mirror of
https://github.com/apache/zeppelin
synced 2026-05-24 09:38:26 +00:00
[ZEPPELIN-530] Added changes for Credential Provider, using hadoop commons and credential api's.
This commit is contained in:
Rohit Choudhary
parent
85d4df4f0c
commit
cfecf74215
2 changed files with 92 additions and 1 deletions
|
|
@ -35,6 +35,7 @@
|
|||
<properties>
|
||||
<cxf.version>2.7.7</cxf.version>
|
||||
<commons.httpclient.version>4.3.6</commons.httpclient.version>
|
||||
<hadoop-common.version>2.6.0</hadoop-common.version>
|
||||
</properties>
|
||||
|
||||
<dependencyManagement>
|
||||
|
|
@ -205,6 +206,61 @@
|
|||
<artifactId>commons-collections</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-common</artifactId>
|
||||
<version>${hadoop-common.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>com.sun.jersey</groupId>
|
||||
<artifactId>jersey-core</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>com.sun.jersey</groupId>
|
||||
<artifactId>jersey-json</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>com.sun.jersey</groupId>
|
||||
<artifactId>jersey-server</artifactId>
|
||||
</exclusion>
|
||||
|
||||
|
||||
<exclusion>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.avro</groupId>
|
||||
<artifactId>avro</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.jackrabbit</groupId>
|
||||
<artifactId>jackrabbit-webdav</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>io.netty</groupId>
|
||||
<artifactId>netty</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>commons-httpclient</groupId>
|
||||
<artifactId>commons-httpclient</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.eclipse.jgit</groupId>
|
||||
<artifactId>org.eclipse.jgit</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>com.jcraft</groupId>
|
||||
<artifactId>jsch</artifactId>
|
||||
</exclusion>
|
||||
|
||||
</exclusions>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.quartz-scheduler</groupId>
|
||||
<artifactId>quartz</artifactId>
|
||||
|
|
|
|||
|
|
@ -16,6 +16,10 @@
|
|||
*/
|
||||
package org.apache.zeppelin.server;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.security.alias.CredentialProvider;
|
||||
import org.apache.hadoop.security.alias.CredentialProviderFactory;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.SimpleAuthenticationInfo;
|
||||
|
|
@ -55,6 +59,13 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
|
|||
|
||||
private static final String ROLE_NAMES_DELIMETER = ",";
|
||||
|
||||
String KEYSTORE_PASS = "activeDirectoryRealm.systemPassword";
|
||||
private String hadoopSecurityCredentialPath;
|
||||
|
||||
public void setHadoopSecurityCredentialPath(String hadoopSecurityCredentialPath) {
|
||||
this.hadoopSecurityCredentialPath = hadoopSecurityCredentialPath;
|
||||
}
|
||||
|
||||
/*--------------------------------------------
|
||||
| I N S T A N C E V A R I A B L E S |
|
||||
============================================*/
|
||||
|
|
@ -91,13 +102,36 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
|
|||
defaultFactory.setSearchBase(this.searchBase);
|
||||
defaultFactory.setUrl(this.url);
|
||||
defaultFactory.setSystemUsername(this.systemUsername);
|
||||
defaultFactory.setSystemPassword(this.systemPassword);
|
||||
defaultFactory.setSystemPassword(getSystemPassword());
|
||||
this.ldapContextFactory = defaultFactory;
|
||||
}
|
||||
|
||||
return this.ldapContextFactory;
|
||||
}
|
||||
|
||||
private String getSystemPassword() {
|
||||
String password = "";
|
||||
if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) {
|
||||
password = this.systemPassword;
|
||||
} else {
|
||||
try {
|
||||
Configuration configuration = new Configuration();
|
||||
configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
|
||||
this.hadoopSecurityCredentialPath);
|
||||
CredentialProvider provider =
|
||||
CredentialProviderFactory.getProviders(configuration).get(0);
|
||||
CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(
|
||||
KEYSTORE_PASS);
|
||||
if (credEntry != null) {
|
||||
password = new String(credEntry.getCredential());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
|
||||
}
|
||||
}
|
||||
return password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for
|
||||
* the specified username. This method binds to the LDAP server using the provided username
|
||||
|
|
@ -293,3 +327,4 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue