You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by su...@apache.org on 2015/04/02 23:24:59 UTC
[1/2] knox git commit: KNOX-524 adding ehcache dependency and a new
template
Repository: knox
Updated Branches:
refs/heads/master 571d8d2d6 -> 2376b9565
KNOX-524 adding ehcache dependency and a new template
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/fd2bbbbe
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/fd2bbbbe
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/fd2bbbbe
Branch: refs/heads/master
Commit: fd2bbbbe2c3c9143b7a65ab6d4f3a5a513f37fe1
Parents: 74ce27e
Author: Sumit Gupta <su...@apache.org>
Authored: Thu Apr 2 17:23:29 2015 -0400
Committer: Sumit Gupta <su...@apache.org>
Committed: Thu Apr 2 17:23:29 2015 -0400
----------------------------------------------------------------------
gateway-provider-security-shiro/pom.xml | 5 +
.../templates/sandbox.knoxrealm.cacheon.xml | 12 -
.../templates/sandbox.knoxrealm.ehcache.xml | 217 +++++++++++++++++++
pom.xml | 6 +
4 files changed, 228 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/fd2bbbbe/gateway-provider-security-shiro/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/pom.xml b/gateway-provider-security-shiro/pom.xml
index a930a58..b3ba17c 100644
--- a/gateway-provider-security-shiro/pom.xml
+++ b/gateway-provider-security-shiro/pom.xml
@@ -66,6 +66,11 @@
</dependency>
<dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-ehcache</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/fd2bbbbe/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml b/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
index 8fd4811..43dd761 100644
--- a/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
+++ b/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
@@ -92,18 +92,6 @@
<value>member</value>
</param>
-->
- <!--
- If this topology requires authorization then the group lookup can be optimized
- with the following configuration.
- Uncommnent the following if you know that all of the clients for the services
- for which you have routing services defined will be sending JSESSIONID.
-
- It may make sense to isolate those services that you can be sure will be sending
- JSESSIONID - such as ODBC/JDBC drivers for access to HiveServer2.
-
- NOTE: including the following config for clients that DO NOT send JSESSIONID
- will result in authorization failures because group lookup will not be done.
- -->
<param>
<name>main.cacheManager</name>
<value>org.apache.shiro.cache.MemoryConstrainedCacheManager</value>
http://git-wip-us.apache.org/repos/asf/knox/blob/fd2bbbbe/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml b/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
new file mode 100644
index 0000000..d861700
--- /dev/null
+++ b/gateway-release/home/templates/sandbox.knoxrealm.ehcache.xml
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<topology>
+
+ <gateway>
+
+ <provider>
+ <role>authentication</role>
+ <name>ShiroProvider</name>
+ <enabled>true</enabled>
+ <!--
+ session timeout in minutes, this is really idle timeout,
+ defaults to 30mins, if the property value is not defined,,
+ current client authentication would expire if client idles contiuosly for more than this value
+ -->
+ <!-- defaults to: 30 minutes
+ <param>
+ <name>sessionTimeout</name>
+ <value>30</value>
+ </param>
+ -->
+
+ <!--
+ Use single KnoxLdapRealm to do authentication and ldap group look up
+ -->
+ <param>
+ <name>main.ldapRealm</name>
+ <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+ </param>
+ <param>
+ <name>main.ldapGroupContextFactory</name>
+ <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory</name>
+ <value>$ldapGroupContextFactory</value>
+ </param>
+ <!-- defaults to: simple
+ <param>
+ <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+ <value>simple</value>
+ </param>
+ -->
+ <param>
+ <name>main.ldapRealm.contextFactory.url</name>
+ <value>ldap://localhost:33389</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.userDnTemplate</name>
+ <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+
+ <param>
+ <name>main.ldapRealm.authorizationEnabled</name>
+ <!-- defaults to: false -->
+ <value>true</value>
+ </param>
+ <!-- defaults to: simple
+ <param>
+ <name>main.ldapRealm.contextFactory.systemAuthenticationMechanism</name>
+ <value>simple</value>
+ </param>
+ -->
+ <param>
+ <name>main.ldapRealm.searchBase</name>
+ <value>ou=groups,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <!-- defaults to: groupOfNames
+ <param>
+ <name>main.ldapRealm.groupObjectClass</name>
+ <value>groupOfNames</value>
+ </param>
+ -->
+ <!-- defaults to: member
+ <param>
+ <name>main.ldapRealm.memberAttribute</name>
+ <value>member</value>
+ </param>
+ -->
+ <!--
+ The ehcache can be configured further by placing a ehcache.xml file
+ in an appropriate location in classpath.
