Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.provider;
019
020import java.io.IOException;
021import java.util.Map;
022import org.apache.hadoop.conf.Configuration;
023import org.apache.hadoop.hbase.HBaseInterfaceAudience;
024import org.apache.hadoop.security.UserGroupInformation;
025import org.apache.hadoop.security.token.SecretManager;
026import org.apache.hadoop.security.token.TokenIdentifier;
027import org.apache.yetus.audience.InterfaceAudience;
028import org.apache.yetus.audience.InterfaceStability;
029
030/**
031 * Encapsulates the server-side logic to authenticate a client over SASL. Tied one-to-one to a
032 * single client authentication implementation.
033 */
034@InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.AUTHENTICATION)
035@InterfaceStability.Evolving
036public interface SaslServerAuthenticationProvider extends SaslAuthenticationProvider {
037
038  /**
039   * Allows implementations to initialize themselves, prior to creating a server.
040   */
041  default void init(Configuration conf) throws IOException {
042  }
043
044  /**
045   * Creates the SaslServer to accept incoming SASL authentication requests.
046   */
047  AttemptingUserProvidingSaslServer createServer(SecretManager<TokenIdentifier> secretManager,
048    Map<String, String> saslProps) throws IOException;
049
050  boolean supportsProtocolAuthentication();
051
052  UserGroupInformation getAuthorizedUgi(String authzId,
053    SecretManager<TokenIdentifier> secretManager) throws IOException;
054}