HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc comments.
This commit is contained in:
parent
394c70c21d
commit
f71eb51ab8
@ -24,19 +24,18 @@
|
|||||||
/**
|
/**
|
||||||
* The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class
|
* The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class
|
||||||
* against HTTP endpoints protected with the {@link AuthenticationFilter}.
|
* against HTTP endpoints protected with the {@link AuthenticationFilter}.
|
||||||
* <p/>
|
* <p>
|
||||||
* The authentication mechanisms supported by default are Hadoop Simple authentication
|
* The authentication mechanisms supported by default are Hadoop Simple authentication
|
||||||
* (also known as pseudo authentication) and Kerberos SPNEGO authentication.
|
* (also known as pseudo authentication) and Kerberos SPNEGO authentication.
|
||||||
* <p/>
|
* <p>
|
||||||
* Additional authentication mechanisms can be supported via {@link Authenticator} implementations.
|
* Additional authentication mechanisms can be supported via {@link Authenticator} implementations.
|
||||||
* <p/>
|
* <p>
|
||||||
* The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports
|
* The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports
|
||||||
* automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.
|
* automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.
|
||||||
* <p/>
|
* <p>
|
||||||
* <code>AuthenticatedURL</code> instances are not thread-safe.
|
* <code>AuthenticatedURL</code> instances are not thread-safe.
|
||||||
* <p/>
|
* <p>
|
||||||
* The usage pattern of the {@link AuthenticatedURL} is:
|
* The usage pattern of the {@link AuthenticatedURL} is:
|
||||||
* <p/>
|
|
||||||
* <pre>
|
* <pre>
|
||||||
*
|
*
|
||||||
* // establishing an initial connection
|
* // establishing an initial connection
|
||||||
@ -240,7 +239,7 @@ public static void injectToken(HttpURLConnection conn, Token token) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper method that extracts an authentication token received from a connection.
|
* Helper method that extracts an authentication token received from a connection.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is used by {@link Authenticator} implementations.
|
* This method is used by {@link Authenticator} implementations.
|
||||||
*
|
*
|
||||||
* @param conn connection to extract the authentication token from.
|
* @param conn connection to extract the authentication token from.
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Interface for client authentication mechanisms.
|
* Interface for client authentication mechanisms.
|
||||||
* <p/>
|
* <p>
|
||||||
* Implementations are use-once instances, they don't need to be thread safe.
|
* Implementations are use-once instances, they don't need to be thread safe.
|
||||||
*/
|
*/
|
||||||
public interface Authenticator {
|
public interface Authenticator {
|
||||||
|
@ -43,9 +43,9 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence.
|
* The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence.
|
||||||
* <p/>
|
* <p>
|
||||||
* It uses the default principal for the Kerberos cache (normally set via kinit).
|
* It uses the default principal for the Kerberos cache (normally set via kinit).
|
||||||
* <p/>
|
* <p>
|
||||||
* It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication
|
* It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication
|
||||||
* sequence.
|
* sequence.
|
||||||
*/
|
*/
|
||||||
@ -162,9 +162,9 @@ public void setConnectionConfigurator(ConnectionConfigurator configurator) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs SPNEGO authentication against the specified URL.
|
* Performs SPNEGO authentication against the specified URL.
|
||||||
* <p/>
|
* <p>
|
||||||
* If a token is given it does a NOP and returns the given token.
|
* If a token is given it does a NOP and returns the given token.
|
||||||
* <p/>
|
* <p>
|
||||||
* If no token is given, it will perform the SPNEGO authentication sequence using an
|
* If no token is given, it will perform the SPNEGO authentication sequence using an
|
||||||
* HTTP <code>OPTIONS</code> request.
|
* HTTP <code>OPTIONS</code> request.
|
||||||
*
|
*
|
||||||
@ -211,7 +211,7 @@ public void authenticate(URL url, AuthenticatedURL.Token token)
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used.
|
* If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used.
|
||||||
* <p/>
|
* <p>
|
||||||
* This implementation returns a {@link PseudoAuthenticator}.
|
* This implementation returns a {@link PseudoAuthenticator}.
|
||||||
*
|
*
|
||||||
* @return the fallback {@link Authenticator}.
|
* @return the fallback {@link Authenticator}.
