service/auth/PlainSaslHelper.java

0001 /**
0002  * Licensed to the Apache Software Foundation (ASF) under one
0003  * or more contributor license agreements.  See the NOTICE file
0004  * distributed with this work for additional information
0005  * regarding copyright ownership.  The ASF licenses this file
0006  * to you under the Apache License, Version 2.0 (the
0007  * "License"); you may not use this file except in compliance
0008  * with the License.  You may obtain a copy of the License at
0009  *
0010  *     http://www.apache.org/licenses/LICENSE-2.0
0011  *
0012  * Unless required by applicable law or agreed to in writing, software
0013  * distributed under the License is distributed on an "AS IS" BASIS,
0014  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015  * See the License for the specific language governing permissions and
0016  * limitations under the License.
0017  */
0018 package org.apache.hive.service.auth;
0019
0020 import java.io.IOException;
0021 import java.security.Security;
0022 import java.util.HashMap;
0023 import javax.security.auth.callback.Callback;
0024 import javax.security.auth.callback.CallbackHandler;
0025 import javax.security.auth.callback.NameCallback;
0026 import javax.security.auth.callback.PasswordCallback;
0027 import javax.security.auth.callback.UnsupportedCallbackException;
0028 import javax.security.auth.login.LoginException;
0029 import javax.security.sasl.AuthenticationException;
0030 import javax.security.sasl.AuthorizeCallback;
0031 import javax.security.sasl.SaslException;
0032
0033 import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods;
0034 import org.apache.hive.service.auth.PlainSaslServer.SaslPlainProvider;
0035 import org.apache.hive.service.cli.thrift.TCLIService.Iface;
0036 import org.apache.hive.service.cli.thrift.ThriftCLIService;
0037 import org.apache.thrift.TProcessor;
0038 import org.apache.thrift.TProcessorFactory;
0039 import org.apache.thrift.transport.TSaslClientTransport;
0040 import org.apache.thrift.transport.TSaslServerTransport;
0041 import org.apache.thrift.transport.TTransport;
0042 import org.apache.thrift.transport.TTransportFactory;
0043
0044 public final class PlainSaslHelper {
0045
0046   public static TProcessorFactory getPlainProcessorFactory(ThriftCLIService service) {
0047     return new SQLPlainProcessorFactory(service);
0048   }
0049
0050   // Register Plain SASL server provider
0051   static {
0052     Security.addProvider(new SaslPlainProvider());
0053   }
0054
0055   public static TTransportFactory getPlainTransportFactory(String authTypeStr)
0056     throws LoginException {
0057     TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory();
0058     try {
0059       saslFactory.addServerDefinition("PLAIN", authTypeStr, null, new HashMap<String, String>(),
0060         new PlainServerCallbackHandler(authTypeStr));
0061     } catch (AuthenticationException e) {
0062       throw new LoginException("Error setting callback handler" + e);
0063     }
0064     return saslFactory;
0065   }
0066
0067   public static TTransport getPlainTransport(String username, String password,
0068     TTransport underlyingTransport) throws SaslException {
0069     return new TSaslClientTransport("PLAIN", null, null, null, new HashMap<String, String>(),
0070       new PlainCallbackHandler(username, password), underlyingTransport);
0071   }
0072
0073   private PlainSaslHelper() {
0074     throw new UnsupportedOperationException("Can't initialize class");
0075   }
0076
0077   private static final class PlainServerCallbackHandler implements CallbackHandler {
0078
0079     private final AuthMethods authMethod;
0080
0081     PlainServerCallbackHandler(String authMethodStr) throws AuthenticationException {
0082       authMethod = AuthMethods.getValidAuthMethod(authMethodStr);
0083     }
0084
0085     @Override
0086     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
0087       String username = null;
0088       String password = null;
0089       AuthorizeCallback ac = null;
0090
0091       for (Callback callback : callbacks) {
0092         if (callback instanceof NameCallback) {
0093           NameCallback nc = (NameCallback) callback;
0094           username = nc.getName();
0095         } else if (callback instanceof PasswordCallback) {
0096           PasswordCallback pc = (PasswordCallback) callback;
0097           password = new String(pc.getPassword());
0098         } else if (callback instanceof AuthorizeCallback) {
0099           ac = (AuthorizeCallback) callback;
0100         } else {
0101           throw new UnsupportedCallbackException(callback);
0102         }
0103       }
0104       PasswdAuthenticationProvider provider =
0105         AuthenticationProviderFactory.getAuthenticationProvider(authMethod);
0106       provider.Authenticate(username, password);
0107       if (ac != null) {
0108         ac.setAuthorized(true);
0109       }
0110     }
0111   }
0112
0113   public static class PlainCallbackHandler implements CallbackHandler {
0114
0115     private final String username;
0116     private final String password;
0117
0118     public PlainCallbackHandler(String username, String password) {
0119       this.username = username;
0120       this.password = password;
0121     }
0122
0123     @Override
0124     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
0125       for (Callback callback : callbacks) {
0126         if (callback instanceof NameCallback) {
0127           NameCallback nameCallback = (NameCallback) callback;
0128           nameCallback.setName(username);
0129         } else if (callback instanceof PasswordCallback) {
0130           PasswordCallback passCallback = (PasswordCallback) callback;
0131           passCallback.setPassword(password.toCharArray());
0132         } else {
0133           throw new UnsupportedCallbackException(callback);
0134         }
0135       }
0136     }
0137   }
0138
0139   private static final class SQLPlainProcessorFactory extends TProcessorFactory {
0140
0141     private final ThriftCLIService service;
0142
0143     SQLPlainProcessorFactory(ThriftCLIService service) {
0144       super(null);
0145       this.service = service;
0146     }
0147
0148     @Override
0149     public TProcessor getProcessor(TTransport trans) {
0150       return new TSetIpAddressProcessor<Iface>(service);
0151     }
0152   }
0153
0154 }