|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.hadoop.security.authentication.server.AuthenticationFilter
public class AuthenticationFilter
The AuthenticationFilter
enables protecting web application resources with different (pluggable)
authentication mechanisms.
AuthenticationHandler
interface.
This filter delegates to the configured authentication handler for authentication and once it obtains an
AuthenticationToken
from it, sets a signed HTTP cookie with the token. For client requests
that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
and lets the request proceed to the target resource.
The supported configuration properties are:
PseudoAuthenticationHandler
, 'kerberos' is short for KerberosAuthenticationHandler
, otherwise
the full class name of the AuthenticationHandler
must be specified.3600
seconds.AuthenticationHandler
implementation and the
AuthenticationFilter
will take all the properties that start with the prefix #PREFIX#, it will remove
the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
not start with the prefix will not be passed to the authentication handler initialization.
Field Summary | |
---|---|
static String |
AUTH_TOKEN_VALIDITY
Constant for the configuration property that indicates the validity of the generated token. |
static String |
AUTH_TYPE
Constant for the property that specifies the authentication handler to use. |
static String |
CONFIG_PREFIX
Constant for the property that specifies the configuration prefix. |
static String |
COOKIE_DOMAIN
Constant for the configuration property that indicates the domain to use in the HTTP cookie. |
static String |
COOKIE_PATH
Constant for the configuration property that indicates the path to use in the HTTP cookie. |
static String |
SIGNATURE_SECRET
Constant for the property that specifies the secret to use for signing the HTTP Cookies. |
Constructor Summary | |
---|---|
AuthenticationFilter()
|
Method Summary | |
---|---|
protected javax.servlet.http.Cookie |
createCookie(String token)
Creates the Hadoop authentiation HTTP cookie. |
void |
destroy()
Destroys the filter. |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
If the request has a valid authentication token it allows the request to continue to the target resource, otherwise it triggers an authentication sequence using the configured AuthenticationHandler . |
protected AuthenticationHandler |
getAuthenticationHandler()
Returns the authentication handler being used. |
protected Properties |
getConfiguration(String configPrefix,
javax.servlet.FilterConfig filterConfig)
Returns the filtered configuration (only properties starting with the specified prefix). |
protected String |
getCookieDomain()
Returns the cookie domain to use for the HTTP cookie. |
protected String |
getCookiePath()
Returns the cookie path to use for the HTTP cookie. |
protected String |
getRequestURL(javax.servlet.http.HttpServletRequest request)
Returns the full URL of the request including the query string. |
protected AuthenticationToken |
getToken(javax.servlet.http.HttpServletRequest request)
Returns the AuthenticationToken for the request. |
protected long |
getValidity()
Returns the validity time of the generated tokens. |
void |
init(javax.servlet.FilterConfig filterConfig)
Initializes the authentication filter. |
protected boolean |
isRandomSecret()
Returns if a random secret is being used. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String CONFIG_PREFIX
public static final String AUTH_TYPE
public static final String SIGNATURE_SECRET
public static final String AUTH_TOKEN_VALIDITY
public static final String COOKIE_DOMAIN
public static final String COOKIE_PATH
Constructor Detail |
---|
public AuthenticationFilter()
Method Detail |
---|
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
AuthenticationHandler
.
init
in interface javax.servlet.Filter
filterConfig
- filter configuration.
javax.servlet.ServletException
- thrown if the filter or the authentication handler could not be initialized properly.protected AuthenticationHandler getAuthenticationHandler()
protected boolean isRandomSecret()
protected long getValidity()
protected String getCookieDomain()
protected String getCookiePath()
public void destroy()
AuthenticationHandler.destroy()
method to release any resources it may hold.
destroy
in interface javax.servlet.Filter
protected Properties getConfiguration(String configPrefix, javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
Properties
object is used to initialized the
AuthenticationHandler
.
This method can be overriden by subclasses to obtain the configuration from other configuration source than
the web.xml file.
configPrefix
- configuration prefix to use for extracting configuration properties.filterConfig
- filter configuration object
AuthenticationHandler
instance.
javax.servlet.ServletException
- thrown if the configuration could not be created.protected String getRequestURL(javax.servlet.http.HttpServletRequest request)
request
- the request object.
protected AuthenticationToken getToken(javax.servlet.http.HttpServletRequest request) throws IOException, AuthenticationException
AuthenticationToken
for the request.
It looks at the received HTTP cookies and extracts the value of the AuthenticatedURL.AUTH_COOKIE
if present. It verifies the signature and if correct it creates the AuthenticationToken
and returns
it.
If this method returns null
the filter will invoke the configured AuthenticationHandler
to perform user authentication.
request
- request object.
null
otherwise.
IOException
- thrown if an IO error occurred.
AuthenticationException
- thrown if the token is invalid or if it has expired.public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
AuthenticationHandler
.
doFilter
in interface javax.servlet.Filter
request
- the request object.response
- the response object.filterChain
- the filter chain object.
IOException
- thrown if an IO error occurred.
javax.servlet.ServletException
- thrown if a processing error occurred.protected javax.servlet.http.Cookie createCookie(String token)
token
- authentication token for the cookie.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |