org.apache.hadoop.security.authentication.client
Class KerberosAuthenticator

java.lang.Object
  extended by org.apache.hadoop.security.authentication.client.KerberosAuthenticator
All Implemented Interfaces:
Authenticator

public class KerberosAuthenticator
extends Object
implements Authenticator

The KerberosAuthenticator implements the Kerberos SPNEGO authentication sequence.

It uses the default principal for the Kerberos cache (normally set via kinit).

It falls back to the PseudoAuthenticator if the HTTP endpoint does not trigger an SPNEGO authentication sequence.


Field Summary
static String AUTHORIZATION
          HTTP header used by the SPNEGO client endpoint during an authentication sequence.
static String NEGOTIATE
          HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.
static String WWW_AUTHENTICATE
          HTTP header used by the SPNEGO server endpoint during an authentication sequence.
 
Constructor Summary
KerberosAuthenticator()
           
 
Method Summary
 void authenticate(URL url, AuthenticatedURL.Token token)
          Performs SPNEGO authentication against the specified URL.
protected  Authenticator getFallBackAuthenticator()
          If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

WWW_AUTHENTICATE

public static final String WWW_AUTHENTICATE
HTTP header used by the SPNEGO server endpoint during an authentication sequence.

See Also:
Constant Field Values

AUTHORIZATION

public static final String AUTHORIZATION
HTTP header used by the SPNEGO client endpoint during an authentication sequence.

See Also:
Constant Field Values

NEGOTIATE

public static final String NEGOTIATE
HTTP header prefix used by the SPNEGO client/server endpoints during an authentication sequence.

See Also:
Constant Field Values
Constructor Detail

KerberosAuthenticator

public KerberosAuthenticator()
Method Detail

authenticate

public void authenticate(URL url,
                         AuthenticatedURL.Token token)
                  throws IOException,
                         AuthenticationException
Performs SPNEGO authentication against the specified URL.

If a token is given it does a NOP and returns the given token.

If no token is given, it will perform the SPNEGO authentication sequence using an HTTP OPTIONS request.

Specified by:
authenticate in interface Authenticator
Parameters:
url - the URl to authenticate against.
token - the authentication token being used for the user.
Throws:
IOException - if an IO error occurred.
AuthenticationException - if an authentication error occurred.

getFallBackAuthenticator

protected Authenticator getFallBackAuthenticator()
If the specified URL does not support SPNEGO authentication, a fallback Authenticator will be used.

This implementation returns a PseudoAuthenticator.

Returns:
the fallback Authenticator.


Copyright © 2009 The Apache Software Foundation