sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-2002: Sqoop2: Refactor existing security component
Date Mon, 12 Jan 2015 18:12:13 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 f4beb543e -> bca7671f8


SQOOP-2002: Sqoop2: Refactor existing security component

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/bca7671f
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/bca7671f
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/bca7671f

Branch: refs/heads/sqoop2
Commit: bca7671f852192275b412d9f62ff90f4d1e943f5
Parents: f4beb54
Author: Abraham Elmahrek <abe@apache.org>
Authored: Mon Jan 12 10:11:34 2015 -0800
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Mon Jan 12 10:11:34 2015 -0800

----------------------------------------------------------------------
 .../sqoop/security/AuthenticationConstants.java | 109 ------------------
 .../sqoop/security/AuthenticationError.java     |  58 ----------
 .../security/AuthenticationHandlerFactory.java  |  46 --------
 .../sqoop/security/AuthenticationManager.java   |   6 +-
 .../sqoop/security/SecurityConstants.java       | 114 +++++++++++++++++++
 .../apache/sqoop/security/SecurityError.java    |  58 ++++++++++
 .../apache/sqoop/security/SecurityFactory.java  |  46 ++++++++
 dist/src/main/server/conf/sqoop.properties      |  26 ++---
 docs/src/site/sphinx/SecurityGuideOnSqoop2.rst  |   6 +-
 .../KerberosAuthenticationHandler.java          |  90 +++++++++++++++
 .../SimpleAuthenticationHandler.java            |  43 +++++++
 .../security/KerberosAuthenticationHandler.java |  87 --------------
 .../security/SimpleAuthenticationHandler.java   |  41 -------
 .../sqoop/filter/SqoopAuthenticationFilter.java |  35 +++---
 14 files changed, 387 insertions(+), 378 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
deleted file mode 100644
index ec2f32d..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationConstants.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.core.ConfigurationConstants;
-
-/**
- * Constants that are used in authentication module.
- */
-public final class AuthenticationConstants {
-
-  /**
-   * All authentication related configuration is prefixed with this:
-   * <tt>org.apache.sqoop.authentication.</tt>
-   */
-  public static final String PREFIX_AUTHENTICATION_CONFIG =
-    ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "authentication.";
-
-  /**
-   * The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
-   * The default type is SIMPLE
-   * <tt>org.apache.sqoop.authentication.type</tt>.
-   */
-  public static final String AUTHENTICATION_TYPE =
-    PREFIX_AUTHENTICATION_CONFIG + "type";
-
-  /**
-   * The config specifies the sqoop authentication handler class.
-   * The default type is org.apache.sqoop.security.SimpleAuthenticationHandler
-   * <tt>org.apache.sqoop.authentication.handler</tt>.
-   */
-  public static final String AUTHENTICATION_HANDLER =
-          PREFIX_AUTHENTICATION_CONFIG + "handler";
-
-  /**
-   * The config enables or disables anonymous authentication.
-   * <tt>org.apache.sqoop.authentication.anonymous</tt>.
-   */
-  public static final String AUTHENTICATION_ANONYMOUS =
-      PREFIX_AUTHENTICATION_CONFIG + "anonymous";
-
-  /**
-   * All kerberos authentication related configuration is prefixed with this:
-   * <tt>org.apache.sqoop.authentication.kerberos.</tt>
-   */
-  public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
-          PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
-
-  /**
-   * The config specifies the kerberos principal.
-   * <tt>org.apache.sqoop.authentication.kerberos.principal</tt>.
-   */
-  public static final String AUTHENTICATION_KERBEROS_PRINCIPAL =
-    PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "principal";
-
-  /**
-   * The config specifies the kerberos keytab.
-   * <tt>org.apache.sqoop.authentication.kerberos.principal</tt>.
-   */
-  public static final String AUTHENTICATION_KERBEROS_KEYTAB =
-    PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "keytab";
-
-  /**
-   * All kerberos authentication for http related configuration is prefixed with this:
-   * <tt>org.apache.sqoop.authentication.kerberos.http.</tt>
-   */
-  public static final String PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG =
-          PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "http.";
-
-  /**
-   * The config specifies the kerberos principal for http.
-   * <tt>org.apache.sqoop.authentication.kerberos.http.principal</tt>.
-   */
-  public static final String AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL =
-          PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "principal";
-
-  /**
-   * The config specifies the kerberos keytab for http.
-   * <tt>org.apache.sqoop.authentication.kerberos.http.principal</tt>.
-   */
-  public static final String AUTHENTICATION_KERBEROS_HTTP_KEYTAB =
-          PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "keytab";
-
-  /**
-   * The config specifies the token kind in delegation token.
-   */
-  public static final String TOKEN_KIND = "sqoop_token_kind";
-
-  public static enum TYPE {SIMPLE, KERBEROS}
-
-  private AuthenticationConstants() {
-    // Instantiation of this class is prohibited
-  }
-}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
deleted file mode 100644
index abb5c90..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationError.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.common.ErrorCode;
-
-public enum AuthenticationError implements ErrorCode {
-
-  /** An unknown error has occurred. */
-  AUTH_0000("An unknown error has occurred"),
-
-  /** The system was not able to find Kerberos keytab in sqoop configuration. */
-  AUTH_0001("Unable to find Kerberos keytab"),
-
-  /** The system was not able to find Kerberos principal in sqoop configuration. */
-  AUTH_0002("Unable to find Kerberos principal"),
-
-  /** The system was not able to login using Kerberos keytab and principal in sqoop configuration.
*/
-  AUTH_0003("Unable to login using Kerberos keytab and principal"),
-
-  /** Invalid authentication type {simple, Kerberos}. */
-  AUTH_0004("Invalid authentication type"),
-
-  /** The system was not able to find Kerberos keytab for http in sqoop configuration. */
-  AUTH_0005("Unable to find Kerberos keytab for http"),
-
-  /** The system was not able to find Kerberos principal for http in sqoop configuration.
*/
-  AUTH_0006("Unable to find Kerberos principal for http");
-
-  private final String message;
-
-  private AuthenticationError(String message) {
-    this.message = message;
-  }
-
-  public String getCode() {
-    return name();
-  }
-
-  public String getMessage() {
-    return message;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
b/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
deleted file mode 100644
index b62fe18..0000000
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationHandlerFactory.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.sqoop.common.SqoopException;
-import org.apache.sqoop.utils.ClassUtils;
-
-/**
- * Create authentication manager.
- */
-public class AuthenticationHandlerFactory {
-
-  public static AuthenticationHandler getAuthenticationHandler(String handler) throws ClassNotFoundException,
IllegalAccessException, InstantiationException {
-
-    Class<?> handlerClass = ClassUtils.loadClass(handler);
-
-    if (handlerClass == null) {
-      throw new SqoopException(AuthenticationError.AUTH_0004,
-              "Authentication Handler Class: " + handler);
-    }
-
-    AuthenticationHandler newHandler;
-    try {
-      newHandler = (AuthenticationHandler) handlerClass.newInstance();
-    } catch (Exception ex) {
-      throw new SqoopException(AuthenticationError.AUTH_0004,
-              "Authentication Handler Class: " + handler, ex);
-    }
-    return newHandler;
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
index a014ab3..228b9e7 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java
@@ -31,7 +31,7 @@ public class AuthenticationManager implements Reconfigurable {
   /**
    * Default authentication handler
    */
-  public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.SimpleAuthenticationHandler";
+  public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler";
 
 
   /**
@@ -92,9 +92,9 @@ public class AuthenticationManager implements Reconfigurable {
     }
 
     String handler = SqoopConfiguration.getInstance().getContext().getString(
-        AuthenticationConstants.AUTHENTICATION_HANDLER,
+        SecurityConstants.AUTHENTICATION_HANDLER,
         DEFAULT_AUTHENTICATION_HANDLER).trim();
-    authenticationHandler = AuthenticationHandlerFactory.getAuthenticationHandler(handler);
+    authenticationHandler = SecurityFactory.getAuthenticationHandler(handler);
     authenticationHandler.doInitialize();
     authenticationHandler.secureLogin();
 

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
new file mode 100644
index 0000000..a00573a
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.core.ConfigurationConstants;
+
+/**
+ * Constants that are used in authentication module.
+ */
+public final class SecurityConstants {
+  /**
+   * All security related configuration is prefixed with this:
+   * <tt>org.apache.sqoop.security.</tt>
+   */
+  public static final String PREFIX_SECURITY_CONFIG =
+          ConfigurationConstants.PREFIX_GLOBAL_CONFIG + "security.";
+  /**
+   * All authentication related configuration is prefixed with this:
+   * <tt>org.apache.sqoop.security.authentication.</tt>
+   */
+  public static final String PREFIX_AUTHENTICATION_CONFIG =
+    PREFIX_SECURITY_CONFIG + "authentication.";
+
+  /**
+   * The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
+   * The default type is SIMPLE
+   * <tt>org.apache.sqoop.security.authentication.type</tt>.
+   */
+  public static final String AUTHENTICATION_TYPE =
+    PREFIX_AUTHENTICATION_CONFIG + "type";
+
+  /**
+   * The config specifies the sqoop authentication handler class.
+   * The default type is org.apache.sqoop.security.SimpleAuthenticationHandler
+   * <tt>org.apache.sqoop.security.authentication.handler</tt>.
+   */
+  public static final String AUTHENTICATION_HANDLER =
+          PREFIX_AUTHENTICATION_CONFIG + "handler";
+
+  /**
+   * The config enables or disables anonymous authentication.
+   * <tt>org.apache.sqoop.security.authentication.anonymous</tt>.
+   */
+  public static final String AUTHENTICATION_ANONYMOUS =
+      PREFIX_AUTHENTICATION_CONFIG + "anonymous";
+
+  /**
+   * All kerberos authentication related configuration is prefixed with this:
+   * <tt>org.apache.security.sqoop.authentication.kerberos.</tt>
+   */
+  public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
+          PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
+
+  /**
+   * The config specifies the kerberos principal.
+   * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>.
+   */
+  public static final String AUTHENTICATION_KERBEROS_PRINCIPAL =
+    PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "principal";
+
+  /**
+   * The config specifies the kerberos keytab.
+   * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>.
+   */
+  public static final String AUTHENTICATION_KERBEROS_KEYTAB =
+    PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "keytab";
+
+  /**
+   * All kerberos authentication for http related configuration is prefixed with this:
+   * <tt>org.apache.sqoop.security.authentication.kerberos.http.</tt>
+   */
+  public static final String PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG =
+          PREFIX_AUTHENTICATION_KERBEROS_CONFIG + "http.";
+
+  /**
+   * The config specifies the kerberos principal for http.
+   * <tt>org.apache.sqoop.security.authentication.kerberos.http.principal</tt>.
+   */
+  public static final String AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL =
+          PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "principal";
+
+  /**
+   * The config specifies the kerberos keytab for http.
+   * <tt>org.apache.sqoop.security.authentication.kerberos.http.principal</tt>.
+   */
+  public static final String AUTHENTICATION_KERBEROS_HTTP_KEYTAB =
+          PREFIX_AUTHENTICATION_KERBEROS_HTTP_CONFIG + "keytab";
+
+  /**
+   * The config specifies the token kind in delegation token.
+   */
+  public static final String TOKEN_KIND = "sqoop_token_kind";
+
+  public static enum TYPE {SIMPLE, KERBEROS}
+
+  private SecurityConstants() {
+    // Instantiation of this class is prohibited
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityError.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityError.java b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
new file mode 100644
index 0000000..e4ba221
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityError.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.common.ErrorCode;
