org.apache.hadoop.security.authentication.client

Class KerberosAuthenticator

java.lang.Object

org.apache.hadoop.security.authentication.client.KerberosAuthenticator

All Implemented Interfaces:

Authenticator

public class KerberosAuthenticator
extends Object
implements Authenticator

The KerberosAuthenticator implements the Kerberos SPNEGO authentication sequence.

It uses the default principal for the Kerberos cache (normally set via kinit).

It falls back to the PseudoAuthenticator if the HTTP endpoint does not trigger an SPNEGO authentication sequence.

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHORIZATION HTTP header used by the SPNEGO client endpoint during an authentication sequence.
static String	NEGOTIATE HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.
static String	WWW_AUTHENTICATE HTTP header used by the SPNEGO server endpoint during an authentication sequence.

Constructor Summary

Constructors

Constructor and Description
KerberosAuthenticator()

Method Summary

Methods

Modifier and Type	Method and Description
void	authenticate(URL url, AuthenticatedURL.Token token) Performs SPNEGO authentication against the specified URL.
protected Authenticator	getFallBackAuthenticator() If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.
void	setConnectionConfigurator(ConnectionConfigurator configurator) Sets a ConnectionConfigurator instance to use for configuring connections.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

WWW_AUTHENTICATE

public static final String WWW_AUTHENTICATE

HTTP header used by the SPNEGO server endpoint during an authentication sequence.

See Also:

Constant Field Values

AUTHORIZATION

public static final String AUTHORIZATION

HTTP header used by the SPNEGO client endpoint during an authentication sequence.

See Also:

Constant Field Values

NEGOTIATE

public static final String NEGOTIATE

HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.

See Also:

Constant Field Values

Constructor Detail

KerberosAuthenticator

public KerberosAuthenticator()

Method Detail

setConnectionConfigurator

public void setConnectionConfigurator(ConnectionConfigurator configurator)

Sets a ConnectionConfigurator instance to use for configuring connections.

Specified by:

setConnectionConfigurator in interface Authenticator

Parameters:

configurator - the ConnectionConfigurator instance.

authenticate

public void authenticate(URL url,
                AuthenticatedURL.Token token)
                  throws IOException,
                         AuthenticationException

Performs SPNEGO authentication against the specified URL.

If a token is given it does a NOP and returns the given token.

If no token is given, it will perform the SPNEGO authentication sequence using an HTTP OPTIONS request.

Specified by:

authenticate in interface Authenticator

Parameters:

url - the URl to authenticate against.

token - the authentication token being used for the user.

Throws:

IOException - if an IO error occurred.

AuthenticationException - if an authentication error occurred.

getFallBackAuthenticator

protected Authenticator getFallBackAuthenticator()

If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.

This implementation returns a PseudoAuthenticator.

Returns:

the fallback Authenticator.