@InterfaceAudience.LimitedPrivate(value="Authentication") @InterfaceStability.Evolving public interface SaslClientAuthenticationProvider extends SaslAuthenticationProvider
AbstractSaslClientAuthenticationProvider
. Implementations of this interface must make an
implementation of hashCode()
which returns the same value across multiple instances of
the provider implementation.Modifier and Type | Method and Description |
---|---|
default boolean |
canRetry()
Returns true if the implementation is capable of performing some action which may allow a
failed authentication to become a successful authentication.
|
SaslClient |
createClient(org.apache.hadoop.conf.Configuration conf,
InetAddress serverAddr,
SecurityInfo securityInfo,
org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token,
boolean fallbackAllowed,
Map<String,String> saslProps)
Creates the SASL client instance for this auth'n method.
|
default org.apache.hadoop.security.UserGroupInformation |
getRealUser(User ugi)
Returns the "real" user, the user who has the credentials being authenticated by the remote
service, in the form of an
UserGroupInformation object. |
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation |
getUserInfo(User user)
Constructs a
RPCProtos.UserInformation from the given UserGroupInformation |
default void |
relogin()
Executes any necessary logic to re-login the client.
|
getSaslAuthMethod, getTokenKind
SaslClient createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, SecurityInfo securityInfo, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) throws IOException
IOException
org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation getUserInfo(User user)
RPCProtos.UserInformation
from the given UserGroupInformation
default org.apache.hadoop.security.UserGroupInformation getRealUser(User ugi)
UserGroupInformation
object. It is common in the Hadoop
"world" to have distinct notions of a "real" user and a "proxy" user. A "real" user is the user
which actually has the credentials (often, a Kerberos ticket), but some code may be running as
some other user who has no credentials. This method gives the authentication provider a chance
to acknowledge this is happening and ensure that any RPCs are executed with the real user's
credentials, because executing them as the proxy user would result in failure because no
credentials exist to authenticate the RPC. Not all implementations will need to implement this
method. By default, the provided User's UGI is returned directly.default boolean canRetry()
default void relogin() throws IOException
IOException
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.