AltKerberosAuthenticationHandler (Apache Hadoop Auth 2.10.2 API)

java.lang.Object
- org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
- - org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler

Direct Known Subclasses:

JWTRedirectAuthenticationHandler
```
public abstract class AltKerberosAuthenticationHandler
extends KerberosAuthenticationHandler
```
The AltKerberosAuthenticationHandler behaves exactly the same way as the KerberosAuthenticationHandler, except that it allows for an alternative form of authentication for browsers while still using Kerberos for Java access. This is an abstract class that should be subclassed to allow a developer to implement their own custom authentication for browser access. The alternateAuthenticate method will be called whenever a request comes from a browser.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`NON_BROWSER_USER_AGENTS` Constant for the configuration property that indicates which user agents are not considered browsers (comma separated)
`static String`	`TYPE` Constant that identifies the authentication mechanism.

Fields inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
KEYTAB, LOG, NAME_RULES, PRINCIPAL

Fields inherited from interface org.apache.hadoop.security.authentication.server.AuthenticationHandler
WWW_AUTHENTICATE

Constructor Summary

Constructors
Constructor and Description

AltKerberosAuthenticationHandler()

Constructors
Constructor and Description
`AltKerberosAuthenticationHandler()`

Method Summary

Methods
Modifier and Type	Method and Description
`abstract AuthenticationToken`	`alternateAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Subclasses should implement this method to provide the custom authentication to be used for browsers.
`AuthenticationToken`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` It enforces the the Kerberos SPNEGO authentication sequence returning an `AuthenticationToken` only after the Kerberos SPNEGO sequence has completed successfully (in the case of Java access) and only after the custom authentication implemented by the subclass in alternateAuthenticate has completed successfully (in the case of browser access).
`String`	`getType()` Returns the authentication type of the authentication handler, 'alt-kerberos'.
`void`	`init(Properties config)` Initializes the authentication handler instance.
`protected boolean`	`isBrowser(String userAgent)` This method parses the User-Agent String and returns whether or not it refers to a browser.

Methods inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler
destroy, getKeytab, getPrincipals, managementOperation

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - TYPE
```
public static final String TYPE
```
    Constant that identifies the authentication mechanism.
    
    See Also:
    Constant Field Values
  - NON_BROWSER_USER_AGENTS
```
public static final String NON_BROWSER_USER_AGENTS
```
    Constant for the configuration property that indicates which user agents are not considered browsers (comma separated)
    
    See Also:
    Constant Field Values
- Constructor Detail
  - AltKerberosAuthenticationHandler
```
public AltKerberosAuthenticationHandler()
```
- Method Detail
  - getType
```
public String getType()
```
    Returns the authentication type of the authentication handler, 'alt-kerberos'.
    
    Specified by:
    
    getType in interface AuthenticationHandler
    
    Overrides:
    
    getType in class KerberosAuthenticationHandler
    
    Returns:
    the authentication type of the authentication handler, 'alt-kerberos'.
  - init
```
public void init(Properties config)
          throws javax.servlet.ServletException
```
    Description copied from class: KerberosAuthenticationHandler
    
    Initializes the authentication handler instance.
    It creates a Kerberos context using the principal and keytab specified in the configuration.
    This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.
    
    Specified by:
    
    init in interface AuthenticationHandler
    
    Overrides:
    
    init in class KerberosAuthenticationHandler
    
    Parameters:
    config - configuration properties to initialize the handler.
    
    Throws:
    
    javax.servlet.ServletException - thrown if the handler could not be initialized.
  - authenticate
```
public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException
```
    It enforces the the Kerberos SPNEGO authentication sequence returning an AuthenticationToken only after the Kerberos SPNEGO sequence has completed successfully (in the case of Java access) and only after the custom authentication implemented by the subclass in alternateAuthenticate has completed successfully (in the case of browser access).
    
    Specified by:
    
    authenticate in interface AuthenticationHandler
    
    Overrides:
    
    authenticate in class KerberosAuthenticationHandler
    
    Parameters:
    request - the HTTP client request.
    response - the HTTP client response.
    
    Returns:
    an authentication token if the request is authorized or null
    
    Throws:
    
    IOException - thrown if an IO error occurred
    
    AuthenticationException - thrown if an authentication error occurred
  - isBrowser
```
protected boolean isBrowser(String userAgent)
```
    This method parses the User-Agent String and returns whether or not it refers to a browser. If its not a browser, then Kerberos authentication will be used; if it is a browser, alternateAuthenticate from the subclass will be used.
    A User-Agent String is considered to be a browser if it does not contain any of the values from alt-kerberos.non-browser.user-agents; the default behavior is to consider everything a browser unless it contains one of: "java", "curl", "wget", or "perl". Subclasses can optionally override this method to use different behavior.
    
    Parameters:
    userAgent - The User-Agent String, or null if there isn't one
    
    Returns:
    true if the User-Agent String refers to a browser, false if not
  - alternateAuthenticate
```
public abstract AuthenticationToken alternateAuthenticate(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response)
                                                   throws IOException,
                                                          AuthenticationException
```
    Subclasses should implement this method to provide the custom authentication to be used for browsers.
    
    Parameters:
    request - the HTTP client request.
    response - the HTTP client response.
    
    Returns:
    an authentication token if the request is authorized, or null
    
    Throws:
    
    IOException - thrown if an IO error occurs
    
    AuthenticationException - thrown if an authentication error occurs

Class AltKerberosAuthenticationHandler

Field Summary

Fields inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Fields inherited from interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Methods inherited from class java.lang.Object

Field Detail

TYPE

NON_BROWSER_USER_AGENTS

Constructor Detail

AltKerberosAuthenticationHandler

Method Detail

getType

init

authenticate

isBrowser

alternateAuthenticate