Package com.mapr.security.maprauth
Class MaprAuthenticationHandler
- java.lang.Object
-
- org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler
-
- org.apache.hadoop.security.authentication.server.AbstractMaprAuthenticationHandler
-
- com.mapr.security.maprauth.MaprAuthenticationHandler
-
- All Implemented Interfaces:
org.apache.hadoop.security.authentication.server.AuthenticationHandler
public class MaprAuthenticationHandler extends org.apache.hadoop.security.authentication.server.AbstractMaprAuthenticationHandler
-
-
Constructor Summary
Constructors Constructor Description MaprAuthenticationHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidinit(java.util.Properties config)This function is invoked when the filter is coming up.org.apache.hadoop.security.authentication.server.AuthenticationTokenmaprAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)This function is called once we establish the client is authenticating using Mapr ticket and has responded with Mapr negotiate header.-
Methods inherited from class org.apache.hadoop.security.authentication.server.AbstractMaprAuthenticationHandler
addHeader, destroy, getAuthBasedEntity, postauthenticate
-
-
-
-
Method Detail
-
init
public void init(java.util.Properties config) throws javax.servlet.ServletExceptionThis function is invoked when the filter is coming up. we try to get the mapr serverkey which will be used later to decrypt information sent by the client Also since we may be required to authenticate using Kerberos we invoke the kerberos init code after checking if the principal and keytab specified in the config file exist. If they don't exist we don't invoke the kerberos init code because we don't expect to use kerberos.- Specified by:
initin interfaceorg.apache.hadoop.security.authentication.server.AuthenticationHandler- Specified by:
initin classorg.apache.hadoop.security.authentication.server.AbstractMaprAuthenticationHandler- Parameters:
config- configuration properties to initialize the handler.- Throws:
javax.servlet.ServletException
-
maprAuthenticate
public org.apache.hadoop.security.authentication.server.AuthenticationToken maprAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, org.apache.hadoop.security.authentication.client.AuthenticationExceptionThis function is called once we establish the client is authenticating using Mapr ticket and has responded with Mapr negotiate header. Here the server tries to decrypt the bytes (ticket and key) sent by the client using serverkey. Verifies the credentials in the ticket and if the ticket has not expired. Once the server decrypts the ticket and key it has the userkey Using this userkey it decrypts the random secret challenge sent by the client. Increments this by one, encrypts it using userkey and adds it to the response. Since the server has completed verifying the client it generates the authentication token and completes the handshake Anytime there is an error the server sets the error header (WWW_ERR_AUTHENTICATE) and appends the reason for the error, so that the client can display relevant error message- Specified by:
maprAuthenticatein classorg.apache.hadoop.security.authentication.server.AbstractMaprAuthenticationHandler- Parameters:
request- the HTTP client requestresponse- the HTTP client response- Returns:
- Throws:
java.io.IOExceptionorg.apache.hadoop.security.authentication.client.AuthenticationException
-
-