/** * Creates {@link ChannelAuthenticator} instance. * * @param subject javax subject to use for authentication * @param conf Alluxio configuration */ public ChannelAuthenticator(Subject subject, AlluxioConfiguration conf) { mUseSubject = true; mChannelId = UUID.randomUUID(); mParentSubject = subject; mAuthType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); mSecurityEnabled = SecurityUtils.isSecurityEnabled(conf); mGrpcAuthTimeoutMs = conf.getMs(PropertyKey.MASTER_GRPC_CHANNEL_AUTH_TIMEOUT); }
@Override public List<ServerInterceptor> getInterceptors() { if (!SecurityUtils.isSecurityEnabled(mConfiguration)) { return Collections.emptyList(); } List<ServerInterceptor> interceptorsList = new ArrayList<>(2); AuthType authType = mConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); checkSupported(authType); switch (authType) { case SIMPLE: case CUSTOM: interceptorsList.add(new AuthenticatedUserInjector(this)); break; default: throw new RuntimeException("Unsupported authentication type:" + authType); } return interceptorsList; }
@Override public void run() { try { if (SecurityUtils.isSecurityEnabled(mConfiguration) && AuthenticatedClientUser.get(mConfiguration) == null) { AuthenticatedClientUser.set(LoginUser.get(mConfiguration).getName()); } } catch (IOException e) { LOG.error("Failed to set AuthenticatedClientUser in HeartbeatThread."); } // set the thread name Thread.currentThread().setName(mThreadName); try { // Thread.interrupted() clears the interrupt status. Do not call interrupt again to clear it. while (!Thread.interrupted()) { // TODO(peis): Fix this. The current implementation consumes one thread even when ticking. mTimer.tick(); mExecutor.heartbeat(); } } catch (InterruptedException e) { // Allow thread to exit. } catch (Exception e) { LOG.error("Uncaught exception in heartbeat executor, Heartbeat Thread shutting down", e); } finally { mExecutor.close(); } } }
/** * Calls the given {@link RestUtils.RestCallable} and handles any exceptions thrown. * * @param <T> the return type of the callable * @param callable the callable to call * @param alluxioConf Alluxio configuration * @param headers the headers * @return the response object */ public static <T> Response call(RestUtils.RestCallable<T> callable, AlluxioConfiguration alluxioConf, @Nullable Map<String, Object> headers) { try { // TODO(cc): reconsider how to enable authentication if (SecurityUtils.isSecurityEnabled(alluxioConf) && AuthenticatedClientUser.get(alluxioConf) == null) { AuthenticatedClientUser.set(LoginUser.get(alluxioConf).getName()); } } catch (IOException e) { LOG.warn("Failed to set AuthenticatedClientUser in REST service handler: {}", e.getMessage()); return createErrorResponse(e, alluxioConf); } try { return createResponse(callable.call(), alluxioConf, headers); } catch (Exception e) { LOG.warn("Unexpected error invoking rest endpoint: {}", e.getMessage()); return createErrorResponse(e, alluxioConf); } }
if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && AuthenticatedClientUser.get(ServerConfiguration.global()) == null) { AuthenticatedClientUser.set(LoginUser.get(ServerConfiguration.global()).getName());
/** * Calls the given {@link S3RestUtils.RestCallable} and handles any exceptions thrown. * * @param <T> the return type of the callable * @param resource the resource (bucket or object) to be operated on * @param callable the callable to call * @return the response object */ public static <T> Response call(String resource, S3RestUtils.RestCallable<T> callable) { try { // TODO(cc): reconsider how to enable authentication if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && AuthenticatedClientUser.get(ServerConfiguration.global()) == null) { AuthenticatedClientUser.set(LoginUser.get(ServerConfiguration.global()).getName()); } } catch (IOException e) { LOG.warn("Failed to set AuthenticatedClientUser in REST service handler: {}", e.getMessage()); return createErrorResponse(new S3Exception(e, resource, S3ErrorCode.INTERNAL_ERROR)); } try { return createResponse(callable.call()); } catch (S3Exception e) { LOG.warn("Unexpected error invoking REST endpoint: {}", e.getErrorCode().getDescription()); return createErrorResponse(e); } }
private void printLsString(URIStatus status, boolean hSize) { // detect the extended acls boolean hasExtended = status.getAcl().hasExtended() || !status.getDefaultAcl().isEmpty(); System.out.print(formatLsString(hSize, SecurityUtils.isSecurityEnabled(mFsContext.getConf()), status.isFolder(), FormatUtils.formatMode((short) status.getMode(), status.isFolder(), hasExtended), status.getOwner(), status.getGroup(), status.getLength(), status.getLastModificationTimeMs(), status.getInAlluxioPercentage(), status.getPersistenceState(), status.getPath(), mFsContext.getConf().get(PropertyKey.USER_DATE_FORMAT_PATTERN))); }
return response; if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && AuthenticatedClientUser.get(ServerConfiguration.global()) == null) { AuthenticatedClientUser.set(LoginUser.get(ServerConfiguration.global()).getName());
if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && !root.getOwner().isEmpty() && !root.getOwner().equals(serverOwner)) {
@Override public void run() { try { if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName()); } } catch (IOException e) { LOG.error("Failed to set AuthenticatedClientUser in HeartbeatThread."); } // set the thread name Thread.currentThread().setName(mThreadName); try { // Thread.interrupted() clears the interrupt status. Do not call interrupt again to clear it. while (!Thread.interrupted()) { // TODO(peis): Fix this. The current implementation consumes one thread even when ticking. mTimer.tick(); mExecutor.heartbeat(); } } catch (InterruptedException e) { LOG.info("Hearbeat {} is interrupted.", mThreadName); } catch (Exception e) { LOG.error("Uncaught exception in heartbeat executor, Heartbeat Thread shutting down", e); } finally { mExecutor.close(); } } }
/** * Calls the given {@link RestUtils.RestCallable} and handles any exceptions thrown. * * @param <T> the return type of the callable * @param callable the callable to call * @return the response object */ public static <T> Response call(RestUtils.RestCallable<T> callable) { try { // TODO(cc): reconsider how to enable authentication if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName()); } } catch (IOException e) { LOG.warn("Failed to set AuthenticatedClientUser in REST service handler: {}", e.getMessage()); return createErrorResponse(e); } try { return createResponse(callable.call()); } catch (Exception e) { LOG.warn("Unexpected error invoking rest endpoint: {}", e.getMessage()); return createErrorResponse(e); } }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName());
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName());
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName());
/** * Calls the given {@link S3RestUtils.RestCallable} and handles any exceptions thrown. * * @param <T> the return type of the callable * @param resource the resource (bucket or object) to be operated on * @param callable the callable to call * @return the response object */ public static <T> Response call(String resource, S3RestUtils.RestCallable<T> callable) { try { // TODO(cc): reconsider how to enable authentication if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) { AuthenticatedClientUser.set(LoginUser.get().getName()); } } catch (IOException e) { LOG.warn("Failed to set AuthenticatedClientUser in REST service handler: {}", e.getMessage()); return createErrorResponse(new S3Exception(e, resource, S3ErrorCode.INTERNAL_ERROR)); } try { return createResponse(callable.call()); } catch (S3Exception e) { LOG.warn("Unexpected error invoking REST endpoint: {}", e.getErrorCode().getDescription()); return createErrorResponse(e); } }
if (SecurityUtils.isSecurityEnabled() && !root.getOwner().isEmpty() && !root.getOwner().equals(serverOwner)) {