svn merge -c 1163852 from trunk for HADOOP-7579. Contributed by Alejandro Abdelnur
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23@1163856 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2572c7c434
commit
8af6ddf8ec
|
@ -17,16 +17,16 @@
|
|||
<parent>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-project</artifactId>
|
||||
<version>0.23.0-SNAPSHOT</version>
|
||||
<relativePath>../hadoop-project</relativePath>
|
||||
<version>0.24.0-SNAPSHOT</version>
|
||||
<relativePath>../../hadoop-project</relativePath>
|
||||
</parent>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-alfredo-examples</artifactId>
|
||||
<version>0.23.0-SNAPSHOT</version>
|
||||
<artifactId>hadoop-auth-examples</artifactId>
|
||||
<version>0.24.0-SNAPSHOT</version>
|
||||
<packaging>war</packaging>
|
||||
|
||||
<name>Hadoop Alfredo Examples</name>
|
||||
<description>Hadoop Alfredo - Java HTTP SPNEGO Examples</description>
|
||||
<name>Apache Hadoop Auth Examples</name>
|
||||
<description>Apache Hadoop Auth Examples - Java HTTP SPNEGO</description>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
|
@ -36,7 +36,7 @@
|
|||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-alfredo</artifactId>
|
||||
<artifactId>hadoop-auth</artifactId>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
@ -53,6 +53,18 @@
|
|||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<configuration>
|
||||
<warName>hadoop-auth-examples</warName>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-deploy-plugin</artifactId>
|
||||
<configuration>
|
||||
<skip>true</skip>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>exec-maven-plugin</artifactId>
|
||||
|
@ -64,7 +76,7 @@
|
|||
</execution>
|
||||
</executions>
|
||||
<configuration>
|
||||
<mainClass>org.apache.hadoop.alfredo.examples.WhoClient</mainClass>
|
||||
<mainClass>org.apache.hadoop.security.authentication.examples.WhoClient</mainClass>
|
||||
<arguments>
|
||||
<argument>${url}</argument>
|
||||
</arguments>
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.examples;
|
||||
package org.apache.hadoop.security.authentication.examples;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.examples;
|
||||
package org.apache.hadoop.security.authentication.examples;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.examples;
|
||||
package org.apache.hadoop.security.authentication.examples;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
|
@ -16,4 +16,4 @@ log4j.appender.test.Target=System.out
|
|||
log4j.appender.test.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.test.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n
|
||||
|
||||
log4j.logger.org.apache.hadoop.alfredo=DEBUG, test
|
||||
log4j.logger.org.apache.hadoop.security.authentication=DEBUG, test
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
<servlet>
|
||||
<servlet-name>whoServlet</servlet-name>
|
||||
<servlet-class>org.apache.hadoop.alfredo.examples.WhoServlet</servlet-class>
|
||||
<servlet-class>org.apache.hadoop.security.authentication.examples.WhoServlet</servlet-class>
|
||||
</servlet>
|
||||
|
||||
<servlet-mapping>
|
||||
|
@ -36,12 +36,12 @@
|
|||
|
||||
<filter>
|
||||
<filter-name>requestLoggerFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.examples.RequestLoggerFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.authentication.examples.RequestLoggerFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>anonymousFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.server.AuthenticationFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.authentication.server.AuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>type</param-name>
|
||||
<param-value>simple</param-value>
|
||||
|
@ -58,7 +58,7 @@
|
|||
|
||||
<filter>
|
||||
<filter-name>simpleFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.server.AuthenticationFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.authentication.server.AuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>type</param-name>
|
||||
<param-value>simple</param-value>
|
||||
|
@ -75,7 +75,7 @@
|
|||
|
||||
<filter>
|
||||
<filter-name>kerberosFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.server.AuthenticationFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.authentication.server.AuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>type</param-name>
|
||||
<param-value>kerberos</param-value>
|
|
@ -13,6 +13,6 @@
|
|||
-->
|
||||
<html>
|
||||
<body>
|
||||
<h1>Hello Hadoop Alfredo Pseudo/Simple Authentication with anonymous users!</h1>
|
||||
<h1>Hello Hadoop Auth Pseudo/Simple Authentication with anonymous users!</h1>
|
||||
</body>
|
||||
</html>
|
|
@ -13,6 +13,6 @@
|
|||
-->
|
||||
<html>
|
||||
<body>
|
||||
<h1>Hello Hadoop Alfredo Examples</h1>
|
||||
<h1>Hello Hadoop Auth Examples!</h1>
|
||||
</body>
|
||||
</html>
|
|
@ -13,6 +13,6 @@
|
|||
-->
|
||||
<html>
|
||||
<body>
|
||||
<h1>Hello Hadoop Alfredo Pseudo/Simple Authentication!</h1>
|
||||
<h1>Hello Hadoop Auth Kerberos SPNEGO Authentication!</h1>
|
||||
</body>
|
||||
</html>
|
|
@ -13,6 +13,6 @@
|
|||
-->
|
||||
<html>
|
||||
<body>
|
||||
<h1>Hello Hadoop Alfredo Kerberos SPNEGO Authentication!</h1>
|
||||
<h1>Hello Hadoop Auth Pseudo/Simple Authentication!</h1>
|
||||
</body>
|
||||
</html>
|
|
@ -1,20 +1,20 @@
|
|||
|
||||
Build instructions for Hadoop Alfredo
|
||||
Build instructions for Hadoop Auth
|
||||
|
||||
Same as for Hadoop.
