Accueil Explorer Aide
Connexion
apache
/
ambari
miroir de https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: 8ef31458a9
Branches Tags
ambari
/
ambari-logsearch
/
ambari-infra-solr-plugin
/
src
/
main
/
java
/
org.apache.ambari.infra.security
/
InfraKerberosHostValidator.java

InfraKerberosHostValidator.java 2.1 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. /*
    2. 

  2.  * Licensed to the Apache Software Foundation (ASF) under one
    3. 

  3.  * or more contributor license agreements.  See the NOTICE file
    4. 

  4.  * distributed with this work for additional information
    5. 

  5.  * regarding copyright ownership.  The ASF licenses this file
    6. 

  6.  * to you under the Apache License, Version 2.0 (the
    7. 

  7.  * "License"); you may not use this file except in compliance
    8. 

  8.  * with the License.  You may obtain a copy of the License at
    9. 

  9.  * 
    10. 

  10.  * http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11.  * 
    12. 

  12.  * Unless required by applicable law or agreed to in writing,
    13. 

  13.  * software distributed under the License is distributed on an
    14. 

  14.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    15. 

  15.  * KIND, either express or implied.  See the License for the
    16. 

  16.  * specific language governing permissions and limitations
    17. 

  17.  * under the License.
    18. 

  18.  */
    19. 

  19. package org.apache.ambari.infra.security;
    20. 

  20. 

  21. import org.apache.commons.collections.CollectionUtils;
    22. 

  22. import org.apache.commons.collections.MapUtils;
    23. 

  23. import org.apache.hadoop.security.authentication.server.AuthenticationToken;
    24. 

  24. import org.apache.hadoop.security.authentication.util.KerberosName;
    25. 

  25. 

  26. import java.security.Principal;
    27. 

  27. import java.util.Map;
    28. 

  28. import java.util.Set;
    29. 

  29. 

  30. /**
    31. 

  31.  * Validate that the user has the right access based on the hostname in the kerberos principal
    32. 

  32.  */
    33. 

  33. public class InfraKerberosHostValidator {
    34. 

  34. 

  35.   public boolean validate(Principal principal, Map<String, Set<String>> userVsHosts, Map<String, String> userVsHostRegex) {
    36. 

  36.     if (principal instanceof AuthenticationToken) {
    37. 

  37.       AuthenticationToken authenticationToken = (AuthenticationToken) principal;
    38. 

  38.       KerberosName kerberosName = new KerberosName(authenticationToken.getName());
    39. 

  39.       String hostname = kerberosName.getHostName();
    40. 

  40.       String serviceUserName = kerberosName.getServiceName();
    41. 

  41.       if (MapUtils.isNotEmpty(userVsHostRegex)) {
    42. 

  42.         String regex = userVsHostRegex.get(serviceUserName);
    43. 

  43.         return hostname.matches(regex);
    44. 

  44.       }
    45. 

  45.       if (MapUtils.isNotEmpty(userVsHosts)) {
    46. 

  46.         Set<String> hosts = userVsHosts.get(serviceUserName);
    47. 

  47.         if (CollectionUtils.isNotEmpty(hosts)) {
    48. 

  48.           return hosts.contains(hostname);
    49. 

  49.         }
    50. 

  50.       }
    51. 

  51.     }
    52. 

  52.     return true;
    53. 

  53.   }
    54. 

  54. }
    55.