Package org.apache.hadoop.security.token.delegation.web

Class DelegationTokenAuthenticationFilter

java.lang.Object

org.apache.hadoop.security.authentication.server.AuthenticationFilter

org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter

@Private
@Evolving
public class DelegationTokenAuthenticationFilter
extends org.apache.hadoop.security.authentication.server.AuthenticationFilter

The DelegationTokenAuthenticationFilter filter is a AuthenticationFilter with Hadoop Delegation Token support.

By default it uses it own instance of the AbstractDelegationTokenSecretManager. For situations where an external AbstractDelegationTokenSecretManager is required (i.e. one that shares the secret with AbstractDelegationTokenSecretManager instance running in other services), the external AbstractDelegationTokenSecretManager must be set as an attribute in the ServletContext of the web application using the DELEGATION_TOKEN_SECRET_MANAGER_ATTR attribute name ( 'hadoop.http.delegation-token-secret-manager').

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	DELEGATION_TOKEN_SECRET_MANAGER_ATTR	Sets an external DelegationTokenSecretManager instance to manage creation and verification of Delegation Tokens.
static java.lang.String	PROXYUSER_PREFIX

Fields inherited from class org.apache.hadoop.security.authentication.server.AuthenticationFilter

ACTION_PARAM, AUTH_TOKEN_MAX_INACTIVE_INTERVAL, AUTH_TOKEN_VALIDITY, AUTH_TYPE, CONFIG_PREFIX, configPrefix, COOKIE_DOMAIN, COOKIE_PATH, COOKIE_PERSISTENT, SIGNATURE_SECRET, SIGNATURE_SECRET_FILE, SIGNER_SECRET_PROVIDER, SIGNER_SECRET_PROVIDER_ATTRIBUTE, SSO_LOGIN_COOKIE

Constructor Summary

Constructors

Constructor	Description
DelegationTokenAuthenticationFilter()

Method Summary

Modifier and Type	Method	Description
protected void	doFilter(javax.servlet.FilterChain filterChain, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected java.util.Properties	getConfiguration(java.lang.String configPrefix, javax.servlet.FilterConfig filterConfig)	It delegates to AuthenticationFilter.getConfiguration(String, FilterConfig) and then overrides the AuthenticationHandler to use if authentication type is set to simple or kerberos in order to use the corresponding implementation with delegation token support.
protected Configuration	getProxyuserConfiguration(javax.servlet.FilterConfig filterConfig)	Returns the proxyuser configuration.
void	init(javax.servlet.FilterConfig filterConfig)
protected void	initializeAuthHandler(java.lang.String authHandlerClassName, javax.servlet.FilterConfig filterConfig)
protected void	setAuthHandlerClass(java.util.Properties props)	Set AUTH_TYPE property to the name of the corresponding authentication handler class based on the input properties.
protected void	setHandlerAuthMethod(SaslRpcServer.AuthMethod authMethod)

Methods inherited from class org.apache.hadoop.security.authentication.server.AuthenticationFilter

constructSecretProvider, createAuthCookie, destroy, doFilter, getAuthenticationHandler, getAuthUrl, getConfiguration, getCookieDomain, getCookiePath, getCookieTokenName, getLogoutUrl, getMaxInactiveInterval, getRequestURL, getToken, getValidity, initializeSecretProvider, isCookiePersistent, isCustomSignerSecretProvider, isRandomSecret, verifyTokenType

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DELEGATION_TOKEN_SECRET_MANAGER_ATTR

public static final java.lang.String DELEGATION_TOKEN_SECRET_MANAGER_ATTR

Sets an external DelegationTokenSecretManager instance to manage creation and verification of Delegation Tokens.

This is useful for use cases where secrets must be shared across multiple services.

See Also:

Constant Field Values

PROXYUSER_PREFIX

public static final java.lang.String PROXYUSER_PREFIX

See Also:

Constant Field Values

Constructor Detail

DelegationTokenAuthenticationFilter

public DelegationTokenAuthenticationFilter()

Method Detail

getConfiguration

protected java.util.Properties getConfiguration(java.lang.String configPrefix,
                                                javax.servlet.FilterConfig filterConfig)
                                         throws javax.servlet.ServletException

It delegates to AuthenticationFilter.getConfiguration(String, FilterConfig) and then overrides the AuthenticationHandler to use if authentication type is set to simple or kerberos in order to use the corresponding implementation with delegation token support.

Overrides:

getConfiguration in class org.apache.hadoop.security.authentication.server.AuthenticationFilter

Parameters:

configPrefix - parameter not used.

filterConfig - parameter not used.

Returns:

hadoop-auth de-prefixed configuration for the filter and handler.

Throws:

javax.servlet.ServletException

setAuthHandlerClass

protected void setAuthHandlerClass(java.util.Properties props)
                            throws javax.servlet.ServletException

Set AUTH_TYPE property to the name of the corresponding authentication handler class based on the input properties.

Parameters:

props - input properties.

Throws:

javax.servlet.ServletException - servlet exception.

getProxyuserConfiguration

protected Configuration getProxyuserConfiguration(javax.servlet.FilterConfig filterConfig)
                                           throws javax.servlet.ServletException

Returns the proxyuser configuration. All returned properties must start with proxyuser.'

Subclasses may override this method if the proxyuser configuration is read from other place than the filter init parameters.

Parameters:

filterConfig - filter configuration object

Returns:

the proxyuser configuration properties.

Throws:

javax.servlet.ServletException - thrown if the configuration could not be created.

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Overrides:

init in class org.apache.hadoop.security.authentication.server.AuthenticationFilter

Throws:

javax.servlet.ServletException

initializeAuthHandler

protected void initializeAuthHandler(java.lang.String authHandlerClassName,
                                     javax.servlet.FilterConfig filterConfig)
                              throws javax.servlet.ServletException

Overrides:

initializeAuthHandler in class org.apache.hadoop.security.authentication.server.AuthenticationFilter

Throws:

javax.servlet.ServletException

setHandlerAuthMethod

protected void setHandlerAuthMethod(SaslRpcServer.AuthMethod authMethod)

doFilter

protected void doFilter(javax.servlet.FilterChain filterChain,
                        javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response)
                 throws java.io.IOException,
                        javax.servlet.ServletException

Overrides:

doFilter in class org.apache.hadoop.security.authentication.server.AuthenticationFilter

Throws:

java.io.IOException

javax.servlet.ServletException