|
||||
|
||||
For more details refer to the Alfredo documentation pages.
|
||||
For more details refer to the Hadoop Auth documentation pages.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
Caveats:
|
||||
|
||||
* Alfredo has profile to enable Kerberos testcases (testKerberos)
|
||||
* Hadoop Auth has profile to enable Kerberos testcases (testKerberos)
|
||||
|
||||
To run Kerberos testcases a KDC, 2 kerberos principals and a keytab file
|
||||
are required (refer to the Alfredo documentation pages for details).
|
||||
are required (refer to the Hadoop Auth documentation pages for details).
|
||||
|
||||
* Alfredo does not have a distribution profile (dist)
|
||||
* Hadoop Auth does not have a distribution profile (dist)
|
||||
|
||||
* Alfredo does not have a native code profile (native)
|
||||
* Hadoop Auth does not have a native code profile (native)
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
Hadoop Alfredo, Java HTTP SPNEGO
|
||||
Hadoop Auth, Java HTTP SPNEGO
|
||||
|
||||
Hadoop Alfredo is a Java library consisting of a client and a server
|
||||
Hadoop Auth is a Java library consisting of a client and a server
|
||||
components to enable Kerberos SPNEGO authentication for HTTP.
|
||||
|
||||
The client component is the AuthenticatedURL class.
|
||||
|
@ -10,6 +10,6 @@ The server component is the AuthenticationFilter servlet filter class.
|
|||
Authentication mechanisms support is pluggable in both the client and
|
||||
the server components via interfaces.
|
||||
|
||||
In addition to Kerberos SPNEGO, Alfredo also supports Pseudo/Simple
|
||||
In addition to Kerberos SPNEGO, Hadoop Auth also supports Pseudo/Simple
|
||||
authentication (trusting the value of the query string parameter
|
||||
'user.name').
|
||||
|
|
|
@ -21,13 +21,12 @@
|
|||
<relativePath>../../hadoop-project</relativePath>
|
||||
</parent>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-alfredo</artifactId>
|
||||
<artifactId>hadoop-auth</artifactId>
|
||||
<version>0.23.0-SNAPSHOT</version>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<name>Apache Hadoop Alfredo</name>
|
||||
<description>Apache Hadoop Alfredo - Java HTTP SPNEGO</description>
|
||||
<url>http://hadoop.apache.org/alfredo</url>
|
||||
<name>Apache Hadoop Auth</name>
|
||||
<description>Apache Hadoop Auth - Java HTTP SPNEGO</description>
|
||||
|
||||
<properties>
|
||||
<maven.build.timestamp.format>yyyyMMdd</maven.build.timestamp.format>
|
||||
|
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.HttpURLConnection;
|
||||
|
@ -63,7 +63,7 @@ public class AuthenticatedURL {
|
|||
/**
|
||||
* Name of the HTTP cookie used for the authentication token between the client and the server.
|
||||
*/
|
||||
public static final String AUTH_COOKIE = "alfredo.auth";
|
||||
public static final String AUTH_COOKIE = "hadoop.auth";
|
||||
|
||||
private static final String AUTH_COOKIE_EQ = AUTH_COOKIE + "=";
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
/**
|
||||
* Exception thrown when an authentication error occurrs.
