View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import java.util.concurrent.ConcurrentHashMap;
21  import java.util.concurrent.ConcurrentMap;
22  
23  import org.apache.hadoop.hbase.protobuf.generated.AdminProtos;
24  import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
25  import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
26  import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
27  import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos;
28  
29  /**
30   * Maps RPC protocol interfaces to required configuration
31   */
32  public class SecurityInfo {
33    /** Maps RPC service names to authentication information */
34    private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>();
35    // populate info for known services
36    static {
37      infos.put(AdminProtos.AdminService.getDescriptor().getName(),
38          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
39      infos.put(ClientProtos.ClientService.getDescriptor().getName(),
40          new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
41      infos.put(MasterService.getDescriptor().getName(),
42          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
43      infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
44          new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
45    }
46  
47    /**
48     * Adds a security configuration for a new service name.  Note that this will have no effect if
49     * the service name was already registered.
50     */
51    public static void addInfo(String serviceName, SecurityInfo securityInfo) {
52      infos.putIfAbsent(serviceName, securityInfo);
53    }
54  
55    /**
56     * Returns the security configuration associated with the given service name.
57     */
58    public static SecurityInfo getInfo(String serviceName) {
59      return infos.get(serviceName);
60    }
61  
62    private final String serverPrincipal;
63    private final Kind tokenKind;
64  
65    public SecurityInfo(String serverPrincipal, Kind tokenKind) {
66      this.serverPrincipal = serverPrincipal;
67      this.tokenKind = tokenKind;
68    }
69  
70    public String getServerPrincipal() {
71      return serverPrincipal;
72    }
73  
74    public Kind getTokenKind() {
75      return tokenKind;
76    }
77  }