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
/**
|
/**
|
||||||
* The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's
|
* The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's
|
||||||
* Simple authentication, it trusts the value of the 'user.name' Java System property.
|
* Simple authentication, it trusts the value of the 'user.name' Java System property.
|
||||||
* <p/>
|
* <p>
|
||||||
* The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name').
|
* The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name').
|
||||||
*/
|
*/
|
||||||
public class PseudoAuthenticator implements Authenticator {
|
public class PseudoAuthenticator implements Authenticator {
|
||||||
@ -47,13 +47,13 @@ public void setConnectionConfigurator(ConnectionConfigurator configurator) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs simple authentication against the specified URL.
|
* Performs simple authentication against the specified URL.
|
||||||
* <p/>
|
* <p>
|
||||||
* If a token is given it does a NOP and returns the given token.
|
* If a token is given it does a NOP and returns the given token.
|
||||||
* <p/>
|
* <p>
|
||||||
* If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
|
* If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
|
||||||
* parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()}
|
* parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()}
|
||||||
* method.
|
* method.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the response is successful it will update the authentication token.
|
* If the response is successful it will update the authentication token.
|
||||||
*
|
*
|
||||||
* @param url the URl to authenticate against.
|
* @param url the URl to authenticate against.
|
||||||
@ -79,7 +79,7 @@ public void authenticate(URL url, AuthenticatedURL.Token token) throws IOExcepti
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the current user name.
|
* Returns the current user name.
|
||||||
* <p/>
|
* <p>
|
||||||
* This implementation returns the value of the Java system property 'user.name'
|
* This implementation returns the value of the Java system property 'user.name'
|
||||||
*
|
*
|
||||||
* @return the current user name.
|
* @return the current user name.
|
||||||
|
@ -28,7 +28,6 @@
|
|||||||
* to allow a developer to implement their own custom authentication for browser
|
* to allow a developer to implement their own custom authentication for browser
|
||||||
* access. The alternateAuthenticate method will be called whenever a request
|
* access. The alternateAuthenticate method will be called whenever a request
|
||||||
* comes from a browser.
|
* comes from a browser.
|
||||||
* <p/>
|
|
||||||
*/
|
*/
|
||||||
public abstract class AltKerberosAuthenticationHandler
|
public abstract class AltKerberosAuthenticationHandler
|
||||||
extends KerberosAuthenticationHandler {
|
extends KerberosAuthenticationHandler {
|
||||||
@ -52,7 +51,6 @@ public abstract class AltKerberosAuthenticationHandler
|
|||||||
/**
|
/**
|
||||||
* Returns the authentication type of the authentication handler,
|
* Returns the authentication type of the authentication handler,
|
||||||
* 'alt-kerberos'.
|
* 'alt-kerberos'.
|
||||||
* <p/>
|
|
||||||
*
|
*
|
||||||
* @return the authentication type of the authentication handler,
|
* @return the authentication type of the authentication handler,
|
||||||
* 'alt-kerberos'.
|
* 'alt-kerberos'.
|
||||||
@ -80,7 +78,6 @@ public void init(Properties config) throws ServletException {
|
|||||||
* completed successfully (in the case of Java access) and only after the
|
* completed successfully (in the case of Java access) and only after the
|
||||||
* custom authentication implemented by the subclass in alternateAuthenticate
|
* custom authentication implemented by the subclass in alternateAuthenticate
|
||||||
* has completed successfully (in the case of browser access).
|
* has completed successfully (in the case of browser access).
|
||||||
* <p/>
|
|
||||||
*
|
*
|
||||||
* @param request the HTTP client request.
|
* @param request the HTTP client request.
|
||||||
* @param response the HTTP client response.
|
* @param response the HTTP client response.
|
||||||
@ -109,7 +106,7 @@ public AuthenticationToken authenticate(HttpServletRequest request,
|
|||||||
* refers to a browser. If its not a browser, then Kerberos authentication
|
* refers to a browser. If its not a browser, then Kerberos authentication
|
||||||
* will be used; if it is a browser, alternateAuthenticate from the subclass
|
* will be used; if it is a browser, alternateAuthenticate from the subclass
|
||||||
* will be used.
|
* will be used.
|
||||||
* <p/>
|
* <p>
|
||||||
* A User-Agent String is considered to be a browser if it does not contain
|
* A User-Agent String is considered to be a browser if it does not contain
|
||||||
* any of the values from alt-kerberos.non-browser.user-agents; the default
|
* any of the values from alt-kerberos.non-browser.user-agents; the default
|
||||||
* behavior is to consider everything a browser unless it contains one of:
|
* behavior is to consider everything a browser unless it contains one of:
|
||||||
|
@ -44,18 +44,20 @@
|
|||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The {@link AuthenticationFilter} enables protecting web application resources with different (pluggable)
|
* <p>The {@link AuthenticationFilter} enables protecting web application
|
||||||
|
* resources with different (pluggable)
|
||||||
* authentication mechanisms and signer secret providers.
