hadoop AuthenticationHandler 源码

haddop AuthenticationHandler 代码

文件路径：/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationHandler.java

/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License. See accompanying LICENSE file.
 */
package org.apache.hadoop.security.authentication.server;

import org.apache.hadoop.security.authentication.client.AuthenticationException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.IOException;
import java.util.Properties;

/**
 * Interface for server authentication mechanisms.
 * The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
 * Implementations must be thread-safe as one instance is initialized and used for all requests.
 */
public interface AuthenticationHandler {

  String WWW_AUTHENTICATE = HttpConstants.WWW_AUTHENTICATE_HEADER;

  /**
   * Returns the authentication type of the authentication handler.
   * This should be a name that uniquely identifies the authentication type.
   * For example 'simple' or 'kerberos'.
   *
   * @return the authentication type of the authentication handler.
   */
  public String getType();

  /**
   * Initializes the authentication handler instance.
   * <p>
   * This method is invoked by the {@link AuthenticationFilter#init} method.
   *
   * @param config configuration properties to initialize the handler.
   *
   * @throws ServletException thrown if the handler could not be initialized.
   */
  public void init(Properties config) throws ServletException;

  /**
   * Destroys the authentication handler instance.
   * <p>
   * This method is invoked by the {@link AuthenticationFilter#destroy} method.
   */
  public void destroy();

  /**
   * Performs an authentication management operation.
   * <p>
   * This is useful for handling operations like get/renew/cancel
   * delegation tokens which are being handled as operations of the
   * service end-point.
   * <p>
   * If the method returns <code>TRUE</code> the request will continue normal
   * processing, this means the method has not produced any HTTP response.
   * <p>
   * If the method returns <code>FALSE</code> the request will end, this means 
   * the method has produced the corresponding HTTP response.
   *
   * @param token the authentication token if any, otherwise <code>NULL</code>.
   * @param request the HTTP client request.
   * @param response the HTTP client response.
   * @return <code>TRUE</code> if the request should be processed as a regular
   * request,
   * <code>FALSE</code> otherwise.
   *
   * @throws IOException thrown if an IO error occurred.
   * @throws AuthenticationException thrown if an Authentication error occurred.
   */
  public boolean managementOperation(AuthenticationToken token,
                                     HttpServletRequest request,
                                     HttpServletResponse response)
    throws IOException, AuthenticationException;

  /**
   * Performs an authentication step for the given HTTP client request.
   * <p>
   * This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
   * not yet authenticated.
   * <p>
   * Depending upon the authentication mechanism being implemented, a particular HTTP client may
   * end up making a sequence of invocations before authentication is successfully established (this is
   * the case of Kerberos SPNEGO).
   * <p>
   * This method must return an {@link AuthenticationToken} only if the the HTTP client request has
   * been successfully and fully authenticated.
   * <p>
   * If the HTTP client request has not been completely authenticated, this method must take over
   * the corresponding HTTP response and it must return <code>null</code>.
   *
   * @param request the HTTP client request.
   * @param response the HTTP client response.
   *
   * @return an {@link AuthenticationToken} if the HTTP client request has been authenticated,
   *         <code>null</code> otherwise (in this case it must take care of the response).
   *
   * @throws IOException thrown if an IO error occurred.
   * @throws AuthenticationException thrown if an Authentication error occurred.
   */
  public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response)
    throws IOException, AuthenticationException;

}

相关信息

hadoop 源码目录

相关文章

hadoop AltKerberosAuthenticationHandler 源码

hadoop AuthenticationFilter 源码

hadoop AuthenticationHandlerUtil 源码

hadoop AuthenticationToken 源码

hadoop CompositeAuthenticationHandler 源码

hadoop HttpConstants 源码

hadoop JWTRedirectAuthenticationHandler 源码

hadoop KerberosAuthenticationHandler 源码

hadoop LdapAuthenticationHandler 源码

hadoop MultiSchemeAuthenticationHandler 源码