diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
index a014ab30..228b9e73 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
@@ -31,7 +31,7 @@ public class AuthenticationManager implements Reconfigurable {
/**
* Default authentication handler
*/
- public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.SimpleAuthenticationHandler";
+ public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler";
/**
@@ -92,9 +92,9 @@ public synchronized void initialize() throws ClassNotFoundException, IllegalAcce
}
String handler = SqoopConfiguration.getInstance().getContext().getString(
- AuthenticationConstants.AUTHENTICATION_HANDLER,
+ SecurityConstants.AUTHENTICATION_HANDLER,
DEFAULT_AUTHENTICATION_HANDLER).trim();
- authenticationHandler = AuthenticationHandlerFactory.getAuthenticationHandler(handler);
+ authenticationHandler = SecurityFactory.getAuthenticationHandler(handler);
authenticationHandler.doInitialize();
authenticationHandler.secureLogin();
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
similarity index 75%
rename from core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
rename to core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
index ec2f32d5..a00573ae 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
@@ -22,19 +22,24 @@
/**
* Constants that are used in authentication module.
*/
-public final class AuthenticationConstants {
-
+public final class SecurityConstants {
+ /**
+ * All security related configuration is prefixed with this:
+ * org.apache.sqoop.security.
+ */
+ public static final String PREFIX_SECURITY_CONFIG =
+ ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "security.";
/**
* All authentication related configuration is prefixed with this:
- * org.apache.sqoop.authentication.
+ * org.apache.sqoop.security.authentication.
*/
public static final String PREFIX_AUTHENTICATION_CONFIG =
- ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "authentication.";
+ PREFIX_SECURITY_CONFIG + "authentication.";
/**
* The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
* The default type is SIMPLE
- * org.apache.sqoop.authentication.type.
+ * org.apache.sqoop.security.authentication.type.
*/
public static final String AUTHENTICATION_TYPE =
PREFIX_AUTHENTICATION_CONFIG + "type";
@@ -42,56 +47,56 @@ public final class AuthenticationConstants {
/**
* The config specifies the sqoop authentication handler class.
* The default type is org.apache.sqoop.security.SimpleAuthenticationHandler
- * org.apache.sqoop.authentication.handler.
+ * org.apache.sqoop.security.authentication.handler.
*/
public static final String AUTHENTICATION_HANDLER =
PREFIX_AUTHENTICATION_CONFIG + "handler";
/**
* The config enables or disables anonymous authentication.
- * org.apache.sqoop.authentication.anonymous.
+ * org.apache.sqoop.security.authentication.anonymous.
*/
public static final String AUTHENTICATION_ANONYMOUS =
PREFIX_AUTHENTICATION_CONFIG + "anonymous";
/**
* All kerberos authentication related configuration is prefixed with this:
- * org.apache.sqoop.authentication.kerberos.
+ * org.apache.security.sqoop.authentication.kerberos.
*/
public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
/**
* The config specifies the kerberos principal.
- * org.apache.sqoop.authentication.kerberos.principal.
+ * org.apache.sqoop.security.authentication.kerberos.principal.
*/
public static final String AUTHENTICATION_KERBEROS_PRINCIPAL =
PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "principal";
/**
* The config specifies the kerberos keytab.
- * org.apache.sqoop.authentication.kerberos.principal.
+ * org.apache.sqoop.security.authentication.kerberos.principal.
*/
public static final String AUTHENTICATION_KERBEROS_KEYTAB =
PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "keytab";
/**
* All kerberos authentication for http related configuration is prefixed with this:
- * org.apache.sqoop.authentication.kerberos.http.
+ * org.apache.sqoop.security.authentication.kerberos.http.
*/
public static final String PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG =
PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "http.";
/**
* The config specifies the kerberos principal for http.
- * org.apache.sqoop.authentication.kerberos.http.principal.
+ * org.apache.sqoop.security.authentication.kerberos.http.principal.
