当前位置: 首页>>代码示例>>Java>>正文


Java SecurityUtil.isPrivilegedPort方法代码示例

本文整理汇总了Java中org.apache.hadoop.security.SecurityUtil.isPrivilegedPort方法的典型用法代码示例。如果您正苦于以下问题:Java SecurityUtil.isPrivilegedPort方法的具体用法?Java SecurityUtil.isPrivilegedPort怎么用?Java SecurityUtil.isPrivilegedPort使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.apache.hadoop.security.SecurityUtil的用法示例。


在下文中一共展示了SecurityUtil.isPrivilegedPort方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: send

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Sends client SASL negotiation if required.  Determines the correct type of
 * SASL handshake based on configuration.
 *
 * @param addr connection address
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param encryptionKey for an encrypted SASL handshake
 * @param accessToken connection block access token
 * @param datanodeId ID of destination DataNode
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
private IOStreamPair send(InetAddress addr, OutputStream underlyingOut,
    InputStream underlyingIn, DataEncryptionKey encryptionKey,
    Token<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
    throws IOException {
  if (encryptionKey != null) {
    LOG.debug(
      "SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getEncryptedStreams(underlyingOut, underlyingIn,
      encryptionKey);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL client skipping handshake in unsecured configuration for "
      + "addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (SecurityUtil.isPrivilegedPort(datanodeId.getXferPort())) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "privileged port for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
    LOG.debug(
      "SASL client skipping handshake in secured configuration with "
      + "unsecured cluster for addr = {}, datanodeId = {}", addr, datanodeId);
    return null;
  } else if (saslPropsResolver != null) {
    LOG.debug(
      "SASL client doing general handshake for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return getSaslStreams(addr, underlyingOut, underlyingIn, accessToken,
      datanodeId);
  } else {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL client skipping handshake in secured configuration with no SASL "
      + "protection configured for addr = {}, datanodeId = {}",
      addr, datanodeId);
    return null;
  }
}
 
开发者ID:naver,项目名称:hadoop,代码行数:56,代码来源:SaslDataTransferClient.java

示例2: receive

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Receives SASL negotiation from a peer on behalf of a server.
 *
 * @param peer connection peer
 * @param underlyingOut connection output stream
 * @param underlyingIn connection input stream
 * @param int xferPort data transfer port of DataNode accepting connection
 * @param datanodeId ID of DataNode accepting connection
 * @return new pair of streams, wrapped after SASL negotiation
 * @throws IOException for any error
 */
public IOStreamPair receive(Peer peer, OutputStream underlyingOut,
    InputStream underlyingIn, int xferPort, DatanodeID datanodeId)
    throws IOException {
  if (dnConf.getEncryptDataTransfer()) {
    LOG.debug(
      "SASL server doing encrypted handshake for peer = {}, datanodeId = {}",
      peer, datanodeId);
    return getEncryptedStreams(peer, underlyingOut, underlyingIn);
  } else if (!UserGroupInformation.isSecurityEnabled()) {
    LOG.debug(
      "SASL server skipping handshake in unsecured configuration for "
      + "peer = {}, datanodeId = {}", peer, datanodeId);
    return new IOStreamPair(underlyingIn, underlyingOut);
  } else if (SecurityUtil.isPrivilegedPort(xferPort)) {
    LOG.debug(
      "SASL server skipping handshake in secured configuration for "
      + "peer = {}, datanodeId = {}", peer, datanodeId);
    return new IOStreamPair(underlyingIn, underlyingOut);
  } else if (dnConf.getSaslPropsResolver() != null) {
    LOG.debug(
      "SASL server doing general handshake for peer = {}, datanodeId = {}",
      peer, datanodeId);
    return getSaslStreams(peer, underlyingOut, underlyingIn);
  } else if (dnConf.getIgnoreSecurePortsForTesting()) {
    // It's a secured cluster using non-privileged ports, but no SASL.  The
    // only way this can happen is if the DataNode has
    // ignore.secure.ports.for.testing configured, so this is a rare edge case.
    LOG.debug(
      "SASL server skipping handshake in secured configuration with no SASL "
      + "protection configured for peer = {}, datanodeId = {}",
      peer, datanodeId);
    return new IOStreamPair(underlyingIn, underlyingOut);
  } else {
    // The error message here intentionally does not mention
    // ignore.secure.ports.for.testing.  That's intended for dev use only.
    // This code path is not expected to execute ever, because DataNode startup
    // checks for invalid configuration and aborts.
    throw new IOException(String.format("Cannot create a secured " +
      "connection if DataNode listens on unprivileged port (%d) and no " +
      "protection is defined in configuration property %s.",
      datanodeId.getXferPort(), DFS_DATA_TRANSFER_PROTECTION_KEY));
  }
}
 
