You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sqoop.apache.org by ab...@apache.org on 2015/01/12 19:12:13 UTC
sqoop git commit: SQOOP-2002: Sqoop2: Refactor existing security
component
Repository: sqoop
Updated Branches:
refs/heads/sqoop2 f4beb543e -> bca7671f8
SQOOP-2002: Sqoop2: Refactor existing security component
(Richard Zhou via Abraham Elmahrek)
Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/bca7671f
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/bca7671f
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/bca7671f
Branch: refs/heads/sqoop2
Commit: bca7671f852192275b412d9f62ff90f4d1e943f5
Parents: f4beb54
Author: Abraham Elmahrek <ab...@apache.org>
Authored: Mon Jan 12 10:11:34 2015 -0800
Committer: Abraham Elmahrek <ab...@apache.org>
Committed: Mon Jan 12 10:11:34 2015 -0800
----------------------------------------------------------------------
.../sqoop/security/AuthenticationConstants.java | 109 ------------------
.../sqoop/security/AuthenticationError.java | 58 ----------
.../security/AuthenticationHandlerFactory.java | 46 --------
.../sqoop/security/AuthenticationManager.java | 6 +-
.../sqoop/security/SecurityConstants.java | 114 +++++++++++++++++++
.../apache/sqoop/security/SecurityError.java | 58 ++++++++++
.../apache/sqoop/security/SecurityFactory.java | 46 ++++++++
dist/src/main/server/conf/sqoop.properties | 26 ++---
docs/src/site/sphinx/SecurityGuideOnSqoop2.rst | 6 +-
.../KerberosAuthenticationHandler.java | 90 +++++++++++++++
.../SimpleAuthenticationHandler.java | 43 +++++++
.../security/KerberosAuthenticationHandler.java | 87 --------------
.../security/SimpleAuthenticationHandler.java | 41 -------
.../sqoop/filter/SqoopAuthenticationFilter.java | 35 +++---
14 files changed, 387 insertions(+), 378 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
deleted file mode 100644
index ec2f32d..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.core.ConfigurationConstants;
-
-/**
- * Constants that are used in authentication module.
- */
-public final class AuthenticationConstants {
-
- /**
- * All authentication related configuration is prefixed with this:
- * <tt>org.apache.sqoop.authentication.</tt>
- */
- public static final String PREFIX_AUTHENTICATION_CONFIG =
- ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "authentication.";
-
- /**
- * The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
- * The default type is SIMPLE
- * <tt>org.apache.sqoop.authentication.type</tt>.
- */
- public static final String AUTHENTICATION_TYPE =
- PREFIX_AUTHENTICATION_CONFIG + "type";
-
- /**
- * The config specifies the sqoop authentication handler class.
- * The default type is org.apache.sqoop.security.SimpleAuthenticationHandler
- * <tt>org.apache.sqoop.authentication.handler</tt>.
- */
- public static final String AUTHENTICATION_HANDLER =
- PREFIX_AUTHENTICATION_CONFIG + "handler";
-
- /**
- * The config enables or disables anonymous authentication.
- * <tt>org.apache.sqoop.authentication.anonymous</tt>.
- */
- public static final String AUTHENTICATION_ANONYMOUS =
- PREFIX_AUTHENTICATION_CONFIG + "anonymous";
-
- /**
- * All kerberos authentication related configuration is prefixed with this:
- * <tt>org.apache.sqoop.authentication.kerberos.</tt>
- */
- public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
- PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
-
- /**
- * The config specifies the kerberos principal.
- * <tt>org.apache.sqoop.authentication.kerberos.principal</tt>.
- */
- public static final String AUTHENTICATION_KERBEROS_PRINCIPAL =
- PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "principal";
-
- /**
- * The config specifies the kerberos keytab.
- * <tt>org.apache.sqoop.authentication.kerberos.principal</tt>.
- */
- public static final String AUTHENTICATION_KERBEROS_KEYTAB =
- PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "keytab";
-
- /**
- * All kerberos authentication for http related configuration is prefixed with this:
- * <tt>org.apache.sqoop.authentication.kerberos.http.</tt>
- */
- public static final String PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG =
- PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "http.";
-
- /**
- * The config specifies the kerberos principal for http.
- * <tt>org.apache.sqoop.authentication.kerberos.http.principal</tt>.
- */
- public static final String AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL =
- PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "principal";
-
- /**
- * The config specifies the kerberos keytab for http.
- * <tt>org.apache.sqoop.authentication.kerberos.http.principal</tt>.
- */
- public static final String AUTHENTICATION_KERBEROS_HTTP_KEYTAB =
- PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "keytab";
-
- /**
- * The config specifies the token kind in delegation token.
- */
- public static final String TOKEN_KIND = "sqoop_token_kind";
-
- public static enum TYPE {SIMPLE, KERBEROS}
-
- private AuthenticationConstants() {
- // Instantiation of this class is prohibited
- }
-}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
deleted file mode 100644
index abb5c90..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.common.ErrorCode;
-
-public enum AuthenticationError implements ErrorCode {
-
- /** An unknown error has occurred. */
- AUTH_0000("An unknown error has occurred"),
-
- /** The system was not able to find Kerberos keytab in sqoop configuration. */
- AUTH_0001("Unable to find Kerberos keytab"),
-
- /** The system was not able to find Kerberos principal in sqoop configuration. */
- AUTH_0002("Unable to find Kerberos principal"),
-
- /** The system was not able to login using Kerberos keytab and principal in sqoop configuration. */
- AUTH_0003("Unable to login using Kerberos keytab and principal"),
-
- /** Invalid authentication type {simple, Kerberos}. */
- AUTH_0004("Invalid authentication type"),
-
- /** The system was not able to find Kerberos keytab for http in sqoop configuration. */
- AUTH_0005("Unable to find Kerberos keytab for http"),
-
- /** The system was not able to find Kerberos principal for http in sqoop configuration. */
- AUTH_0006("Unable to find Kerberos principal for http");
-
- private final String message;
-
- private AuthenticationError(String message) {
- this.message = message;
- }
-
- public String getCode() {
- return name();
- }
-
- public String getMessage() {
- return message;
- }
-}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
deleted file mode 100644
index b62fe18..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.common.SqoopException;
-import org.apache.sqoop.utils.ClassUtils;
-
-/**
- * Create authentication manager.
- */
-public class AuthenticationHandlerFactory {
-
- public static AuthenticationHandler getAuthenticationHandler(String handler) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
-
- Class<?> handlerClass = ClassUtils.loadClass(handler);
-
- if (handlerClass == null) {
- throw new SqoopException(AuthenticationError.AUTH_0004,
- "Authentication Handler Class: " + handler);
- }
-
- AuthenticationHandler newHandler;
- try {
- newHandler = (AuthenticationHandler) handlerClass.newInstance();
- } catch (Exception ex) {
- throw new SqoopException(AuthenticationError.AUTH_0004,
- "Authentication Handler Class: " + handler, ex);
- }
- return newHandler;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
index a014ab3..228b9e7 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
@@ -31,7 +31,7 @@ public class AuthenticationManager implements Reconfigurable {
/**
* Default authentication handler
*/
- public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.SimpleAuthenticationHandler";
+ public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler";
/**
@@ -92,9 +92,9 @@ public class AuthenticationManager implements Reconfigurable {
}
String handler = SqoopConfiguration.getInstance().getContext().getString(
- AuthenticationConstants.AUTHENTICATION_HANDLER,
+ SecurityConstants.AUTHENTICATION_HANDLER,
DEFAULT_AUTHENTICATION_HANDLER).trim();
- authenticationHandler = AuthenticationHandlerFactory.getAuthenticationHandler(handler);
+ authenticationHandler = SecurityFactory.getAuthenticationHandler(handler);
authenticationHandler.doInitialize();
authenticationHandler.secureLogin();
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
new file mode 100644
index 0000000..a00573a
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.core.ConfigurationConstants;
+
+/**
+ * Constants that are used in authentication module.
+ */
+public final class SecurityConstants {
+ /**
+ * All security related configuration is prefixed with this:
+ * <tt>org.apache.sqoop.security.</tt>
+ */
+ public static final String PREFIX_SECURITY_CONFIG =
+ ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "security.";
+ /**
+ * All authentication related configuration is prefixed with this:
+ * <tt>org.apache.sqoop.security.authentication.</tt>
+ */
+ public static final String PREFIX_AUTHENTICATION_CONFIG =
+ PREFIX_SECURITY_CONFIG + "authentication.";
+
+ /**
+ * The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
+ * The default type is SIMPLE
+ * <tt>org.apache.sqoop.security.authentication.type</tt>.
+ */
+ public static final String AUTHENTICATION_TYPE =
+ PREFIX_AUTHENTICATION_CONFIG + "type";
+
+ /**
+ * The config specifies the sqoop authentication handler class.
+ * The default type is org.apache.sqoop.security.SimpleAuthenticationHandler
+ * <tt>org.apache.sqoop.security.authentication.handler</tt>.
+ */
+ public static final String AUTHENTICATION_HANDLER =
+ PREFIX_AUTHENTICATION_CONFIG + "handler";
+
+ /**
+ * The config enables or disables anonymous authentication.
+ * <tt>org.apache.sqoop.security.authentication.anonymous</tt>.
+ */
+ public static final String AUTHENTICATION_ANONYMOUS =
+ PREFIX_AUTHENTICATION_CONFIG + "anonymous";
+
+ /**
+ * All kerberos authentication related configuration is prefixed with this:
+ * <tt>org.apache.security.sqoop.authentication.kerberos.</tt>
+ */
+ public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
+ PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
+
+ /**
+ * The config specifies the kerberos principal.
+ * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>.
+ */
+ public static final String AUTHENTICATION_KERBEROS_PRINCIPAL =
+ PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "principal";
+
+ /**
+ * The config specifies the kerberos keytab.
+ * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>.
+ */
+ public static final String AUTHENTICATION_KERBEROS_KEYTAB =
+ PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "keytab";
+
+ /**
+ * All kerberos authentication for http related configuration is prefixed with this:
+ * <tt>org.apache.sqoop.security.authentication.kerberos.http.</tt>
+ */
+ public static final String PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG =
+ PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "http.";
+
+ /**
+ * The config specifies the kerberos principal for http.
+ * <tt>org.apache.sqoop.security.authentication.kerberos.http.principal</tt>.
+ */
+ public static final String AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL =
+ PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "principal";
+
+ /**
+ * The config specifies the kerberos keytab for http.
+ * <tt>org.apache.sqoop.security.authentication.kerberos.http.principal</tt>.
+ */
+ public static final String AUTHENTICATION_KERBEROS_HTTP_KEYTAB =
+ PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "keytab";
+
+ /**
+ * The config specifies the token kind in delegation token.
+ */
+ public static final String TOKEN_KIND = "sqoop_token_kind";
+
+ public static enum TYPE {SIMPLE, KERBEROS}
+
+ private SecurityConstants() {
+ // Instantiation of this class is prohibited
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityError.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityError.java b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
new file mode 100644
index 0000000..e4ba221
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.common.ErrorCode;
+
+public enum SecurityError implements ErrorCode {
+
+ /** An unknown error has occurred. */
+ AUTH_0000("An unknown error has occurred"),
+
+ /** The system was not able to find Kerberos keytab in sqoop configuration. */
+ AUTH_0001("Unable to find Kerberos keytab"),
+
+ /** The system was not able to find Kerberos principal in sqoop configuration. */
+ AUTH_0002("Unable to find Kerberos principal"),
+
+ /** The system was not able to login using Kerberos keytab and principal in sqoop configuration. */
+ AUTH_0003("Unable to login using Kerberos keytab and principal"),
+
+ /** Invalid authentication type {simple, Kerberos}. */
+ AUTH_0004("Invalid authentication type"),
+
+ /** The system was not able to find Kerberos keytab for http in sqoop configuration. */
+ AUTH_0005("Unable to find Kerberos keytab for http"),
+
+ /** The system was not able to find Kerberos principal for http in sqoop configuration. */
+ AUTH_0006("Unable to find Kerberos principal for http");
+
+ private final String message;
+
+ private SecurityError(String message) {
+ this.message = message;
+ }
+
+ public String getCode() {
+ return name();
+ }
+
+ public String getMessage() {
+ return message;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
new file mode 100644
index 0000000..3e6df67
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.utils.ClassUtils;
+
+/**
+ * Create authentication manager.
