
- return new User(aLoginName);
- }
-
- public static boolean isKerberosCredentialExists(String principal,
String keytabPath){
- boolean isValid = false;
- if (keytabPath != null && !keytabPath.isEmpty()) {
- File keytabFile = new File(keytabPath);
- if (!keytabFile.exists()) {
- LOG.warn(keytabPath + " doesn't exist.");
- } else if (!keytabFile.canRead()) {
- LOG.warn("Unable to read " + keytabPath + ".
Please check the file access permissions for user");
- }else{
- isValid = true;
- }
- } else {
- LOG.warn("Can't find keyTab Path : "+keytabPath);
- }
- if (!(principal != null && !principal.isEmpty() && isValid)) {
- isValid = false;
- LOG.warn("Can't find principal : "+principal);
- }
- return isValid;
- }
-
- public static String getPrincipal(String principalConfig, String
hostName) throws IOException {
- String[] components = getComponents(principalConfig);
- if (components == null || components.length != 3 ||
!HOSTNAME_PATTERN.equals(components[1])) {
- return principalConfig;
- } else {
- if (hostName == null) {
- throw new IOException("Can't replace " +
HOSTNAME_PATTERN + " pattern since client ranger.service.host is null");
- }
- return replacePattern(components, hostName);
- }
- }
-
- private static String[] getComponents(String principalConfig) {
- if (principalConfig == null)
- return null;
- return principalConfig.split("[/@]");
- }
-
- private static String replacePattern(String[] components, String
hostname)
- throws IOException {
- String fqdn = hostname;
- if (fqdn == null || fqdn.isEmpty() || "0.0.0.0".equals(fqdn)) {
- fqdn =
java.net.InetAddress.getLocalHost().getCanonicalHostName();
- }
- return components[0] + "/" + StringUtils.toLowerCase(fqdn) +
"@" + components[2];
- }
-}
+ private SecureClientLogin() {
+ // to block instantiation
+ }
+
+ public static synchronized Subject loginUserFromKeytab(String user, String
path) throws IOException {
+ try {
+ Subject subject = new Subject();
+ SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(true, user, path);
+ LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
+
+ subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
+
+ login.login();
+
+ return login.getSubject();
+ } catch (LoginException le) {
+ throw new IOException("Login failure for " + user + " from keytab
" + path, le);
+ }
+ }
+
+ public static synchronized Subject loginUserFromKeytab(String user, String
path, String nameRules) throws IOException {
+ try {
+ Subject subject = new Subject();
+ SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(true, user, path);
+ LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
+
+ KerberosName.setRules(nameRules);
+
+ subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
+
+ login.login();
+
+ return login.getSubject();
+ } catch (LoginException le) {
+ throw new IOException("Login failure for " + user + " from keytab
" + path, le);
+ }
+ }
+
+ public static synchronized Subject loginUserWithPassword(String user,
String password) throws IOException {
+ try {
+ Subject subject = new Subject();
+ SecureClientLoginConfiguration loginConf = new
SecureClientLoginConfiguration(false, user, password);
+ LoginContext login = new
LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
+
+ subject.getPrincipals().add(new User(user,
AuthenticationMethod.KERBEROS, login));
+
+ login.login();
+
+ return login.getSubject();
+ } catch (LoginException le) {
+ throw new IOException("Login failure for " + user + " using
password ****", le);
+ }
+ }
+
+ public static synchronized Subject login(String user) throws IOException {
+ Subject subject = new Subject();
+
+ subject.getPrincipals().add(new User(user));
+
+ return subject;
+ }
+
+ public static Set<Principal> getUserPrincipals(Subject aSubject) {
+ if (aSubject != null) {
+ Set<User> list = aSubject.getPrincipals(User.class);
+
+ if (list != null) {
+ return new HashSet<>(list);
+ } else {
+ return null;
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public static Principal createUserPrincipal(String aLoginName) {
+ return new User(aLoginName);
+ }
+
+ public static boolean isKerberosCredentialExists(String principal, String
keytabPath) {
+ boolean isValid = false;
+
+ if (keytabPath != null && !keytabPath.isEmpty()) {
+ File keytabFile = new File(keytabPath);
+
+ if (!keytabFile.exists()) {
+ LOG.warn("{} doesn't exist.", keytabPath);
+ } else if (!keytabFile.canRead()) {
+ LOG.warn("Unable to read {}. Please check the file access
permissions for user", keytabPath);
+ } else {
+ isValid = true;
+ }
+ } else {
+ LOG.warn("Can't find keyTab Path : {}", keytabPath);
+ }
+ if (!(principal != null && !principal.isEmpty() && isValid)) {
+ isValid = false;
+
+ LOG.warn("Can't find principal : {}", principal);
+ }
+
+ return isValid;
+ }
+
+ public static String getPrincipal(String principalConfig, String hostName)
throws IOException {
+ String[] components = getComponents(principalConfig);
+
+ if (components == null || components.length != 3 ||
!HOSTNAME_PATTERN.equals(components[1])) {
+ return principalConfig;
+ } else {
+ if (hostName == null) {
+ throw new IOException("Can't replace " + HOSTNAME_PATTERN + "
pattern since client ranger.service.host is null");
+ }
+
+ return replacePattern(components, hostName);
+ }
+ }
+
+ private static String[] getComponents(String principalConfig) {
+ if (principalConfig == null) {
+ return null;
+ }
+
+ return principalConfig.split("[/@]");
+ }
+
+ private static String replacePattern(String[] components, String hostname)
throws IOException {
+ String fqdn = hostname;
+
+ if (fqdn == null || fqdn.isEmpty() || "0.0.0.0".equals(fqdn)) {
Review Comment:
StringUtils.isEmpty() suggested here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
