org.apache.ambari.server.controller.internal.AppCookieManager.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.ambari.server.controller.internal.AppCookieManager.java

Source

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.ambari.server.controller.internal;

import java.io.IOException;
import java.net.URI;
import java.security.Principal;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpOptions;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;

/**
 * Handles SPNego authentication as a client of hadoop service, caches
 * hadoop.auth cookie returned by hadoop service on successful SPNego
 * authentication. Refreshes hadoop.auth cookie on demand if the cookie has
 * expired.
 * 
 */
public class AppCookieManager {

    static final String HADOOP_AUTH = "hadoop.auth";
    private static final String HADOOP_AUTH_EQ = "hadoop.auth=";
    private static final String SET_COOKIE = "Set-Cookie";

    private static final EmptyJaasCredentials EMPTY_JAAS_CREDENTIALS = new EmptyJaasCredentials();

    private Map<String, String> endpointCookieMap = new ConcurrentHashMap<String, String>();
    private static Log LOG = LogFactory.getLog(AppCookieManager.class);

    /**
     * Utility method to exercise AppCookieManager directly
     * @param args element 0 of args should be a URL to hadoop service protected by SPengo
     * @throws IOException in case of errors
     */
    public static void main(String[] args) throws IOException {
        new AppCookieManager().getAppCookie(args[0], false);
    }

    public AppCookieManager() {
    }

    /**
     * Returns hadoop.auth cookie, doing needed SPNego authentication
     * 
     * @param endpoint
     *          the URL of the Hadoop service
     * @param refresh
     *          flag indicating wehther to refresh the cookie, if
     *          <code>true</code>, we do a new SPNego authentication and refresh
     *          the cookie even if the cookie already exists in local cache
     * @return hadoop.auth cookie value
     * @throws IOException
     *           in case of problem getting hadoop.auth cookie
     */
    public String getAppCookie(String endpoint, boolean refresh) throws IOException {

        HttpUriRequest outboundRequest = new HttpGet(endpoint);
        URI uri = outboundRequest.getURI();
        String scheme = uri.getScheme();
        String host = uri.getHost();
        int port = uri.getPort();
        String path = uri.getPath();
        if (!refresh) {
            String appCookie = endpointCookieMap.get(endpoint);
            if (appCookie != null) {
                return appCookie;
            }
        }

        clearAppCookie(endpoint);

        DefaultHttpClient client = new DefaultHttpClient();
        SPNegoSchemeFactory spNegoSF = new SPNegoSchemeFactory(/* stripPort */true);
        // spNegoSF.setSpengoGenerator(new BouncySpnegoTokenGenerator());
        client.getAuthSchemes().register(AuthPolicy.SPNEGO, spNegoSF);
        client.getCredentialsProvider().setCredentials(new AuthScope(/* host */null, /* port */-1, /* realm */null),
                EMPTY_JAAS_CREDENTIALS);

        String hadoopAuthCookie = null;
        HttpResponse httpResponse = null;
        try {
            HttpHost httpHost = new HttpHost(host, port, scheme);
            HttpRequest httpRequest = new HttpOptions(path);
            httpResponse = client.execute(httpHost, httpRequest);
            Header[] headers = httpResponse.getHeaders(SET_COOKIE);
            hadoopAuthCookie = getHadoopAuthCookieValue(headers);
            if (hadoopAuthCookie == null) {
                LOG.error("SPNego authentication failed, can not get hadoop.auth cookie for URL: " + endpoint);
                throw new IOException("SPNego authentication failed, can not get hadoop.auth cookie");
            }
        } finally {
            if (httpResponse != null) {
                HttpEntity entity = httpResponse.getEntity();
                if (entity != null) {
                    entity.getContent().close();
                }
            }

        }

        hadoopAuthCookie = HADOOP_AUTH_EQ + quote(hadoopAuthCookie);
        setAppCookie(endpoint, hadoopAuthCookie);
        if (LOG.isInfoEnabled()) {
            LOG.info("Successful SPNego authentication to URL:" + uri.toString());
        }
        return hadoopAuthCookie;
    }

    /**
     * Returns the cached app cookie
     *  @param endpoint the hadoop end point we authenticate to
     * @return the cached app cookie, can be null
     */
    public String getCachedAppCookie(String endpoint) {
        return endpointCookieMap.get(endpoint);
    }

    /**
     *  Sets the cached app cookie i cache
     *  @param endpoint the hadoop end point we authenticate to
     *  @param appCookie the app cookie
     */
    private void setAppCookie(String endpoint, String appCookie) {
        endpointCookieMap.put(endpoint, appCookie);
    }

    /**
     *  Clears the cached app cookie
     *  @param endpoint the hadoop end point we authenticate to
     */
    private void clearAppCookie(String endpoint) {
        endpointCookieMap.remove(endpoint);
    }

    static String quote(String s) {
        return s == null ? s : "\"" + s + "\"";
    }

    static String getHadoopAuthCookieValue(Header[] headers) {
        if (headers == null) {
            return null;
        }
        for (Header header : headers) {
            HeaderElement[] elements = header.getElements();
            for (HeaderElement element : elements) {
                String cookieName = element.getName();
                if (cookieName.equals(HADOOP_AUTH)) {
                    if (element.getValue() != null) {
                        String trimmedVal = element.getValue().trim();
                        if (!trimmedVal.isEmpty()) {
                            return trimmedVal;
                        }
                    }
                }
            }
        }
        return null;
    }

    private static class EmptyJaasCredentials implements Credentials {

        public String getPassword() {
            return null;
        }

        public Principal getUserPrincipal() {
            return null;
        }

    }

}