List of usage examples for org.apache.hadoop.security.alias CredentialProviderFactory CREDENTIAL_PROVIDER_PATH
String CREDENTIAL_PROVIDER_PATH
To view the source code for org.apache.hadoop.security.alias CredentialProviderFactory CREDENTIAL_PROVIDER_PATH.
Click Source Link
From source file:org.apache.atlas.web.service.SecureEmbeddedServerTestBase.java
License:Apache License
protected void setupCredentials() throws Exception { Configuration conf = new Configuration(false); File file = new File(jksPath.toUri().getPath()); file.delete();/*w w w .jav a 2 s . c o m*/ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { char[] storepass = { 'k', 'e', 'y', 'p', 'a', 's', 's' }; provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); char[] trustpass = { 'k', 'e', 'y', 'p', 'a', 's', 's' }; provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); char[] certpass = { 'k', 'e', 'y', 'p', 'a', 's', 's' }; provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
From source file:org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.java
License:Apache License
List<CredentialProvider> getCredentialProviders(String url) {
try {// w w w .java 2 s. co m
Configuration conf = new Configuration();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
return CredentialProviderFactory.getProviders(conf);
} catch (Exception ie) {
LOG.error("Unable to get the Credential Provider from the Configuration", ie);
}
return null;
}
From source file:org.apache.ranger.credentialapi.CredentialReader.java
License:Apache License
public static String getDecryptedString(String CrendentialProviderPath, String alias) { String credential = null;// w w w. j a v a 2 s. c o m try { if (CrendentialProviderPath == null || alias == null || CrendentialProviderPath.trim().isEmpty() || alias.trim().isEmpty()) { return null; } char[] pass = null; Configuration conf = new Configuration(); String crendentialProviderPrefixJceks = JavaKeyStoreProvider.SCHEME_NAME + "://file"; String crendentialProviderPrefixLocalJceks = "localjceks://file"; crendentialProviderPrefixJceks = crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath = CrendentialProviderPath.trim(); alias = alias.trim(); if (CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); } else { if (CrendentialProviderPath.startsWith("/")) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath); } else { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); List<String> aliasesList = new ArrayList<String>(); CredentialProvider.CredentialEntry credEntry = null; for (CredentialProvider provider : providers) { //System.out.println("Credential Provider :" + provider); aliasesList = provider.getAliases(); if (aliasesList != null && aliasesList.contains(alias.toLowerCase())) { credEntry = null; credEntry = provider.getCredentialEntry(alias); pass = credEntry.getCredential(); if (pass != null && pass.length > 0) { credential = String.valueOf(pass); break; } } } } catch (Exception ex) { ex.printStackTrace(); credential = null; } return credential; }
From source file:org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();/* w w w. j a va 2 s.c om*/ } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 10); }
From source file:org.apache.sentry.provider.db.service.persistent.TestSentryStore.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // enable HDFS sync, so perm and path changes will be saved into DB conf.set(ServiceConstants.ServerConfig.PROCESSOR_FACTORIES, "org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory"); conf.set(ServiceConstants.ServerConfig.SENTRY_POLICY_STORE_PLUGINS, "org.apache.sentry.hdfs.SentryPlugin"); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();//ww w. ja v a2s . c o m } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); // These tests do not need to retry transactions, so setting to 1 to reduce testing time conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 1); // SentryStore should be initialized only once. The tables created by the test cases will // be cleaned up during the @After method. sentryStore = new SentryStore(conf); boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); }
From source file:org.apache.slider.client.SliderClient.java
License:Apache License
private void checkForCredentials(Configuration conf, ConfTree tree) throws IOException { if (tree.credentials == null || tree.credentials.size() == 0) { log.info("No credentials requested"); return;//from w w w. java 2 s .c o m } for (Entry<String, List<String>> cred : tree.credentials.entrySet()) { String provider = cred.getKey(); List<String> aliases = cred.getValue(); if (aliases == null || aliases.size() == 0) { continue; } Configuration c = new Configuration(conf); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0); Set<String> existingAliases = new HashSet<String>(credentialProvider.getAliases()); for (String alias : aliases) { if (!existingAliases.contains(alias.toLowerCase(Locale.ENGLISH))) { throw new IOException("Specified credentials have not been " + "initialized in provider " + provider + ": " + alias); } } } }
From source file:org.apache.slider.server.services.security.AbstractSecurityStoreGenerator.java
License:Apache License
protected String getStorePassword(Map<String, List<String>> credentials, MapOperations compOps, String role) throws SliderException, IOException { String password = getPassword(compOps); if (password == null) { // need to leverage credential provider String alias = getAlias(compOps); LOG.debug("Alias {} found for role {}", alias, role); if (alias == null) { throw new SliderException("No store password or credential provider " + "alias found"); }//from w w w . j av a 2s .c o m if (credentials.isEmpty()) { LOG.info("Credentials can not be retrieved for store generation since " + "no CP paths are configured"); } synchronized (this) { for (Map.Entry<String, List<String>> cred : credentials.entrySet()) { String provider = cred.getKey(); Configuration c = new Configuration(); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); LOG.debug("Configured provider {}", provider); CredentialProvider cp = CredentialProviderFactory.getProviders(c).get(0); LOG.debug("Aliases: {}", cp.getAliases()); char[] credential = c.getPassword(alias); if (credential != null) { LOG.info("Credential found for role {}", role); return String.valueOf(credential); } } } if (password == null) { LOG.info( "No store credential found for alias {}. " + "Generation of store for {} is not possible.", alias, role); } } return password; }
From source file:org.apache.slider.server.services.security.TestCertificateManager.java
License:Apache License
private void setupCredentials(AggregateConf instanceDefinition, String keyAlias, String trustAlias) throws Exception { Configuration conf = new Configuration(); final Path jksPath = new Path(SecurityUtils.getSecurityDir(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(SecurityUtils.getSecurityDir(), "test.jks"); file.delete();// w ww . j a va 2 s. c om conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); instanceDefinition.getAppConf().credentials.put(ourUrl, new ArrayList<String>()); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { if (keyAlias != null) { char[] storepass = { 'k', 'e', 'y', 'p', 'a', 's', 's' }; provider.createCredentialEntry(keyAlias, storepass); } if (trustAlias != null) { char[] trustpass = { 't', 'r', 'u', 's', 't', 'p', 'a', 's', 's' }; provider.createCredentialEntry(trustAlias, trustpass); } // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
From source file:org.apache.zeppelin.jdbc.JDBCInterpreter.java
License:Apache License
private String getPassword(Properties properties) throws IOException, InterpreterException { if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) { return properties.getProperty(PASSWORD_KEY); } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE)) && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) { try {/*w w w . j a v a 2 s.c o m*/ Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, properties.getProperty(JDBC_JCEKS_FILE)); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider .getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); if (credEntry != null) { return new String(credEntry.getCredential()); } else { throw new InterpreterException("Failed to retrieve password from JCEKS from key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); } } catch (Exception e) { logger.error("Failed to retrieve password from JCEKS \n" + "For file: " + properties.getProperty(JDBC_JCEKS_FILE) + "\nFor key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e); throw e; } } return null; }
From source file:org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.java
License:Apache License
private String getSystemPassword() { String password = ""; if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) { password = this.systemPassword; } else {//w w w . j ava2s . c om try { Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, this.hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(KEYSTORE_PASS); if (credEntry != null) { password = new String(credEntry.getCredential()); } } catch (Exception e) { } } return password; }