001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.hadoop.security.token.delegation.web;
019    
020    import org.apache.hadoop.classification.InterfaceAudience;
021    import org.apache.hadoop.classification.InterfaceStability;
022    import org.apache.hadoop.security.authentication.client.Authenticator;
023    import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
024    
025    /**
026     * The <code>KerberosDelegationTokenAuthenticator</code> provides support for
027     * Kerberos SPNEGO authentication mechanism and support for Hadoop Delegation
028     * Token operations.
029     * <p/>
030     * It falls back to the {@link PseudoDelegationTokenAuthenticator} if the HTTP
031     * endpoint does not trigger a SPNEGO authentication
032     */
033    @InterfaceAudience.Public
034    @InterfaceStability.Evolving
035    public class KerberosDelegationTokenAuthenticator
036        extends DelegationTokenAuthenticator {
037    
038      public KerberosDelegationTokenAuthenticator() {
039        super(new KerberosAuthenticator() {
040          @Override
041          protected Authenticator getFallBackAuthenticator() {
042            return new PseudoDelegationTokenAuthenticator();
043          }
044        });
045      }
046    }