001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.hadoop.fs.http.server; 019 020 import org.apache.hadoop.classification.InterfaceAudience; 021 import org.apache.hadoop.conf.Configuration; 022 import org.apache.hadoop.security.authentication.server.AuthenticationFilter; 023 import javax.servlet.FilterConfig; 024 import java.io.FileReader; 025 import java.io.IOException; 026 import java.io.Reader; 027 import java.util.Map; 028 import java.util.Properties; 029 030 /** 031 * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its configuration 032 * from HttpFSServer's server configuration. 033 */ 034 @InterfaceAudience.Private 035 public class HttpFSAuthenticationFilter extends AuthenticationFilter { 036 private static final String CONF_PREFIX = "httpfs.authentication."; 037 038 private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET + ".file"; 039 040 /** 041 * Returns the hadoop-auth configuration from HttpFSServer's configuration. 042 * <p/> 043 * It returns all HttpFSServer's configuration properties prefixed with 044 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code> 045 * prefix is removed from the returned property names. 046 * 047 * @param configPrefix parameter not used. 048 * @param filterConfig parameter not used. 049 * 050 * @return hadoop-auth configuration read from HttpFSServer's configuration. 051 */ 052 @Override 053 protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { 054 Properties props = new Properties(); 055 Configuration conf = HttpFSServerWebApp.get().getConfig(); 056 057 props.setProperty(AuthenticationFilter.COOKIE_PATH, "/"); 058 for (Map.Entry<String, String> entry : conf) { 059 String name = entry.getKey(); 060 if (name.startsWith(CONF_PREFIX)) { 061 String value = conf.get(name); 062 name = name.substring(CONF_PREFIX.length()); 063 props.setProperty(name, value); 064 } 065 } 066 067 if (props.getProperty(AUTH_TYPE).equals("kerberos")) { 068 props.setProperty(AUTH_TYPE, 069 HttpFSKerberosAuthenticationHandler.class.getName()); 070 } 071 072 String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null); 073 if (signatureSecretFile == null) { 074 throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE); 075 } 076 077 try { 078 StringBuilder secret = new StringBuilder(); 079 Reader reader = new FileReader(signatureSecretFile); 080 int c = reader.read(); 081 while (c > -1) { 082 secret.append((char)c); 083 c = reader.read(); 084 } 085 reader.close(); 086 props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString()); 087 } catch (IOException ex) { 088 throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile); 089 } 090 return props; 091 } 092 093 }