MultiSchemeAuthenticationHandler (Apache Hadoop Auth 2.10.2 API)

java.lang.Object
- org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler, CompositeAuthenticationHandler
```
@InterfaceAudience.Private
@InterfaceStability.Evolving
public class MultiSchemeAuthenticationHandler
extends Object
implements CompositeAuthenticationHandler
```
The MultiSchemeAuthenticationHandler supports configuring multiple authentication mechanisms simultaneously. e.g. server can support multiple authentication mechanisms such as Kerberos (SPENGO) and LDAP. During the authentication phase, server will specify all possible authentication schemes and let client choose the appropriate scheme. Please refer to RFC-2616 and HADOOP-12082 for more details.
The supported configuration properties are:
- multi-scheme-auth-handler.schemes: A comma separated list of HTTP authentication mechanisms supported by this handler. It does not have a default value. e.g. multi-scheme-auth-handler.schemes=basic,negotiate
- multi-scheme-auth-handler.schemes.${scheme-name}.handler: The authentication handler implementation to be used for the specified authentication scheme. It does not have a default value. e.g. multi-scheme-auth-handler.schemes.negotiate.handler=kerberos
It expected that for every authentication scheme specified in multi-scheme-auth-handler.schemes property, a handler needs to be configured. Note that while scheme values in 'multi-scheme-auth-handler.schemes' property are case-insensitive, the scheme value in the handler configuration property name must be lower case. i.e. property name such as multi-scheme-auth-handler.schemes.Negotiate.handler is invalid.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`AUTH_HANDLER_PROPERTY`
`static String`	`SCHEMES_PROPERTY`
`static String`	`TYPE` Constant that identifies the authentication mechanism.

Fields inherited from interface org.apache.hadoop.security.authentication.server.AuthenticationHandler
WWW_AUTHENTICATE

Constructor Summary

Constructors
Constructor and Description

MultiSchemeAuthenticationHandler()

MultiSchemeAuthenticationHandler(String authType)

Constructors
Constructor and Description
`MultiSchemeAuthenticationHandler()`
`MultiSchemeAuthenticationHandler(String authType)`

Method Summary

Methods
Modifier and Type	Method and Description
`AuthenticationToken`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Performs an authentication step for the given HTTP client request.
`void`	`destroy()` Destroys the authentication handler instance.
`Collection<String>`	`getTokenTypes()` This method returns the token types supported by this authentication handler.
`String`	`getType()` Returns the authentication type of the authentication handler.
`void`	`init(Properties config)` Initializes the authentication handler instance.
`protected AuthenticationHandler`	`initializeAuthHandler(String authHandlerClassName, Properties config)`
`boolean`	`managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Performs an authentication management operation.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - SCHEMES_PROPERTY
```
public static final String SCHEMES_PROPERTY
```
    See Also:
    Constant Field Values
  - AUTH_HANDLER_PROPERTY
```
public static final String AUTH_HANDLER_PROPERTY
```
    See Also:
    Constant Field Values
  - TYPE
```
public static final String TYPE
```
    Constant that identifies the authentication mechanism.
    
    See Also:
    Constant Field Values
- Constructor Detail
  - MultiSchemeAuthenticationHandler
```
public MultiSchemeAuthenticationHandler()
```
  - MultiSchemeAuthenticationHandler
```
public MultiSchemeAuthenticationHandler(String authType)
```
- Method Detail
  - getType
```
public String getType()
```
    Description copied from interface: AuthenticationHandler
    
    Returns the authentication type of the authentication handler. This should be a name that uniquely identifies the authentication type. For example 'simple' or 'kerberos'.
    
    Specified by:
    
    getType in interface AuthenticationHandler
    
    Returns:
    the authentication type of the authentication handler.
  - getTokenTypes
```
public Collection<String> getTokenTypes()
```
    This method returns the token types supported by this authentication handler.
    
    Specified by:
    
    getTokenTypes in interface CompositeAuthenticationHandler
    
    Returns:
    the token types supported by this authentication handler.
  - init
```
public void init(Properties config)
          throws javax.servlet.ServletException
```
    Description copied from interface: AuthenticationHandler
    
    Initializes the authentication handler instance.
    This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.
    
    Specified by:
    
    init in interface AuthenticationHandler
    
    Parameters:
    config - configuration properties to initialize the handler.
    
    Throws:
    
    javax.servlet.ServletException - thrown if the handler could not be initialized.
  - initializeAuthHandler
```
protected AuthenticationHandler initializeAuthHandler(String authHandlerClassName,
                                          Properties config)
                                               throws javax.servlet.ServletException
```
    Throws:
    
    javax.servlet.ServletException
  - destroy
```
public void destroy()
```
    Description copied from interface: AuthenticationHandler
    
    Destroys the authentication handler instance.
    This method is invoked by the AuthenticationFilter.destroy() method.
    
    Specified by:
    
    destroy in interface AuthenticationHandler
  - managementOperation
```
public boolean managementOperation(AuthenticationToken token,
                          javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)
                            throws IOException,
                                   AuthenticationException
```
    Description copied from interface: AuthenticationHandler
    
    Performs an authentication management operation.
    This is useful for handling operations like get/renew/cancel delegation tokens which are being handled as operations of the service end-point.
    If the method returns TRUE the request will continue normal processing, this means the method has not produced any HTTP response.
    If the method returns FALSE the request will end, this means the method has produced the corresponding HTTP response.
    
    Specified by:
    
    managementOperation in interface AuthenticationHandler
    
    Parameters:
    token - the authentication token if any, otherwise NULL.
    request - the HTTP client request.
    response - the HTTP client response.
    
    Returns:
    TRUE if the request should be processed as a regular request, FALSE otherwise.
    
    Throws:
    
    IOException - thrown if an IO error occurred.
    
    AuthenticationException - thrown if an Authentication error occurred.
  - authenticate
```
public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException
```
    Description copied from interface: AuthenticationHandler
    
    Performs an authentication step for the given HTTP client request.
    This method is invoked by the AuthenticationFilter only if the HTTP client request is not yet authenticated.
    Depending upon the authentication mechanism being implemented, a particular HTTP client may end up making a sequence of invocations before authentication is successfully established (this is the case of Kerberos SPNEGO).
    This method must return an AuthenticationToken only if the the HTTP client request has been successfully and fully authenticated.
    If the HTTP client request has not been completely authenticated, this method must take over the corresponding HTTP response and it must return null.
    
    Specified by:
    
    authenticate in interface AuthenticationHandler
    
    Parameters:
    request - the HTTP client request.
    response - the HTTP client response.
    
    Returns:
    an AuthenticationToken if the HTTP client request has been authenticated, null otherwise (in this case it must take care of the response).
    
    Throws:
    
    IOException - thrown if an IO error occurred.
    
    AuthenticationException - thrown if an Authentication error occurred.

Class MultiSchemeAuthenticationHandler

Field Summary

Fields inherited from interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

SCHEMES_PROPERTY

AUTH_HANDLER_PROPERTY

TYPE

Constructor Detail

MultiSchemeAuthenticationHandler

MultiSchemeAuthenticationHandler

Method Detail

getType

getTokenTypes

init

initializeAuthHandler

destroy

managementOperation

authenticate