001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.hadoop.security.alias; 020 021import java.io.IOException; 022import java.net.URI; 023import java.net.URISyntaxException; 024import java.util.ArrayList; 025import java.util.Iterator; 026import java.util.List; 027import java.util.ServiceLoader; 028 029import org.apache.hadoop.classification.InterfaceAudience; 030import org.apache.hadoop.classification.InterfaceStability; 031import org.apache.hadoop.conf.Configuration; 032 033/** 034 * A factory to create a list of CredentialProvider based on the path given in a 035 * Configuration. It uses a service loader interface to find the available 036 * CredentialProviders and create them based on the list of URIs. 037 */ 038@InterfaceAudience.Public 039@InterfaceStability.Unstable 040public abstract class CredentialProviderFactory { 041 public static final String CREDENTIAL_PROVIDER_PATH = 042 "hadoop.security.credential.provider.path"; 043 044 public abstract CredentialProvider createProvider(URI providerName, 045 Configuration conf 046 ) throws IOException; 047 048 private static final ServiceLoader<CredentialProviderFactory> serviceLoader = 049 ServiceLoader.load(CredentialProviderFactory.class); 050 051 // Iterate through the serviceLoader to avoid lazy loading. 052 // Lazy loading would require synchronization in concurrent use cases. 053 static { 054 Iterator<CredentialProviderFactory> iterServices = serviceLoader.iterator(); 055 while (iterServices.hasNext()) { 056 iterServices.next(); 057 } 058 } 059 060 public static List<CredentialProvider> getProviders(Configuration conf 061 ) throws IOException { 062 List<CredentialProvider> result = new ArrayList<CredentialProvider>(); 063 for(String path: conf.getStringCollection(CREDENTIAL_PROVIDER_PATH)) { 064 try { 065 URI uri = new URI(path); 066 boolean found = false; 067 // Iterate serviceLoader in a synchronized block since 068 // serviceLoader iterator is not thread-safe. 069 synchronized (serviceLoader) { 070 for (CredentialProviderFactory factory : serviceLoader) { 071 CredentialProvider kp = factory.createProvider(uri, conf); 072 if (kp != null) { 073 result.add(kp); 074 found = true; 075 break; 076 } 077 } 078 } 079 if (!found) { 080 throw new IOException("No CredentialProviderFactory for " + uri + " in " + 081 CREDENTIAL_PROVIDER_PATH); 082 } 083 } catch (URISyntaxException error) { 084 throw new IOException("Bad configuration of " + CREDENTIAL_PROVIDER_PATH + 085 " at " + path, error); 086 } 087 } 088 return result; 089 } 090}