RMAuthenticationHandler (hadoop-yarn-server-resourcemanager 2.6.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.yarn.server.resourcemanager.security
Class RMAuthenticationHandler

java.lang.Object
  org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
      org.apache.hadoop.yarn.server.resourcemanager.security.RMAuthenticationHandler

All Implemented Interfaces:: org.apache.hadoop.security.authentication.server.AuthenticationHandler

public class RMAuthenticationHandler
extends org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
extends org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Field Summary
`static String`	`HEADER`
`static String`	`TYPE`

Fields inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
`KEYTAB, NAME_RULES, PRINCIPAL`

Constructor Summary
`RMAuthenticationHandler()`

Method Summary
`org.apache.hadoop.security.authentication.server.AuthenticationToken`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Authenticates a request looking for the `delegation` header and verifying it is a valid token.
`protected String`	`getEncodedDelegationTokenFromRequest(javax.servlet.http.HttpServletRequest req)` Extract encoded delegation token from request
`String`	`getType()` Returns authentication type of the handler.
`boolean`	`managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`
`static void`	`setSecretManager(RMDelegationTokenSecretManager manager)`
`protected org.apache.hadoop.security.UserGroupInformation`	`verifyToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier> token)` Verifies a delegation token.

Methods inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
`destroy, getKeytab, getPrincipals, init`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TYPE

public static final String TYPE

See Also:: Constant Field Values

HEADER

public static final String HEADER

See Also:: Constant Field Values

Constructor Detail

RMAuthenticationHandler

public RMAuthenticationHandler()

Method Detail

getType

public String getType()

Returns authentication type of the handler.

Specified by:: getType in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler
Overrides:: getType in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Returns:: kerberos-dt

managementOperation

public boolean managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken token,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response)

Specified by:: managementOperation in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler
Overrides:: managementOperation in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

authenticate

public org.apache.hadoop.security.authentication.server.AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                                                                         javax.servlet.http.HttpServletResponse response)
                                                                                  throws IOException,
                                                                                         org.apache.hadoop.security.authentication.client.AuthenticationException

Authenticates a request looking for the delegation header and verifying it is a valid token. If the header is missing, it delegates the authentication to the KerberosAuthenticationHandler unless it is disabled.

Specified by:: authenticate in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler
Overrides:: authenticate in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Parameters:: request - the HTTP client request.; response - the HTTP client response.
Returns:: the authentication token for the authenticated request.
Throws:: IOException - thrown if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - thrown if the authentication failed.

verifyToken

protected org.apache.hadoop.security.UserGroupInformation verifyToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier> token)
                                                               throws IOException

Verifies a delegation token.

Parameters:: token - delegation token to verify.
Returns:: the UGI for the token; null if the verification fails
Throws:: IOException - thrown if the token could not be verified.

getEncodedDelegationTokenFromRequest

protected String getEncodedDelegationTokenFromRequest(javax.servlet.http.HttpServletRequest req)

Extract encoded delegation token from request

Parameters:: req - HTTPServletRequest object
Returns:: String containing the encoded token; null if encoded token not found

setSecretManager

public static void setSecretManager(RMDelegationTokenSecretManager manager)