|
* authentication mechanisms and signer secret providers.
|
||||||
* <p/>
|
* </p>
|
||||||
|
* <p>
|
||||||
* Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO.
|
* Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO.
|
||||||
* <p/>
|
* </p>
|
||||||
* Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface.
|
* Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface.
|
||||||
* <p/>
|
* <p>
|
||||||
* This filter delegates to the configured authentication handler for authentication and once it obtains an
|
* This filter delegates to the configured authentication handler for authentication and once it obtains an
|
||||||
* {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests
|
* {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests
|
||||||
* that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
|
* that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
|
||||||
* and lets the request proceed to the target resource.
|
* and lets the request proceed to the target resource.
|
||||||
* <p/>
|
* </p>
|
||||||
* The supported configuration properties are:
|
* The supported configuration properties are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value
|
* <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value
|
||||||
@ -73,18 +75,19 @@
|
|||||||
* <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li>
|
* <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li>
|
||||||
* <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li>
|
* <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
* <p/>
|
* <p>
|
||||||
* The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the
|
* The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the
|
||||||
* {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove
|
* {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove
|
||||||
* the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
|
* the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
|
||||||
* not start with the prefix will not be passed to the authentication handler initialization.
|
* not start with the prefix will not be passed to the authentication handler initialization.
|
||||||
* <p/>
|
* </p>
|
||||||
|
* <p>
|
||||||
* Out of the box it provides 3 signer secret provider implementations:
|
* Out of the box it provides 3 signer secret provider implementations:
|
||||||
* "string", "random", and "zookeeper"
|
* "string", "random", and "zookeeper"
|
||||||
* <p/>
|
* </p>
|
||||||
* Additional signer secret providers are supported via the
|
* Additional signer secret providers are supported via the
|
||||||
* {@link SignerSecretProvider} class.
|
* {@link SignerSecretProvider} class.
|
||||||
* <p/>
|
* <p>
|
||||||
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
|
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
|
||||||
* determine the secret to use for signing the cookies. Different
|
* determine the secret to use for signing the cookies. Different
|
||||||
* implementations can have different behaviors. The "string" implementation
|
* implementations can have different behaviors. The "string" implementation
|
||||||
@ -94,7 +97,7 @@
|
|||||||
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
|
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
|
||||||
* is like the "random" one, except that it synchronizes the random secret
|
* is like the "random" one, except that it synchronizes the random secret
|
||||||
* and rollovers between multiple servers; it's meant for HA services.
|
* and rollovers between multiple servers; it's meant for HA services.
|
||||||
* <p/>
|
* </p>
|
||||||
* The relevant configuration properties are:
|
* The relevant configuration properties are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
|
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
|
||||||
@ -108,10 +111,10 @@
|
|||||||
* implementations are specified, this value is used as the rollover
|
* implementations are specified, this value is used as the rollover
|
||||||
* interval.</li>
|
* interval.</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
* <p/>
|
* <p>
|
||||||
* The "zookeeper" implementation has additional configuration properties that
|
* The "zookeeper" implementation has additional configuration properties that
|
||||||
* must be specified; see {@link ZKSignerSecretProvider} for details.
|
* must be specified; see {@link ZKSignerSecretProvider} for details.
|
||||||
* <p/>
|
* </p>
|
||||||
* For subclasses of AuthenticationFilter that want additional control over the
|
* For subclasses of AuthenticationFilter that want additional control over the
|
||||||
* SignerSecretProvider, they can use the following attribute set in the
|
* SignerSecretProvider, they can use the following attribute set in the
|
||||||
* ServletContext:
|
* ServletContext:
|
||||||
@ -190,10 +193,9 @@ public class AuthenticationFilter implements Filter {
|
|||||||
private String cookiePath;
|
private String cookiePath;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes the authentication filter and signer secret provider.
|
* <p>Initializes the authentication filter and signer secret provider.</p>
|
||||||
* <p/>
|
* It instantiates and initializes the specified {@link
|
||||||
* It instantiates and initializes the specified {@link AuthenticationHandler}.
|
* AuthenticationHandler}.
|
||||||
* <p/>
|
|
||||||
*
|
*
|
||||||
* @param filterConfig filter configuration.
