Package org.apache.solr.security
Class DelegationTokenKerberosFilter
- java.lang.Object
-
- org.apache.hadoop.security.authentication.server.AuthenticationFilter
-
- org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
-
- org.apache.solr.security.DelegationTokenKerberosFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class DelegationTokenKerberosFilter extends org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
This is an authentication filter based on Hadoop'sDelegationTokenAuthenticationFilter
. The Kerberos plugin can be configured to use delegation tokens, which allow an application to reuse the authentication of an end-user or another application.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
DelegationTokenKerberosFilter.SolrZkToCuratorCredentialsACLs
Convert Solr Zk Credentials/ACLs to Curator versions
-
Field Summary
-
Fields inherited from class org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
DELEGATION_TOKEN_SECRET_MANAGER_ATTR, PROXYUSER_PREFIX
-
Fields inherited from class org.apache.hadoop.security.authentication.server.AuthenticationFilter
AUTH_TOKEN_MAX_INACTIVE_INTERVAL, AUTH_TOKEN_VALIDITY, AUTH_TYPE, CONFIG_PREFIX, COOKIE_DOMAIN, COOKIE_PATH, COOKIE_PERSISTENT, SIGNATURE_SECRET, SIGNATURE_SECRET_FILE, SIGNER_SECRET_PROVIDER, SIGNER_SECRET_PROVIDER_ATTRIBUTE
-
-
Constructor Summary
Constructors Constructor Description DelegationTokenKerberosFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
protected org.apache.curator.framework.CuratorFramework
getCuratorClient(SolrZkClient zkClient)
protected org.apache.hadoop.conf.Configuration
getProxyuserConfiguration(javax.servlet.FilterConfig filterConf)
Return the ProxyUser Configuration.void
init(javax.servlet.FilterConfig conf)
protected void
initializeAuthHandler(String authHandlerClassName, javax.servlet.FilterConfig filterConfig)
-
Methods inherited from class org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
doFilter, getConfiguration, setAuthHandlerClass, setHandlerAuthMethod
-
Methods inherited from class org.apache.hadoop.security.authentication.server.AuthenticationFilter
constructSecretProvider, createAuthCookie, getAuthenticationHandler, getConfiguration, getCookieDomain, getCookiePath, getMaxInactiveInterval, getRequestURL, getToken, getValidity, initializeSecretProvider, isCookiePersistent, isCustomSignerSecretProvider, isRandomSecret, verifyTokenType
-
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig conf) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Overrides:
init
in classorg.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
- Throws:
javax.servlet.ServletException
-
getProxyuserConfiguration
protected org.apache.hadoop.conf.Configuration getProxyuserConfiguration(javax.servlet.FilterConfig filterConf) throws javax.servlet.ServletException
Return the ProxyUser Configuration. FilterConfig properties beginning with "solr.impersonator.user.name" will be added to the configuration.- Overrides:
getProxyuserConfiguration
in classorg.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Overrides:
doFilter
in classorg.apache.hadoop.security.authentication.server.AuthenticationFilter
- Throws:
IOException
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
- Overrides:
destroy
in classorg.apache.hadoop.security.authentication.server.AuthenticationFilter
-
initializeAuthHandler
protected void initializeAuthHandler(String authHandlerClassName, javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
- Overrides:
initializeAuthHandler
in classorg.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter
- Throws:
javax.servlet.ServletException
-
getCuratorClient
protected org.apache.curator.framework.CuratorFramework getCuratorClient(SolrZkClient zkClient) throws InterruptedException, org.apache.zookeeper.KeeperException
- Throws:
InterruptedException
org.apache.zookeeper.KeeperException
-
-