001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018 package org.apache.hadoop.fs.http.server;
019
020 import org.apache.hadoop.classification.InterfaceAudience;
021 import org.apache.hadoop.conf.Configuration;
022 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
023 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
024
025 import javax.servlet.FilterConfig;
026 import javax.servlet.ServletException;
027 import java.io.FileReader;
028 import java.io.IOException;
029 import java.io.Reader;
030 import java.util.Map;
031 import java.util.Properties;
032
033 /**
034 * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its configuration
035 * from HttpFSServer's server configuration.
036 */
037 @InterfaceAudience.Private
038 public class HttpFSAuthenticationFilter
039 extends DelegationTokenAuthenticationFilter {
040
041 private static final String CONF_PREFIX = "httpfs.authentication.";
042
043 private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET + ".file";
044
045 /**
046 * Returns the hadoop-auth configuration from HttpFSServer's configuration.
047 * <p/>
048 * It returns all HttpFSServer's configuration properties prefixed with
049 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code>
050 * prefix is removed from the returned property names.
051 *
052 * @param configPrefix parameter not used.
053 * @param filterConfig parameter not used.
054 *
055 * @return hadoop-auth configuration read from HttpFSServer's configuration.
056 */
057 @Override
058 protected Properties getConfiguration(String configPrefix,
059 FilterConfig filterConfig) throws ServletException{
060 Properties props = new Properties();
061 Configuration conf = HttpFSServerWebApp.get().getConfig();
062
063 props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
064 for (Map.Entry<String, String> entry : conf) {
065 String name = entry.getKey();
066 if (name.startsWith(CONF_PREFIX)) {
067 String value = conf.get(name);
068 name = name.substring(CONF_PREFIX.length());
069 props.setProperty(name, value);
070 }
071 }
072
073 String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null);
074 if (signatureSecretFile == null) {
075 throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE);
076 }
077
078 try {
079 StringBuilder secret = new StringBuilder();
080 Reader reader = new FileReader(signatureSecretFile);
081 int c = reader.read();
082 while (c > -1) {
083 secret.append((char)c);
084 c = reader.read();
085 }
086 reader.close();
087 props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString());
088 } catch (IOException ex) {
089 throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile);
090 }
091 return props;
092 }
093
094 protected Configuration getProxyuserConfiguration(FilterConfig filterConfig) {
095 Map<String, String> proxyuserConf = HttpFSServerWebApp.get().getConfig().
096 getValByRegex("httpfs\\.proxyuser\\.");
097 Configuration conf = new Configuration(false);
098 for (Map.Entry<String, String> entry : proxyuserConf.entrySet()) {
099 conf.set(entry.getKey().substring("httpfs.".length()), entry.getValue());
100 }
101 return conf;
102 }
103
104 }