|
* @param filterConfig filter configuration.
|
||||||
*
|
*
|
||||||
@ -375,7 +377,7 @@ protected String getCookiePath() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroys the filter.
|
* Destroys the filter.
|
||||||
* <p/>
|
* <p>
|
||||||
* It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold.
|
* It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
@ -393,7 +395,7 @@ public void destroy() {
|
|||||||
* Returns the filtered configuration (only properties starting with the specified prefix). The property keys
|
* Returns the filtered configuration (only properties starting with the specified prefix). The property keys
|
||||||
* are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the
|
* are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the
|
||||||
* {@link AuthenticationHandler}.
|
* {@link AuthenticationHandler}.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method can be overriden by subclasses to obtain the configuration from other configuration source than
|
* This method can be overriden by subclasses to obtain the configuration from other configuration source than
|
||||||
* the web.xml file.
|
* the web.xml file.
|
||||||
*
|
*
|
||||||
@ -419,7 +421,7 @@ protected Properties getConfiguration(String configPrefix, FilterConfig filterCo
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the full URL of the request including the query string.
|
* Returns the full URL of the request including the query string.
|
||||||
* <p/>
|
* <p>
|
||||||
* Used as a convenience method for logging purposes.
|
* Used as a convenience method for logging purposes.
|
||||||
*
|
*
|
||||||
* @param request the request object.
|
* @param request the request object.
|
||||||
@ -436,11 +438,11 @@ protected String getRequestURL(HttpServletRequest request) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the {@link AuthenticationToken} for the request.
|
* Returns the {@link AuthenticationToken} for the request.
|
||||||
* <p/>
|
* <p>
|
||||||
* It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
|
* It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
|
||||||
* if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
|
* if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
|
||||||
* it.
|
* it.
|
||||||
* <p/>
|
* <p>
|
||||||
* If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
|
* If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
|
||||||
* to perform user authentication.
|
* to perform user authentication.
|
||||||
*
|
*
|
||||||
@ -597,7 +599,7 @@ protected void doFilter(FilterChain filterChain, HttpServletRequest request,
|
|||||||
*
|
*
|
||||||
* @param token authentication token for the cookie.
|
* @param token authentication token for the cookie.
|
||||||
* @param expires UNIX timestamp that indicates the expire date of the
|
* @param expires UNIX timestamp that indicates the expire date of the
|
||||||
* cookie. It has no effect if its value < 0.
|
* cookie. It has no effect if its value < 0.
|
||||||
*
|
*
|
||||||
* XXX the following code duplicate some logic in Jetty / Servlet API,
|
* XXX the following code duplicate some logic in Jetty / Servlet API,
|
||||||
* because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
|
* because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
|
||||||
|
@ -24,9 +24,7 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Interface for server authentication mechanisms.
|
* Interface for server authentication mechanisms.
|
||||||
* <p/>
|
|
||||||
* The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
|
* The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
|
||||||
* <p/>
|
|
||||||
* Implementations must be thread-safe as one instance is initialized and used for all requests.
|
* Implementations must be thread-safe as one instance is initialized and used for all requests.
|
||||||
*/
|
*/
|
||||||
public interface AuthenticationHandler {
|
public interface AuthenticationHandler {
|
||||||
@ -35,7 +33,6 @@ public interface AuthenticationHandler {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the authentication type of the authentication handler.
|
* Returns the authentication type of the authentication handler.
|
||||||
* <p/>
|
|
||||||
* This should be a name that uniquely identifies the authentication type.
|
* This should be a name that uniquely identifies the authentication type.
|
||||||
* For example 'simple' or 'kerberos'.
|
* For example 'simple' or 'kerberos'.
|
||||||
*
|
*
|
||||||
@ -45,7 +42,7 @@ public interface AuthenticationHandler {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes the authentication handler instance.
|
* Initializes the authentication handler instance.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||||
*
|
*
|
||||||
* @param config configuration properties to initialize the handler.
|
* @param config configuration properties to initialize the handler.
|
||||||
@ -56,21 +53,21 @@ public interface AuthenticationHandler {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroys the authentication handler instance.
|
* Destroys the authentication handler instance.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is invoked by the {@link AuthenticationFilter#destroy} method.
|
* This method is invoked by the {@link AuthenticationFilter#destroy} method.
|
||||||
*/
|
*/
|
||||||
public void destroy();
|
public void destroy();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs an authentication management operation.
|
* Performs an authentication management operation.
|
||||||
* <p/>
|
* <p>
|
||||||
* This is useful for handling operations like get/renew/cancel
|
* This is useful for handling operations like get/renew/cancel
|
||||||
* delegation tokens which are being handled as operations of the
|
* delegation tokens which are being handled as operations of the
|
||||||
* service end-point.
|
* service end-point.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the method returns <code>TRUE</code> the request will continue normal
|
* If the method returns <code>TRUE</code> the request will continue normal
|
||||||
* processing, this means the method has not produced any HTTP response.
|
* processing, this means the method has not produced any HTTP response.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the method returns <code>FALSE</code> the request will end, this means
|
* If the method returns <code>FALSE</code> the request will end, this means
|
||||||
* the method has produced the corresponding HTTP response.
|
* the method has produced the corresponding HTTP response.
|
||||||
*
|
*
|
||||||
@ -91,17 +88,17 @@ public boolean managementOperation(AuthenticationToken token,
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs an authentication step for the given HTTP client request.
|
* Performs an authentication step for the given HTTP client request.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
|
* This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
|
||||||
* not yet authenticated.
|
* not yet authenticated.
|
||||||
* <p/>
|
* <p>
|
||||||
* Depending upon the authentication mechanism being implemented, a particular HTTP client may
|
* Depending upon the authentication mechanism being implemented, a particular HTTP client may
|
||||||
* end up making a sequence of invocations before authentication is successfully established (this is
|
* end up making a sequence of invocations before authentication is successfully established (this is
|
||||||
* the case of Kerberos SPNEGO).
|
* the case of Kerberos SPNEGO).
|
||||||
* <p/>
|
* <p>
|
||||||
* This method must return an {@link AuthenticationToken} only if the the HTTP client request has
|
* This method must return an {@link AuthenticationToken} only if the the HTTP client request has
|
||||||
* been successfully and fully authenticated.
|
* been successfully and fully authenticated.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the HTTP client request has not been completely authenticated, this method must take over
|
* If the HTTP client request has not been completely authenticated, this method must take over
|
||||||
* the corresponding HTTP response and it must return <code>null</code>.
|
* the corresponding HTTP response and it must return <code>null</code>.
|
||||||
*
|
*
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
* The {@link AuthenticationToken} contains information about an authenticated
|
* The {@link AuthenticationToken} contains information about an authenticated
|
||||||
* HTTP client and doubles as the {@link Principal} to be returned by
|
* HTTP client and doubles as the {@link Principal} to be returned by
|
||||||
* authenticated {@link HttpServletRequest}s
|
* authenticated {@link HttpServletRequest}s
|
||||||
* <p/>
|
* <p>
|
||||||
* The token can be serialized/deserialized to and from a string as it is sent
|
* The token can be serialized/deserialized to and from a string as it is sent
|
||||||
* and received in HTTP client responses and requests as a HTTP cookie (this is
|
* and received in HTTP client responses and requests as a HTTP cookie (this is
|
||||||
* done by the {@link AuthenticationFilter}).
|
* done by the {@link AuthenticationFilter}).
|
||||||
@ -170,7 +170,7 @@ public boolean isExpired() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the string representation of the token.
|
* Returns the string representation of the token.
|
||||||
* <p/>
|
* <p>
|
||||||
* This string representation is parseable by the {@link #parse} method.
|
* This string representation is parseable by the {@link #parse} method.
|
||||||
*
|
*
|
||||||
* @return the string representation of the token.
|
* @return the string representation of the token.
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP.
|
* The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP.
|
||||||
* <p/>
|
* <p>
|
||||||
* The supported configuration properties are:
|
* The supported configuration properties are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO
|
* <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO
|
||||||
@ -168,9 +168,9 @@ public KerberosAuthenticationHandler(String type) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes the authentication handler instance.
|
* Initializes the authentication handler instance.
|
||||||
* <p/>
|
* <p>
|
||||||
* It creates a Kerberos context using the principal and keytab specified in the configuration.
|
* It creates a Kerberos context using the principal and keytab specified in the configuration.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||||
*
|
*
|
||||||
* @param config configuration properties to initialize the handler.
|
* @param config configuration properties to initialize the handler.
|
||||||
@ -243,7 +243,7 @@ public GSSManager run() throws Exception {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Releases any resources initialized by the authentication handler.
|
* Releases any resources initialized by the authentication handler.
|
||||||
* <p/>
|
* <p>
|
||||||
* It destroys the Kerberos context.
