Package org.apache.hadoop.security
Class WhitelistBasedResolver
java.lang.Object
org.apache.hadoop.security.SaslPropertiesResolver
org.apache.hadoop.security.WhitelistBasedResolver
- All Implemented Interfaces:
Configurable
An implementation of the SaslPropertiesResolver.
Uses a white list of IPs.
If the connection's IP address is in the list of IP addresses, the salProperties
will be unchanged.
If the connection's IP is not in the list of IP addresses, then QOP for the
connection will be restricted to "hadoop.rpc.protection.non-whitelist"
Uses 3 IPList implementations together to form an aggregate whitelist.
1. ConstantIPList - to check against a set of hardcoded IPs
2. Fixed IP List - to check against a list of IP addresses which are specified externally, but
will not change over runtime.
3. Variable IP List - to check against a list of IP addresses which are specified externally and
could change during runtime.
A connection IP address will checked against these 3 IP Lists in the order specified above.
Once a match is found , the IP address is determined to be in whitelist.
The behavior can be configured using a bunch of configuration parameters.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringcomma separated list containing alternate hadoop.rpc.protection values for clients which are not in whiteliststatic final StringPath to the file to containing subnets and ip addresses to form fixed whitelist.static final Stringtime in seconds by which the variable whitelist file is checked for updatesstatic final StringEnables/Disables variable whiteliststatic final StringPath to the file to containing subnets and ip addresses to form variable whitelist.static final org.slf4j.Logger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiongetServerProperties(String clientAddress) getServerProperties(InetAddress clientAddress) Identify the Sasl Properties to be used for a connection with a client.voidsetConf(Configuration conf) Set the configuration to be used by this object.Methods inherited from class org.apache.hadoop.security.SaslPropertiesResolver
getClientProperties, getClientProperties, getConf, getDefaultProperties, getInstance, getServerProperties
-
Field Details
-
LOG
public static final org.slf4j.Logger LOG -
HADOOP_SECURITY_SASL_FIXEDWHITELIST_FILE
Path to the file to containing subnets and ip addresses to form fixed whitelist.- See Also:
-
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_ENABLE
Enables/Disables variable whitelist- See Also:
-
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_FILE
Path to the file to containing subnets and ip addresses to form variable whitelist.- See Also:
-
HADOOP_SECURITY_SASL_VARIABLEWHITELIST_CACHE_SECS
time in seconds by which the variable whitelist file is checked for updates- See Also:
-
HADOOP_RPC_PROTECTION_NON_WHITELIST
comma separated list containing alternate hadoop.rpc.protection values for clients which are not in whitelist- See Also:
-
-
Constructor Details
-
WhitelistBasedResolver
public WhitelistBasedResolver()
-
-
Method Details
-
setConf
Description copied from interface:ConfigurableSet the configuration to be used by this object.- Specified by:
setConfin interfaceConfigurable- Overrides:
setConfin classSaslPropertiesResolver- Parameters:
conf- configuration to be used
-
getServerProperties
Identify the Sasl Properties to be used for a connection with a client.- Overrides:
getServerPropertiesin classSaslPropertiesResolver- Parameters:
clientAddress- client's address- Returns:
- the sasl properties to be used for the connection.
-
getServerProperties
- Throws:
UnknownHostException
-