knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: KNOX-355: Support Knox authentication provider based on hadoop.security.authentication.server.AuthenticationHandler
Date Mon, 28 Jul 2014 05:40:37 GMT
Repository: knox
Updated Branches:
  refs/heads/master ee3a15212 -> e59366faf


KNOX-355: Support Knox authentication provider based on hadoop.security.authentication.server.AuthenticationHandler


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/e59366fa
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/e59366fa
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/e59366fa

Branch: refs/heads/master
Commit: e59366faf9e43fb79d4da44a7f4d0d10dcd7200a
Parents: ee3a152
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Sun Jul 27 22:39:18 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Sun Jul 27 22:39:18 2014 -0700

----------------------------------------------------------------------
 gateway-provider-security-hadoopauth/pom.xml    |  77 +++++++++++
 .../gateway/hadoopauth/HadoopAuthMessages.java  |  33 +++++
 .../deploy/HadoopAuthDeploymentContributor.java |  70 ++++++++++
 .../hadoopauth/filter/HadoopAuthFilter.java     |  68 ++++++++++
 .../hadoopauth/filter/HadoopAuthPostFilter.java |  95 +++++++++++++
 ...gateway.deploy.ProviderDeploymentContributor |  19 +++
 gateway-release/home/templates/hada.xml         | 134 +++++++++++++++++++
 gateway-release/pom.xml                         |   4 +
 pom.xml                                         |   6 +
 9 files changed, 506 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/pom.xml b/gateway-provider-security-hadoopauth/pom.xml
new file mode 100755
index 0000000..9721253
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/pom.xml
@@ -0,0 +1,77 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.hadoop</groupId>
+        <artifactId>gateway</artifactId>
+        <version>0.5.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>gateway-provider-security-hadoopauth</artifactId>
+
+    <name>gateway-provider-security-hadoop-auth</name>
+    <description>An extension of the gateway introducing based on org.apache.hadoop.security.auth
package</description>
+
+    <licenses>
+        <license>
+            <name>The Apache Software License, Version 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+
+    <dependencies>
+        <dependency>
+            <groupId>${gateway-group}</groupId>
+            <artifactId>gateway-spi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${gateway-group}</groupId>
+            <artifactId>gateway-util-common</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty.orbit</groupId>
+            <artifactId>javax.servlet</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-auth</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.easymock</groupId>
+            <artifactId>easymock</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>gateway-test-utils</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/HadoopAuthMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/HadoopAuthMessages.java
b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/HadoopAuthMessages.java
new file mode 100755
index 0000000..b7609c8
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/HadoopAuthMessages.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.hadoopauth;
+
+import org.apache.hadoop.gateway.i18n.messages.Message;
+import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
+import org.apache.hadoop.gateway.i18n.messages.Messages;
+
+@Messages(logger="org.apache.hadoop.gateway.provider.global.hadoopauth")
+public interface HadoopAuthMessages {
+  
+  @Message( level = MessageLevel.INFO, text = "Initializing Hadoop Auth Property, name: {0},
 value: {1}" )
+  void initializingHadoopAuthProperty(String name, String value);
+  
+  @Message( level = MessageLevel.DEBUG, text = "Hadoop Authentication Asserted Principal:
{0}" )
+  void hadoopAuthAssertedPrincipal(String name);
+  
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java
b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java
new file mode 100755
index 0000000..8404853
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/deploy/HadoopAuthDeploymentContributor.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.hadoopauth.deploy;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.hadoop.gateway.deploy.DeploymentContext;
+import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
+import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
+import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
+import org.apache.hadoop.gateway.topology.Provider;
+import org.apache.hadoop.gateway.topology.Service;
+
+public class HadoopAuthDeploymentContributor extends
+    ProviderDeploymentContributorBase {
+
+  private static final String ROLE = "authentication";
+  private static final String NAME = "HadoopAuth";
+
+  private static final String HADOOPAUTH_FILTER_CLASSNAME = "org.apache.hadoop.gateway.hadoopauth.filter.HadoopAuthFilter";
+  private static final String HADOOPAUTH_POSTFILTER_CLASSNAME = "org.apache.hadoop.gateway.hadoopauth.filter.HadoopAuthPostFilter";
+
+  @Override
+  public String getRole() {
+    return ROLE;
+  }
+
+  @Override
+  public String getName() {
+    return NAME;
+  }
+
+  @Override
+  public void initializeContribution(DeploymentContext context) {
+    super.initializeContribution(context);
+  }
+
+  @Override
+  public void contributeFilter(DeploymentContext context, Provider provider, Service service,