+ */
+public class SecurityFactory {
+
+ public static AuthenticationHandler getAuthenticationHandler(String handler) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+
+ Class<?> handlerClass = ClassUtils.loadClass(handler);
+
+ if (handlerClass == null) {
+ throw new SqoopException(SecurityError.AUTH_0004,
+ "Authentication Handler Class: " + handler);
+ }
+
+ AuthenticationHandler newHandler;
+ try {
+ newHandler = (AuthenticationHandler) handlerClass.newInstance();
+ } catch (Exception ex) {
+ throw new SqoopException(SecurityError.AUTH_0004,
+ "Authentication Handler Class: " + handler, ex);
+ }
+ return newHandler;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/dist/src/main/server/conf/sqoop.properties
----------------------------------------------------------------------
diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties
index 2ae1aba..e22e8b0 100755
--- a/dist/src/main/server/conf/sqoop.properties
+++ b/dist/src/main/server/conf/sqoop.properties
@@ -144,16 +144,16 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
#
# Authentication configuration
#
-#org.apache.sqoop.authentication.type=SIMPLE
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
-#org.apache.sqoop.authentication.anonymous=true
-#org.apache.sqoop.authentication.type=KERBEROS
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
-#org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.enable.doAs=true
-#org.apache.sqoop.authentication.proxyuser.#USER#.users=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.groups=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file
+#org.apache.sqoop.security.authentication.type=SIMPLE
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
+#org.apache.sqoop.security.authentication.anonymous=true
+#org.apache.sqoop.security.authentication.type=KERBEROS
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
+#org.apache.sqoop.security.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.enable.doAs=true
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.users=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.groups=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
----------------------------------------------------------------------
diff --git a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
index 8f9520e..c38e276 100644
--- a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
+++ b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
@@ -30,7 +30,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop.
::
org.apache.sqoop.authentication.type=SIMPLE
- org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
+ org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
org.apache.sqoop.anonymous=true
- Simple authentication is used by default. Commenting out authentication configuration will yield the use of simple authentication.
@@ -88,7 +88,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop.
::
org.apache.sqoop.authentication.type=KERBEROS
- org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
+ org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@<REALM>
org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@<REALM>
@@ -132,7 +132,7 @@ If the Sqoop server has started successfully with Kerberos authentication, the f
::
- 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
+ 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
If the Sqoop client was able to communicate with the Sqoop server, the following will be in <Sqoop Folder>/server/log/catalina.out:
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
new file mode 100644
index 0000000..db89a2d
--- /dev/null
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security.Authentication;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+import org.apache.sqoop.common.MapContext;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
+
+import java.io.IOException;
+
+public class KerberosAuthenticationHandler extends AuthenticationHandler {
+
+ private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class);
+
+ /**
+ * Principal for Kerberos option value
+ */
+ private String keytabPrincipal;
+
+ public String getKeytabPrincipal() {
+ return keytabPrincipal;
+ }
+
+ /**
+ * Keytab for Kerberos option value
+ */
+ private String keytabFile;
+
+ public String getKeytabFile() {
+ return keytabFile;
+ }
+
+ public void doInitialize() {
+ securityEnabled = true;
+ }
+
+ public void secureLogin() {
+ MapContext mapContext = SqoopConfiguration.getInstance().getContext();
+ String keytab = mapContext.getString(
+ SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
+ if (keytab.length() == 0) {
+ throw new SqoopException(SecurityError.AUTH_0001,
+ SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB);
+ }
+ keytabFile = keytab;
+
+ String principal = mapContext.getString(
+ SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
+ if (principal.length() == 0) {
+ throw new SqoopException(SecurityError.AUTH_0002,
+ SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
+ }
+ keytabPrincipal = principal;
+
+ Configuration conf = new Configuration();
+ conf.set(get_hadoop_security_authentication(),
+ SecurityConstants.TYPE.KERBEROS.name());
+ UserGroupInformation.setConfiguration(conf);
+ try {
+ String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
+ UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
+ } catch (IOException ex) {
+ throw new SqoopException(SecurityError.AUTH_0003, ex);
+ }
+ LOG.info("Using Kerberos authentication, principal ["
+ + principal + "] keytab [" + keytab + "]");
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
new file mode 100644
index 0000000..94f0feb
--- /dev/null
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security.Authentication;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
+
+public class SimpleAuthenticationHandler extends AuthenticationHandler {
+
+ private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class);
