@InterfaceAudience.LimitedPrivate(value="Authentication") @InterfaceStability.Evolving public interface SaslClientAuthenticationProvider extends SaslAuthenticationProvider
AbstractSaslClientAuthenticationProvider
.
Implementations of this interface must make an implementation of hashCode()
which returns the same value across multiple instances of the provider implementation.Modifier and Type | Method and Description |
---|---|
default boolean |
canRetry()
Returns true if the implementation is capable of performing some action which may allow a
failed authentication to become a successful authentication.
|
SaslClient |
createClient(org.apache.hadoop.conf.Configuration conf,
InetAddress serverAddr,
SecurityInfo securityInfo,
org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token,
boolean fallbackAllowed,
Map<String,String> saslProps)
Creates the SASL client instance for this auth'n method.
|
default org.apache.hadoop.security.UserGroupInformation |
getRealUser(User ugi)
Returns the "real" user, the user who has the credentials being authenticated by the
remote service, in the form of an
UserGroupInformation object. |
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation |
getUserInfo(User user)
Constructs a
RPCProtos.UserInformation from the given UserGroupInformation |
default void |
relogin()
Executes any necessary logic to re-login the client.
|
getSaslAuthMethod, getTokenKind
SaslClient createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, SecurityInfo securityInfo, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) throws IOException
IOException
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation getUserInfo(User user)
RPCProtos.UserInformation
from the given UserGroupInformation
default org.apache.hadoop.security.UserGroupInformation getRealUser(User ugi)
UserGroupInformation
object.
It is common in the Hadoop "world" to have distinct notions of a "real" user and a "proxy"
user. A "real" user is the user which actually has the credentials (often, a Kerberos ticket),
but some code may be running as some other user who has no credentials. This method gives
the authentication provider a chance to acknowledge this is happening and ensure that any
RPCs are executed with the real user's credentials, because executing them as the proxy user
would result in failure because no credentials exist to authenticate the RPC.
Not all implementations will need to implement this method. By default, the provided User's
UGI is returned directly.default boolean canRetry()
default void relogin() throws IOException
IOException
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.