KerberosAuthenticationHandler (Apache Hadoop Auth 2.6.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.authentication.server
Class KerberosAuthenticationHandler

java.lang.Object
  org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

All Implemented Interfaces:: AuthenticationHandler

Direct Known Subclasses:: AltKerberosAuthenticationHandler

public class KerberosAuthenticationHandler
extends Object
implements AuthenticationHandler
extends Object
implements AuthenticationHandler

The KerberosAuthenticationHandler implements the Kerberos SPNEGO authentication mechanism for HTTP.

The supported configuration properties are:

kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be HTTP/${HOSTNAME}@{REALM}. The realm can be omitted from the principal as the JDK GSS libraries will use the realm name of the configured default realm. It does not have a default value.
kerberos.keytab: the keytab file containing the credentials for the Kerberos principal. It does not have a default value.
kerberos.name.rules: kerberos names rules to resolve principal names, see KerberosName.setRules(String)

Field Summary
`static String`	`KEYTAB` Constant for the configuration property that indicates the keytab file path.
`static String`	`NAME_RULES` Constant for the configuration property that indicates the Kerberos name rules for the Kerberos principals.
`static String`	`PRINCIPAL` Constant for the configuration property that indicates the kerberos principal.
`static String`	`TYPE` Constant that identifies the authentication mechanism.

Constructor Summary
`KerberosAuthenticationHandler()` Creates a Kerberos SPNEGO authentication handler with the default auth-token type, `kerberos`.
`KerberosAuthenticationHandler(String type)` Creates a Kerberos SPNEGO authentication handler with a custom auth-token type.

Method Summary
`AuthenticationToken`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` It enforces the the Kerberos SPNEGO authentication sequence returning an `AuthenticationToken` only after the Kerberos SPNEGO sequence has completed successfully.
`void`	`destroy()` Releases any resources initialized by the authentication handler.
`protected String`	`getKeytab()` Returns the keytab used by the authentication handler.
`protected Set<KerberosPrincipal>`	`getPrincipals()` Returns the Kerberos principals used by the authentication handler.
`String`	`getType()` Returns the authentication type of the authentication handler, 'kerberos'.
`void`	`init(Properties config)` Initializes the authentication handler instance.
`boolean`	`managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` This is an empty implementation, it always returns `TRUE`.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TYPE

public static final String TYPE

Constant that identifies the authentication mechanism.

See Also:: Constant Field Values

PRINCIPAL

public static final String PRINCIPAL

Constant for the configuration property that indicates the kerberos principal.

See Also:: Constant Field Values

KEYTAB

public static final String KEYTAB

Constant for the configuration property that indicates the keytab file path.

See Also:: Constant Field Values

NAME_RULES

public static final String NAME_RULES

Constant for the configuration property that indicates the Kerberos name rules for the Kerberos principals.

See Also:: Constant Field Values

Constructor Detail

KerberosAuthenticationHandler

public KerberosAuthenticationHandler()

Creates a Kerberos SPNEGO authentication handler with the default auth-token type, kerberos.

KerberosAuthenticationHandler

public KerberosAuthenticationHandler(String type)

Creates a Kerberos SPNEGO authentication handler with a custom auth-token type.

Parameters:: type - auth-token type.

Method Detail

init

public void init(Properties config)
          throws javax.servlet.ServletException

Initializes the authentication handler instance.

It creates a Kerberos context using the principal and keytab specified in the configuration.

This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.

Specified by:: init in interface AuthenticationHandler

Parameters:: config - configuration properties to initialize the handler.
Throws:: javax.servlet.ServletException - thrown if the handler could not be initialized.

destroy

public void destroy()

Releases any resources initialized by the authentication handler.

It destroys the Kerberos context.

Specified by:: destroy in interface AuthenticationHandler

getType

public String getType()

Returns the authentication type of the authentication handler, 'kerberos'.

Specified by:: getType in interface AuthenticationHandler

Returns:: the authentication type of the authentication handler, 'kerberos'.

getPrincipals

protected Set<KerberosPrincipal> getPrincipals()

Returns the Kerberos principals used by the authentication handler.

Returns:: the Kerberos principals used by the authentication handler.

getKeytab

protected String getKeytab()

Returns the keytab used by the authentication handler.

Returns:: the keytab used by the authentication handler.

managementOperation

public boolean managementOperation(AuthenticationToken token,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response)
                            throws IOException,
                                   AuthenticationException

This is an empty implementation, it always returns TRUE.

Specified by:: managementOperation in interface AuthenticationHandler

Parameters:: token - the authentication token if any, otherwise NULL.; request - the HTTP client request.; response - the HTTP client response.
Returns:: TRUE
Throws:: IOException - it is never thrown.; AuthenticationException - it is never thrown.

authenticate

public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException

It enforces the the Kerberos SPNEGO authentication sequence returning an AuthenticationToken only after the Kerberos SPNEGO sequence has completed successfully.

Specified by:: authenticate in interface AuthenticationHandler

Parameters:: request - the HTTP client request.; response - the HTTP client response.
Returns:: an authentication token if the Kerberos SPNEGO sequence is complete and valid, null if it is in progress (in this case the handler handles the response to the client).
Throws:: IOException - thrown if an IO error occurred.; AuthenticationException - thrown if Kerberos SPNEGO sequence failed.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.authentication.server Class KerberosAuthenticationHandler

TYPE

PRINCIPAL

KEYTAB

NAME_RULES

KerberosAuthenticationHandler

KerberosAuthenticationHandler

init

destroy

getType

getPrincipals

getKeytab

managementOperation

authenticate

org.apache.hadoop.security.authentication.server
Class KerberosAuthenticationHandler