View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import org.apache.hadoop.hbase.protobuf.generated.AdminProtos;
21  import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
22  import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
23  import org.apache.hadoop.hbase.protobuf.generated.MasterAdminProtos;
24  import org.apache.hadoop.hbase.protobuf.generated.MasterMonitorProtos;
25  import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos;
26  
27  import java.util.Map;
28  import java.util.concurrent.ConcurrentHashMap;
29  import java.util.concurrent.ConcurrentMap;
30  
31  /**
32   * Maps RPC protocol interfaces to required configuration
33   */
34  public class SecurityInfo {
35    /** Maps RPC service names to authentication information */
36    private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>();
37    // populate info for known services
38    static {
39      infos.put(AdminProtos.AdminService.getDescriptor().getName(),
40          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
41      infos.put(ClientProtos.ClientService.getDescriptor().getName(),
42          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
43      infos.put(MasterAdminProtos.MasterAdminService.getDescriptor().getName(),
44          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
45      infos.put(MasterMonitorProtos.MasterMonitorService.getDescriptor().getName(),
46          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
47      infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
48          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
49    }
50  
51    /**
52     * Adds a security configuration for a new service name.  Note that this will have no effect if
53     * the service name was already registered.
54     */
55    public static void addInfo(String serviceName, SecurityInfo securityInfo) {
56      infos.putIfAbsent(serviceName, securityInfo);
57    }
58  
59    /**
60     * Returns the security configuration associated with the given service name.
61     */
62    public static SecurityInfo getInfo(String serviceName) {
63      return infos.get(serviceName);
64    }
65  
66    private final String serverPrincipal;
67    private final Kind tokenKind;
68  
69    public SecurityInfo(String serverPrincipal, Kind tokenKind) {
70      this.serverPrincipal = serverPrincipal;
71      this.tokenKind = tokenKind;
72    }
73  
74    public String getServerPrincipal() {
75      return serverPrincipal;
76    }
77  
78    public Kind getTokenKind() {
79      return tokenKind;
80    }
81  }