org.apache.hadoop.hbase.security.provider

Class GssSaslClientAuthenticationProvider

java.lang.Object

org.apache.hadoop.hbase.security.provider.BuiltInSaslAuthenticationProvider

org.apache.hadoop.hbase.security.provider.GssSaslAuthenticationProvider

org.apache.hadoop.hbase.security.provider.GssSaslClientAuthenticationProvider

All Implemented Interfaces:

SaslAuthenticationProvider, SaslClientAuthenticationProvider

@InterfaceAudience.Private
public class GssSaslClientAuthenticationProvider
extends GssSaslAuthenticationProvider
implements SaslClientAuthenticationProvider

Field Summary

Fields inherited from class org.apache.hadoop.hbase.security.provider.GssSaslAuthenticationProvider

SASL_AUTH_METHOD

Fields inherited from class org.apache.hadoop.hbase.security.provider.BuiltInSaslAuthenticationProvider

AUTH_TOKEN_TYPE

Constructor Summary

Constructors

Constructor and Description
GssSaslClientAuthenticationProvider()

Method Summary

Modifier and Type	Method and Description
boolean	canRetry() Returns true if the implementation is capable of performing some action which may allow a failed authentication to become a successful authentication.
SaslClient	createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, String serverPrincipal, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) Create the SASL client instance for this authentication method.
org.apache.hadoop.security.UserGroupInformation	getRealUser(User user) Returns the "real" user, the user who has the credentials being authenticated by the remote service, in the form of an UserGroupInformation object.
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation	getUserInfo(User user) Constructs a RPCProtos.UserInformation from the given UserGroupInformation
void	relogin() Executes any necessary logic to re-login the client.

Methods inherited from class org.apache.hadoop.hbase.security.provider.GssSaslAuthenticationProvider

getSaslAuthMethod

Methods inherited from class org.apache.hadoop.hbase.security.provider.BuiltInSaslAuthenticationProvider

createSaslAuthMethod, getTokenKind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider

createClient

Methods inherited from interface org.apache.hadoop.hbase.security.provider.SaslAuthenticationProvider

getSaslAuthMethod, getTokenKind

Constructor Detail

GssSaslClientAuthenticationProvider

public GssSaslClientAuthenticationProvider()

Method Detail

createClient

public SaslClient createClient(org.apache.hadoop.conf.Configuration conf,
                               InetAddress serverAddr,
                               String serverPrincipal,
                               org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token,
                               boolean fallbackAllowed,
                               Map<String,String> saslProps)
                        throws IOException

Description copied from interface: SaslClientAuthenticationProvider

Create the SASL client instance for this authentication method.

The default implementation is create a fake SecurityInfo and call the above method, for keeping compatible with old customized authentication method

Specified by:

createClient in interface SaslClientAuthenticationProvider

Throws:

IOException

getUserInfo

public org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation getUserInfo(User user)

Description copied from interface: SaslClientAuthenticationProvider

Constructs a RPCProtos.UserInformation from the given UserGroupInformation

Specified by:

getUserInfo in interface SaslClientAuthenticationProvider

canRetry

public boolean canRetry()

Description copied from interface: SaslClientAuthenticationProvider

Returns true if the implementation is capable of performing some action which may allow a failed authentication to become a successful authentication. Otherwise, returns false

Specified by:

canRetry in interface SaslClientAuthenticationProvider

relogin

public void relogin()
             throws IOException

Description copied from interface: SaslClientAuthenticationProvider

Executes any necessary logic to re-login the client. Not all implementations will have any logic that needs to be executed.

Specified by:

relogin in interface SaslClientAuthenticationProvider

Throws:

IOException

getRealUser

public org.apache.hadoop.security.UserGroupInformation getRealUser(User user)

Description copied from interface: SaslClientAuthenticationProvider

Returns the "real" user, the user who has the credentials being authenticated by the remote service, in the form of an UserGroupInformation object. It is common in the Hadoop "world" to have distinct notions of a "real" user and a "proxy" user. A "real" user is the user which actually has the credentials (often, a Kerberos ticket), but some code may be running as some other user who has no credentials. This method gives the authentication provider a chance to acknowledge this is happening and ensure that any RPCs are executed with the real user's credentials, because executing them as the proxy user would result in failure because no credentials exist to authenticate the RPC. Not all implementations will need to implement this method. By default, the provided User's UGI is returned directly.

Specified by:

getRealUser in interface SaslClientAuthenticationProvider