Package org.apache.hadoop.security.authentication.client

Class AuthenticatedURL

java.lang.Object

org.apache.hadoop.security.authentication.client.AuthenticatedURL

public class AuthenticatedURL
extends Object

The AuthenticatedURL class enables the use of the JDK URL class against HTTP endpoints protected with the AuthenticationFilter.

The authentication mechanisms supported by default are Hadoop Simple authentication (also known as pseudo authentication) and Kerberos SPNEGO authentication.

Additional authentication mechanisms can be supported via Authenticator implementations.

The default Authenticator is the KerberosAuthenticator class which supports automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.

AuthenticatedURL instances are not thread-safe.

The usage pattern of the AuthenticatedURL is:

 // establishing an initial connection

 URL url = new URL("http://foo:8080/bar");
 AuthenticatedURL.Token token = new AuthenticatedURL.Token();
 AuthenticatedURL aUrl = new AuthenticatedURL();
 HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token);
 ....
 // use the 'conn' instance
 ....

 // establishing a follow up connection using a token from the previous connection

 HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token);
 ....
 // use the 'conn' instance
 ....

 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AuthenticatedURL.Token	Client side authentication token.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTH_COOKIE	Name of the HTTP cookie used for the authentication token between the client and the server.

Constructor Summary

Constructors

Constructor	Description
AuthenticatedURL()	Creates an AuthenticatedURL.
AuthenticatedURL(Authenticator authenticator)	Creates an AuthenticatedURL.
AuthenticatedURL(Authenticator authenticator, ConnectionConfigurator connConfigurator)	Creates an AuthenticatedURL.

Method Summary

Modifier and Type	Method	Description
static void	extractToken(HttpURLConnection conn, AuthenticatedURL.Token token)	Helper method that extracts an authentication token received from a connection.
protected Authenticator	getAuthenticator()	Returns the Authenticator instance used by the AuthenticatedURL.
static Class<? extends Authenticator>	getDefaultAuthenticator()	Returns the default Authenticator class to use when an AuthenticatedURL instance is created without specifying an authenticator.
static void	injectToken(HttpURLConnection conn, AuthenticatedURL.Token token)	Helper method that injects an authentication token to send with a connection.
HttpURLConnection	openConnection(URL url, AuthenticatedURL.Token token)	Returns an authenticated HttpURLConnection.
static void	setDefaultAuthenticator(Class<? extends Authenticator> authenticator)	Sets the default Authenticator class to use when an AuthenticatedURL instance is created without specifying an authenticator.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AUTH_COOKIE

public static final String AUTH_COOKIE

Name of the HTTP cookie used for the authentication token between the client and the server.

See Also:

• Constant Field Values

Constructor Details

AuthenticatedURL

public AuthenticatedURL()

Creates an AuthenticatedURL.

AuthenticatedURL

public AuthenticatedURL(Authenticator authenticator)

Creates an AuthenticatedURL.

Parameters:

authenticator - the Authenticator instance to use, if null a KerberosAuthenticator is used.

AuthenticatedURL

public AuthenticatedURL(Authenticator authenticator,
 ConnectionConfigurator connConfigurator)

Creates an AuthenticatedURL.

Parameters:

authenticator - the Authenticator instance to use, if null a KerberosAuthenticator is used.

connConfigurator - a connection configurator.

Method Details

setDefaultAuthenticator

public static void setDefaultAuthenticator(Class<? extends Authenticator> authenticator)

Sets the default Authenticator class to use when an AuthenticatedURL instance is created without specifying an authenticator.

Parameters:

authenticator - the authenticator class to use as default.

getDefaultAuthenticator

public static Class<? extends Authenticator> getDefaultAuthenticator()

Returns the default Authenticator class to use when an AuthenticatedURL instance is created without specifying an authenticator.

Returns:

the authenticator class to use as default.

getAuthenticator

protected Authenticator getAuthenticator()

Returns the Authenticator instance used by the AuthenticatedURL.

Returns:

the Authenticator instance

openConnection

public HttpURLConnection openConnection(URL url,
 AuthenticatedURL.Token token)
                                 throws IOException,
AuthenticationException

Returns an authenticated HttpURLConnection.

Parameters:

url - the URL to connect to. Only HTTP/S URLs are supported.

token - the authentication token being used for the user.

Returns:

an authenticated HttpURLConnection.

Throws:

IOException - if an IO error occurred.

AuthenticationException - if an authentication exception occurred.

injectToken

public static void injectToken(HttpURLConnection conn,
 AuthenticatedURL.Token token)

Helper method that injects an authentication token to send with a connection. Callers should prefer using AuthenticatedURL.Token.openConnection(URL, ConnectionConfigurator) which automatically manages authentication tokens.

Parameters:

conn - connection to inject the authentication token into.

token - authentication token to inject.

extractToken

public static void extractToken(HttpURLConnection conn,
 AuthenticatedURL.Token token)
                         throws IOException,
AuthenticationException

Helper method that extracts an authentication token received from a connection.

This method is used by Authenticator implementations.

Parameters:

conn - connection to extract the authentication token from.

token - the authentication token.

Throws:

IOException - if an IO error occurred.

AuthenticationException - if an authentication exception occurred.