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
|
||||
import java.io.IOException;
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import com.sun.security.auth.module.Krb5LoginModule;
|
||||
import org.apache.commons.codec.binary.Base64;
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.HttpURLConnection;
|
|
@ -11,12 +11,12 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.alfredo.util.Signer;
|
||||
import org.apache.hadoop.alfredo.util.SignerException;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.util.Signer;
|
||||
import org.apache.hadoop.security.authentication.util.SignerException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -383,7 +383,7 @@ public class AuthenticationFilter implements Filter {
|
|||
}
|
||||
|
||||
/**
|
||||
* Creates the Alfredo authentiation HTTP cookie.
|
||||
* Creates the Hadoop authentiation HTTP cookie.
|
||||
* <p/>
|
||||
* It sets the domain and path specified in the configuration.
|
||||
*
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.util.Arrays;
|
|
@ -11,13 +11,13 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.alfredo.client.KerberosAuthenticator;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
||||
import com.sun.security.auth.module.Krb5LoginModule;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.hadoop.alfredo.util.KerberosName;
|
||||
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||
import org.ietf.jgss.GSSContext;
|
||||
import org.ietf.jgss.GSSCredential;
|
||||
import org.ietf.jgss.GSSManager;
|
|
@ -11,10 +11,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.alfredo.client.PseudoAuthenticator;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
|
@ -1,4 +1,4 @@
|
|||
package org.apache.hadoop.alfredo.util;
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.util;
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.util;
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
/**
|
||||
* Exception thrown by {@link Signer} when a string signature is invalid.
|
|
@ -11,12 +11,12 @@
|
|||
~~ limitations under the License. See accompanying LICENSE file.
|
||||
|
||||
---
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Building It
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Building It
|
||||
---
|
||||
---
|
||||
${maven.build.timestamp}
|
||||
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Building It
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Building It
|
||||
|
||||
\[ {{{./index.html}Go Back}} \]
|
||||
|
||||
|
@ -50,14 +50,14 @@ $ mvn test -PtestKerberos
|
|||
The following Maven <<<-D>>> options can be used to change the default
|
||||
values:
|
||||
|
||||
* <<<alfredo.test.kerberos.realm>>>: default value <<LOCALHOST>>
|
||||
* <<<hadoop-auth.test.kerberos.realm>>>: default value <<LOCALHOST>>
|
||||
|
||||
* <<<alfredo.test.kerberos.client.principal>>>: default value <<client>>
|
||||
* <<<hadoop-auth.test.kerberos.client.principal>>>: default value <<client>>
|
||||
|
||||
* <<<alfredo.test.kerberos.server.principal>>>: default value
|
||||
* <<<hadoop-auth.test.kerberos.server.principal>>>: default value
|
||||
<<HTTP/localhost>> (it must start 'HTTP/')
|
||||
|
||||
* <<<alfredo.test.kerberos.keytab.file>>>: default value
|
||||
* <<<hadoop-auth.test.kerberos.keytab.file>>>: default value
|
||||
<<${HOME}/${USER}.keytab>>
|
||||
|
||||
** Generating Documentation
|
||||
|
@ -69,7 +69,7 @@ $ mvn package -Pdocs
|
|||
+---+
|
||||
|
||||
The generated documentation is available at
|
||||
<<<hadoop-alfredo/target/site/>>>.
|
||||
<<<hadoop-auth/target/site/>>>.
|
||||
|
||||
\[ {{{./index.html}Go Back}} \]
|
||||
|
||||
|
|
|
@ -11,30 +11,30 @@
|
|||
~~ limitations under the License. See accompanying LICENSE file.
|
||||
|
||||
---
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Server Side
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Server Side
|
||||
Configuration
|
||||
---
|
||||
---
|
||||
${maven.build.timestamp}
|
||||
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Server Side
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Server Side
|
||||
Configuration
|
||||
|
||||
\[ {{{./index.html}Go Back}} \]
|
||||
|
||||
* Server Side Configuration Setup
|
||||
|
||||
The {{{./apidocs/org/apache/hadoop/alfredo/server/AuthenticationFilter.html}
|
||||
AuthenticationFilter filter}} is Alfredo's server side component.
|
||||
The {{{./apidocs/org/apache/hadoop/auth/server/AuthenticationFilter.html}
|
||||
AuthenticationFilter filter}} is Hadoop Auth's server side component.
|
||||
|
||||
This filter must be configured in front of all the web application resources
|
||||
that required authenticated requests. For example:
|
||||
|
||||
The Alfredo and dependent JAR files must be in the web application classpath
|
||||
(commonly the <<<WEB-INF/lib>>> directory).
|
||||
The Hadoop Auth and dependent JAR files must be in the web application
|
||||
classpath (commonly the <<<WEB-INF/lib>>> directory).
|
||||
|
||||
Alfredo uses SLF4J-API for logging. Alfredo Maven POM dependencies define the
|
||||
SLF4J API dependency but it does not define the dependency on a concrete
|
||||
Hadoop Auth uses SLF4J-API for logging. Auth Maven POM dependencies define
|
||||
the SLF4J API dependency but it does not define the dependency on a concrete
|
||||
logging implementation, this must be addded explicitly to the web
|
||||
application. For example, if the web applicationan uses Log4j, the
|
||||
SLF4J-LOG4J12 and LOG4J jar files must be part part of the web application
|
||||
|
@ -47,7 +47,7 @@ Configuration
|
|||
|
||||
* <<<[PREFIX.]type>>>: the authentication type keyword (<<<simple>>> or
|
||||
<<<kerberos>>>) or a
|
||||
{{{./apidocs/org/apache/hadoop/alfredo/server/AuthenticationHandler.html}
|
||||
{{{./apidocs/org/apache/hadoop/auth/server/AuthenticationHandler.html}
|
||||
Authentication handler implementation}}.
|
||||
|
||||
* <<<[PREFIX.]signature.secret>>>: The secret to SHA-sign the generated
|
||||
|
@ -80,7 +80,7 @@ Configuration
|
|||
|
||||
* <<<[PREFIX.]kerberos.keytab>>>: The path to the keytab file containing
|
||||
the credentials for the kerberos principal. For example:
|
||||
<<</Users/tucu/alfredo.keytab>>>. There is no default value.
|
||||
<<</Users/tucu/tucu.keytab>>>. There is no default value.
|
||||
|
||||
<<Example>>:
|
||||
|
||||
|
@ -90,7 +90,7 @@ Configuration
|
|||
|
||||
<filter>
|
||||
<filter-name>kerberosFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.server.AuthenticationFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.auth.server.AuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>type</param-name>
|
||||
<param-value>kerberos</param-value>
|
||||
|
@ -113,7 +113,7 @@ Configuration
|
|||
</init-param>
|
||||
<init-param>
|
||||
<param-name>kerberos.keytab</param-name>
|
||||
<param-value>/tmp/alfredo.keytab</param-value>
|
||||
<param-value>/tmp/auth.keytab</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
|
@ -146,7 +146,7 @@ Configuration
|
|||
|
||||
<filter>
|
||||
<filter-name>simpleFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.alfredo.server.AuthenticationFilter</filter-class>
|
||||
<filter-class>org.apache.hadoop.security.auth.server.AuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>type</param-name>
|
||||
<param-value>simple</param-value>
|
||||
|
|
|
@ -11,16 +11,16 @@
|
|||
~~ limitations under the License. See accompanying LICENSE file.
|
||||
|
||||
---
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Examples
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples
|
||||
---
|
||||
---
|
||||
${maven.build.timestamp}
|
||||
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Examples
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples
|
||||
|
||||
\[ {{{./index.html}Go Back}} \]
|
||||
|
||||
* Accessing a Alfredo protected URL Using a browser
|
||||
* Accessing a Hadoop Auth protected URL Using a browser
|
||||
|
||||
<<IMPORTANT:>> The browser must support HTTP Kerberos SPNEGO. For example,
|
||||
Firefox or Internet Explorer.
|
||||
|
@ -31,7 +31,7 @@ Hadoop Alfredo, Java HTTP SPNEGO ${project.version} - Examples
|
|||
the domain of the web server that is HTTP Kerberos SPNEGO protected (if using
|
||||
multiple domains and hostname use comma to separate them).
|
||||
|
||||
* Accessing a Alfredo protected URL Using <<<curl>>>
|
||||
* Accessing a Hadoop Auth protected URL Using <<<curl>>>
|
||||
|
||||
<<IMPORTANT:>> The <<<curl>>> version must support GSS, run <<<curl -V>>>.
|
||||
|
||||
|
@ -48,10 +48,10 @@ Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
|
|||
+---+
|
||||
$ kinit
|
||||
Please enter the password for tucu@LOCALHOST:
|
||||
$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/alfredo-examples/kerberos/who
|
||||
$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
|
||||
Enter host password for user 'tucu':
|
||||
|
||||
Hello Alfredo!
