diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java index 39996a84a21..c8b0b106a32 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java @@ -1570,7 +1570,7 @@ public abstract class Server { throws IOException, InterruptedException { final Map saslProps = saslPropsResolver.getServerProperties(addr); - return new SaslRpcServer(authMethod).create(this ,saslProps, secretManager); + return new SaslRpcServer(authMethod).create(this, saslProps, secretManager); } /** diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslPropertiesResolver.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslPropertiesResolver.java new file mode 100644 index 00000000000..aadbf4b9c97 --- /dev/null +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslPropertiesResolver.java @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.security; + +import java.net.InetAddress; +import java.util.Map; +import java.util.TreeMap; + +import javax.security.sasl.Sasl; + +import org.apache.hadoop.conf.Configurable; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; +import org.apache.hadoop.security.SaslRpcServer.QualityOfProtection; +import org.apache.hadoop.util.ReflectionUtils; +import org.apache.hadoop.util.StringUtils; + +/** + * Provides SaslProperties to be used for a connection. + * The default implementation is to read the values from configuration. + * This class can be overridden to provide custom SaslProperties. + * The custom class can be specified via configuration. + * + */ +public class SaslPropertiesResolver implements Configurable{ + private Map properties; + Configuration conf; + + /** + * Returns an instance of SaslPropertiesResolver. + * Looks up the configuration to see if there is custom class specified. + * Constructs the instance by passing the configuration directly to the + * constructor to achieve thread safety using final fields. + * @param conf + * @return SaslPropertiesResolver + */ + public static SaslPropertiesResolver getInstance(Configuration conf) { + Class clazz = + conf.getClass( + CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS, + SaslPropertiesResolver.class, SaslPropertiesResolver.class); + return ReflectionUtils.newInstance(clazz, conf); + } + + @Override + public void setConf(Configuration conf) { + this.conf = conf; + properties = new TreeMap(); + String[] qop = conf.getTrimmedStrings( + CommonConfigurationKeysPublic.HADOOP_RPC_PROTECTION, + QualityOfProtection.AUTHENTICATION.toString()); + for (int i=0; i < qop.length; i++) { + qop[i] = QualityOfProtection.valueOf(qop[i].toUpperCase()).getSaslQop(); + } + properties.put(Sasl.QOP, StringUtils.join(",", qop)); + properties.put(Sasl.SERVER_AUTH, "true"); + } + + @Override + public Configuration getConf() { + return conf; + } + + /** + * The default Sasl Properties read from the configuration + * @return sasl Properties + */ + protected Map getDefaultProperties() { + return properties; + } + + /** + * Identify the Sasl Properties to be used for a connection with a client. + * @param clientAddress client's address + * @return the sasl properties to be used for the connection. + */ + public Map getServerProperties(InetAddress clientAddress){ + return properties; + } + + /** + * Identify the Sasl Properties to be used for a connection with a server. + * @param serverAddress server's address + * @return the sasl properties to be used for the connection. + */ + public Map getClientProperties(InetAddress serverAddress){ + return properties; + } +}