KerberosAuthenticationHandler (Hadoop 1.0.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.authentication.server
Class KerberosAuthenticationHandler

java.lang.Object
  org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

All Implemented Interfaces:: AuthenticationHandler

public class KerberosAuthenticationHandler
extends Object
implements AuthenticationHandler
extends Object
implements AuthenticationHandler

The KerberosAuthenticationHandler implements the Kerberos SPNEGO authentication mechanism for HTTP.

The supported configuration properties are:

kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be HTTP/${HOSTNAME}@{REALM}. The realm can be omitted from the principal as the JDK GSS libraries will use the realm name of the configured default realm. It does not have a default value.
kerberos.keytab: the keytab file containing the credentials for the Kerberos principal. It does not have a default value.

Field Summary
`static String`	`KEYTAB` Constant for the configuration property that indicates the keytab file path.
`static String`	`NAME_RULES` Constant for the configuration property that indicates the Kerberos name rules for the Kerberos principals.
`static String`	`PRINCIPAL` Constant for the configuration property that indicates the kerberos principal.
`static String`	`TYPE` Constant that identifies the authentication mechanism.

Constructor Summary
`KerberosAuthenticationHandler()`

Method Summary
`AuthenticationToken`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` It enforces the the Kerberos SPNEGO authentication sequence returning an `AuthenticationToken` only after the Kerberos SPNEGO sequence has completed successfully.
`void`	`destroy()` Releases any resources initialized by the authentication handler.
`protected String`	`getKeytab()` Returns the keytab used by the authentication handler.
`protected String`	`getPrincipal()` Returns the Kerberos principal used by the authentication handler.
`String`	`getType()` Returns the authentication type of the authentication handler, 'kerberos'.
`void`	`init(Properties config)` Initializes the authentication handler instance.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

TYPE

public static final String TYPE

Constant that identifies the authentication mechanism.

See Also:: Constant Field Values

PRINCIPAL

public static final String PRINCIPAL

Constant for the configuration property that indicates the kerberos principal.

See Also:: Constant Field Values

KEYTAB

public static final String KEYTAB

Constant for the configuration property that indicates the keytab file path.

See Also:: Constant Field Values

NAME_RULES

public static final String NAME_RULES

Constant for the configuration property that indicates the Kerberos name rules for the Kerberos principals.

See Also:: Constant Field Values

Constructor Detail

KerberosAuthenticationHandler

public KerberosAuthenticationHandler()

Method Detail

init

public void init(Properties config)
          throws javax.servlet.ServletException

Initializes the authentication handler instance.

It creates a Kerberos context using the principal and keytab specified in the configuration.

This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.

Specified by:: init in interface AuthenticationHandler

Parameters:: config - configuration properties to initialize the handler.
Throws:: javax.servlet.ServletException - thrown if the handler could not be initialized.

destroy

public void destroy()

Releases any resources initialized by the authentication handler.

It destroys the Kerberos context.

Specified by:: destroy in interface AuthenticationHandler

getType

public String getType()

Returns the authentication type of the authentication handler, 'kerberos'.

Specified by:: getType in interface AuthenticationHandler

Returns:: the authentication type of the authentication handler, 'kerberos'.

getPrincipal

protected String getPrincipal()

Returns the Kerberos principal used by the authentication handler.

Returns:: the Kerberos principal used by the authentication handler.

getKeytab

protected String getKeytab()

Returns the keytab used by the authentication handler.

Returns:: the keytab used by the authentication handler.

authenticate

public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException

It enforces the the Kerberos SPNEGO authentication sequence returning an AuthenticationToken only after the Kerberos SPNEGO sequence has completed successfully.

Specified by:: authenticate in interface AuthenticationHandler

Parameters:: request - the HTTP client request.; response - the HTTP client response.
Returns:: an authentication token if the Kerberos SPNEGO sequence is complete and valid, null if it is in progress (in this case the handler handles the response to the client).
Throws:: IOException - thrown if an IO error occurred.; AuthenticationException - thrown if Kerberos SPNEGO sequence failed.