@InterfaceAudience.LimitedPrivate(value="Authentication") @InterfaceStability.Evolving public interface SaslClientAuthenticationProvider extends SaslAuthenticationProvider
AbstractSaslClientAuthenticationProvider. Implementations of this interface must make an
implementation of hashCode() which returns the same value across multiple instances of
the provider implementation.| Modifier and Type | Method and Description |
|---|---|
default boolean |
canRetry()
Returns true if the implementation is capable of performing some action which may allow a
failed authentication to become a successful authentication.
|
default SaslClient |
createClient(org.apache.hadoop.conf.Configuration conf,
InetAddress serverAddr,
SecurityInfo securityInfo,
org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token,
boolean fallbackAllowed,
Map<String,String> saslProps)
Deprecated.
Since 2.6.0. In our own code will not call this method any more, customized
authentication method should implement
createClient(Configuration, InetAddress, String, Token, boolean, Map)
instead. Will be removed in 4.0.0. |
default SaslClient |
createClient(org.apache.hadoop.conf.Configuration conf,
InetAddress serverAddr,
String serverPrincipal,
org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token,
boolean fallbackAllowed,
Map<String,String> saslProps)
Create the SASL client instance for this authentication method.
|
default org.apache.hadoop.security.UserGroupInformation |
getRealUser(User ugi)
Returns the "real" user, the user who has the credentials being authenticated by the remote
service, in the form of an
UserGroupInformation object. |
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation |
getUserInfo(User user)
Constructs a
RPCProtos.UserInformation from the given UserGroupInformation |
default void |
relogin()
Executes any necessary logic to re-login the client.
|
getSaslAuthMethod, getTokenKind@Deprecated default SaslClient createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, SecurityInfo securityInfo, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) throws IOException
createClient(Configuration, InetAddress, String, Token, boolean, Map)
instead. Will be removed in 4.0.0.IOExceptiondefault SaslClient createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, String serverPrincipal, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) throws IOException
The default implementation is create a fake SecurityInfo and call the above method, for
keeping compatible with old customized authentication method
IOExceptionorg.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation getUserInfo(User user)
RPCProtos.UserInformation from the given UserGroupInformationdefault org.apache.hadoop.security.UserGroupInformation getRealUser(User ugi)
UserGroupInformation object. It is common in the Hadoop
"world" to have distinct notions of a "real" user and a "proxy" user. A "real" user is the user
which actually has the credentials (often, a Kerberos ticket), but some code may be running as
some other user who has no credentials. This method gives the authentication provider a chance
to acknowledge this is happening and ensure that any RPCs are executed with the real user's
credentials, because executing them as the proxy user would result in failure because no
credentials exist to authenticate the RPC. Not all implementations will need to implement this
method. By default, the provided User's UGI is returned directly.default boolean canRetry()
default void relogin()
throws IOException
IOExceptionCopyright © 2007–2020 The Apache Software Foundation. All rights reserved.