Source code

001package org.apache.hadoop.security.rpcauth;
002
003import java.io.DataOutput;
004import java.io.IOException;
005import java.util.Map;
006
007import javax.security.sasl.SaslClient;
008import javax.security.sasl.SaslServer;
009
010import org.apache.hadoop.ipc.Server;
011import org.apache.hadoop.ipc.protobuf.IpcConnectionContextProtos.UserInformationProto.Builder;
012import org.apache.hadoop.security.AccessControlException;
013import org.apache.hadoop.security.UserGroupInformation;
014import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
015import org.apache.hadoop.security.token.SecretManager;
016
017public abstract class RpcAuthMethod {
018  private static final String[] LOGIN_MODULES = new String[0];
019
020  @Deprecated
021  protected final byte authcode;
022  protected final String simpleName;
023  protected final String mechanismName;
024  protected final AuthenticationMethod authenticationMethod;
025
026  protected RpcAuthMethod(byte code, String simpleName,
027      String mechanismName, AuthenticationMethod authMethod) {
028    this.authcode = code;
029    this.simpleName = simpleName;
030    this.mechanismName = mechanismName;
031    this.authenticationMethod = authMethod;
032  }
033
034  @Deprecated
035  public byte getAuthCode() {
036    return authcode;
037  }
038
039  /** Return the SASL mechanism name */
040  public String getMechanismName() {
041    return mechanismName;
042  }
043
044  public AuthenticationMethod getAuthenticationMethod() {
045    return authenticationMethod;
046  }
047
048  @Override
049  public final int hashCode() {
050    return getClass().getName().hashCode();
051  }
052
053  @Override
054  public final boolean equals(Object that) {
055    if (this == that) {
056      return true;
057    }
058    if (that instanceof RpcAuthMethod) {
059      RpcAuthMethod other = (RpcAuthMethod)that;
060      getClass().getName().equals(other.getClass().getName());
061    }
062    return false;
063  }
064
065  public String[] loginModules() {
066    return RpcAuthMethod.LOGIN_MODULES;
067  }
068
069  /** Write to out. */
070  public void write(DataOutput out) throws IOException {
071    out.write(authcode);
072  }
073
074  public UserGroupInformation getUser(UserGroupInformation ticket) {
075    return ticket;
076  }
077
078  public void writeUGI(UserGroupInformation ugi, Builder ugiProto) {
079    // default, do-nothing implementation
080  }
081
082  public UserGroupInformation getAuthorizedUgi(String authorizedId,
083      SecretManager secretManager) throws IOException {
084    return UserGroupInformation.createRemoteUser(authorizedId);
085  }
086
087  public boolean shouldReLogin() throws IOException {
088    return false;
089  }
090
091  /** does nothing */
092  public void reLogin() throws IOException {
093  }
094
095  public boolean isProxyAllowed() {
096    return true;
097  }
098
099  @Override
100  public String toString() {
101    return simpleName.toUpperCase();
102  }
103
104  /** {@code false} by default */
105  public boolean isNegotiable() {
106    return false;
107  }
108
109  /** {@code false} by default */
110  public boolean isSasl() {
111    return false;
112  }
113
114  public String getProtocol() throws IOException {
115      throw new AccessControlException("Server does not support SASL " + this.simpleName.toUpperCase());
116  }
117
118  public String getServerId() throws IOException {
119    throw new AccessControlException("Server does not support SASL " + this.simpleName.toUpperCase());
120  }
121
122  /**
123   * Implementors which uses SASL authentication must return {@code true}
124   * for {@link #isSasl() isSasl()} method and return and instance of
125   * {@link javax.security.sasl.SaslClient}.
126   * @throws IOException
127   */
128  public SaslClient createSaslClient(final Map<String, Object> saslProperties)
129      throws IOException {
130    throw new UnsupportedOperationException(
131        this.getClass().getCanonicalName() + " does not support createSaslClient()");
132  }
133
134  /**
135   * Implementors which uses SASL authentication must return {@code true}
136   * for {@link #isSasl() isSasl()} method and return and instance of
137   * {@link javax.security.sasl.SaslServer}.
138   * @param connection
139   * @throws IOException
140   * @throws InterruptedException
141   */
142  public SaslServer createSaslServer(Server.Connection connection,
143      final Map<String, Object> saslProperties)
144      throws IOException, InterruptedException {
145    throw new UnsupportedOperationException(
146        this.getClass().getCanonicalName() + " does not support createSaslServer()");
147  }
148
149}