View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import java.util.concurrent.ConcurrentHashMap;
21  import java.util.concurrent.ConcurrentMap;
22  
23  import org.apache.hadoop.hbase.classification.InterfaceAudience;
24  import org.apache.hadoop.hbase.protobuf.generated.AdminProtos;
25  import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
26  import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.ClientMetaService;
27  import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
28  import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
29  import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos;
30  
31  /**
32   * Maps RPC protocol interfaces to required configuration
33   */
34  @InterfaceAudience.Private
35  public class SecurityInfo {
36    /** Maps RPC service names to authentication information */
37    private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>();
38    // populate info for known services
39    static {
40      infos.put(AdminProtos.AdminService.getDescriptor().getName(),
41          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
42      infos.put(ClientProtos.ClientService.getDescriptor().getName(),
43          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
44      infos.put(MasterService.getDescriptor().getName(),
45          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
46      infos.put(ClientMetaService.getDescriptor().getName(),
47          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
48      infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
49          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
50    }
51  
52    /**
53     * Adds a security configuration for a new service name.  Note that this will have no effect if
54     * the service name was already registered.
55     */
56    public static void addInfo(String serviceName, SecurityInfo securityInfo) {
57      infos.putIfAbsent(serviceName, securityInfo);
58    }
59  
60    /**
61     * Returns the security configuration associated with the given service name.
62     */
63    public static SecurityInfo getInfo(String serviceName) {
64      return infos.get(serviceName);
65    }
66  
67    private final String serverPrincipal;
68    private final Kind tokenKind;
69  
70    public SecurityInfo(String serverPrincipal, Kind tokenKind) {
71      this.serverPrincipal = serverPrincipal;
72      this.tokenKind = tokenKind;
73    }
74  
75    public String getServerPrincipal() {
76      return serverPrincipal;
77    }
78  
79    public Kind getTokenKind() {
80      return tokenKind;
81    }
82  }