/// <summary>Opens a url with read and connect timeouts</summary> /// <param name="url">URL to open</param> /// <param name="isSpnego">whether the url should be authenticated via SPNEGO</param> /// <returns>URLConnection</returns> /// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> public virtual URLConnection OpenConnection(Uri url, bool isSpnego) { if (isSpnego) { if (Log.IsDebugEnabled()) { Log.Debug("open AuthenticatedURL connection" + url); } UserGroupInformation.GetCurrentUser().CheckTGTAndReloginFromKeytab(); AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return(new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).OpenConnection (url, authToken)); } else { if (Log.IsDebugEnabled()) { Log.Debug("open URL connection"); } URLConnection connection = url.OpenConnection(); if (connection is HttpURLConnection) { connConfigurator.Configure((HttpURLConnection)connection); } return(connection); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> public virtual void Authenticate(Uri url, AuthenticatedURL.Token token) { if (!HasDelegationToken(url, token)) { authenticator.Authenticate(url, token); } }
/// <summary> /// Renews a delegation token from the server end-point using the /// configured <code>Authenticator</code> for authentication. /// </summary> /// <param name="url"> /// the URL to renew the delegation token from. Only HTTP/S URLs are /// supported. /// </param> /// <param name="token">the authentication token with the Delegation Token to renew.</param> /// <param name="doAsUser">the user to do as, which will be the token owner.</param> /// <exception cref="System.IO.IOException">if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">if an authentication exception occurred.</exception> public virtual long RenewDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken, string doAsUser) { IDictionary json = DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation .Renewdelegationtoken, null, dToken, true, doAsUser); return((long)json[RenewDelegationTokenJson]); }
/// <exception cref="System.Exception"/> public Void Call() { Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY" ); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.OpenConnection(url, aToken); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk); return(null); }
/// <summary>Cancels a delegation token from the server end-point.</summary> /// <remarks> /// Cancels a delegation token from the server end-point. It does not require /// being authenticated by the configured <code>Authenticator</code>. /// </remarks> /// <param name="url"> /// the URL to cancel the delegation token from. Only HTTP/S URLs /// are supported. /// </param> /// <param name="token">the authentication token with the Delegation Token to cancel. /// </param> /// <param name="doAsUser">the user to do as, which will be the token owner.</param> /// <exception cref="System.IO.IOException">if an IO error occurred.</exception> public virtual void CancelDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken , string doAsUser) { try { DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation .Canceldelegationtoken, null, dToken, false, doAsUser); } catch (AuthenticationException ex) { throw new IOException("This should not happen: " + ex.Message, ex); } }
/// <exception cref="System.Exception"/> public Void Call() { //get delegation token doing SPNEGO authentication Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN" ); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.OpenConnection(url, aToken); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk); JSONObject json = (JSONObject) new JSONParser().Parse(new InputStreamReader(conn.GetInputStream ())); json = (JSONObject)json[DelegationTokenAuthenticator.DelegationTokenJson]; string tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson ]; //access httpfs using the delegation token url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk); //try to renew the delegation token without SPNEGO credentials url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestMethod("PUT"); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpUnauthorized ); //renew the delegation token with SPNEGO credentials url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = aUrl.OpenConnection(url, aToken); conn.SetRequestMethod("PUT"); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk); //cancel delegation token, no need for SPNEGO credentials url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestMethod("PUT"); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk); //try to access httpfs with the canceled delegation token url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpUnauthorized ); return(null); }
private bool HasDelegationToken(Uri url, AuthenticatedURL.Token token) { bool hasDt = false; if (token is DelegationTokenAuthenticatedURL.Token) { hasDt = ((DelegationTokenAuthenticatedURL.Token)token).GetDelegationToken() != null; } if (!hasDt) { string queryStr = url.GetQuery(); hasDt = (queryStr != null) && queryStr.Contains(DelegationParam + "="); } return(hasDt); }