+
+public enum SecurityError implements ErrorCode {
+
+  /** An unknown error has occurred. */
+  AUTH_0000("An unknown error has occurred"),
+
+  /** The system was not able to find Kerberos keytab in sqoop configuration. */
+  AUTH_0001("Unable to find Kerberos keytab"),
+
+  /** The system was not able to find Kerberos principal in sqoop configuration. */
+  AUTH_0002("Unable to find Kerberos principal"),
+
+  /** The system was not able to login using Kerberos keytab and principal in sqoop configuration.
*/
+  AUTH_0003("Unable to login using Kerberos keytab and principal"),
+
+  /** Invalid authentication type {simple, Kerberos}. */
+  AUTH_0004("Invalid authentication type"),
+
+  /** The system was not able to find Kerberos keytab for http in sqoop configuration. */
+  AUTH_0005("Unable to find Kerberos keytab for http"),
+
+  /** The system was not able to find Kerberos principal for http in sqoop configuration.
*/
+  AUTH_0006("Unable to find Kerberos principal for http");
+
+  private final String message;
+
+  private SecurityError(String message) {
+    this.message = message;
+  }
+
+  public String getCode() {
+    return name();
+  }
+
+  public String getMessage() {
+    return message;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
new file mode 100644
index 0000000..3e6df67
--- /dev/null
+++ b/core/src/main/java/org/apache/sqoop/security/SecurityFactory.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security;
+
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.utils.ClassUtils;
+
+/**
+ * Create authentication manager.
+ */
+public class SecurityFactory {
+
+  public static AuthenticationHandler getAuthenticationHandler(String handler) throws ClassNotFoundException,
IllegalAccessException, InstantiationException {
+
+    Class<?> handlerClass = ClassUtils.loadClass(handler);
+
+    if (handlerClass == null) {
+      throw new SqoopException(SecurityError.AUTH_0004,
+              "Authentication Handler Class: " + handler);
+    }
+
+    AuthenticationHandler newHandler;
+    try {
+      newHandler = (AuthenticationHandler) handlerClass.newInstance();
+    } catch (Exception ex) {
+      throw new SqoopException(SecurityError.AUTH_0004,
+              "Authentication Handler Class: " + handler, ex);
+    }
+    return newHandler;
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/dist/src/main/server/conf/sqoop.properties
----------------------------------------------------------------------
diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties
index 2ae1aba..e22e8b0 100755
--- a/dist/src/main/server/conf/sqoop.properties
+++ b/dist/src/main/server/conf/sqoop.properties
@@ -144,16 +144,16 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
 #
 # Authentication configuration
 #
-#org.apache.sqoop.authentication.type=SIMPLE
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
-#org.apache.sqoop.authentication.anonymous=true
-#org.apache.sqoop.authentication.type=KERBEROS
-#org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
-#org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
-#org.apache.sqoop.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
-#org.apache.sqoop.authentication.enable.doAs=true
-#org.apache.sqoop.authentication.proxyuser.#USER#.users=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.groups=*
-#org.apache.sqoop.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file
+#org.apache.sqoop.security.authentication.type=SIMPLE
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
+#org.apache.sqoop.security.authentication.anonymous=true
+#org.apache.sqoop.security.authentication.type=KERBEROS
+#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
+#org.apache.sqoop.security.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL
+#org.apache.sqoop.security.authentication.kerberos.http.keytab=/home/kerberos/sqoop.keytab
+#org.apache.sqoop.security.authentication.enable.doAs=true
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.users=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.groups=*
+#org.apache.sqoop.security.authentication.proxyuser.#USER#.hosts=*
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
----------------------------------------------------------------------
diff --git a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
index 8f9520e..c38e276 100644
--- a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
+++ b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst
@@ -30,7 +30,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop.
 ::
 
