org.apache.hadoop.yarn.server.resourcemanager.security

Class RMAuthenticationHandler

java.lang.Object

org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

org.apache.hadoop.yarn.server.resourcemanager.security.RMAuthenticationHandler

All Implemented Interfaces:

org.apache.hadoop.security.authentication.server.AuthenticationHandler

public class RMAuthenticationHandler
extends org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Field Summary

Fields

Modifier and Type	Field and Description
static String	HEADER
static String	TYPE

Fields inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

KEYTAB, NAME_RULES, PRINCIPAL

Constructor Summary

Constructors

Constructor and Description
RMAuthenticationHandler()

Method Summary

Methods

Modifier and Type	Method and Description
org.apache.hadoop.security.authentication.server.AuthenticationToken	authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticates a request looking for the delegation header and verifying it is a valid token.
protected String	getEncodedDelegationTokenFromRequest(javax.servlet.http.HttpServletRequest req) Extract encoded delegation token from request
String	getType() Returns authentication type of the handler.
boolean	managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static void	setSecretManager(RMDelegationTokenSecretManager manager)
protected org.apache.hadoop.security.UserGroupInformation	verifyToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier> token) Verifies a delegation token.

Methods inherited from class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

destroy, getKeytab, getPrincipals, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TYPE

public static final String TYPE

See Also:

Constant Field Values

HEADER

public static final String HEADER

See Also:

Constant Field Values

Constructor Detail

RMAuthenticationHandler

public RMAuthenticationHandler()

Method Detail

getType

public String getType()

Returns authentication type of the handler.

Specified by:

getType in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

Overrides:

getType in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Returns:

kerberos-dt

managementOperation

public boolean managementOperation(org.apache.hadoop.security.authentication.server.AuthenticationToken token,
                          javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

Specified by:

managementOperation in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

Overrides:

managementOperation in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

authenticate

public org.apache.hadoop.security.authentication.server.AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request,
                                                                                javax.servlet.http.HttpServletResponse response)
                                                                                  throws IOException,
                                                                                         org.apache.hadoop.security.authentication.client.AuthenticationException

Authenticates a request looking for the delegation header and verifying it is a valid token. If the header is missing, it delegates the authentication to the KerberosAuthenticationHandler unless it is disabled.

Specified by:

authenticate in interface org.apache.hadoop.security.authentication.server.AuthenticationHandler

Overrides:

authenticate in class org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler

Parameters:

request - the HTTP client request.

response - the HTTP client response.

Returns:

the authentication token for the authenticated request.

Throws:

IOException - thrown if an IO error occurred.

org.apache.hadoop.security.authentication.client.AuthenticationException - thrown if the authentication failed.

verifyToken

protected org.apache.hadoop.security.UserGroupInformation verifyToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier> token)
                                                               throws IOException

Verifies a delegation token.

Parameters:

token - delegation token to verify.

Returns:

the UGI for the token; null if the verification fails

Throws:

IOException - thrown if the token could not be verified.

getEncodedDelegationTokenFromRequest

protected String getEncodedDelegationTokenFromRequest(javax.servlet.http.HttpServletRequest req)

Extract encoded delegation token from request

Parameters:

req - HTTPServletRequest object

Returns:

String containing the encoded token; null if encoded token not found

setSecretManager

public static void setSecretManager(RMDelegationTokenSecretManager manager)