DelegationTokenAuthenticatedURL (Apache Hadoop Main 2.6.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.token.delegation.web
Class DelegationTokenAuthenticatedURL

java.lang.Object
  org.apache.hadoop.security.authentication.client.AuthenticatedURL
      org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL

@InterfaceAudience.Public @InterfaceStability.Unstable public class DelegationTokenAuthenticatedURL
extends org.apache.hadoop.security.authentication.client.AuthenticatedURL
extends org.apache.hadoop.security.authentication.client.AuthenticatedURL

The DelegationTokenAuthenticatedURL is a AuthenticatedURL sub-class with built-in Hadoop Delegation Token functionality.

The authentication mechanisms supported by default are Hadoop Simple authentication (also known as pseudo authentication) and Kerberos SPNEGO authentication.

Additional authentication mechanisms can be supported via DelegationTokenAuthenticator implementations.

The default DelegationTokenAuthenticator is the KerberosDelegationTokenAuthenticator class which supports automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication via the PseudoDelegationTokenAuthenticator class.

AuthenticatedURL instances are not thread-safe.

Nested Class Summary
`static class`	`DelegationTokenAuthenticatedURL.Token` Client side authentication token that handles Delegation Tokens.

Field Summary

Fields inherited from class org.apache.hadoop.security.authentication.client.AuthenticatedURL
`AUTH_COOKIE`

Constructor Summary
`DelegationTokenAuthenticatedURL()` Creates an `DelegationTokenAuthenticatedURL`.
`DelegationTokenAuthenticatedURL(org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)` Creates an `DelegationTokenAuthenticatedURL` using the default `DelegationTokenAuthenticator` class.
`DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator)` Creates an `DelegationTokenAuthenticatedURL`.
`DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator, org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)` Creates an `DelegationTokenAuthenticatedURL`.

Method Summary
`void`	`cancelDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token)` Cancels a delegation token from the server end-point.
`void`	`cancelDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String doAsUser)` Cancels a delegation token from the server end-point.
`static Class<? extends DelegationTokenAuthenticator>`	`getDefaultDelegationTokenAuthenticator()` Returns the default `DelegationTokenAuthenticator` class to use when an `DelegationTokenAuthenticatedURL` instance is created without specifying one.
`org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>`	`getDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String renewer)` Requests a delegation token using the configured `Authenticator` for authentication.
`org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>`	`getDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String renewer, String doAsUser)` Requests a delegation token using the configured `Authenticator` for authentication.
`HttpURLConnection`	`openConnection(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token)` Returns an authenticated `HttpURLConnection`, it uses a Delegation Token only if the given auth token is an instance of `DelegationTokenAuthenticatedURL.Token` and it contains a Delegation Token, otherwise use the configured `DelegationTokenAuthenticator` to authenticate the connection.
`HttpURLConnection`	`openConnection(URL url, DelegationTokenAuthenticatedURL.Token token)` Returns an authenticated `HttpURLConnection`.
`HttpURLConnection`	`openConnection(URL url, DelegationTokenAuthenticatedURL.Token token, String doAs)` Returns an authenticated `HttpURLConnection`.
`long`	`renewDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token)` Renews a delegation token from the server end-point using the configured `Authenticator` for authentication.
`long`	`renewDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String doAsUser)` Renews a delegation token from the server end-point using the configured `Authenticator` for authentication.
`static void`	`setDefaultDelegationTokenAuthenticator(Class<? extends DelegationTokenAuthenticator> authenticator)` Sets the default `DelegationTokenAuthenticator` class to use when an `DelegationTokenAuthenticatedURL` instance is created without specifying one.
`protected void`	`setUseQueryStringForDelegationToken(boolean useQueryString)` Deprecated.
`boolean`	`useQueryStringForDelegationToken()` Returns if delegation token is transmitted as a HTTP header.