   org.apache.sqoop.authentication.type=SIMPLE
-  org.apache.sqoop.authentication.handler=org.apache.sqoop.security.SimpleAuthenticationHandler
+  org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler
   org.apache.sqoop.anonymous=true
 
 -	Simple authentication is used by default. Commenting out authentication configuration will
yield the use of simple authentication.
@@ -88,7 +88,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop.
 ::
 
   org.apache.sqoop.authentication.type=KERBEROS
-  org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
+  org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler
   org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@<REALM>
   org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab
   org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@<REALM>
@@ -132,7 +132,7 @@ If the Sqoop server has started successfully with Kerberos authentication,
the f
 
 ::
 
-  2014-12-04 15:02:58,038 INFO  security.KerberosAuthenticationHandler [org.apache.sqoop.security.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)]
Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
+  2014-12-04 15:02:58,038 INFO  security.KerberosAuthenticationHandler [org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)]
Using Kerberos authentication, principal [sqoop/_HOST@HADOOP.COM] keytab [/home/kerberos/sqoop.keytab]
 
 If the Sqoop client was able to communicate with the Sqoop server, the following will be
in <Sqoop Folder>/server/log/catalina.out:
 

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
new file mode 100644
index 0000000..db89a2d
--- /dev/null
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security.Authentication;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+import org.apache.sqoop.common.MapContext;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
+
+import java.io.IOException;
+
+public class KerberosAuthenticationHandler extends AuthenticationHandler {
+
+  private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class);
+
+  /**
+   * Principal for Kerberos option value
+   */
+  private String keytabPrincipal;
+
+  public String getKeytabPrincipal() {
+    return keytabPrincipal;
+  }
+
+  /**
+   * Keytab for Kerberos option value
+   */
+  private String keytabFile;
+
+  public String getKeytabFile() {
+    return keytabFile;
+  }
+
+  public void doInitialize() {
+    securityEnabled = true;
+  }
+
+  public void secureLogin() {
+    MapContext mapContext = SqoopConfiguration.getInstance().getContext();
+    String keytab = mapContext.getString(
+            SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
+    if (keytab.length() == 0) {
+      throw new SqoopException(SecurityError.AUTH_0001,
+              SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB);
+    }
+    keytabFile = keytab;
+
+    String principal = mapContext.getString(
+            SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
+    if (principal.length() == 0) {
+      throw new SqoopException(SecurityError.AUTH_0002,
+              SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
+    }
+    keytabPrincipal = principal;
+
+    Configuration conf = new Configuration();
+    conf.set(get_hadoop_security_authentication(),
+            SecurityConstants.TYPE.KERBEROS.name());
+    UserGroupInformation.setConfiguration(conf);
+    try {
+      String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
+      UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
+    } catch (IOException ex) {
+      throw new SqoopException(SecurityError.AUTH_0003, ex);
+    }
+    LOG.info("Using Kerberos authentication, principal ["
+            + principal + "] keytab [" + keytab + "]");
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
new file mode 100644
index 0000000..94f0feb
--- /dev/null
+++ b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.security.Authentication;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+import org.apache.sqoop.security.AuthenticationHandler;
+import org.apache.sqoop.security.SecurityConstants;
+
+public class SimpleAuthenticationHandler extends AuthenticationHandler {
+
+  private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class);
+
+  public void doInitialize() {
+    securityEnabled = false;
+  }
+
+  public void secureLogin() {
+    //no secureLogin, just set configurations
+    Configuration conf = new Configuration();
+    conf.set(get_hadoop_security_authentication(),
+            SecurityConstants.TYPE.SIMPLE.name());
+    UserGroupInformation.setConfiguration(conf);
+    LOG.info("Using simple/pseudo authentication, principal ["
+            + System.getProperty("user.name") + "]");
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
b/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
deleted file mode 100644
index 57531b8..0000000
--- a/security/src/main/java/org/apache/sqoop/security/KerberosAuthenticationHandler.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.log4j.Logger;
-import org.apache.sqoop.common.MapContext;
-import org.apache.sqoop.common.SqoopException;
-import org.apache.sqoop.core.SqoopConfiguration;
-
-import java.io.IOException;
-
-public class KerberosAuthenticationHandler extends AuthenticationHandler {
-
-  private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class);
-
-  /**
-   * Principal for Kerberos option value
-   */
-  private String keytabPrincipal;
-
-  public String getKeytabPrincipal() {
-    return keytabPrincipal;
-  }
-
-  /**
-   * Keytab for Kerberos option value
-   */
-  private String keytabFile;
-
-  public String getKeytabFile() {
-    return keytabFile;
-  }
-
-  public void doInitialize() {
-    securityEnabled = true;
-  }
-
-  public void secureLogin() {
-    MapContext mapContext = SqoopConfiguration.getInstance().getContext();
-    String keytab = mapContext.getString(
-            AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
-    if (keytab.length() == 0) {
-      throw new SqoopException(AuthenticationError.AUTH_0001,
-              AuthenticationConstants.AUTHENTICATION_KERBEROS_KEYTAB);
-    }
-    keytabFile = keytab;
-
-    String principal = mapContext.getString(
-            AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
-    if (principal.length() == 0) {
-      throw new SqoopException(AuthenticationError.AUTH_0002,
-              AuthenticationConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
-    }
-    keytabPrincipal = principal;
-
-    Configuration conf = new Configuration();
-    conf.set(get_hadoop_security_authentication(),
-            AuthenticationConstants.TYPE.KERBEROS.name());
-    UserGroupInformation.setConfiguration(conf);
-    try {
-      String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
-      UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
-    } catch (IOException ex) {
-      throw new SqoopException(AuthenticationError.AUTH_0003, ex);
-    }
-    LOG.info("Using Kerberos authentication, principal ["
-            + principal + "] keytab [" + keytab + "]");
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
b/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
deleted file mode 100644
index c93ff89..0000000
--- a/security/src/main/java/org/apache/sqoop/security/SimpleAuthenticationHandler.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sqoop.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.log4j.Logger;
-
-public class SimpleAuthenticationHandler extends AuthenticationHandler {
-
-  private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class);
-
-  public void doInitialize() {
-    securityEnabled = false;
-  }
-
-  public void secureLogin() {
-    //no secureLogin, just set configurations
-    Configuration conf = new Configuration();
-    conf.set(get_hadoop_security_authentication(),
-            AuthenticationConstants.TYPE.SIMPLE.name());
-    UserGroupInformation.setConfiguration(conf);
-    LOG.info("Using simple/pseudo authentication, principal ["
-            + System.getProperty("user.name") + "]");
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/bca7671f/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
index 2b6ef34..ddca9d4 100644
--- a/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
+++ b/server/src/main/java/org/apache/sqoop/filter/SqoopAuthenticationFilter.java
@@ -19,7 +19,6 @@ package org.apache.sqoop.filter;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
 import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
@@ -29,8 +28,8 @@ import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuth
 import org.apache.sqoop.common.MapContext;
 import org.apache.sqoop.common.SqoopException;
 import org.apache.sqoop.core.SqoopConfiguration;
-import org.apache.sqoop.security.AuthenticationConstants;
-import org.apache.sqoop.security.AuthenticationError;
+import org.apache.sqoop.security.SecurityConstants;
+import org.apache.sqoop.security.SecurityError;
 
