You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@falcon.apache.org by ra...@apache.org on 2014/10/26 00:05:45 UTC
git commit: FALCON-838 Add support for https in merlin. Contributed
by Ruslan Ostafiychuk and Raghav Kumar Gautam
Repository: incubator-falcon
Updated Branches:
refs/heads/master ebb5d4c69 -> 3c5edec9d
FALCON-838 Add support for https in merlin. Contributed by Ruslan Ostafiychuk and Raghav Kumar Gautam
Project: http://git-wip-us.apache.org/repos/asf/incubator-falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-falcon/commit/3c5edec9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-falcon/tree/3c5edec9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-falcon/diff/3c5edec9
Branch: refs/heads/master
Commit: 3c5edec9daea46c6c10a8a808d3b68ea8fa0601f
Parents: ebb5d4c
Author: Raghav Kumar Gautam <ra...@apache.org>
Authored: Sat Oct 25 15:05:19 2014 -0700
Committer: Raghav Kumar Gautam <ra...@apache.org>
Committed: Sat Oct 25 15:05:19 2014 -0700
----------------------------------------------------------------------
falcon-regression/CHANGES.txt | 3 ++
.../org/apache/falcon/request/BaseRequest.java | 40 +++++++++++++++++++-
.../security/FalconAuthorizationToken.java | 20 +++++++++-
3 files changed, 61 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/CHANGES.txt
----------------------------------------------------------------------
diff --git a/falcon-regression/CHANGES.txt b/falcon-regression/CHANGES.txt
index aa33b18..93f49eb 100644
--- a/falcon-regression/CHANGES.txt
+++ b/falcon-regression/CHANGES.txt
@@ -5,6 +5,9 @@ Trunk (Unreleased)
INCOMPATIBLE CHANGES
NEW FEATURES
+ FALCON-838 Add support for https in merlin (Raghav Kumar Gautam and
+ Ruslan Ostafiychuk via Raghav Kumar Gautam)
+
FALCON-746 Add ACL validation and enforcement tests (Raghav Kumar Gautam via Ruslan Ostafiychuk)
FALCON-743 Adding tests for cases related to usage of pipelines tag
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java
----------------------------------------------------------------------
diff --git a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java
index 549b986..7244fb7 100644
--- a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java
+++ b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java
@@ -18,6 +18,7 @@
package org.apache.falcon.request;
+import org.apache.commons.net.util.TrustManagerUtils;
import org.apache.falcon.regression.core.interfaces.IEntityManagerHelper;
import org.apache.falcon.security.FalconAuthorizationToken;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
@@ -29,19 +30,28 @@ import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
+import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.http.message.BasicHeader;
import org.apache.log4j.Logger;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
@@ -57,6 +67,25 @@ public class BaseRequest {
private String user;
private URI uri;
private HttpHost target;
+ private static final SSLSocketFactory SSL_SOCKET_FACTORY;
+
+ static {
+ try {
+ SSLContext ssl = getSslContext();
+ SSL_SOCKET_FACTORY = new SSLSocketFactory(ssl, new AllowAllHostnameVerifier());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static SSLContext getSslContext() throws Exception {
+ SSLContext sslContext = SSLContext.getInstance("SSL");
+ sslContext.init(
+ null,
+ new TrustManager[]{TrustManagerUtils.getValidateServerCertificateTrustManager()},
+ new SecureRandom());
+ return sslContext;
+ }
public BaseRequest(String url, String method, String user) throws URISyntaxException {
this(url, method, user, null);
@@ -121,7 +150,16 @@ public class BaseRequest {
uri.getHost(), uri.getPort());
request.addHeader(RequestKeys.COOKIE, RequestKeys.AUTH_COOKIE_EQ + token);
}
- DefaultHttpClient client = new DefaultHttpClient();
+
+ HttpClient client;
+ if (uri.toString().startsWith("https")) {
+ SchemeRegistry schemeRegistry = new SchemeRegistry();
+ schemeRegistry.register(new Scheme("https", uri.getPort(), SSL_SOCKET_FACTORY));
+ BasicClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
+ client = new DefaultHttpClient(cm);
+ } else {
+ client = new DefaultHttpClient();
+ }
LOGGER.info("Request Url: " + request.getRequestLine().getUri());
LOGGER.info("Request Method: " + request.getRequestLine().getMethod());
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java
----------------------------------------------------------------------
diff --git a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java
index f5a075e..1af999e 100644
--- a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java
+++ b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java
@@ -18,12 +18,16 @@
package org.apache.falcon.security;
+import org.apache.falcon.request.BaseRequest;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.log4j.Logger;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
import java.io.IOException;
import java.net.URL;
import java.util.concurrent.ConcurrentHashMap;
@@ -42,7 +46,14 @@ public final class FalconAuthorizationToken {
private FalconAuthorizationToken() {
}
- public static void authenticate(String user, String protocol, String host,
+ public static final HostnameVerifier ALL_TRUSTING_HOSTNAME_VERIFIER = new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession sslSession) {
+ return true;
+ }
+ };
+
+ private static void authenticate(String user, String protocol, String host,
int port)
throws IOException, AuthenticationException {
URL url = new URL(String.format("%s://%s:%d/%s", protocol, host, port,
@@ -52,6 +63,13 @@ public final class FalconAuthorizationToken {
/*using KerberosAuthenticator which falls back to PsuedoAuthenticator
instead of passing authentication type from the command line - bad factory*/
+ try {
+ HttpsURLConnection.setDefaultSSLSocketFactory(BaseRequest.getSslContext()
+ .getSocketFactory());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ HttpsURLConnection.setDefaultHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER);
new AuthenticatedURL(AUTHENTICATOR).openConnection(url, currentToken);
String key = getKey(user, protocol, host, port);