001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.hadoop.security;
019    
020    import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
021    import org.apache.hadoop.conf.Configuration;
022    import org.apache.hadoop.http.FilterContainer;
023    import org.apache.hadoop.http.FilterInitializer;
024    
025    import java.util.HashMap;
026    import java.util.Map;
027    
028    /**
029     * Initializes hadoop-auth AuthenticationFilter which provides support for
030     * Kerberos HTTP SPENGO authentication.
031     * <p/>
032     * It enables anonymous access, simple/speudo and Kerberos HTTP SPNEGO
033     * authentication  for Hadoop JobTracker, NameNode, DataNodes and
034     * TaskTrackers.
035     * <p/>
036     * Refer to the <code>core-default.xml</code> file, after the comment
037     * 'HTTP Authentication' for details on the configuration options.
038     * All related configuration properties have 'hadoop.http.authentication.'
039     * as prefix.
040     */
041    public class AuthenticationFilterInitializer extends FilterInitializer {
042    
043      private static final String PREFIX = "hadoop.http.authentication.";
044    
045      /**
046       * Initializes hadoop-auth AuthenticationFilter.
047       * <p/>
048       * Propagates to hadoop-auth AuthenticationFilter configuration all Hadoop
049       * configuration properties prefixed with "hadoop.http.authentication."
050       *
051       * @param container The filter container
052       * @param conf Configuration for run-time parameters
053       */
054      @Override
055      public void initFilter(FilterContainer container, Configuration conf) {
056        Map<String, String> filterConfig = new HashMap<String, String>();
057    
058        //setting the cookie path to root '/' so it is used for all resources.
059        filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");
060    
061        for (Map.Entry<String, String> entry : conf) {
062          String name = entry.getKey();
063          if (name.startsWith(PREFIX)) {
064            String value = conf.get(name);
065            name = name.substring(PREFIX.length());
066            filterConfig.put(name, value);
067          }
068        }
069    
070        container.addFilter("authentication",
071                            AuthenticationFilter.class.getName(),
072                            filterConfig);
073      }
074    
075    }