|
* It destroys the Kerberos context.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
@ -262,7 +262,7 @@ public void destroy() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the authentication type of the authentication handler, 'kerberos'.
|
* Returns the authentication type of the authentication handler, 'kerberos'.
|
||||||
* <p/>
|
* <p>
|
||||||
*
|
*
|
||||||
* @return the authentication type of the authentication handler, 'kerberos'.
|
* @return the authentication type of the authentication handler, 'kerberos'.
|
||||||
*/
|
*/
|
||||||
@ -313,7 +313,6 @@ public boolean managementOperation(AuthenticationToken token,
|
|||||||
/**
|
/**
|
||||||
* It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only
|
* It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only
|
||||||
* after the Kerberos SPNEGO sequence has completed successfully.
|
* after the Kerberos SPNEGO sequence has completed successfully.
|
||||||
* <p/>
|
|
||||||
*
|
*
|
||||||
* @param request the HTTP client request.
|
* @param request the HTTP client request.
|
||||||
* @param response the HTTP client response.
|
* @param response the HTTP client response.
|
||||||
|
@ -30,12 +30,12 @@
|
|||||||
/**
|
/**
|
||||||
* The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts
|
* The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts
|
||||||
* the user name specified as a query string parameter.
|
* the user name specified as a query string parameter.
|
||||||
* <p/>
|
* <p>
|
||||||
* This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in
|
* This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in
|
||||||
* the configuration object.
|
* the configuration object.
|
||||||
* <p/>
|
* <p>
|
||||||
* This handler can be configured to support anonymous users.
|
* This handler can be configured to support anonymous users.
|
||||||
* <p/>
|
* <p>
|
||||||
* The only supported configuration property is:
|
* The only supported configuration property is:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li>
|
* <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li>
|
||||||
@ -80,7 +80,7 @@ public PseudoAuthenticationHandler(String type) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes the authentication handler instance.
|
* Initializes the authentication handler instance.
|
||||||
* <p/>
|
* <p>
|
||||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||||
*
|
*
|
||||||
* @param config configuration properties to initialize the handler.
|
* @param config configuration properties to initialize the handler.
|
||||||
@ -103,7 +103,7 @@ protected boolean getAcceptAnonymous() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Releases any resources initialized by the authentication handler.
|
* Releases any resources initialized by the authentication handler.
|
||||||
* <p/>
|
* <p>
|
||||||
* This implementation does a NOP.
|
* This implementation does a NOP.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
@ -112,7 +112,6 @@ public void destroy() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the authentication type of the authentication handler, 'simple'.
|
* Returns the authentication type of the authentication handler, 'simple'.
|
||||||
* <p/>
|
|
||||||
*
|
*
|
||||||
* @return the authentication type of the authentication handler, 'simple'.
|
* @return the authentication type of the authentication handler, 'simple'.
|
||||||
*/
|
*/
|
||||||
@ -156,14 +155,14 @@ private String getUserName(HttpServletRequest request) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticates an HTTP client request.
|
* Authenticates an HTTP client request.
|
||||||
* <p/>
|
* <p>
|
||||||
* It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates
|
* It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates
|
||||||
* an {@link AuthenticationToken} with it.
|
* an {@link AuthenticationToken} with it.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
||||||
* the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS}
|
* the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS}
|
||||||
* token.
|
* token.
|
||||||
* <p/>
|
* <p>
|
||||||
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
||||||
* the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}.
|
* the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}.
|
||||||
*
|
*
|
||||||
|
@ -92,7 +92,7 @@ public class KerberosName {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a name from the full Kerberos principal name.
|
* Create a name from the full Kerberos principal name.
|
||||||
* @param name
|
* @param name full Kerberos principal name.
|
||||||
*/
|
*/
|
||||||
public KerberosName(String name) {
|
public KerberosName(String name) {
|
||||||
Matcher match = nameParser.matcher(name);
|
Matcher match = nameParser.matcher(name);
|
||||||
@ -367,7 +367,7 @@ public static class NoMatchingRule extends IOException {
|
|||||||
* Get the translation of the principal name into an operating system
|
* Get the translation of the principal name into an operating system
|
||||||
* user name.
|
* user name.
