org.apache.hadoop.security.SaslPropertiesResolver
org.apache.hadoop.security.WhitelistBasedResolver
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class WhitelistBasedResolver
An implementation of the SaslPropertiesResolver. Uses a white list of IPs. If the connection's IP address is in the list of IP addresses, the salProperties will be unchanged. If the connection's IP is not in the list of IP addresses, then QOP for the connection will be restricted to "hadoop.rpc.protection.non-whitelist" Uses 3 IPList implementations together to form an aggregate whitelist. 1. ConstantIPList - to check against a set of hardcoded IPs 2. Fixed IP List - to check against a list of IP addresses which are specified externally, but will not change over runtime. 3. Variable IP List - to check against a list of IP addresses which are specified externally and could change during runtime. A connection IP address will checked against these 3 IP Lists in the order specified above. Once a match is found , the IP address is determined to be in whitelist. The behavior can be configured using a bunch of configuration parameters.
| Field Summary | |
|---|---|
static String |
HADOOP_RPC_PROTECTION_NON_WHITELIST
comma separated list containing alternate hadoop.rpc.protection values for clients which are not in whitelist |
static String |
HADOOP_SECURITY_SASL_FIXEDWHITELIST_FILE
Path to the file to containing subnets and ip addresses to form fixed whitelist. |
static String |
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_CACHE_SECS
time in seconds by which the variable whitelist file is checked for updates |
static String |
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_ENABLE
Enables/Disables variable whitelist |
static String |
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_FILE
Path to the file to containing subnets and ip addresses to form variable whitelist. |
static org.apache.commons.logging.Log |
LOG
|
| Constructor Summary | |
|---|---|
WhitelistBasedResolver()
|
|
| Method Summary | |
|---|---|
Map<String,String> |
getServerProperties(InetAddress clientAddress)
Identify the Sasl Properties to be used for a connection with a client. |
Map<String,String> |
getServerProperties(String clientAddress)
|
void |
setConf(Configuration conf)
Set the configuration to be used by this object. |
| Methods inherited from class org.apache.hadoop.security.SaslPropertiesResolver |
|---|
getClientProperties, getConf, getDefaultProperties, getInstance |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final org.apache.commons.logging.Log LOG
public static final String HADOOP_SECURITY_SASL_FIXEDWHITELIST_FILE
public static final String HADOOP_SECURITY_SASL_VARIABLEWHITELIST_ENABLE
public static final String HADOOP_SECURITY_SASL_VARIABLEWHITELIST_FILE
public static final String HADOOP_SECURITY_SASL_VARIABLEWHITELIST_CACHE_SECS
public static final String HADOOP_RPC_PROTECTION_NON_WHITELIST
| Constructor Detail |
|---|
public WhitelistBasedResolver()
| Method Detail |
|---|
public void setConf(Configuration conf)
Configurable
setConf in interface ConfigurablesetConf in class SaslPropertiesResolverpublic Map<String,String> getServerProperties(InetAddress clientAddress)
getServerProperties in class SaslPropertiesResolverclientAddress - client's address
public Map<String,String> getServerProperties(String clientAddress)
throws UnknownHostException
UnknownHostException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||