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -46,46 +45,46 @@ public class SqoopAuthenticationFilter extends DelegationTokenAuthenticationFilt
     Properties properties = new Properties();
     MapContext mapContext = SqoopConfiguration.getInstance().getContext();
     String type = mapContext.getString(
-        AuthenticationConstants.AUTHENTICATION_TYPE,
-        AuthenticationConstants.TYPE.SIMPLE.name()).trim();
+        SecurityConstants.AUTHENTICATION_TYPE,
+        SecurityConstants.TYPE.SIMPLE.name()).trim();
 
-    if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.KERBEROS.name())) {
+    if (type.equalsIgnoreCase(SecurityConstants.TYPE.KERBEROS.name())) {
       properties.setProperty(AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName());
 
       String keytab = mapContext.getString(
-              AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
+              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB).trim();
       if (keytab.length() == 0) {
-        throw new SqoopException(AuthenticationError.AUTH_0005,
-                AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
+        throw new SqoopException(SecurityError.AUTH_0005,
+                SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_KEYTAB);
       }
 
       String principal = mapContext.getString(
-              AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
+              SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL).trim();
       if (principal.length() == 0) {
-        throw new SqoopException(AuthenticationError.AUTH_0006,
-                AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+        throw new SqoopException(SecurityError.AUTH_0006,
+                SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
       }
 
       String hostPrincipal = "";
       try {
         hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
       } catch (IOException e) {
-        throw new SqoopException(AuthenticationError.AUTH_0006,
-                AuthenticationConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
+        throw new SqoopException(SecurityError.AUTH_0006,
+                SecurityConstants.AUTHENTICATION_KERBEROS_HTTP_PRINCIPAL);
       }
 
       properties.setProperty(KerberosAuthenticationHandler.PRINCIPAL, hostPrincipal);
       properties.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
-    } else if (type.equalsIgnoreCase(AuthenticationConstants.TYPE.SIMPLE.name())) {
+    } else if (type.equalsIgnoreCase(SecurityConstants.TYPE.SIMPLE.name())) {
       properties.setProperty(AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName());
       properties.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED,
-          mapContext.getString(AuthenticationConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
+          mapContext.getString(SecurityConstants.AUTHENTICATION_ANONYMOUS, "true").trim());
     } else {
-      throw new SqoopException(AuthenticationError.AUTH_0004, type);
+      throw new SqoopException(SecurityError.AUTH_0004, type);
     }
 
     properties.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
-            AuthenticationConstants.TOKEN_KIND);
+            SecurityConstants.TOKEN_KIND);
 
     return properties;
   }


Mime
View raw message