001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.hadoop.security; 019 020 import org.apache.hadoop.security.authentication.server.AuthenticationFilter; 021 import org.apache.hadoop.conf.Configuration; 022 import org.apache.hadoop.http.FilterContainer; 023 import org.apache.hadoop.http.FilterInitializer; 024 025 import java.util.HashMap; 026 import java.util.Map; 027 028 /** 029 * Initializes hadoop-auth AuthenticationFilter which provides support for 030 * Kerberos HTTP SPENGO authentication. 031 * <p/> 032 * It enables anonymous access, simple/speudo and Kerberos HTTP SPNEGO 033 * authentication for Hadoop JobTracker, NameNode, DataNodes and 034 * TaskTrackers. 035 * <p/> 036 * Refer to the <code>core-default.xml</code> file, after the comment 037 * 'HTTP Authentication' for details on the configuration options. 038 * All related configuration properties have 'hadoop.http.authentication.' 039 * as prefix. 040 */ 041 public class AuthenticationFilterInitializer extends FilterInitializer { 042 043 private static final String PREFIX = "hadoop.http.authentication."; 044 045 /** 046 * Initializes hadoop-auth AuthenticationFilter. 047 * <p/> 048 * Propagates to hadoop-auth AuthenticationFilter configuration all Hadoop 049 * configuration properties prefixed with "hadoop.http.authentication." 050 * 051 * @param container The filter container 052 * @param conf Configuration for run-time parameters 053 */ 054 @Override 055 public void initFilter(FilterContainer container, Configuration conf) { 056 Map<String, String> filterConfig = new HashMap<String, String>(); 057 058 //setting the cookie path to root '/' so it is used for all resources. 059 filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/"); 060 061 for (Map.Entry<String, String> entry : conf) { 062 String name = entry.getKey(); 063 if (name.startsWith(PREFIX)) { 064 String value = conf.get(name); 065 name = name.substring(PREFIX.length()); 066 filterConfig.put(name, value); 067 } 068 } 069 070 container.addFilter("authentication", 071 AuthenticationFilter.class.getName(), 072 filterConfig); 073 } 074 075 }