Package org.apache.hadoop.security.authentication.client

Class KerberosAuthenticator

java.lang.Object

org.apache.hadoop.security.authentication.client.KerberosAuthenticator

All Implemented Interfaces:

Authenticator

public class KerberosAuthenticator
extends Object
implements Authenticator

The KerberosAuthenticator implements the Kerberos SPNEGO authentication sequence.

It uses the default principal for the Kerberos cache (normally set via kinit).

It falls back to the PseudoAuthenticator if the HTTP endpoint does not trigger an SPNEGO authentication sequence.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTHORIZATION	HTTP header used by the SPNEGO client endpoint during an authentication sequence.
static final String	NEGOTIATE	HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.
static final String	WWW_AUTHENTICATE	HTTP header used by the SPNEGO server endpoint during an authentication sequence.

Constructor Summary

Constructors

Constructor	Description
KerberosAuthenticator()

Method Summary

Modifier and Type	Method	Description
void	authenticate(URL url, AuthenticatedURL.Token token)	Performs SPNEGO authentication against the specified URL.
protected Authenticator	getFallBackAuthenticator()	If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.
void	setConnectionConfigurator(ConnectionConfigurator configurator)	Sets a ConnectionConfigurator instance to use for configuring connections.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

WWW_AUTHENTICATE

public static final String WWW_AUTHENTICATE

HTTP header used by the SPNEGO server endpoint during an authentication sequence.

See Also:

• Constant Field Values

AUTHORIZATION

public static final String AUTHORIZATION

HTTP header used by the SPNEGO client endpoint during an authentication sequence.

See Also:

• Constant Field Values

NEGOTIATE

public static final String NEGOTIATE

HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.

See Also:

• Constant Field Values

Constructor Details

KerberosAuthenticator

public KerberosAuthenticator()

Method Details

setConnectionConfigurator

public void setConnectionConfigurator(ConnectionConfigurator configurator)

Sets a ConnectionConfigurator instance to use for configuring connections.

Specified by:

setConnectionConfigurator in interface Authenticator

Parameters:

configurator - the ConnectionConfigurator instance.

authenticate

public void authenticate(URL url,
 AuthenticatedURL.Token token)
                  throws IOException,
AuthenticationException

Performs SPNEGO authentication against the specified URL.

If a token is given it does a NOP and returns the given token.

If no token is given, it will perform the SPNEGO authentication sequence using an HTTP OPTIONS request.

Specified by:

authenticate in interface Authenticator

Parameters:

url - the URl to authenticate against.

token - the authentication token being used for the user.

Throws:

IOException - if an IO error occurred.

AuthenticationException - if an authentication error occurred.

getFallBackAuthenticator

protected Authenticator getFallBackAuthenticator()

If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.

This implementation returns a PseudoAuthenticator.

Returns:

the fallback Authenticator.