Methods inherited from class org.apache.hadoop.security.authentication.client.AuthenticatedURL
`extractToken, getAuthenticator, getDefaultAuthenticator, injectToken, setDefaultAuthenticator`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

DelegationTokenAuthenticatedURL

public DelegationTokenAuthenticatedURL()

Creates an DelegationTokenAuthenticatedURL.

An instance of the default DelegationTokenAuthenticator will be used.

DelegationTokenAuthenticatedURL

public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator)

Creates an DelegationTokenAuthenticatedURL.

Parameters:: authenticator - the DelegationTokenAuthenticator instance to use, if null the default one will be used.

DelegationTokenAuthenticatedURL

public DelegationTokenAuthenticatedURL(org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)

Creates an DelegationTokenAuthenticatedURL using the default DelegationTokenAuthenticator class.

Parameters:: connConfigurator - a connection configurator.

DelegationTokenAuthenticatedURL

public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator,
                                       org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)

Creates an DelegationTokenAuthenticatedURL.

Parameters:: authenticator - the DelegationTokenAuthenticator instance to use, if null the default one will be used.; connConfigurator - a connection configurator.

Method Detail

setDefaultDelegationTokenAuthenticator

public static void setDefaultDelegationTokenAuthenticator(Class<? extends DelegationTokenAuthenticator> authenticator)

Sets the default DelegationTokenAuthenticator class to use when an DelegationTokenAuthenticatedURL instance is created without specifying one. The default class is KerberosDelegationTokenAuthenticator

Parameters:: authenticator - the authenticator class to use as default.

getDefaultDelegationTokenAuthenticator

public static Class<? extends DelegationTokenAuthenticator> getDefaultDelegationTokenAuthenticator()

Returns the default DelegationTokenAuthenticator class to use when an DelegationTokenAuthenticatedURL instance is created without specifying one.

The default class is KerberosDelegationTokenAuthenticator

Returns:: the delegation token authenticator class to use as default.

setUseQueryStringForDelegationToken

@Deprecated
protected void setUseQueryStringForDelegationToken(boolean useQueryString)

Deprecated.

Sets if delegation token should be transmitted in the URL query string. By default it is transmitted using the DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER HTTP header.

This method is provided to enable WebHDFS backwards compatibility.

Parameters:: useQueryString - TRUE if the token is transmitted in the URL query string, FALSE if the delegation token is transmitted using the DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER HTTP header.

useQueryStringForDelegationToken

public boolean useQueryStringForDelegationToken()

Returns if delegation token is transmitted as a HTTP header.

Returns:: TRUE if the token is transmitted in the URL query string, FALSE if the delegation token is transmitted using the DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER HTTP header.

openConnection

public HttpURLConnection openConnection(URL url,
                                        org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token)
                                 throws IOException,
                                        org.apache.hadoop.security.authentication.client.AuthenticationException

Returns an authenticated HttpURLConnection, it uses a Delegation Token only if the given auth token is an instance of DelegationTokenAuthenticatedURL.Token and it contains a Delegation Token, otherwise use the configured DelegationTokenAuthenticator to authenticate the connection.

Overrides:: openConnection in class org.apache.hadoop.security.authentication.client.AuthenticatedURL

Parameters:: url - the URL to connect to. Only HTTP/S URLs are supported.; token - the authentication token being used for the user.
Returns:: an authenticated HttpURLConnection.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

openConnection

public HttpURLConnection openConnection(URL url,
                                        DelegationTokenAuthenticatedURL.Token token)
                                 throws IOException,
                                        org.apache.hadoop.security.authentication.client.AuthenticationException

Returns an authenticated HttpURLConnection. If the Delegation Token is present, it will be used taking precedence over the configured Authenticator.

Parameters:: url - the URL to connect to. Only HTTP/S URLs are supported.; token - the authentication token being used for the user.
Returns:: an authenticated HttpURLConnection.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

openConnection

public HttpURLConnection openConnection(URL url,
                                        DelegationTokenAuthenticatedURL.Token token,
                                        String doAs)
                                 throws IOException,
                                        org.apache.hadoop.security.authentication.client.AuthenticationException

Returns an authenticated HttpURLConnection. If the Delegation Token is present, it will be used taking precedence over the configured Authenticator. If the doAs parameter is not NULL, the request will be done on behalf of the specified doAs user.

