public DelegationTokenAuthenticationHandler(AuthenticationHandler handler) { authHandler = handler; authType = handler.getType(); }
public KerberosDelegationTokenAuthenticationHandler() { super(new KerberosAuthenticationHandler(KerberosAuthenticationHandler.TYPE + TYPE_POSTFIX)); }
public PseudoDelegationTokenAuthenticationHandler() { super(new PseudoAuthenticationHandler(PseudoAuthenticationHandler.TYPE + TYPE_POSTFIX)); }
if (getAuthenticationHandler().managementOperation(token, httpRequest, httpResponse)) { if (token == null) { if (log.isDebugEnabled()) { log.debug("Request [{%s}] triggering authentication", getRequestURL(httpRequest)); token = getAuthenticationHandler().authenticate(httpRequest, httpResponse); if (token != null && token.getExpires() != 0 && token != AuthenticationToken.ANONYMOUS) { token.setExpires(System.currentTimeMillis() + getValidity() * 1000); unauthorizedResponse = false; if (log.isDebugEnabled()) { log.debug("Request [{%s}] user [{%s}] authenticated", getRequestURL(httpRequest), token.getUserName()); if (newToken && !token.isExpired() && token != AuthenticationToken.ANONYMOUS) { String signedToken = mySigner.sign(token.toString()); tokenToAuthCookie( httpResponse, getCookieDomain(), getCookiePath(), token.getExpires(), !token.isExpired() && token.getExpires() > 0, isHttps ); getCookieDomain(), getCookiePath(), token.getExpires(),
token = new AuthenticationToken(shortName, ugi.getUserName(), getType()); token.setExpires(0); request.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, ugi); } catch (Throwable ex) { token = authHandler.authenticate(request, response);
/** * It delegates to * {@link AuthenticationFilter#getConfiguration(String, FilterConfig)} and * then overrides the {@link AuthenticationHandler} to use if authentication * type is set to <code>simple</code> or <code>kerberos</code> in order to use * the corresponding implementation with delegation token support. * * @param configPrefix parameter not used. * @param filterConfig parameter not used. * @return hadoop-auth de-prefixed configuration for the filter and handler. */ @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig); setAuthHandlerClass(props); return props; }
super.doFilter(filterChain, request, response); } finally { UGI_TL.remove();
KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName(); token = new AuthenticationToken(userName, clientPrincipal, getType()); response.setStatus(HttpServletResponse.SC_OK); log.trace("SPNEGO completed for principal [%s]", clientPrincipal);
super.init(filterConfig); String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX); configPrefix = (configPrefix != null) ? configPrefix + "." : "";
private static SignerSecretProvider constructSecretProvider(final Builder b, ServletContext ctx) throws Exception { final Configuration conf = b.conf; Properties config = getFilterProperties(conf, b.authFilterConfigurationPrefix); return AuthenticationFilter.constructSecretProvider( ctx, config, b.disallowFallbackToRandomSignerSecretProvider); }
@Override public void destroy() { tokenManager.destroy(); authHandler.destroy(); }
@Override public void init(Properties config) throws ServletException { authHandler.init(config); initTokenManager(config); initJsonFactory(config); }
@Override protected void initializeAuthHandler(String authHandlerClassName, FilterConfig filterConfig) throws ServletException { // A single CuratorFramework should be used for a ZK cluster. // If the ZKSignerSecretProvider has already created it, it has to // be set here... to be used by the ZKDelegationTokenSecretManager ZKDelegationTokenSecretManager.setCurator((CuratorFramework) filterConfig.getServletContext().getAttribute(ZKSignerSecretProvider. ZOOKEEPER_SIGNER_SECRET_PROVIDER_CURATOR_CLIENT_ATTRIBUTE)); super.initializeAuthHandler(authHandlerClassName, filterConfig); ZKDelegationTokenSecretManager.setCurator(null); }
@Override public Collection<String> getTokenTypes() { return ((CompositeAuthenticationHandler) getAuthHandler()).getTokenTypes(); }
@Override public void init(Properties config) throws ServletException { super.init(config); // Figure out the HTTP authentication schemes configured. String schemesProperty = Preconditions.checkNotNull(config .getProperty(MultiSchemeAuthenticationHandler.SCHEMES_PROPERTY)); // Figure out the HTTP authentication schemes configured for delegation // tokens. String delegationAuthSchemesProp = Preconditions.checkNotNull(config .getProperty(DELEGATION_TOKEN_SCHEMES_PROPERTY)); Set<String> authSchemes = new HashSet<>(); for (String scheme : STR_SPLITTER.split(schemesProperty)) { authSchemes.add(AuthenticationHandlerUtil.checkAuthScheme(scheme)); } delegationAuthSchemes = new HashSet<>(); for (String scheme : STR_SPLITTER.split(delegationAuthSchemesProp)) { delegationAuthSchemes.add(AuthenticationHandlerUtil .checkAuthScheme(scheme)); } Preconditions.checkArgument(authSchemes.containsAll(delegationAuthSchemes)); }
for (String scheme : delegationAuthSchemes) { if (AuthenticationHandlerUtil. matchAuthScheme(scheme, authorization)) { schemeConfigured = true; break;
public MultiSchemeDelegationTokenAuthenticationHandler() { super(new MultiSchemeAuthenticationHandler( MultiSchemeAuthenticationHandler.TYPE + TYPE_POSTFIX)); }
protected Properties getConfiguration( String configPrefix, FilterConfig filterConfig) throws ServletException { Properties props = super.getConfiguration(configPrefix, filterConfig);
@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }