Package org.apache.hadoop.hbase.security.provider

Class GssSaslClientAuthenticationProvider

java.lang.Object
org.apache.hadoop.hbase.security.provider.BuiltInSaslAuthenticationProvider
org.apache.hadoop.hbase.security.provider.GssSaslAuthenticationProvider
org.apache.hadoop.hbase.security.provider.GssSaslClientAuthenticationProvider
All Implemented Interfaces:
SaslAuthenticationProvider, SaslClientAuthenticationProvider
@Private public class GssSaslClientAuthenticationProvider extends GssSaslAuthenticationProvider implements SaslClientAuthenticationProvider

  • Field Details

    • LOG

      private static final org.slf4j.Logger LOG

  • Constructor Details

  • Method Details

    • createClient

      public SaslClient createClient(org.apache.hadoop.conf.Configuration conf, InetAddress serverAddr, String serverPrincipal, org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token, boolean fallbackAllowed, Map<String,String> saslProps) throws IOException
      Description copied from interface: SaslClientAuthenticationProvider
      Create the SASL client instance for this authentication method.

      The default implementation is create a fake SecurityInfo and call the above method, for keeping compatible with old customized authentication method

      Specified by:
      createClient in interface SaslClientAuthenticationProvider
      Throws:
      IOException

    • getUserInfo

      public org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation getUserInfo(User user)
      Description copied from interface: SaslClientAuthenticationProvider
      Constructs a RPCProtos.UserInformation from the given UserGroupInformation
      Specified by:
      getUserInfo in interface SaslClientAuthenticationProvider

    • canRetry

      public boolean canRetry()
      Description copied from interface: SaslClientAuthenticationProvider
      Returns true if the implementation is capable of performing some action which may allow a failed authentication to become a successful authentication. Otherwise, returns false
      Specified by:
      canRetry in interface SaslClientAuthenticationProvider

    • relogin

      public void relogin() throws IOException
      Description copied from interface: SaslClientAuthenticationProvider
      Executes any necessary logic to re-login the client. Not all implementations will have any logic that needs to be executed.
      Specified by:
      relogin in interface SaslClientAuthenticationProvider
      Throws:
      IOException

    • getRealUser

      public org.apache.hadoop.security.UserGroupInformation getRealUser(User user)
      Description copied from interface: SaslClientAuthenticationProvider
      Returns the "real" user, the user who has the credentials being authenticated by the remote service, in the form of an UserGroupInformation object. It is common in the Hadoop "world" to have distinct notions of a "real" user and a "proxy" user. A "real" user is the user which actually has the credentials (often, a Kerberos ticket), but some code may be running as some other user who has no credentials. This method gives the authentication provider a chance to acknowledge this is happening and ensure that any RPCs are executed with the real user's credentials, because executing them as the proxy user would result in failure because no credentials exist to authenticate the RPC. Not all implementations will need to implement this method. By default, the provided User's UGI is returned directly.
      Specified by:
      getRealUser in interface SaslClientAuthenticationProvider