Class TrustedDomainAuthenticator
- java.lang.Object
-
- org.apache.druid.server.security.TrustedDomainAuthenticator
-
- All Implemented Interfaces:
ServletFilterHolder,Authenticator
public class TrustedDomainAuthenticator extends Object implements Authenticator
Authenticates requests coming from a specific domain and directs them to an authorizer.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationResultauthenticateJDBCContext(Map<String,Object> context)Given a JDBC connection context, authenticate the identity represented by the information in the context.StringgetAuthChallengeHeader()Return a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.EnumSet<javax.servlet.DispatcherType>getDispatcherType()The dispatcher type that this Filter should apply tojavax.servlet.FiltergetFilter()Create a Filter that performs authentication checks on incoming HTTP requests.Class<? extends javax.servlet.Filter>getFilterClass()Get the class of the Filter object that should be added to the servlet.Map<String,String>getInitParameters()Get Filter initialization parameters.StringgetPath()This method is deprecated, please implementServletFilterHolder.getPaths().-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.druid.server.security.Authenticator
decorateProxyRequest
-
Methods inherited from interface org.apache.druid.server.initialization.jetty.ServletFilterHolder
getPaths
-
-
-
-
Method Detail
-
getFilterClass
public Class<? extends javax.servlet.Filter> getFilterClass()
Description copied from interface:ServletFilterHolderGet the class of the Filter object that should be added to the servlet. This method is considered "mutually exclusive" from the getFilter method. That is, one of them should return null and the other should return an actual value.- Specified by:
getFilterClassin interfaceServletFilterHolder- Returns:
- The class of the Filter object to be added to the servlet
-
getInitParameters
public Map<String,String> getInitParameters()
Description copied from interface:ServletFilterHolderGet Filter initialization parameters.- Specified by:
getInitParametersin interfaceServletFilterHolder- Returns:
- a map containing all the Filter initialization parameters
-
getPath
public String getPath()
Description copied from interface:ServletFilterHolderThis method is deprecated, please implementServletFilterHolder.getPaths(). The path that this Filter should apply to- Specified by:
getPathin interfaceServletFilterHolder- Returns:
- the path that this Filter should apply to
-
getDispatcherType
public EnumSet<javax.servlet.DispatcherType> getDispatcherType()
Description copied from interface:ServletFilterHolderThe dispatcher type that this Filter should apply to- Specified by:
getDispatcherTypein interfaceServletFilterHolder- Returns:
- the enumeration of DispatcherTypes that this Filter should apply to
-
getFilter
public javax.servlet.Filter getFilter()
Description copied from interface:AuthenticatorCreate a Filter that performs authentication checks on incoming HTTP requests.If the authentication succeeds, the Filter should set the "Druid-Authentication-Result" attribute in the request, containing an AuthenticationResult that represents the authenticated identity of the requester, along with the name of the Authorizer instance that should authorize the request. An Authenticator may choose to add a Map
If the "Druid-Authentication-Result" attribute is already set (i.e., request has been authenticated by an earlier Filter), this Filter should skip any authentication checks and proceed to the next Filter.
If a filter cannot recognize a request's format (e.g., the request does not have credentials compatible with a filter's authentication scheme), the filter should not send an error response, allowing other filters to handle the request. A challenge response will be sent if the filter chain is exhausted.
If the authentication fails (i.e., a filter recognized the authentication scheme of a request, but the credentials failed to authenticate successfully) the Filter should send an error response, without needing to proceed to other filters in the chain..
- Specified by:
getFilterin interfaceAuthenticator- Specified by:
getFilterin interfaceServletFilterHolder- Returns:
- Filter that authenticates HTTP requests
-
getAuthChallengeHeader
@Nullable public String getAuthChallengeHeader()
Description copied from interface:AuthenticatorReturn a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.For example, a Basic HTTP implementation should return "Basic", while a Kerberos implementation would return "Negotiate". If this method returns null, no authentication scheme will be added for that Authenticator implementation.
- Specified by:
getAuthChallengeHeaderin interfaceAuthenticator- Returns:
- Authentication scheme
-
authenticateJDBCContext
@Nullable public AuthenticationResult authenticateJDBCContext(Map<String,Object> context)
Description copied from interface:AuthenticatorGiven a JDBC connection context, authenticate the identity represented by the information in the context. This is used to secure JDBC access for Druid SQL.For example, a Basic HTTP auth implementation could read the "user" and "password" fields from the JDBC context.
The expected contents of the context are left to the implementation.
- Specified by:
authenticateJDBCContextin interfaceAuthenticator- Parameters:
context- JDBC connection context- Returns:
- AuthenticationResult of the identity represented by the context is successfully authenticated, null if authentication failed
-
-