*/
public static final String AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL =
PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "principal";
/**
* The config specifies the kerberos keytab for http.
- * org.apache.sqoop.authentication.kerberos.http.principal.
+ * org.apache.sqoop.security.authentication.kerberos.http.principal.
*/
public static final String AUTHENTICATION_KERBEROS_HTTP_KEYTAB =
PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "keytab";
@@ -103,7 +108,7 @@ public final class AuthenticationConstants {
public static enum TYPE {SIMPLE, KERBEROS}
- private AuthenticationConstants() {
+ private SecurityConstants() {
// Instantiation of this class is prohibited
}
}
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
similarity index 95%
rename from core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
rename to core/src/main/java/org/apache/sqoop/security/SecurityError.java
index abb5c90d..e4ba2212 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
@@ -19,7 +19,7 @@
import org.apache.sqoop.common.ErrorCode;
-public enum AuthenticationError implements ErrorCode {
+public enum SecurityError implements ErrorCode {
/** An unknown error has occurred. */
AUTH_0000("An unknown error has occurred"),
@@ -44,7 +44,7 @@ public enum AuthenticationError implements ErrorCode {
private final String message;
- private AuthenticationError(String message) {
+ private SecurityError(String message) {
this.message = message;
}
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
similarity index 90%
rename from core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
rename to core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
index b62fe184..3e6df672 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
@@ -23,14 +23,14 @@
/**
* Create authentication manager.
*/
-public class AuthenticationHandlerFactory {
+public class SecurityFactory {
public static AuthenticationHandler getAuthenticationHandler(String handler) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
Class handlerClass = ClassUtils.loadClass(handler);
if (handlerClass == null) {
- throw new SqoopException(AuthenticationError.AUTH_0004,
+ throw new SqoopException(SecurityError.AUTH_0004,
"Authentication Handler Class: " + handler);
}
@@ -38,7 +38,7 @@ public static AuthenticationHandler getAuthenticationHandler(String handler) thr
try {
newHandler = (AuthenticationHandler) handlerClass.newInstance();
} catch (Exception ex) {
- throw new SqoopException(AuthenticationError.AUTH_0004,
+ throw new SqoopException(SecurityError.AUTH_0004,
"Authentication Handler Class: " + handler, ex);
}
return newHandler;
diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties
index 2ae1aba6..e22e8b06 100755
--- a/dist/src/main/server/conf/sqoop.properties
+++ b/dist/src/main/server/conf/sqoop.properties
@@ -144,16 +144,16 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
#
# Authentication configuration
#
-#org.apache.sqoop.authentication.type=SIMPLE
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
-#org.apache.sqoop.authentication.anonymous=true
-#org.apache.sqoop.authentication.type=KERBEROS
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
-#org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.enable.doAs=true
-#org.apache.sqoop.authentication.proxyuser.#USER#.users=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.groups=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file
+#org.apache.sqoop.security.authentication.type=SIMPLE
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
+#org.apache.sqoop.security.authentication.anonymous=true
+#org.apache.sqoop.security.authentication.type=KERBEROS
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
+#org.apache.sqoop.security.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.enable.doAs=true
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.users=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.groups=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file
diff --git a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
index 8f9520e1..c38e276e 100644
--- a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
+++ b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
@@ -30,7 +30,7 @@ Modify Sqoop configuration file, normally in /server/config/sqoop.
::
org.apache.sqoop.authentication.type=SIMPLE
- org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
+ org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
org.apache.sqoop.anonymous=true
- Simple authentication is used by default. Commenting out authentication configuration will yield the use of simple authentication.
@@ -88,7 +88,7 @@ Modify Sqoop configuration file, normally in /server/config/sqoop.
