1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 package org.apache.hadoop.hbase.security; 19 20 import java.util.concurrent.ConcurrentHashMap; 21 import java.util.concurrent.ConcurrentMap; 22 23 import org.apache.hadoop.hbase.classification.InterfaceAudience; 24 import org.apache.hadoop.hbase.protobuf.generated.AdminProtos; 25 import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind; 26 import org.apache.hadoop.hbase.protobuf.generated.ClientProtos; 27 import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService; 28 import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos; 29 30 /** 31 * Maps RPC protocol interfaces to required configuration 32 */ 33 @InterfaceAudience.Private 34 public class SecurityInfo { 35 /** Maps RPC service names to authentication information */ 36 private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>(); 37 // populate info for known services 38 static { 39 infos.put(AdminProtos.AdminService.getDescriptor().getName(), 40 new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); 41 infos.put(ClientProtos.ClientService.getDescriptor().getName(), 42 new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); 43 infos.put(MasterService.getDescriptor().getName(), 44 new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); 45 infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(), 46 new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN)); 47 } 48 49 /** 50 * Adds a security configuration for a new service name. Note that this will have no effect if 51 * the service name was already registered. 52 */ addInfo(String serviceName, SecurityInfo securityInfo)53 public static void addInfo(String serviceName, SecurityInfo securityInfo) { 54 infos.putIfAbsent(serviceName, securityInfo); 55 } 56 57 /** 58 * Returns the security configuration associated with the given service name. 59 */ getInfo(String serviceName)60 public static SecurityInfo getInfo(String serviceName) { 61 return infos.get(serviceName); 62 } 63 64 private final String serverPrincipal; 65 private final Kind tokenKind; 66 SecurityInfo(String serverPrincipal, Kind tokenKind)67 public SecurityInfo(String serverPrincipal, Kind tokenKind) { 68 this.serverPrincipal = serverPrincipal; 69 this.tokenKind = tokenKind; 70 } 71 getServerPrincipal()72 public String getServerPrincipal() { 73 return serverPrincipal; 74 } 75 getTokenKind()76 public Kind getTokenKind() { 77 return tokenKind; 78 } 79 } 80