|
||||||
* @return the short name
|
* @return the short name
|
||||||
* @throws IOException
|
* @throws IOException throws if something is wrong with the rules
|
||||||
*/
|
*/
|
||||||
public String getShortName() throws IOException {
|
public String getShortName() throws IOException {
|
||||||
String[] params;
|
String[] params;
|
||||||
|
@ -135,12 +135,10 @@ static final String[] getPrincipalNames(String keytabFileName) throws IOExceptio
|
|||||||
/**
|
/**
|
||||||
* Get all the unique principals from keytabfile which matches a pattern.
|
* Get all the unique principals from keytabfile which matches a pattern.
|
||||||
*
|
*
|
||||||
* @param keytab
|
* @param keytab Name of the keytab file to be read.
|
||||||
* Name of the keytab file to be read.
|
* @param pattern pattern to be matched.
|
||||||
* @param pattern
|
|
||||||
* pattern to be matched.
|
|
||||||
* @return list of unique principals which matches the pattern.
|
* @return list of unique principals which matches the pattern.
|
||||||
* @throws IOException
|
* @throws IOException if cannot get the principal name
|
||||||
*/
|
*/
|
||||||
public static final String[] getPrincipalNames(String keytab,
|
public static final String[] getPrincipalNames(String keytab,
|
||||||
Pattern pattern) throws IOException {
|
Pattern pattern) throws IOException {
|
||||||
|
@ -41,8 +41,6 @@ public Signer(SignerSecretProvider secretProvider) {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a signed string.
|
* Returns a signed string.
|
||||||
* <p/>
|
|
||||||
* The signature '&s=SIGNATURE' is appended at the end of the string.
|
|
||||||
*
|
*
|
||||||
* @param str string to sign.
|
* @param str string to sign.
|
||||||
*
|
*
|
||||||
|
@ -44,7 +44,7 @@
|
|||||||
/**
|
/**
|
||||||
* A SignerSecretProvider that synchronizes a rolling random secret between
|
* A SignerSecretProvider that synchronizes a rolling random secret between
|
||||||
* multiple servers using ZooKeeper.
|
* multiple servers using ZooKeeper.
|
||||||
* <p/>
|
* <p>
|
||||||
* It works by storing the secrets and next rollover time in a ZooKeeper znode.
|
* It works by storing the secrets and next rollover time in a ZooKeeper znode.
|
||||||
* All ZKSignerSecretProviders looking at that znode will use those
|
* All ZKSignerSecretProviders looking at that znode will use those
|
||||||
* secrets and next rollover time to ensure they are synchronized. There is no
|
* secrets and next rollover time to ensure they are synchronized. There is no
|
||||||
@ -55,7 +55,7 @@
|
|||||||
* your own Curator client, you can pass it to ZKSignerSecretProvider; see
|
* your own Curator client, you can pass it to ZKSignerSecretProvider; see
|
||||||
* {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter}
|
* {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter}
|
||||||
* for more details.
|
* for more details.
|
||||||
* <p/>
|
* <p>
|
||||||
* The supported configuration properties are:
|
* The supported configuration properties are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>signer.secret.provider.zookeeper.connection.string: indicates the
|
* <li>signer.secret.provider.zookeeper.connection.string: indicates the
|
||||||
@ -77,11 +77,13 @@
|
|||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
* The following attribute in the ServletContext can also be set if desired:
|
* The following attribute in the ServletContext can also be set if desired:
|
||||||
|
* <ul>
|
||||||
* <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework
|
* <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework
|
||||||
* client object can be passed here. If given, the "zookeeper" implementation
|
* client object can be passed here. If given, the "zookeeper" implementation
|
||||||
* will use this Curator client instead of creating its own, which is useful if
|
* will use this Curator client instead of creating its own, which is useful if
|
||||||
* you already have a Curator client or want more control over its
|
* you already have a Curator client or want more control over its
|
||||||
* configuration.</li>
|
* configuration.</li>
|
||||||
|
* </ul>
|
||||||
*/
|
*/
|
||||||
@InterfaceStability.Unstable
|
@InterfaceStability.Unstable
|
||||||
@InterfaceAudience.Private
|
@InterfaceAudience.Private
|
||||||
@ -374,7 +376,7 @@ private byte[] generateRandomSecret() {
|
|||||||
* This method creates the Curator client and connects to ZooKeeper.
|
* This method creates the Curator client and connects to ZooKeeper.
