org.apache.hadoop.security.authentication.server

Class PseudoAuthenticationHandler

java.lang.Object

org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler

All Implemented Interfaces:

AuthenticationHandler

public class PseudoAuthenticationHandler
extends Object
implements AuthenticationHandler

The PseudoAuthenticationHandler provides a pseudo authentication mechanism that accepts the user name specified as a query string parameter.

This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in the configuration object.

This handler can be configured to support anonymous users.

The only supported configuration property is:

• simple.anonymous.allowed: true|false, default value is false

Field Summary

Fields

Modifier and Type	Field and Description
static String	ANONYMOUS_ALLOWED Constant for the configuration property that indicates if anonymous users are allowed.
static String	TYPE Constant that identifies the authentication mechanism.

Fields inherited from interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

WWW_AUTHENTICATE

Constructor Summary

Constructors

Constructor and Description
PseudoAuthenticationHandler() Creates a Hadoop pseudo authentication handler with the default auth-token type, simple.
PseudoAuthenticationHandler(String type) Creates a Hadoop pseudo authentication handler with a custom auth-token type.

Method Summary

Modifier and Type	Method and Description
AuthenticationToken	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticates an HTTP client request.
void	destroy() Releases any resources initialized by the authentication handler.
protected boolean	getAcceptAnonymous() Returns if the handler is configured to support anonymous users.
String	getType() Returns the authentication type of the authentication handler, 'simple'.
void	init(Properties config) Initializes the authentication handler instance.
boolean	managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) This is an empty implementation, it always returns TRUE.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TYPE

public static final String TYPE

Constant that identifies the authentication mechanism.

See Also:

Constant Field Values

ANONYMOUS_ALLOWED

public static final String ANONYMOUS_ALLOWED

Constant for the configuration property that indicates if anonymous users are allowed.

See Also:

Constant Field Values

Constructor Detail

PseudoAuthenticationHandler

public PseudoAuthenticationHandler()

Creates a Hadoop pseudo authentication handler with the default auth-token type, simple.

PseudoAuthenticationHandler

public PseudoAuthenticationHandler(String type)

Creates a Hadoop pseudo authentication handler with a custom auth-token type.

Parameters:

type - auth-token type.

Method Detail

init

public void init(Properties config)
          throws javax.servlet.ServletException

Initializes the authentication handler instance.

This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.

Specified by:

init in interface AuthenticationHandler

Parameters:

config - configuration properties to initialize the handler.

Throws:

javax.servlet.ServletException - thrown if the handler could not be initialized.

getAcceptAnonymous

protected boolean getAcceptAnonymous()

Returns if the handler is configured to support anonymous users.

Returns:

if the handler is configured to support anonymous users.

destroy

public void destroy()

Releases any resources initialized by the authentication handler.

This implementation does a NOP.

Specified by:

destroy in interface AuthenticationHandler

getType

public String getType()

Returns the authentication type of the authentication handler, 'simple'.

Specified by:

getType in interface AuthenticationHandler

Returns:

the authentication type of the authentication handler, 'simple'.

managementOperation

public boolean managementOperation(AuthenticationToken token,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response)
                            throws IOException,
                                   AuthenticationException

This is an empty implementation, it always returns TRUE.

Specified by:

managementOperation in interface AuthenticationHandler

Parameters:

token - the authentication token if any, otherwise NULL.

request - the HTTP client request.

response - the HTTP client response.

Returns:

TRUE

Throws:

IOException - it is never thrown.

AuthenticationException - it is never thrown.

authenticate

public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response)
                                 throws IOException,
                                        AuthenticationException

Authenticates an HTTP client request.

It extracts the PseudoAuthenticator.USER_NAME parameter from the query string and creates an AuthenticationToken with it.

If the HTTP client request does not contain the PseudoAuthenticator.USER_NAME parameter and the handler is configured to allow anonymous users it returns the AuthenticationToken.ANONYMOUS token.

If the HTTP client request does not contain the PseudoAuthenticator.USER_NAME parameter and the handler is configured to disallow anonymous users it throws an AuthenticationException.

Specified by:

authenticate in interface AuthenticationHandler

Parameters:

request - the HTTP client request.

response - the HTTP client response.

Returns:

an authentication token if the HTTP client request is accepted and credentials are valid.

Throws:

IOException - thrown if an IO error occurred.

AuthenticationException - thrown if HTTP client request was not accepted as an authentication request.