liuzhangxing
/
hadoop
forked de apache/hadoop


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
							~~ Licensed under the Apache License, Version 2.0 (the "License");
~~ you may not use this file except in compliance with the License.
~~ You may obtain a copy of the License at
~~
~~   http://www.apache.org/licenses/LICENSE-2.0
~~
~~ Unless required by applicable law or agreed to in writing, software
~~ distributed under the License is distributed on an "AS IS" BASIS,
~~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~~ See the License for the specific language governing permissions and
~~ limitations under the License. See accompanying LICENSE file.

  ---
  Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples
  ---
  ---
  ${maven.build.timestamp}

Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples

  \[ {{{./index.html}Go Back}} \]

* Accessing a Hadoop Auth protected URL Using a browser

  <<IMPORTANT:>> The browser must support HTTP Kerberos SPNEGO. For example,
  Firefox or Internet Explorer.

  For Firefox access the low level configuration page by loading the
  <<<about:config>>> page. Then go to the
  <<<network.negotiate-auth.trusted-uris>>> preference and add the hostname or
  the domain of the web server that is HTTP Kerberos SPNEGO protected (if using
  multiple domains and hostname use comma to separate them).
  
* Accessing a Hadoop Auth protected URL Using <<<curl>>>

  <<IMPORTANT:>> The <<<curl>>> version must support GSS, run <<<curl -V>>>.

+---+
$ curl -V
curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
+---+

  Login to the KDC using <<kinit>> and then use <<<curl>>> to fetch protected
  URL:

+---+
$ kinit
Please enter the password for tucu@LOCALHOST:
$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
Enter host password for user 'tucu':

Hello Hadoop Auth Examples!
+---+

  * The <<<--negotiate>>> option enables SPNEGO in <<<curl>>>.

  * The <<<-u foo>>> option is required but the user ignored (the principal
    that has been kinit-ed is used).

  * The <<<-b>>> and <<<-c>>> are use to store and send HTTP Cookies.

* Using the Java Client

  Use the <<<AuthenticatedURL>>> class to obtain an authenticated HTTP
  connection:

+---+
...
URL url = new URL("http://localhost:8080/hadoop-auth/kerberos/who");
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
...
HttpURLConnection conn = new AuthenticatedURL(url, token).openConnection();
...
conn = new AuthenticatedURL(url, token).openConnection();
...
+---+

* Building and Running the Examples

  Download Hadoop-Auth's source code, the examples are in the
  <<<src/main/examples>>> directory.

** Server Example:

  Edit the <<<hadoop-auth-examples/src/main/webapp/WEB-INF/web.xml>>> and set the
  right configuration init parameters for the <<<AuthenticationFilter>>>
  definition configured for Kerberos (the right Kerberos principal and keytab
  file must be specified). Refer to the {{{./Configuration.html}Configuration
  document}} for details.

  Create the web application WAR file by running the <<<mvn package>>> command.

  Deploy the WAR file in a servlet container. For example, if using Tomcat,
  copy the WAR file to Tomcat's <<<webapps/>>> directory.

  Start the servlet container.

** Accessing the server using <<<curl>>>

  Try accessing protected resources using <<<curl>>>. The protected resources
  are:

+---+
$ kinit
Please enter the password for tucu@LOCALHOST:

$ curl http://localhost:8080/hadoop-auth-examples/anonymous/who

$ curl http://localhost:8080/hadoop-auth-examples/simple/who?user.name=foo

$ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who
+---+

** Accessing the server using the Java client example

+---+
$ kinit
Please enter the password for tucu@LOCALHOST:

$ cd examples

$ mvn exec:java -Durl=http://localhost:8080/hadoop-auth-examples/kerberos/who

....

Token value: "u=tucu,p=tucu@LOCALHOST,t=kerberos,e=1295305313146,s=sVZ1mpSnC5TKhZQE3QLN5p2DWBo="
Status code: 200 OK

You are: user[tucu] principal[tucu@LOCALHOST]

....

+---+

  \[ {{{./index.html}Go Back}} \]