public class SolrHadoopAuthenticationFilter
extends org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
| Modifier and Type | Class and Description |
|---|---|
protected static class |
SolrHadoopAuthenticationFilter.SolrZkToCuratorCredentialsACLs
Convert Solr Zk Credentials/ACLs to Curator versions
|
| Modifier and Type | Field and Description |
|---|---|
static String |
DO_AS_PARAM
Http param for requesting ProxyUser support.
|
static String |
SOLR_PREFIX |
static String |
SOLR_PROXYUSER_PREFIX |
static String |
TOKEN_KIND
Delegation token kind
|
static String |
USER_NAME
Request attribute constant for the user name.
|
| Constructor and Description |
|---|
SolrHadoopAuthenticationFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
destroy()
Destroy the filter.
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
Enforces authentication using Hadoop-auth AuthenticationFilter.
|
protected Properties |
getConfiguration(String configPrefix,
javax.servlet.FilterConfig filterConfig)
Returns the System properties to be used by the authentication filter.
|
protected org.apache.curator.framework.CuratorFramework |
getCuratorClient(int connectionTimeoutMs,
int sessionTimeoutMs) |
protected org.apache.hadoop.conf.Configuration |
getProxyuserConfiguration(javax.servlet.FilterConfig filterConfig)
Return the ProxyUser Configuration.
|
protected org.apache.hadoop.security.authentication.server.AuthenticationToken |
getToken(javax.servlet.http.HttpServletRequest request)
This method is overridden to incorporate
MultiSchemeAuthenticationHandler in Solr. |
void |
init(javax.servlet.FilterConfig filterConfig)
Initialize the filter.
|
protected void |
setDefaultDelegationTokenProp(Properties properties,
String name,
String value) |
doFilter, initializeAuthHandler, setAuthHandlerClass, setHandlerAuthMethodconstructSecretProvider, createAuthCookie, getAuthenticationHandler, getConfiguration, getCookieDomain, getCookiePath, getRequestURL, getValidity, initializeSecretProvider, isCookiePersistent, isCustomSignerSecretProvider, isRandomSecretpublic static final String SOLR_PREFIX
public static final String SOLR_PROXYUSER_PREFIX
public static final String USER_NAME
public static final String DO_AS_PARAM
public static final String TOKEN_KIND
public void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterinit in class org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilterfilterConfig - filter configuration.javax.servlet.ServletException - thrown if the filter could not be initialized.public void destroy()
destroy in interface javax.servlet.Filterdestroy in class org.apache.hadoop.security.authentication.server.AuthenticationFilterprotected org.apache.hadoop.conf.Configuration getProxyuserConfiguration(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
getProxyuserConfiguration in class org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilterjavax.servlet.ServletExceptionprotected void setDefaultDelegationTokenProp(Properties properties, String name, String value)
protected org.apache.curator.framework.CuratorFramework getCuratorClient(int connectionTimeoutMs,
int sessionTimeoutMs)
throws javax.servlet.ServletException
javax.servlet.ServletExceptionprotected Properties getConfiguration(String configPrefix, javax.servlet.FilterConfig filterConfig)
SOLR_PREFIX will
be returned. The keys of the returned properties are trimmed from the SOLR_PREFIX
prefix, for example the property name 'solr.authentication.type' will
be just 'type'.getConfiguration in class org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilterconfigPrefix - configuration prefix, this parameter is ignored by this implementation.filterConfig - filter configuration, this parameter is ignored by this implementation.SOLR_PREFIX, without the
prefix.public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterdoFilter in class org.apache.hadoop.security.authentication.server.AuthenticationFilterrequest - http request.response - http response.filterChain - filter chain.IOException - thrown if an IO error occurs.javax.servlet.ServletException - thrown if a servlet error occurs.protected org.apache.hadoop.security.authentication.server.AuthenticationToken getToken(javax.servlet.http.HttpServletRequest request)
throws IOException,
org.apache.hadoop.security.authentication.client.AuthenticationException
MultiSchemeAuthenticationHandler in Solr.
With MultiSchemeAuthenticationHandler the value of the 'type' attribute in the
AuthenticationToken does not match the MultiSchemeAuthenticationHandler.TYPE
(as expected by the super-class implementation). Instead this value would match the actual type
of authentication mechanism being used (e.g. LdapAuthenticationHandler.TYPE or
KerberosAuthenticationHandler.TYPE.
This implementation extracts the value(s) of actual authentication mechanisms configured (e.g. ldap or
kerberos) and use them to match the token type. It requires a private variable declared in the
superclass - signer. This variable is extracted using Java reflection mechanism during the startup.getToken in class org.apache.hadoop.security.authentication.server.AuthenticationFilterIOExceptionorg.apache.hadoop.security.authentication.client.AuthenticationExceptionCopyright © 2000-2016 Apache Software Foundation. All Rights Reserved.