+      ResourceDescriptor resource, List<FilterParamDescriptor> params) {
+    // blindly add all the provider params as filter init params
+    if (params == null) {
+      params = new ArrayList<FilterParamDescriptor>();
+    }
+    Map<String, String> providerParams = provider.getParams();
+    for(Entry<String, String> entry : providerParams.entrySet()) {
+      params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value(
entry.getValue() ) );
+    }
+    resource.addFilter().name( getName() ).role( getRole() ).impl( HADOOPAUTH_FILTER_CLASSNAME
).params( params );
+    resource.addFilter().name( "Post" + getName() ).role( getRole() ).impl( HADOOPAUTH_POSTFILTER_CLASSNAME
).params( params );
+  }
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthFilter.java
b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthFilter.java
new file mode 100755
index 0000000..649601f
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthFilter.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.hadoopauth.filter;
+
+import java.util.Enumeration;
+import java.util.Properties;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+import org.apache.hadoop.gateway.hadoopauth.HadoopAuthMessages;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+
+/*
+ * see http://hadoop.apache.org/docs/current/hadoop-auth/Configuration.html
+ *
+ * CONFIG_PREFIX = "config.prefix
+ * AUTH_TYPE = "type", AUTH_TOKEN_VALIDITY = "token.validity"
+ * COOKIE_DOMAIN = "cookie.domain", COOKIE_PATH = "cookie.path"
+ * SIGNATURE_SECRET = "signature.secret
+ * TYPE = "kerberos", PRINCIPAL = TYPE + ".principal", KEYTAB = TYPE + ".keytab"
+
+ * config.prefix=hadoop.auth.config (default: null)
+ * hadoop.auth.config.signature.secret=SECRET (default: a simple random number)
+ * hadoop.auth.config.type=simple|kerberos|CLASS (default: none, would throw exception)
+ * hadoop.auth.config.token.validity=SECONDS (default: 3600 seconds)
+ * hadoop.auth.config.cookie.domain=DOMAIN(default: null)
+ * hadoop.auth.config.cookie.path=PATH (default: null)
+ * hadoop.auth.config.kerberos.principal=HTTP/localhost@LOCALHOST (default: null)
+ * hadoop.auth.config.kerberos.keytab=/etc/knox/conf/knox.service.keytab (default: null)
+ */
+
+public class HadoopAuthFilter extends 
+    org.apache.hadoop.security.authentication.server.AuthenticationFilter {
+  
+  private static HadoopAuthMessages log = MessagesFactory.get( HadoopAuthMessages.class );
+  
+  @Override
+  protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws
ServletException {
+    Properties props = new Properties();
+    Enumeration<?> names = filterConfig.getInitParameterNames();
+    while (names.hasMoreElements()) {
+      String name = (String) names.nextElement();
+      if (name.startsWith(configPrefix)) {
+        String value = filterConfig.getInitParameter(name);
+        log.initializingHadoopAuthProperty(name, value);
+        props.put(name.substring(configPrefix.length()), value);
+      }
+    }
+    return props;
+  }
+  
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthPostFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthPostFilter.java
b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthPostFilter.java
new file mode 100755
index 0000000..ba74667
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/src/main/java/org/apache/hadoop/gateway/hadoopauth/filter/HadoopAuthPostFilter.java
@@ -0,0 +1,95 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.hadoopauth.filter;
+
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.hadoopauth.HadoopAuthMessages;
+
+public class HadoopAuthPostFilter implements Filter {
+
+  private static HadoopAuthMessages log = MessagesFactory.get( HadoopAuthMessages.class );
+  
+  @Override
+  public void init( FilterConfig filterConfig ) throws ServletException {
+  }
+
+  @Override
+  public void destroy() {
+  }
+  
+  @Override
+  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+      throws IOException, ServletException {
+    HttpServletRequest httpRequest = (HttpServletRequest)request;
+    String principal = httpRequest.getRemoteUser();
+    if (principal != null) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new PrimaryPrincipal(principal));
+        log.hadoopAuthAssertedPrincipal(principal);
+        doAs(httpRequest, response, chain, subject);
+    } 
+    else {
+      ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN, "User not
authenticated");
+    }
+  }
+
+  private void doAs(final ServletRequest request, final ServletResponse response, final FilterChain
chain, Subject subject)
+      throws IOException, ServletException {
+      try {
+        Subject.doAs(
+            subject,
+            new PrivilegedExceptionAction<Object>() {
+              public Object run() throws Exception {
+                chain.doFilter(request, response);
+                return null;
+              }
+            }
+            );
+      }
+      catch (PrivilegedActionException e) {
+        Throwable t = e.getCause();
+        if (t instanceof IOException) {
+          throw (IOException) t;
+        }
+        else if (t instanceof ServletException) {
+          throw (ServletException) t;
+        }
+        else {
+          throw new ServletException(t);
+        }
+      }
+    }
+  
+}