+
+ public void doInitialize() {
+ securityEnabled = false;
+ }
+
+ public void secureLogin() {
+ //no secureLogin, just set configurations
+ Configuration conf = new Configuration();
+ conf.set(get_hadoop_security_authentication(),
+ SecurityConstants.TYPE.SIMPLE.name());
+ UserGroupInformation.setConfiguration(conf);
+ LOG.info("Using simple/pseudo authentication, principal ["
+ + System.getProperty("user.name") + "]");
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
deleted file mode 100644
index 57531b8..0000000
--- a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.log4j.Logger;
-import org.apache.sqoop.common.MapContext;
-import org.apache.sqoop.common.SqoopException;
-import org.apache.sqoop.core.SqoopConfiguration;
-
-import java.io.IOException;
-
-public class KerberosAuthenticationHandler extends AuthenticationHandler {
-
- private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class);
-
- /**
- * Principal for Kerberos option value
- */
- private String keytabPrincipal;
-
- public String getKeytabPrincipal() {
- return keytabPrincipal;
- }
-
- /**
- * Keytab for Kerberos option value
- */
- private String keytabFile;
-
- public String getKeytabFile() {
- return keytabFile;
- }
-
- public void doInitialize() {
- securityEnabled = true;
- }
-
- public void secureLogin() {
- MapContext mapContext = SqoopConfiguration.getInstance().getContext();
- String keytab = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
- if (keytab.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0001,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB);
- }
- keytabFile = keytab;
-
- String principal = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
- if (principal.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0002,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
- }
- keytabPrincipal = principal;
-
- Configuration conf = new Configuration();
- conf.set(get_hadoop_security_authentication(),
- AuthenticationConstants.TYPE.KERBEROS.name());
- UserGroupInformation.setConfiguration(conf);
- try {
- String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
- UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
- } catch (IOException ex) {
- throw new SqoopException(AuthenticationError.AUTH_0003, ex);
- }
- LOG.info("Using Kerberos authentication, principal ["
- + principal + "] keytab [" + keytab + "]");
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
deleted file mode 100644
index c93ff89..0000000
--- a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.log4j.Logger;
-
-public class SimpleAuthenticationHandler extends AuthenticationHandler {
-
- private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class);
-
- public void doInitialize() {
- securityEnabled = false;
- }
-
- public void secureLogin() {
- //no secureLogin, just set configurations
- Configuration conf = new Configuration();
- conf.set(get_hadoop_security_authentication(),
- AuthenticationConstants.TYPE.SIMPLE.name());
- UserGroupInformation.setConfiguration(conf);
- LOG.info("Using simple/pseudo authentication, principal ["
- + System.getProperty("user.name") + "]");
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
index 2b6ef34..ddca9d4 100644
--- a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
+++ b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
@@ -19,7 +19,6 @@ package org.apache.sqoop.filter;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
@@ -29,8 +28,8 @@ import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuth
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
-import org.apache.sqoop.security.AuthenticationConstants;
-import org.apache.sqoop.security.AuthenticationError;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
@@ -46,46 +45,46 @@ public class SqoopAuthenticationFilter extends DelegationTokenAuthenticationFilt
Properties properties = new Properties();
MapContext mapContext = SqoopConfiguration.getInstance().getContext();
String type = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_TYPE,
- AuthenticationConstants.TYPE.SIMPLE.name()).trim();
+ SecurityConstants.AUTHENTICATION_TYPE,
+ SecurityConstants.TYPE.SIMPLE.name()).trim();
- if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.KERBEROS.name())) {
+ if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());
String keytab = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
if (keytab.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0005,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
+ throw new SqoopException(SecurityError.AUTH_0005,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
}
String principal = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
if (principal.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0006,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+ throw new SqoopException(SecurityError.AUTH_0006,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
}
String hostPrincipal = "";
try {
hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
} catch (IOException e) {
- throw new SqoopException(AuthenticationError.AUTH_0006,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+ throw new SqoopException(SecurityError.AUTH_0006,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
}
properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
- } else if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.SIMPLE.name())) {
+ } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
- mapContext.getString(AuthenticationConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
+ mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
} else {
- throw new SqoopException(AuthenticationError.AUTH_0004, type);
+ throw new SqoopException(SecurityError.AUTH_0004, type);
}
properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
- AuthenticationConstants.TOKEN_KIND);
+ SecurityConstants.TOKEN_KIND);
return properties;
}