Package org.apache.storm.security.auth
Class ClientAuthUtils
java.lang.Object
org.apache.storm.security.auth.ClientAuthUtils
- 
Field SummaryFields
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionstatic booleanareWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not.static booleanareWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).static KerberosTicketcloneKerberosTicket(KerberosTicket kerberosTicket) static KerberosTicketdeserializeKerberosTicket(byte[] tgtBytes) static WorkerTokenfindWorkerToken(Subject subject, WorkerTokenServiceType type) Find a worker token in a given subject with a given token type.static StringPull a the value given section and key from Configuration.static Collection<IAutoCredentials>getAutoCredentials(Map<String, Object> topoConf) Get all of the configured AutoCredential Plugins.static ConfigurationgetConfiguration(Map<String, Object> topoConf) Construct a JAAS configuration object per storm configuration file.static Collection<ICredentialsRenewer>getCredentialRenewers(Map<String, Object> conf) Get all of the configured Credential Renewer Plugins.static AppConfigurationEntry[]getEntries(Configuration configuration, String section) Get configurations for a section.static IGroupMappingServiceProviderConstruct a group mapping service provider plugin.static StringgetJaasConf(Map<String, Object> topoConf) static Collection<INimbusCredentialPlugin>getNimbusAutoCredPlugins(Map<String, Object> conf) Get all the Nimbus Auto cred plugins.static IPrincipalToLocalgetPrincipalToLocalPlugin(Map<String, Object> topoConf) Construct a principal to local plugin.static ITransportPlugingetTransportPlugin(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration.static WorkerTokenInfoGet and deserialize the WorkerTokenInfo in the worker token.static StringmakeDigestPayload(Map<String, Object> topoConf, String configSection) static SubjectpopulateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.pullConfig(Map<String, Object> topoConf, String section) Pull a set of keys out of a Configuration.static WorkerTokenreadWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.static byte[]static byte[]Turn a WorkerTokenInfo in a byte array.static voidsetWorkerToken(Map<String, String> credentials, WorkerToken token) Store a worker token in some credentials.static voidupdateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.static StringGet the key used to store a WorkerToken in the credentials map.
- 
Field Details- 
LOGIN_CONTEXT_SERVER- See Also:
 
- 
LOGIN_CONTEXT_CLIENT- See Also:
 
- 
LOGIN_CONTEXT_PACEMAKER_DIGEST- See Also:
 
- 
LOGIN_CONTEXT_PACEMAKER_SERVER- See Also:
 
- 
LOGIN_CONTEXT_PACEMAKER_CLIENT- See Also:
 
- 
SERVICE- See Also:
 
 
- 
- 
Constructor Details- 
ClientAuthUtilspublic ClientAuthUtils()
 
- 
- 
Method Details- 
getJaasConf
- 
getConfigurationConstruct a JAAS configuration object per storm configuration file.- Parameters:
- topoConf- Storm configuration
- Returns:
- JAAS configuration object
 
- 
getEntriespublic static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException Get configurations for a section.- Parameters:
- configuration- The config to pull the key/value pairs out of.
- section- The app configuration entry name to get stuff from.
- Returns:
- Return array of config entries or null if configuration is null
- Throws:
- IOException
 
- 
pullConfigpublic static SortedMap<String,?> pullConfig(Map<String, Object> topoConf, String section) throws IOExceptionPull a set of keys out of a Configuration.- Parameters:
- topoConf- The config containing the jaas conf file.
- section- The app configuration entry name to get stuff from.
- Returns:
- Return a map of the configs in conf.
- Throws:
- IOException
 
- 
getpublic static String get(Map<String, Object> topoConf, String section, String key) throws IOExceptionPull a the value given section and key from Configuration.- Parameters:
- topoConf- The config containing the jaas conf file.
- section- The app configuration entry name to get stuff from.
- key- The key to look up inside of the section
- Returns:
- Return a the String value of the configuration value
- Throws:
- IOException
 
- 
getPrincipalToLocalPluginConstruct a principal to local plugin.- Parameters:
- topoConf- storm configuration
- Returns:
- the plugin
 
- 
getGroupMappingServiceProviderPluginpublic static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String, Object> conf) Construct a group mapping service provider plugin.- Parameters:
- conf- daemon configuration
- Returns:
- the plugin
 
- 
getCredentialRenewersGet all of the configured Credential Renewer Plugins.- Parameters:
- conf- the storm configuration to use.
- Returns:
- the configured credential renewers.
 
- 
getNimbusAutoCredPluginsGet all the Nimbus Auto cred plugins.- Parameters:
- conf- nimbus configuration to use.
- Returns:
- nimbus auto credential plugins.
 
- 
getAutoCredentialsGet all of the configured AutoCredential Plugins.- Parameters:
- topoConf- the storm configuration to use.
- Returns:
- the configured auto credentials.
 
- 
workerTokenCredentialsKeyGet the key used to store a WorkerToken in the credentials map.- Parameters:
- type- the type of service to get.
- Returns:
- the key as a String.
 
- 
readWorkerTokenpublic static WorkerToken readWorkerToken(Map<String, String> credentials, WorkerTokenServiceType type) Read a WorkerToken out of credentials for the given type.- Parameters:
- credentials- the credentials map.
- type- the type of service we are looking for.
- Returns:
- the deserialized WorkerToken or null if none could be found.
 
- 
setWorkerTokenStore a worker token in some credentials. It can be pulled back out by calling readWorkerToken.- Parameters:
- credentials- the credentials map.
- token- the token you want to store.
 
- 
findWorkerTokenFind a worker token in a given subject with a given token type.- Parameters:
- subject- what to look in.
- type- the type of token to look for.
- Returns:
- the token or null.
 
- 
areWorkerTokensEnabledServerpublic static boolean areWorkerTokensEnabledServer(MultiThriftServer<?> multiThriftServer, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not.- Parameters:
- multiThriftServer- a collection of Thrift servers to know if the transport support tokens or not. No need to create a token if the transport does not support it.
- conf- the daemon configuration to be sure the tokens are secure.
- Returns:
- true if we can enable them, else false.
 
- 
areWorkerTokensEnabledServerpublic static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String, Object> conf) Check if worker tokens should be enabled on the server side or not (for a given server).- Parameters:
- connectionType- the type of server this is for.
- conf- the daemon configuration to be sure the tokens are secure.
- Returns:
- true if we can enable them, else false.
 
- 
serializeWorkerTokenInfoTurn a WorkerTokenInfo in a byte array.- Parameters:
- wti- what to serialize.
- Returns:
- the resulting byte array.
 
- 
getWorkerTokenInfoGet and deserialize the WorkerTokenInfo in the worker token.- Parameters:
- wt- the token.
- Returns:
- the deserialized info.
 
- 
populateSubjectpublic static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Populate a subject from credentials using the IAutoCredentials.- Parameters:
- subject- the subject to populate or null if a new Subject should be created.
- autos- the IAutoCredentials to call to populate the subject.
- credentials- the credentials to pull from
- Returns:
- the populated subject.
 
- 
updateSubjectpublic static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String, String> credentials) Update a subject from credentials using the IAutoCredentials.- Parameters:
- subject- the subject to update
- autos- the IAutoCredentials to call to update the subject.
- credentials- the credentials to pull from
 
- 
getTransportPluginpublic static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String, Object> topoConf) Construct a transport plugin per storm configuration.
- 
makeDigestPayload
- 
serializeKerberosTicket- Throws:
- Exception
 
- 
deserializeKerberosTicket
- 
cloneKerberosTicket
 
-