public static void Main(string[] args) { try { if (args.Length != 1) { System.Console.Error.WriteLine("Usage: <URL>"); System.Environment.Exit(-1); } AuthenticatedURL.Token token = new AuthenticatedURL.Token(); Uri url = new Uri(args[0]); HttpURLConnection conn = new AuthenticatedURL().OpenConnection(url, token); System.Console.Out.WriteLine(); System.Console.Out.WriteLine("Token value: " + token); System.Console.Out.WriteLine("Status code: " + conn.GetResponseCode() + " " + conn .GetResponseMessage()); System.Console.Out.WriteLine(); if (conn.GetResponseCode() == HttpURLConnection.HttpOk) { BufferedReader reader = new BufferedReader(new InputStreamReader(conn.GetInputStream (), Extensions.GetEncoding("UTF-8"))); string line = reader.ReadLine(); while (line != null) { System.Console.Out.WriteLine(line); line = reader.ReadLine(); } reader.Close(); } System.Console.Out.WriteLine(); } catch (Exception ex) { System.Console.Error.WriteLine("ERROR: " + ex.Message); System.Environment.Exit(-1); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> private IDictionary DoDelegationTokenOperation <_T0>(Uri url, AuthenticatedURL.Token token, DelegationTokenAuthenticator.DelegationTokenOperation operation, string renewer, Org.Apache.Hadoop.Security.Token.Token <_T0> dToken, bool hasResponse, string doAsUser) where _T0 : TokenIdentifier { IDictionary ret = null; IDictionary <string, string> @params = new Dictionary <string, string>(); @params[OpParam] = operation.ToString(); if (renewer != null) { @params[RenewerParam] = renewer; } if (dToken != null) { @params[TokenParam] = dToken.EncodeToUrlString(); } // proxyuser if (doAsUser != null) { @params[DelegationTokenAuthenticatedURL.DoAs] = URLEncoder.Encode(doAsUser, "UTF-8" ); } string urlStr = url.ToExternalForm(); StringBuilder sb = new StringBuilder(urlStr); string separator = (urlStr.Contains("?")) ? "&" : "?"; foreach (KeyValuePair <string, string> entry in @params) { sb.Append(separator).Append(entry.Key).Append("=").Append(URLEncoder.Encode(entry .Value, "UTF8")); separator = "&"; } url = new Uri(sb.ToString()); AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator); HttpURLConnection conn = aUrl.OpenConnection(url, token); conn.SetRequestMethod(operation.GetHttpMethod()); HttpExceptionUtils.ValidateResponse(conn, HttpURLConnection.HttpOk); if (hasResponse) { string contentType = conn.GetHeaderField(ContentType); contentType = (contentType != null) ? StringUtils.ToLowerCase(contentType) : null; if (contentType != null && contentType.Contains(ApplicationJsonMime)) { try { ObjectMapper mapper = new ObjectMapper(); ret = mapper.ReadValue <IDictionary>(conn.GetInputStream()); } catch (Exception ex) { throw new AuthenticationException(string.Format("'%s' did not handle the '%s' delegation token operation: %s" , url.GetAuthority(), operation, ex.Message), ex); } } else { throw new AuthenticationException(string.Format("'%s' did not " + "respond with JSON to the '%s' delegation token operation" , url.GetAuthority(), operation)); } } return(ret); }
/// <summary>Cancels a delegation token from the server end-point.</summary> /// <remarks> /// Cancels a delegation token from the server end-point. It does not require /// being authenticated by the configured <code>Authenticator</code>. /// </remarks> /// <param name="url"> /// the URL to cancel the delegation token from. Only HTTP/S URLs /// are supported. /// </param> /// <param name="token">the authentication token with the Delegation Token to cancel. /// </param> /// <exception cref="System.IO.IOException">if an IO error occurred.</exception> public virtual void CancelDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken ) { CancelDelegationToken(url, token, dToken, null); }
/// <summary> /// Renews a delegation token from the server end-point using the /// configured <code>Authenticator</code> for authentication. /// </summary> /// <param name="url"> /// the URL to renew the delegation token from. Only HTTP/S URLs are /// supported. /// </param> /// <param name="token">the authentication token with the Delegation Token to renew.</param> /// <exception cref="System.IO.IOException">if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">if an authentication exception occurred.</exception> public virtual long RenewDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken) { return(RenewDelegationToken(url, token, dToken, null)); }
> GetDelegationToken(Uri url, AuthenticatedURL.Token token, string renewer, string doAsUser) { IDictionary json = DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation .Getdelegationtoken, renewer, null, true, doAsUser); json = (IDictionary)json[DelegationTokenJson]; string tokenStr = (string)json[DelegationTokenUrlStringJson]; Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken = new Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier>(); dToken.DecodeFromUrlString(tokenStr); IPEndPoint service = new IPEndPoint(url.GetHost(), url.Port); SecurityUtil.SetTokenService(dToken, service); return(dToken); }
> GetDelegationToken(Uri url, AuthenticatedURL.Token token, string renewer) { return(GetDelegationToken(url, token, renewer, null)); }
/// <summary> /// Returns an authenticated /// <see cref="HttpURLConnection"/> /// , it uses a Delegation /// Token only if the given auth token is an instance of /// <see cref="Token"/> /// and /// it contains a Delegation Token, otherwise use the configured /// <see cref="DelegationTokenAuthenticator"/> /// to authenticate the connection. /// </summary> /// <param name="url">the URL to connect to. Only HTTP/S URLs are supported.</param> /// <param name="token">the authentication token being used for the user.</param> /// <returns> /// an authenticated /// <see cref="HttpURLConnection"/> /// . /// </returns> /// <exception cref="System.IO.IOException">if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">if an authentication exception occurred.</exception> public override HttpURLConnection OpenConnection(Uri url, AuthenticatedURL.Token token) { return((token is DelegationTokenAuthenticatedURL.Token) ? OpenConnection(url, (DelegationTokenAuthenticatedURL.Token )token) : base.OpenConnection(url, token)); }