org.apache.hadoop.security.token.delegation.web

Class DelegationTokenAuthenticator

java.lang.Object

org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator

All Implemented Interfaces:

org.apache.hadoop.security.authentication.client.Authenticator

Direct Known Subclasses:

KerberosDelegationTokenAuthenticator, PseudoDelegationTokenAuthenticator

@InterfaceAudience.Public
 @InterfaceStability.Evolving
public abstract class DelegationTokenAuthenticator
extends Object
implements org.apache.hadoop.security.authentication.client.Authenticator

Authenticator wrapper that enhances an Authenticator with Delegation Token support.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DELEGATION_PARAM
static String	DELEGATION_TOKEN_HEADER
static String	DELEGATION_TOKEN_JSON
static String	DELEGATION_TOKEN_URL_STRING_JSON
static String	OP_PARAM
static String	RENEW_DELEGATION_TOKEN_JSON
static String	RENEWER_PARAM
static String	SERVICE_PARAM
static String	TOKEN_PARAM

Constructor Summary

Constructors

Constructor and Description
DelegationTokenAuthenticator(org.apache.hadoop.security.authentication.client.Authenticator authenticator)

Method Summary

Modifier and Type	Method and Description
void	authenticate(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token) Authenticates against a URL and returns a AuthenticatedURL.Token to be used by subsequent requests.
void	cancelDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken) Cancels a delegation token from the server end-point.
void	cancelDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser) Cancels a delegation token from the server end-point.
Token<AbstractDelegationTokenIdentifier>	getDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, String renewer) Requests a delegation token using the configured Authenticator for authentication.
Token<AbstractDelegationTokenIdentifier>	getDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, String renewer, String doAsUser) Requests a delegation token using the configured Authenticator for authentication.
long	renewDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken) Renews a delegation token from the server end-point using the configured Authenticator for authentication.
long	renewDelegationToken(URL url, org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser) Renews a delegation token from the server end-point using the configured Authenticator for authentication.
void	setConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator configurator) Sets a ConnectionConfigurator instance to use for configuring connections.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OP_PARAM

public static final String OP_PARAM

See Also:

Constant Field Values

DELEGATION_TOKEN_HEADER

public static final String DELEGATION_TOKEN_HEADER

See Also:

Constant Field Values

DELEGATION_PARAM

public static final String DELEGATION_PARAM

See Also:

Constant Field Values

TOKEN_PARAM

public static final String TOKEN_PARAM

See Also:

Constant Field Values

RENEWER_PARAM

public static final String RENEWER_PARAM

See Also:

Constant Field Values

SERVICE_PARAM

public static final String SERVICE_PARAM

See Also:

Constant Field Values

DELEGATION_TOKEN_JSON

public static final String DELEGATION_TOKEN_JSON

See Also:

Constant Field Values

DELEGATION_TOKEN_URL_STRING_JSON

public static final String DELEGATION_TOKEN_URL_STRING_JSON

See Also:

Constant Field Values

RENEW_DELEGATION_TOKEN_JSON

public static final String RENEW_DELEGATION_TOKEN_JSON

See Also:

Constant Field Values

Constructor Detail

DelegationTokenAuthenticator

public DelegationTokenAuthenticator(org.apache.hadoop.security.authentication.client.Authenticator authenticator)

Method Detail

setConnectionConfigurator

public void setConnectionConfigurator(org.apache.hadoop.security.authentication.client.ConnectionConfigurator configurator)

Description copied from interface: org.apache.hadoop.security.authentication.client.Authenticator

Sets a ConnectionConfigurator instance to use for configuring connections.

Specified by:

setConnectionConfigurator in interface org.apache.hadoop.security.authentication.client.Authenticator

Parameters:

configurator - the ConnectionConfigurator instance.

authenticate

public void authenticate(URL url,
                         org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token)
                  throws IOException,
                         org.apache.hadoop.security.authentication.client.AuthenticationException

Description copied from interface: org.apache.hadoop.security.authentication.client.Authenticator

Authenticates against a URL and returns a AuthenticatedURL.Token to be used by subsequent requests.

Specified by:

authenticate in interface org.apache.hadoop.security.authentication.client.Authenticator

Parameters:

url - the URl to authenticate against.

token - the authentication token being used for the user.

Throws:

IOException - if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication error occurred.

getDelegationToken

public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url,
                                                                   org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                                                   String renewer)
                                                            throws IOException,
                                                                   org.apache.hadoop.security.authentication.client.AuthenticationException

Requests a delegation token using the configured Authenticator for authentication.

Parameters:

url - the URL to get the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token being used for the user where the Delegation token will be stored.

renewer - the renewer user.

Returns:

abstract delegation token identifier.

Throws:

IOException - if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

getDelegationToken

public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url,
                                                                   org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                                                   String renewer,
                                                                   String doAsUser)
                                                            throws IOException,
                                                                   org.apache.hadoop.security.authentication.client.AuthenticationException

Requests a delegation token using the configured Authenticator for authentication.

Parameters:

url - the URL to get the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token being used for the user where the Delegation token will be stored.

renewer - the renewer user.

doAsUser - the user to do as, which will be the token owner.

Returns:

abstract delegation token identifier.

Throws:

IOException - if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

renewDelegationToken

public long renewDelegationToken(URL url,
                                 org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                 Token<AbstractDelegationTokenIdentifier> dToken)
                          throws IOException,
                                 org.apache.hadoop.security.authentication.client.AuthenticationException

Renews a delegation token from the server end-point using the configured Authenticator for authentication.

Parameters:

url - the URL to renew the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token with the Delegation Token to renew.

dToken - abstract delegation token identifier.

Returns:

delegation token long value.

Throws:

IOException - if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

renewDelegationToken

public long renewDelegationToken(URL url,
                                 org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                 Token<AbstractDelegationTokenIdentifier> dToken,
                                 String doAsUser)
                          throws IOException,
                                 org.apache.hadoop.security.authentication.client.AuthenticationException

Renews a delegation token from the server end-point using the configured Authenticator for authentication.

Parameters:

url - the URL to renew the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token with the Delegation Token to renew.

doAsUser - the user to do as, which will be the token owner.

dToken - abstract delegation token identifier.

Returns:

delegation token long value.

Throws:

IOException - if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - if an authentication exception occurred.

cancelDelegationToken

public void cancelDelegationToken(URL url,
                                  org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                  Token<AbstractDelegationTokenIdentifier> dToken)
                           throws IOException

Cancels a delegation token from the server end-point. It does not require being authenticated by the configured Authenticator.

Parameters:

url - the URL to cancel the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token with the Delegation Token to cancel.

dToken - abstract delegation token identifier.

Throws:

IOException - if an IO error occurred.

cancelDelegationToken

public void cancelDelegationToken(URL url,
                                  org.apache.hadoop.security.authentication.client.AuthenticatedURL.Token token,
                                  Token<AbstractDelegationTokenIdentifier> dToken,
                                  String doAsUser)
                           throws IOException

Cancels a delegation token from the server end-point. It does not require being authenticated by the configured Authenticator.

Parameters:

url - the URL to cancel the delegation token from. Only HTTP/S URLs are supported.

token - the authentication token with the Delegation Token to cancel.

dToken - abstract delegation token identifier.

doAsUser - the user to do as, which will be the token owner.

Throws:

IOException - if an IO error occurred.