@InterfaceAudience.Public
@InterfaceStability.Unstable
public class DelegationTokenAuthenticatedURL
extends org.apache.hadoop.security.authentication.client.AuthenticatedURL
DelegationTokenAuthenticatedURL
is a
AuthenticatedURL
sub-class with built-in Hadoop Delegation Token
functionality.
The authentication mechanisms supported by default are Hadoop Simple authentication (also known as pseudo authentication) and Kerberos SPNEGO authentication.
Additional authentication mechanisms can be supported via DelegationTokenAuthenticator
implementations.
The default DelegationTokenAuthenticator
is the KerberosDelegationTokenAuthenticator
class which supports
automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication via
the PseudoDelegationTokenAuthenticator
class.
AuthenticatedURL
instances are not thread-safe.
Modifier and Type | Class and Description |
---|---|
static class |
DelegationTokenAuthenticatedURL.Token
Client side authentication token that handles Delegation Tokens.
|
Constructor and Description |
---|
DelegationTokenAuthenticatedURL()
Creates an
DelegationTokenAuthenticatedURL . |
DelegationTokenAuthenticatedURL(org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)
Creates an
DelegationTokenAuthenticatedURL using the default
DelegationTokenAuthenticator class. |
DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator)
Creates an
DelegationTokenAuthenticatedURL . |
DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator,
org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)
Creates an
DelegationTokenAuthenticatedURL . |
Modifier and Type | Method and Description |
---|---|
void |
cancelDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token)
Cancels a delegation token from the server end-point.
|
void |
cancelDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token,
String doAsUser)
Cancels a delegation token from the server end-point.
|
static Class<? extends DelegationTokenAuthenticator> |
getDefaultDelegationTokenAuthenticator()
Returns the default
DelegationTokenAuthenticator class to use when
an DelegationTokenAuthenticatedURL instance is created without
specifying one. |
Token<AbstractDelegationTokenIdentifier> |
getDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token,
String renewer)
Requests a delegation token using the configured
Authenticator
for authentication. |
Token<AbstractDelegationTokenIdentifier> |
getDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token,
String renewer,
String doAsUser)
Requests a delegation token using the configured
Authenticator
for authentication. |
HttpURLConnection |
openConnection(URL url,
org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token)
Returns an authenticated
HttpURLConnection , it uses a Delegation
Token only if the given auth token is an instance of DelegationTokenAuthenticatedURL.Token and
it contains a Delegation Token, otherwise use the configured
DelegationTokenAuthenticator to authenticate the connection. |
HttpURLConnection |
openConnection(URL url,
DelegationTokenAuthenticatedURL.Token token)
Returns an authenticated
HttpURLConnection . |
HttpURLConnection |
openConnection(URL url,
DelegationTokenAuthenticatedURL.Token token,
String doAs)
Returns an authenticated
HttpURLConnection . |
long |
renewDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token)
Renews a delegation token from the server end-point using the
configured
Authenticator for authentication. |
long |
renewDelegationToken(URL url,
DelegationTokenAuthenticatedURL.Token token,
String doAsUser)
Renews a delegation token from the server end-point using the
configured
Authenticator for authentication. |
static void |
setDefaultDelegationTokenAuthenticator(Class<? extends DelegationTokenAuthenticator> authenticator)
Sets the default
DelegationTokenAuthenticator class to use when an
DelegationTokenAuthenticatedURL instance is created without
specifying one. |
protected void |
setUseQueryStringForDelegationToken(boolean useQueryString)
Deprecated.
|
boolean |
useQueryStringForDelegationToken()
Returns if delegation token is transmitted as a HTTP header.
|
public DelegationTokenAuthenticatedURL()
DelegationTokenAuthenticatedURL
.
An instance of the default DelegationTokenAuthenticator
will be
used.
public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator)
DelegationTokenAuthenticatedURL
.authenticator
- the DelegationTokenAuthenticator
instance to
use, if null
the default one will be used.public DelegationTokenAuthenticatedURL(org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)
DelegationTokenAuthenticatedURL
using the default
DelegationTokenAuthenticator
class.connConfigurator
- a connection configurator.public DelegationTokenAuthenticatedURL(DelegationTokenAuthenticator authenticator, org.apache.hadoop.security.authentication.client.ConnectionConfigurator connConfigurator)
DelegationTokenAuthenticatedURL
.authenticator
- the DelegationTokenAuthenticator
instance to
use, if null
the default one will be used.connConfigurator
- a connection configurator.public static void setDefaultDelegationTokenAuthenticator(Class<? extends DelegationTokenAuthenticator> authenticator)
DelegationTokenAuthenticator
class to use when an
DelegationTokenAuthenticatedURL
instance is created without
specifying one.