|
||||||
* @param config configuration properties
|
* @param config configuration properties
|
||||||
* @return A Curator client
|
* @return A Curator client
|
||||||
* @throws java.lang.Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
protected CuratorFramework createCuratorClient(Properties config)
|
protected CuratorFramework createCuratorClient(Properties config)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
@ -526,6 +526,9 @@ Release 2.7.0 - UNRELEASED
|
|||||||
|
|
||||||
HADOOP-11363 Hadoop maven surefire-plugin uses must set heap size. (stevel)
|
HADOOP-11363 Hadoop maven surefire-plugin uses must set heap size. (stevel)
|
||||||
|
|
||||||
|
HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc
|
||||||
|
comments. (apurtell via stevel)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -79,9 +79,9 @@
|
|||||||
/**
|
/**
|
||||||
* Mini KDC based on Apache Directory Server that can be embedded in testcases
|
* Mini KDC based on Apache Directory Server that can be embedded in testcases
|
||||||
* or used from command line as a standalone KDC.
|
* or used from command line as a standalone KDC.
|
||||||
* <p/>
|
* <p>
|
||||||
* <b>From within testcases:</b>
|
* <b>From within testcases:</b>
|
||||||
* <p/>
|
* <p>
|
||||||
* MiniKdc sets 2 System properties when started and un-sets them when stopped:
|
* MiniKdc sets 2 System properties when started and un-sets them when stopped:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li>
|
* <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li>
|
||||||
@ -92,7 +92,7 @@
|
|||||||
* For example, running testcases in parallel that start a KDC each. To
|
* For example, running testcases in parallel that start a KDC each. To
|
||||||
* accomplish this a single MiniKdc should be used for all testcases running
|
* accomplish this a single MiniKdc should be used for all testcases running
|
||||||
* in parallel.
|
* in parallel.
|
||||||
* <p/>
|
* <p>
|
||||||
* MiniKdc default configuration values are:
|
* MiniKdc default configuration values are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>org.name=EXAMPLE (used to create the REALM)</li>
|
* <li>org.name=EXAMPLE (used to create the REALM)</li>
|
||||||
@ -106,7 +106,6 @@
|
|||||||
* <li>debug=false</li>
|
* <li>debug=false</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
* The generated krb5.conf forces TCP connections.
|
* The generated krb5.conf forces TCP connections.
|
||||||
* <p/>
|
|
||||||
*/
|
*/
|
||||||
public class MiniKdc {
|
public class MiniKdc {
|
||||||
|
|
||||||
@ -218,7 +217,7 @@ public void run() {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Convenience method that returns MiniKdc default configuration.
|
* Convenience method that returns MiniKdc default configuration.
|
||||||
* <p/>
|
* <p>
|
||||||
* The returned configuration is a copy, it can be customized before using
|
* The returned configuration is a copy, it can be customized before using
|
||||||
* it to create a MiniKdc.
|
* it to create a MiniKdc.
|
||||||
* @return a MiniKdc default configuration.
|
* @return a MiniKdc default configuration.
|
||||||
@ -484,7 +483,6 @@ private void initKDCServer() throws Exception {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Stops the MiniKdc
|
* Stops the MiniKdc
|
||||||
* @throws Exception
|
|
||||||
*/
|
*/
|
||||||
public synchronized void stop() {
|
public synchronized void stop() {
|
||||||
if (kdc != null) {
|
if (kdc != null) {
|
||||||
|
@ -42,8 +42,8 @@ public Exec(Mojo mojo) {
|
|||||||
* Runs the specified command and saves each line of the command's output to
|
* Runs the specified command and saves each line of the command's output to
|
||||||
* the given list.
|
* the given list.
|
||||||
*
|
*
|
||||||
* @param command List<String> containing command and all arguments
|
* @param command List containing command and all arguments
|
||||||
* @param output List<String> in/out parameter to receive command output
|
* @param output List in/out parameter to receive command output
|
||||||
* @return int exit code of command
|
* @return int exit code of command
|
||||||
*/
|
*/
|
||||||
public int run(List<String> command, List<String> output) {
|
public int run(List<String> command, List<String> output) {
|
||||||
|
@ -47,7 +47,7 @@ private static String getCommaSeparatedList(List list) {
|
|||||||
* Converts a Maven FileSet to a list of File objects.
|
* Converts a Maven FileSet to a list of File objects.
|
||||||
*
|
*
|
||||||
* @param source FileSet to convert
|
* @param source FileSet to convert
|
||||||
* @return List<File> containing every element of the FileSet as a File
|
* @return List containing every element of the FileSet as a File
|
||||||
* @throws IOException if an I/O error occurs while trying to find the files
|
* @throws IOException if an I/O error occurs while trying to find the files
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
|
Loading…
Reference in New Issue
Block a user