::
org.apache.sqoop.authentication.type=KERBEROS
- org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
+ org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@
org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@
@@ -132,7 +132,7 @@ If the Sqoop server has started successfully with Kerberos authentication, the f
::
- 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
+ 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
If the Sqoop client was able to communicate with the Sqoop server, the following will be in /server/log/catalina.out:
diff --git a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
similarity index 77%
rename from security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
rename to security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
index 57531b8a..db89a2d5 100644
--- a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
@@ -15,7 +15,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.sqoop.security;
+package org.apache.sqoop.security.Authentication;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
@@ -24,6 +24,9 @@
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
import java.io.IOException;
@@ -56,30 +59,30 @@ public void doInitialize() {
public void secureLogin() {
MapContext mapContext = SqoopConfiguration.getInstance().getContext();
String keytab = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
if (keytab.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0001,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB);
+ throw new SqoopException(SecurityError.AUTH_0001,
+ SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB);
}
keytabFile = keytab;
String principal = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
if (principal.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0002,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
+ throw new SqoopException(SecurityError.AUTH_0002,
+ SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
}
keytabPrincipal = principal;
Configuration conf = new Configuration();
conf.set(get_hadoop_security_authentication(),
- AuthenticationConstants.TYPE.KERBEROS.name());
+ SecurityConstants.TYPE.KERBEROS.name());
UserGroupInformation.setConfiguration(conf);
try {
String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
} catch (IOException ex) {
- throw new SqoopException(AuthenticationError.AUTH_0003, ex);
+ throw new SqoopException(SecurityError.AUTH_0003, ex);
}
LOG.info("Using Kerberos authentication, principal ["
+ principal + "] keytab [" + keytab + "]");
diff --git a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
similarity index 87%
rename from security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
rename to security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
index c93ff89e..94f0feb9 100644
--- a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
@@ -15,11 +15,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.sqoop.security;
+package org.apache.sqoop.security.Authentication;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.Logger;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
public class SimpleAuthenticationHandler extends AuthenticationHandler {
@@ -33,7 +35,7 @@ public void secureLogin() {
//no secureLogin, just set configurations
Configuration conf = new Configuration();
conf.set(get_hadoop_security_authentication(),
- AuthenticationConstants.TYPE.SIMPLE.name());
+ SecurityConstants.TYPE.SIMPLE.name());
UserGroupInformation.setConfiguration(conf);
LOG.info("Using simple/pseudo authentication, principal ["
+ System.getProperty("user.name") + "]");
diff --git a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
index 2b6ef348..ddca9d4e 100644
--- a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
+++ b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
@@ -19,7 +19,6 @@
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
@@ -29,8 +28,8 @@
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
-import org.apache.sqoop.security.AuthenticationConstants;
-import org.apache.sqoop.security.AuthenticationError;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
@@ -46,46 +45,46 @@ protected Properties getConfiguration(String configPrefix,
Properties properties = new Properties();
MapContext mapContext = SqoopConfiguration.getInstance().getContext();
String type = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_TYPE,
- AuthenticationConstants.TYPE.SIMPLE.name()).trim();
+ SecurityConstants.AUTHENTICATION_TYPE,
+ SecurityConstants.TYPE.SIMPLE.name()).trim();
- if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.KERBEROS.name())) {
+ if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());
String keytab = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
if (keytab.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0005,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
+ throw new SqoopException(SecurityError.AUTH_0005,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
}
String principal = mapContext.getString(
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
if (principal.length() == 0) {
- throw new SqoopException(AuthenticationError.AUTH_0006,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+ throw new SqoopException(SecurityError.AUTH_0006,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
}
String hostPrincipal = "";
try {
hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
} catch (IOException e) {
- throw new SqoopException(AuthenticationError.AUTH_0006,
- AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+ throw new SqoopException(SecurityError.AUTH_0006,
+ SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
}
properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
- } else if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.SIMPLE.name())) {
+ } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
- mapContext.getString(AuthenticationConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
+ mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
} else {
- throw new SqoopException(AuthenticationError.AUTH_0004, type);
+ throw new SqoopException(SecurityError.AUTH_0004, type);
}
properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
- AuthenticationConstants.TOKEN_KIND);
+ SecurityConstants.TOKEN_KIND);
return properties;
}