Package org.apache.hadoop.security.authentication.server

Interface AuthenticationHandler

All Known Subinterfaces:
CompositeAuthenticationHandler
All Known Implementing Classes:
AltKerberosAuthenticationHandler, JWTRedirectAuthenticationHandler, KerberosAuthenticationHandler, LdapAuthenticationHandler, MultiSchemeAuthenticationHandler, PseudoAuthenticationHandler
public interface AuthenticationHandler
Interface for server authentication mechanisms. The AuthenticationFilter manages the lifecycle of the authentication handler. Implementations must be thread-safe as one instance is initialized and used for all requests.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    WWW_AUTHENTICATE
     

  • Method Summary

    Modifier and Type
    Method
    Description
    AuthenticationToken
    authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Performs an authentication step for the given HTTP client request.
    void
    destroy()
    Destroys the authentication handler instance.
    String
    getType()
    Returns the authentication type of the authentication handler.
    void
    init(Properties config)
    Initializes the authentication handler instance.
    boolean
    managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Performs an authentication management operation.

  • Field Details

  • Method Details

    • getType

      String getType()
      Returns the authentication type of the authentication handler. This should be a name that uniquely identifies the authentication type. For example 'simple' or 'kerberos'.
      Returns:
      the authentication type of the authentication handler.

    • init

      void init(Properties config) throws javax.servlet.ServletException
      Initializes the authentication handler instance.

      This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.

      Parameters:
      config - configuration properties to initialize the handler.
      Throws:
      javax.servlet.ServletException - thrown if the handler could not be initialized.

    • destroy

      void destroy()
      Destroys the authentication handler instance.

      This method is invoked by the AuthenticationFilter.destroy() method.

    • managementOperation

      boolean managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
      Performs an authentication management operation.

      This is useful for handling operations like get/renew/cancel delegation tokens which are being handled as operations of the service end-point.

      If the method returns TRUE the request will continue normal processing, this means the method has not produced any HTTP response.

      If the method returns FALSE the request will end, this means the method has produced the corresponding HTTP response.

      Parameters:
      token - the authentication token if any, otherwise NULL.
      request - the HTTP client request.
      response - the HTTP client response.
      Returns:
      TRUE if the request should be processed as a regular request, FALSE otherwise.
      Throws:
      IOException - thrown if an IO error occurred.
      AuthenticationException - thrown if an Authentication error occurred.

    • authenticate

      AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
      Performs an authentication step for the given HTTP client request.

      This method is invoked by the AuthenticationFilter only if the HTTP client request is not yet authenticated.

      Depending upon the authentication mechanism being implemented, a particular HTTP client may end up making a sequence of invocations before authentication is successfully established (this is the case of Kerberos SPNEGO).

      This method must return an AuthenticationToken only if the the HTTP client request has been successfully and fully authenticated.

      If the HTTP client request has not been completely authenticated, this method must take over the corresponding HTTP response and it must return null.

      Parameters:
      request - the HTTP client request.
      response - the HTTP client response.
      Returns:
      an AuthenticationToken if the HTTP client request has been authenticated, null otherwise (in this case it must take care of the response).
      Throws:
      IOException - thrown if an IO error occurred.
      AuthenticationException - thrown if an Authentication error occurred.