|
||||
Hello Hadoop Auth Examples!
|
||||
+---+
|
||||
|
||||
* The <<<--negotiate>>> option enables SPNEGO in <<<curl>>>.
|
||||
|
@ -68,7 +68,7 @@ Hello Alfredo!
|
|||
|
||||
+---+
|
||||
...
|
||||
URL url = new URL("http://localhost:8080/alfredo/kerberos/who");
|
||||
URL url = new URL("http://localhost:8080/hadoop-auth/kerberos/who");
|
||||
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
|
||||
...
|
||||
HttpURLConnection conn = new AuthenticatedURL(url, token).openConnection();
|
||||
|
@ -79,12 +79,12 @@ conn = new AuthenticatedURL(url, token).openConnection();
|
|||
|
||||
* Building and Running the Examples
|
||||
|
||||
Download Alfredo's source code, the examples are in the
|
||||
Download Hadoop-Auth's source code, the examples are in the
|
||||
<<<src/main/examples>>> directory.
|
||||
|
||||
** Server Example:
|
||||
|
||||
Edit the <<<src/main/examples/src/main/webapp/WEB-INF/web.xml>>> and set the
|
||||
Edit the <<<hadoop-auth-examples/src/main/webapp/WEB-INF/web.xml>>> and set the
|
||||
right configuration init parameters for the <<<AuthenticationFilter>>>
|
||||
definition configured for Kerberos (the right Kerberos principal and keytab
|
||||
file must be specified). Refer to the {{{./Configuration.html}Configuration
|
||||
|
@ -106,11 +106,11 @@ conn = new AuthenticatedURL(url, token).openConnection();
|
|||
$ kinit
|
||||
Please enter the password for tucu@LOCALHOST:
|
||||
|
||||
$ curl http://localhost:8080/alfredo-examples/anonymous/who
|
||||
$ curl http://localhost:8080/hadoop-auth-examples/anonymous/who
|
||||
|
||||
$ curl http://localhost:8080/alfredo-examples/simple/who?user.name=foo
|
||||
$ curl http://localhost:8080/hadoop-auth-examples/simple/who?user.name=foo
|
||||
|
||||
$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/alfredo-examples/kerberos/who
|
||||
$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
|
||||
+---+
|
||||
|
||||
** Accessing the server using the Java client example
|
||||
|
@ -121,7 +121,7 @@ Please enter the password for tucu@LOCALHOST:
|
|||
|
||||
$ cd examples
|
||||
|
||||
$ mvn exec:java -Durl=http://localhost:8080/alfredo-examples/kerberos/who
|
||||
$ mvn exec:java -Durl=http://localhost:8080/hadoop-auth-examples/kerberos/who
|
||||
|
||||
....
|
||||
|
||||
|
|
|
@ -11,27 +11,27 @@
|
|||
~~ limitations under the License. See accompanying LICENSE file.
|
||||
|
||||
---
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version}
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version}
|
||||
---
|
||||
---
|
||||
${maven.build.timestamp}
|
||||
|
||||
Hadoop Alfredo, Java HTTP SPNEGO ${project.version}
|
||||
Hadoop Auth, Java HTTP SPNEGO ${project.version}
|
||||
|
||||
Hadoop Alfredo is a Java library consisting of a client and a server
|
||||
Hadoop Auth is a Java library consisting of a client and a server
|
||||
components to enable Kerberos SPNEGO authentication for HTTP.
|
||||
|
||||
Alfredo also supports additional authentication mechanisms on the client
|
||||
Hadoop Auth also supports additional authentication mechanisms on the client
|
||||
and the server side via 2 simple interfaces.
|
||||
|
||||
* License
|
||||
|
||||
Alfredo is distributed under {{{http://www.apache.org/licenses/}Apache
|
||||
Hadoop Auth is distributed under {{{http://www.apache.org/licenses/}Apache
|
||||
License 2.0}}.
|
||||
|
||||
* How Does Alfredo Works?
|
||||
* How Does Auth Works?
|
||||
|
||||
Alfredo enforces authentication on protected resources, once authentiation
|
||||
Hadoop Auth enforces authentication on protected resources, once authentiation
|
||||
has been established it sets a signed HTTP Cookie that contains an
|
||||
authentication token with the user name, user principal, authentication type
|
||||
and expiration time.
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License. See accompanying LICENSE file.
|
||||
-->
|
||||
<project name="Hadoop Alfredo">
|
||||
<project name="Hadoop Auth">
|
||||
|
||||
<version position="right"/>
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo;
|
||||
package org.apache.hadoop.security.authentication;
|
||||
|
||||
import com.sun.security.auth.module.Krb5LoginModule;
|
||||
|
||||
|
@ -34,7 +34,7 @@ import java.util.concurrent.Callable;
|
|||
* Test helper class for Java Kerberos setup.
|
||||
*/
|
||||
public class KerberosTestUtils {
|
||||
private static final String PREFIX = "alfredo.test.";
|
||||
private static final String PREFIX = "hadoop-auth.test.";
|
||||
|
||||
public static final String REALM = PREFIX + "kerberos.realm";
|
||||
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import junit.framework.TestCase;
|
||||
import org.mortbay.jetty.Server;
|
||||
import org.mortbay.jetty.servlet.Context;
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.mockito.Mockito;
|
|
@ -11,12 +11,12 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import org.apache.hadoop.alfredo.KerberosTestUtils;
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.alfredo.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.alfredo.server.KerberosAuthenticationHandler;
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
|
||||
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
|
@ -11,10 +11,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.client;
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.alfredo.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
|
@ -11,11 +11,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.alfredo.util.Signer;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.util.Signer;
|
||||
import junit.framework.TestCase;
|
||||
import org.mockito.Mockito;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
|
@ -11,9 +11,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import junit.framework.TestCase;
|
||||
|
||||
public class TestAuthenticationToken extends TestCase {
|
|
@ -11,11 +11,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.KerberosTestUtils;
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.alfredo.client.KerberosAuthenticator;
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.ietf.jgss.GSSContext;
|
|
@ -11,11 +11,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.server;
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.alfredo.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.hadoop.alfredo.client.PseudoAuthenticator;
|
||||
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
|
@ -1,4 +1,4 @@
|
|||
package org.apache.hadoop.alfredo.util;
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
|
@ -20,7 +20,7 @@ package org.apache.hadoop.alfredo.util;
|
|||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.apache.hadoop.alfredo.KerberosTestUtils;
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
|
@ -11,7 +11,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License. See accompanying LICENSE file.
|
||||
*/
|
||||
package org.apache.hadoop.alfredo.util;
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
|
@ -345,6 +345,9 @@ Release 0.23.0 - Unreleased
|
|||
HADOOP-7547. Add generic type in WritableComparable subclasses.
|
||||
(Uma Maheswara Rao G via szetszwo)
|
||||
|
||||
HADOOP-7579. Rename package names from alfredo to auth.
|
||||
(Alejandro Abdelnur via szetszwo)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-7333. Performance improvement in PureJavaCrc32. (Eric Caspole
|
||||
|
|
|
@ -239,7 +239,7 @@
|
|||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-alfredo</artifactId>
|
||||
<artifactId>hadoop-auth</artifactId>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
*/
|
||||
package org.apache.hadoop.security;
|
||||
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.http.FilterContainer;
|
||||
import org.apache.hadoop.http.FilterInitializer;
|
||||
|
|
|
@ -23,7 +23,7 @@ import java.io.IOException;
|
|||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.alfredo.util.KerberosName;
|
||||
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||
|
||||
import sun.security.krb5.Config;
|
||||
import sun.security.krb5.KrbException;
|
||||
|
|
|
@ -18,7 +18,7 @@ package org.apache.hadoop.security;
|
|||
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.hadoop.alfredo.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.http.FilterContainer;
|
||||
import org.mockito.Mockito;
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
|
||||
<modules>
|
||||
<module>hadoop-auth</module>
|
||||
<module>hadoop-auth-examples</module>
|
||||
<module>hadoop-common</module>
|
||||
<module>hadoop-annotations</module>
|
||||
</modules>
|
||||
|
|
|
@ -108,7 +108,7 @@
|
|||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-alfredo</artifactId>
|
||||
<artifactId>hadoop-auth</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
|
||||
|
@ -485,6 +485,11 @@
|
|||
<artifactId>maven-project-info-reports-plugin</artifactId>
|
||||
<version>2.4</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>exec-maven-plugin</artifactId>
|
||||
<version>1.2</version>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
|
||||
|
|
Loading…
Reference in New Issue