Parameters:: url - the URL to connect to. Only HTTP/S URLs are supported.; token - the authentication token being used for the user.; doAs - user to do the the request on behalf of, if NULL the request is as self.
Returns:: an authenticated HttpURLConnection.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

getDelegationToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier> getDelegationToken(URL url,
                                                                                                                                                DelegationTokenAuthenticatedURL.Token token,
                                                                                                                                                String renewer)
                                                                                                                                         throws IOException,
                                                                                                                                                org.apache.hadoop.security.authentication.client.AuthenticationException

Requests a delegation token using the configured Authenticator for authentication.

Parameters:: url - the URL to get the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token being used for the user where the Delegation token will be stored.; renewer - the renewer user.
Returns:: a delegation token.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

getDelegationToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier> getDelegationToken(URL url,
                                                                                                                                                DelegationTokenAuthenticatedURL.Token token,
                                                                                                                                                String renewer,
                                                                                                                                                String doAsUser)
                                                                                                                                         throws IOException,
                                                                                                                                                org.apache.hadoop.security.authentication.client.AuthenticationException

Requests a delegation token using the configured Authenticator for authentication.

Parameters:: url - the URL to get the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token being used for the user where the Delegation token will be stored.; renewer - the renewer user.; doAsUser - the user to do as, which will be the token owner.
Returns:: a delegation token.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

renewDelegationToken

public long renewDelegationToken(URL url,
                                 DelegationTokenAuthenticatedURL.Token token)
                          throws IOException,
                                 org.apache.hadoop.security.authentication.client.AuthenticationException

Renews a delegation token from the server end-point using the configured Authenticator for authentication.

Parameters:: url - the URL to renew the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token with the Delegation Token to renew.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

renewDelegationToken

public long renewDelegationToken(URL url,
                                 DelegationTokenAuthenticatedURL.Token token,
                                 String doAsUser)
                          throws IOException,
                                 org.apache.hadoop.security.authentication.client.AuthenticationException

Renews a delegation token from the server end-point using the configured Authenticator for authentication.

Parameters:: url - the URL to renew the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token with the Delegation Token to renew.; doAsUser - the user to do as, which will be the token owner.
Throws:: IOException - if an IO error occurred.; org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

cancelDelegationToken

public void cancelDelegationToken(URL url,
                                  DelegationTokenAuthenticatedURL.Token token)
                           throws IOException

Cancels a delegation token from the server end-point. It does not require being authenticated by the configured Authenticator.

Parameters:: url - the URL to cancel the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token with the Delegation Token to cancel.
Throws:: IOException - if an IO error occurred.

cancelDelegationToken

public void cancelDelegationToken(URL url,
                                  DelegationTokenAuthenticatedURL.Token token,
                                  String doAsUser)
                           throws IOException

Cancels a delegation token from the server end-point. It does not require being authenticated by the configured Authenticator.

Parameters:: url - the URL to cancel the delegation token from. Only HTTP/S URLs are supported.; token - the authentication token with the Delegation Token to cancel.; doAsUser - the user to do as, which will be the token owner.
Throws:: IOException - if an IO error occurred.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.token.delegation.web Class DelegationTokenAuthenticatedURL

DelegationTokenAuthenticatedURL

DelegationTokenAuthenticatedURL

DelegationTokenAuthenticatedURL

DelegationTokenAuthenticatedURL

setDefaultDelegationTokenAuthenticator

getDefaultDelegationTokenAuthenticator

setUseQueryStringForDelegationToken

useQueryStringForDelegationToken

openConnection

openConnection

openConnection

getDelegationToken

getDelegationToken

renewDelegationToken

renewDelegationToken

cancelDelegationToken

cancelDelegationToken

org.apache.hadoop.security.token.delegation.web
Class DelegationTokenAuthenticatedURL