[
https://issues.apache.org/jira/browse/STORM-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174582#comment-15174582
]
ASF GitHub Bot commented on STORM-1469:
---------------------------------------
Github user d2r commented on a diff in the pull request:
https://github.com/apache/storm/pull/1173#discussion_r54651434
--- Diff:
storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
---
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.storm.security.auth.plain;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.storm.security.auth.ReqContext;
+import org.apache.storm.security.auth.SaslTransportPlugin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+
+/**
+ * SASL server side callback handler
+ */
+public class PlainServerCallbackHandler implements CallbackHandler {
+ private static final Logger LOG =
LoggerFactory.getLogger(PlainServerCallbackHandler.class);
+ private static final String SYSPROP_SUPER_PASSWORD =
"storm.SASLAuthenticationProvider.superPassword";
+
+ private String userName="username";
+ private final Map<String,String> credentials = new HashMap<>();
+
+ public PlainServerCallbackHandler() throws IOException {
+ credentials.put("username", "password");
+ }
+
+ public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ handleNameCallback((NameCallback) callback);
+ } else if (callback instanceof PasswordCallback) {
+ handlePasswordCallback((PasswordCallback) callback);
+ } else if (callback instanceof RealmCallback) {
+ handleRealmCallback((RealmCallback) callback);
+ } else if (callback instanceof AuthorizeCallback) {
+ handleAuthorizeCallback((AuthorizeCallback) callback);
+ }
+ }
+ }
+
+ private void handleNameCallback(NameCallback nc) {
+ LOG.debug("handleNameCallback");
+ userName = nc.getDefaultName();
+ nc.setName(nc.getDefaultName());
+ }
+
+ private void handlePasswordCallback(PasswordCallback pc) {
+ LOG.debug("handlePasswordCallback");
+ if ("super".equals(this.userName) &&
System.getProperty(SYSPROP_SUPER_PASSWORD) != null) {
+ // superuser: use Java system property for password, if
available.
+
pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
+ } else if (credentials.containsKey(userName) ) {
+ pc.setPassword(credentials.get(userName).toCharArray());
+ } else {
+ LOG.warn("No password found for user: " + userName);
+ }
+ }
+
+ private void handleRealmCallback(RealmCallback rc) {
+ LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
+ rc.setText(rc.getDefaultText());
+ }
+
+ private void handleAuthorizeCallback(AuthorizeCallback ac) {
+ String authenticationID = ac.getAuthenticationID();
+ LOG.info("Successfully authenticated client: authenticationID = "
+ authenticationID + " authorizationID = " + ac.getAuthorizationID());
+
+ //if authorizationId is not set, set it to authenticationId.
+ if(ac.getAuthorizationID() == null) {
+ ac.setAuthorizedID(authenticationID);
+ }
+
+ //When authNid and authZid are not equal , authNId is attempting
to impersonate authZid, We
+ //add the authNid as the real user in reqContext's subject which
will be used during authorization.
+ if(!authenticationID.equals(ac.getAuthorizationID())) {
+ LOG.info("Impersonation attempt authenticationID = " +
ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
--- End diff --
minor: use format strings `{}` like in other log statements.
> Unable to deploy large topologies on apache storm
> -------------------------------------------------
>
> Key: STORM-1469
> URL: https://issues.apache.org/jira/browse/STORM-1469
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 1.0.0, 2.0.0
> Reporter: Rudra Sharma
> Assignee: Kishor Patil
> Fix For: 1.0.0, 2.0.0
>
>
> When deploying to a nimbus a topology which is larger in size >17MB, we get
> an exception. In storm 0.9.3 this could be mitigated by using the following
> config on the storm.yaml to increse the buffer size to handle the topology
> size. i.e. 50MB would be
> nimbus.thrift.max_buffer_size: 50000000
> This configuration does not resolve the issue in the master branch of storm
> and we cannot deploy topologies which are large in size.
> Here is the log on the client side when attempting to deploy to the nimbus
> node:
> java.lang.RuntimeException: org.apache.thrift7.transport.TTransportException
> at
> backtype.storm.StormSubmitter.submitTopologyAs(StormSubmitter.java:251)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:272)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:155)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> com.trustwave.siem.storm.topology.deployer.TopologyDeployer.deploy(TopologyDeployer.java:149)
> [siem-ng-storm-deployer-cloud.jar:]
> at
> com.trustwave.siem.storm.topology.deployer.TopologyDeployer.main(TopologyDeployer.java:87)
> [siem-ng-storm-deployer-cloud.jar:]
> Caused by: org.apache.thrift7.transport.TTransportException
> at
> org.apache.thrift7.transport.TIOStreamTransport.read(TIOStreamTransport.java:132)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at org.apache.thrift7.transport.TTransport.readAll(TTransport.java:86)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.transport.TFramedTransport.readFrame(TFramedTransport.java:129)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.transport.TFramedTransport.read(TFramedTransport.java:101)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at org.apache.thrift7.transport.TTransport.readAll(TTransport.java:86)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> org.apache.thrift7.TServiceClient.receiveBase(TServiceClient.java:77)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> backtype.storm.generated.Nimbus$Client.recv_submitTopology(Nimbus.java:238)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> backtype.storm.generated.Nimbus$Client.submitTopology(Nimbus.java:222)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> at
> backtype.storm.StormSubmitter.submitTopologyAs(StormSubmitter.java:237)
> ~[storm-core-0.11.0-SNAPSHOT.jar:0.11.0-SNAPSHOT]
> ... 4 more
> Here is the log on the server side (nimbus.log):
> 2016-01-13 10:48:07.206 o.a.s.d.nimbus [INFO] Cleaning inbox ... deleted:
> stormjar-c8666220-fa19-426b-a7e4-c62dfb57f1f0.jar
> 2016-01-13 10:55:09.823 o.a.s.d.nimbus [INFO] Uploading file from client to
> /var/storm-data/nimbus/inbox/stormjar-80ecdf05-6a25-4281-8c78-10062ac5e396.jar
> 2016-01-13 10:55:11.910 o.a.s.d.nimbus [INFO] Finished uploading file from
> client:
> /var/storm-data/nimbus/inbox/stormjar-80ecdf05-6a25-4281-8c78-10062ac5e396.jar
> 2016-01-13 10:55:12.084 o.a.t.s.AbstractNonblockingServer$FrameBuffer [WARN]
> Exception while invoking!
> org.apache.thrift7.transport.TTransportException: Frame size (17435758)
> larger than max length (16384000)!
> at
> org.apache.thrift7.transport.TFramedTransport.readFrame(TFramedTransport.java:137)
> at
> org.apache.thrift7.transport.TFramedTransport.read(TFramedTransport.java:101)
> at org.apache.thrift7.transport.TTransport.readAll(TTransport.java:86)
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readAll(TBinaryProtocol.java:429)
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readI32(TBinaryProtocol.java:318)
> at
> org.apache.thrift7.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:219)
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:27)
> at
> org.apache.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:158)
> at
> org.apache.thrift7.server.AbstractNonblockingServer$FrameBuffer.invoke(AbstractNonblockingServer.java:518)
> at org.apache.thrift7.server.Invocation.run(Invocation.java:18)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