The default class is KerberosDelegationTokenAuthenticator
authenticator
- the authenticator class to use as default.public static Class<? extends DelegationTokenAuthenticator> getDefaultDelegationTokenAuthenticator()
DelegationTokenAuthenticator
class to use when
an DelegationTokenAuthenticatedURL
instance is created without
specifying one.
The default class is KerberosDelegationTokenAuthenticator
@Deprecated protected void setUseQueryStringForDelegationToken(boolean useQueryString)
DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER
HTTP header.
This method is provided to enable WebHDFS backwards compatibility.
useQueryString
- TRUE
if the token is transmitted in the
URL query string, FALSE
if the delegation token is transmitted
using the DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER
HTTP
header.public boolean useQueryStringForDelegationToken()
TRUE
if the token is transmitted in the URL query
string, FALSE
if the delegation token is transmitted using the
DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER
HTTP header.public HttpURLConnection openConnection(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
HttpURLConnection
, it uses a Delegation
Token only if the given auth token is an instance of DelegationTokenAuthenticatedURL.Token
and
it contains a Delegation Token, otherwise use the configured
DelegationTokenAuthenticator
to authenticate the connection.openConnection
in class org.apache.hadoop.security.authentication.client.AuthenticatedURL
url
- the URL to connect to. Only HTTP/S URLs are supported.token
- the authentication token being used for the user.HttpURLConnection
.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public HttpURLConnection openConnection(URL url, DelegationTokenAuthenticatedURL.Token token) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
HttpURLConnection
. If the Delegation
Token is present, it will be used taking precedence over the configured
Authenticator
.url
- the URL to connect to. Only HTTP/S URLs are supported.token
- the authentication token being used for the user.HttpURLConnection
.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public HttpURLConnection openConnection(URL url, DelegationTokenAuthenticatedURL.Token token, String doAs) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
HttpURLConnection
. If the Delegation
Token is present, it will be used taking precedence over the configured
Authenticator
. If the doAs
parameter is not NULL,
the request will be done on behalf of the specified doAs
user.url
- the URL to connect to. Only HTTP/S URLs are supported.token
- the authentication token being used for the user.doAs
- user to do the the request on behalf of, if NULL the request is
as self.HttpURLConnection
.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String renewer) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
Authenticator
for authentication.url
- the URL to get the delegation token from. Only HTTP/S URLs are
supported.token
- the authentication token being used for the user where the
Delegation token will be stored.renewer
- the renewer user.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String renewer, String doAsUser) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
Authenticator
for authentication.url
- the URL to get the delegation token from. Only HTTP/S URLs are
supported.token
- the authentication token being used for the user where the
Delegation token will be stored.renewer
- the renewer user.doAsUser
- the user to do as, which will be the token owner.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public long renewDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
Authenticator
for authentication.url
- the URL to renew the delegation token from. Only HTTP/S URLs are
supported.token
- the authentication token with the Delegation Token to renew.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public long renewDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String doAsUser) throws IOException, org.apache.hadoop.security.authentication.client.AuthenticationException
Authenticator
for authentication.url
- the URL to renew the delegation token from. Only HTTP/S URLs are
supported.token
- the authentication token with the Delegation Token to renew.doAsUser
- the user to do as, which will be the token owner.IOException
- if an IO error occurred.org.apache.hadoop.security.authentication.client.AuthenticationException
- if an authentication exception occurred.public void cancelDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token) throws IOException
Authenticator
.url
- the URL to cancel the delegation token from. Only HTTP/S URLs
are supported.token
- the authentication token with the Delegation Token to cancel.IOException
- if an IO error occurred.public void cancelDelegationToken(URL url, DelegationTokenAuthenticatedURL.Token token, String doAsUser) throws IOException
Authenticator
.url
- the URL to cancel the delegation token from. Only HTTP/S URLs
are supported.token
- the authentication token with the Delegation Token to cancel.doAsUser
- the user to do as, which will be the token owner.IOException
- if an IO error occurred.Copyright © 2020 Apache Software Foundation. All rights reserved.