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-provider-security-hadoopauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-hadoopauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
b/gateway-provider-security-hadoopauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
new file mode 100755
index 0000000..7e247eb
--- /dev/null
+++ b/gateway-provider-security-hadoopauth/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.hadoopauth.deploy.HadoopAuthDeploymentContributor

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-release/home/templates/hada.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/hada.xml b/gateway-release/home/templates/hada.xml
new file mode 100755
index 0000000..1f7246d
--- /dev/null
+++ b/gateway-release/home/templates/hada.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+    <gateway>
+
+        <provider>
+            <role>authentication</role>
+            <name>HadoopAuth</name>
+            <enabled>true</enabled>
+
+            <param>
+                <name>config.prefix</name>
+                <value>hadoop.auth.config</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.signature.secret</name>
+                <value>78hdkjaka</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.type</name>
+                <value>simple</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.simple.anonymous.allowed</name>
+                <value>false</value> <!-- default: false -->
+            </param>
+            <param>
+                <name>hadoop.auth.config.token.validity</name>
+                <value>1800</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.cookie.domain</name>
+                <value>hdp.example.com</value>
+            </param>
+            <param>
+                <name>hadoop.auth.config.cookie.path</name>
+                <value>gateway/hada</value>
+            </param>
+
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Pseudo</name>
+            <enabled>true</enabled>
+	 <!-- param>
+		<name>principal.mapping</name>
+		<value>sam=god;</value>
+	 </param -->
+
+        </provider>
+
+        <!--
+        Defines rules for mapping host names internal to a Hadoop cluster to externally accessible
host names.
+        For example, a hadoop service running in AWS may return a response that includes
URLs containing the
+        some AWS internal host name.  If the client needs to make a subsequent request to
the host identified
+        in those URLs they need to be mapped to external host names that the client Knox
can use to connect.
+
+        If the external hostname and internal host names are same turn of this provider by
setting the value of
+        enabled parameter as false.
+
+        The name parameter specifies the external host names in a comma separated list.
+        The value parameter specifies corresponding internal host names in a comma separated
list.
+
+        Note that when you are using Sandbox, the external hostname needs to be localhost,
as seen in out
+        of box sandbox.xml.  This is because Sandbox uses port mapping to allow clients to
connect to the
+        Hadoop services using localhost.  In real clusters, external host names would almost
never be localhost.
+        -->
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>false</enabled>
+            <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+        </provider>
+
+    </gateway>
+
+    <service>
+        <role>NAMENODE</role>
+        <url>hdfs://hdp.example.com:8020</url>
+    </service>
+
+    <service>
+        <role>JOBTRACKER</role>
+        <url>rpc://hdp.example.com:8050</url>
+    </service>
+
+    <service>
+        <role>WEBHDFS</role>
+        <url>http://hdp.example.com:50070/webhdfs</url>
+    </service>
+
+    <service>
+        <role>WEBHCAT</role>
+        <url>http://hdp.example.com:50111/templeton</url>
+    </service>
+
+    <service>
+        <role>OOZIE</role>
+        <url>http://hdp.example.com:11000/oozie</url>
+    </service>
+
+    <service>
+        <role>WEBHBASE</role>
+        <url>http://hdp.example.com:60080</url>
+    </service>
+
+    <service>
+        <role>HIVE</role>
+        <url>http://hdp.example.com:10001/cliservice</url>
+    </service>
+
+    <service>
+        <role>RESOURCEMANAGER</role>
+        <url>http://localhost:8088/ws</url>
+    </service>
+
+</topology>

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/gateway-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index a449497..579a5c6 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -187,6 +187,10 @@
         </dependency>
         <dependency>
             <groupId>${gateway-group}</groupId>
+            <artifactId>gateway-provider-security-hadoopauth</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${gateway-group}</groupId>
             <artifactId>gateway-provider-security-authz-acls</artifactId>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/knox/blob/e59366fa/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index f5ec03d..9e768e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,6 +49,7 @@
         <module>gateway-provider-security-jwt</module>
         <module>gateway-provider-security-webappsec</module>
         <module>gateway-provider-security-preauth</module>
+        <module>gateway-provider-security-hadoopauth</module>
         <module>gateway-provider-security-shiro</module>
         <module>gateway-provider-security-authz-acls</module>
         <module>gateway-provider-identity-assertion-pseudo</module>
@@ -384,6 +385,11 @@
             </dependency>
             <dependency>
                 <groupId>${gateway-group}</groupId>
+                <artifactId>gateway-provider-security-hadoopauth</artifactId>
+                <version>${gateway-version}</version>
+            </dependency>
+            <dependency>
+                <groupId>${gateway-group}</groupId>
                 <artifactId>gateway-provider-security-shiro</artifactId>
                 <version>${gateway-version}</version>
             </dependency>


Mime
View raw message