forked from apache/hadoop
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HADOOP-10607. Create API to separate credential/password storage from
applications. (Larry McCay via omalley) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1603491 13f79535-47bb-0310-9956-ffa450edef68
- Loading branch information
Showing
18 changed files
with
1,656 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
...-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ProviderUtils.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/** | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.hadoop.security; | ||
|
||
import java.net.URI; | ||
|
||
import org.apache.hadoop.fs.Path; | ||
|
||
public class ProviderUtils { | ||
/** | ||
* Convert a nested URI to decode the underlying path. The translation takes | ||
* the authority and parses it into the underlying scheme and authority. | ||
* For example, "myscheme://hdfs@nn/my/path" is converted to | ||
* "hdfs://nn/my/path". | ||
* @param nestedUri the URI from the nested URI | ||
* @return the unnested path | ||
*/ | ||
public static Path unnestUri(URI nestedUri) { | ||
String[] parts = nestedUri.getAuthority().split("@", 2); | ||
StringBuilder result = new StringBuilder(parts[0]); | ||
result.append("://"); | ||
if (parts.length == 2) { | ||
result.append(parts[1]); | ||
} | ||
result.append(nestedUri.getPath()); | ||
if (nestedUri.getQuery() != null) { | ||
result.append("?"); | ||
result.append(nestedUri.getQuery()); | ||
} | ||
if (nestedUri.getFragment() != null) { | ||
result.append("#"); | ||
result.append(nestedUri.getFragment()); | ||
} | ||
return new Path(result.toString()); | ||
} | ||
} |
124 changes: 124 additions & 0 deletions
124
...ject/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
/** | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.hadoop.security.alias; | ||
|
||
import java.io.IOException; | ||
import java.util.List; | ||
|
||
import org.apache.hadoop.classification.InterfaceAudience; | ||
import org.apache.hadoop.classification.InterfaceStability; | ||
|
||
/** | ||
* A provider of credentials or password for Hadoop applications. Provides an | ||
* abstraction to separate credential storage from users of them. It | ||
* is intended to support getting or storing passwords in a variety of ways, | ||
* including third party bindings. | ||
*/ | ||
@InterfaceAudience.Public | ||
@InterfaceStability.Unstable | ||
public abstract class CredentialProvider { | ||
public static final String CLEAR_TEXT_FALLBACK | ||
= "hadoop.security.credential.clear-text-fallback"; | ||
|
||
/** | ||
* The combination of both the alias and the actual credential value. | ||
*/ | ||
public static class CredentialEntry { | ||
private final String alias; | ||
private final char[] credential; | ||
|
||
protected CredentialEntry(String alias, | ||
char[] credential) { | ||
this.alias = alias; | ||
this.credential = credential; | ||
} | ||
|
||
public String getAlias() { | ||
return alias; | ||
} | ||
|
||
public char[] getCredential() { | ||
return credential; | ||
} | ||
|
||
public String toString() { | ||
StringBuilder buf = new StringBuilder(); | ||
buf.append("alias("); | ||
buf.append(alias); | ||
buf.append(")="); | ||
if (credential == null) { | ||
buf.append("null"); | ||
} else { | ||
for(char c: credential) { | ||
buf.append(c); | ||
} | ||
} | ||
return buf.toString(); | ||
} | ||
} | ||
|
||
/** | ||
* Indicates whether this provider represents a store | ||
* that is intended for transient use - such as the UserProvider | ||
* is. These providers are generally used to provide job access to | ||
* passwords rather than for long term storage. | ||
* @return true if transient, false otherwise | ||
*/ | ||
public boolean isTransient() { | ||
return false; | ||
} | ||
|
||
/** | ||
* Ensures that any changes to the credentials are written to persistent store. | ||
* @throws IOException | ||
*/ | ||
public abstract void flush() throws IOException; | ||
|
||
/** | ||
* Get the credential entry for a specific alias. | ||
* @param alias the name of a specific credential | ||
* @return the credentialEntry | ||
* @throws IOException | ||
*/ | ||
public abstract CredentialEntry getCredentialEntry(String alias) | ||
throws IOException; | ||
|
||
/** | ||
* Get the aliases for all credentials. | ||
* @return the list of alias names | ||
* @throws IOException | ||
*/ | ||
public abstract List<String> getAliases() throws IOException; | ||
|
||
/** | ||
* Create a new credential. The given alias must not already exist. | ||
* @param name the alias of the credential | ||
* @param credential the credential value for the alias. | ||
* @throws IOException | ||
*/ | ||
public abstract CredentialEntry createCredentialEntry(String name, | ||
char[] credential) throws IOException; | ||
|
||
/** | ||
* Delete the given credential. | ||
* @param name the alias of the credential to delete | ||
* @throws IOException | ||
*/ | ||
public abstract void deleteCredentialEntry(String name) throws IOException; | ||
} |
Oops, something went wrong.