开发者ID:naver,项目名称:hadoop,代码行数:55,代码来源:SaslDataTransferServer.java

示例3: getSecureResources

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Acquire privileged resources (i.e., the privileged ports) for the data
 * node. The privileged resources consist of the port of the RPC server and
 * the port of HTTP (not HTTPS) server.
 */
@VisibleForTesting
public static SecureResources getSecureResources(Configuration conf)
    throws Exception {
  HttpConfig.Policy policy = DFSUtil.getHttpPolicy(conf);
  boolean isSecure = UserGroupInformation.isSecurityEnabled();

  // Obtain secure port for data streaming to datanode
  InetSocketAddress streamingAddr  = DataNode.getStreamingAddr(conf);
  int socketWriteTimeout = conf.getInt(
      DFSConfigKeys.DFS_DATANODE_SOCKET_WRITE_TIMEOUT_KEY,
      HdfsServerConstants.WRITE_TIMEOUT);

  ServerSocket ss = (socketWriteTimeout > 0) ? 
      ServerSocketChannel.open().socket() : new ServerSocket();
  ss.bind(streamingAddr, 0);

  // Check that we got the port we need
  if (ss.getLocalPort() != streamingAddr.getPort()) {
    throw new RuntimeException(
        "Unable to bind on specified streaming port in secure "
            + "context. Needed " + streamingAddr.getPort() + ", got "
            + ss.getLocalPort());
  }

  if (!SecurityUtil.isPrivilegedPort(ss.getLocalPort()) && isSecure) {
    throw new RuntimeException(
      "Cannot start secure datanode with unprivileged RPC ports");
  }

  System.err.println("Opened streaming server at " + streamingAddr);

  // Bind a port for the web server. The code intends to bind HTTP server to
  // privileged port only, as the client can authenticate the server using
  // certificates if they are communicating through SSL.
  final ServerSocketChannel httpChannel;
  if (policy.isHttpEnabled()) {
    httpChannel = ServerSocketChannel.open();
    InetSocketAddress infoSocAddr = DataNode.getInfoAddr(conf);
    httpChannel.socket().bind(infoSocAddr);
    InetSocketAddress localAddr = (InetSocketAddress) httpChannel.socket()
      .getLocalSocketAddress();

    if (localAddr.getPort() != infoSocAddr.getPort()) {
      throw new RuntimeException("Unable to bind on specified info port in secure " +
          "context. Needed " + streamingAddr.getPort() + ", got " + ss.getLocalPort());
    }
    System.err.println("Successfully obtained privileged resources (streaming port = "
        + ss + " ) (http listener port = " + localAddr.getPort() +")");

    if (localAddr.getPort() > 1023 && isSecure) {
      throw new RuntimeException(
          "Cannot start secure datanode with unprivileged HTTP ports");
    }
    System.err.println("Opened info server at " + infoSocAddr);
  } else {
    httpChannel = null;
  }

  return new SecureResources(ss, httpChannel);
}
 
开发者ID:naver,项目名称:hadoop,代码行数:66,代码来源:SecureDataNodeStarter.java


注:本文中的org.apache.hadoop.security.SecurityUtil.isPrivilegedPort方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。