org.apache.hadoop.security.authentication.server
Interface AuthenticationHandler

All Known Implementing Classes:
KerberosAuthenticationHandler, PseudoAuthenticationHandler

public interface AuthenticationHandler

Interface for server authentication mechanisms.

The AuthenticationFilter manages the lifecycle of the authentication handler.

Implementations must be thread-safe as one instance is initialized and used for all requests.


Method Summary
 AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Performs an authentication step for the given HTTP client request.
 void destroy()
          Destroys the authentication handler instance.
 String getType()
          Returns the authentication type of the authentication handler.
 void init(Properties config)
          Initializes the authentication handler instance.
 

Method Detail

getType

String getType()
Returns the authentication type of the authentication handler.

This should be a name that uniquely identifies the authentication type. For example 'simple' or 'kerberos'.

Returns:
the authentication type of the authentication handler.

init

void init(Properties config)
          throws javax.servlet.ServletException
Initializes the authentication handler instance.

This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.

Parameters:
config - configuration properties to initialize the handler.
Throws:
javax.servlet.ServletException - thrown if the handler could not be initialized.

destroy

void destroy()
Destroys the authentication handler instance.

This method is invoked by the AuthenticationFilter.destroy() method.


authenticate

AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException
Performs an authentication step for the given HTTP client request.

This method is invoked by the AuthenticationFilter only if the HTTP client request is not yet authenticated.

Depending upon the authentication mechanism being implemented, a particular HTTP client may end up making a sequence of invocations before authentication is successfully established (this is the case of Kerberos SPNEGO).

This method must return an AuthenticationToken only if the the HTTP client request has been successfully and fully authenticated.

If the HTTP client request has not been completely authenticated, this method must take over the corresponding HTTP response and it must return null.

Parameters:
request - the HTTP client request.
response - the HTTP client response.
Returns:
an AuthenticationToken if the HTTP client request has been authenticated, null otherwise (in this case it must take care of the response).
Throws:
IOException - thrown if an IO error occurred.
AuthenticationException - thrown if an Authentication error occurred.


Copyright © 2009 The Apache Software Foundation