+ For example: cacheManager.cacheManagerConfigFile = classpath:ehcache.xml
+ <param>
+ <name>main.cacheManager.cacheManagerConfigFile</name>
+ <value>classpath:ehcache.xml</value>
+ </param>
+
+ -->
+ <param>
+ <name>main.cacheManager</name>
+ <value>org.apache.shiro.cache.ehcache.EhCacheManager</value>
+ </param>
+ <param>
+ <name>main.securityManager.cacheManager</name>
+ <value>$cacheManager</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.authenticationCachingEnabled</name>
+ <value>true</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.memberAttributeValueTemplate</name>
+ <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.systemUsername</name>
+ <value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.systemPassword</name>
+ <value>guest-password</value>
+ </param>
+
+ <param>
+ <name>urls./**</name>
+ <value>authcBasic</value>
+ </param>
+
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Default</name>
+ <enabled>true</enabled>
+ <param>
+ <name>group.principal.mapping</name>
+ <value>*=users</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>authorization</role>
+ <name>AclsAuthz</name>
+ <enabled>true</enabled>
+ <param>
+ <name>webhdfs.acl</name>
+ <value>*;analyst;*</value>
+ </param>
+ </provider>
+
+ <!--
+ Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names.
+ For example, a hadoop service running in AWS may return a response that includes URLs containing the
+ some AWS internal host name. If the client needs to make a subsequent request to the host identified
+ in those URLs they need to be mapped to external host names that the client Knox can use to connect.
+
+ If the external hostname and internal host names are same turn of this provider by setting the value of
+ enabled parameter as false.
+
+ The name parameter specifies the external host names in a comma separated list.
+ The value parameter specifies corresponding internal host names in a comma separated list.
+
+ Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out
+ of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the
+ Hadoop services using localhost. In real clusters, external host names would almost never be localhost.
+ -->
+ <provider>
+ <role>hostmap</role>
+ <name>static</name>
+ <enabled>true</enabled>
+ <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>NAMENODE</role>
+ <url>hdfs://localhost:8020</url>
+ </service>
+
+ <service>
+ <role>JOBTRACKER</role>
+ <url>rpc://localhost:8050</url>
+ </service>
+
+ <service>
+ <role>WEBHDFS</role>
+ <url>http://localhost:50070/webhdfs</url>
+ </service>
+
+ <service>
+ <role>WEBHCAT</role>
+ <url>http://localhost:50111/templeton</url>
+ </service>
+
+ <service>
+ <role>OOZIE</role>
+ <url>http://localhost:11000/oozie</url>
+ </service>
+
+ <service>
+ <role>WEBHBASE</role>
+ <url>http://localhost:60080</url>
+ </service>
+
+ <service>
+ <role>HIVE</role>
+ <url>http://localhost:10000</url>
+ </service>
+
+</topology>
http://git-wip-us.apache.org/repos/asf/knox/blob/fd2bbbbe/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 9bba00a..9c283b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -906,6 +906,12 @@
<version>1.2.3</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-ehcache</artifactId>
+ <version>1.2.3</version>
+ </dependency>
+
<!-- Html pull parser. EPLv1 license -->
<dependency>
<groupId>net.htmlparser.jericho</groupId>
[2/2] knox git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/knox
Posted by su...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/knox
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/2376b956
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/2376b956
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/2376b956
Branch: refs/heads/master
Commit: 2376b9565bf23a0b3122926c493b5cc0fd3e1341
Parents: fd2bbbb 571d8d2
Author: Sumit Gupta <su...@apache.org>
Authored: Thu Apr 2 17:24:44 2015 -0400
Committer: Sumit Gupta <su...@apache.org>
Committed: Thu Apr 2 17:24:44 2015 -0400
----------------------------------------------------------------------
.../hadoop/gateway/services/registry/impl/RegEntry.java | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
----------------------------------------------------------------------