io.druid.security.basic.authentication

Class BasicHTTPAuthenticator

java.lang.Object

io.druid.security.basic.authentication.BasicHTTPAuthenticator

All Implemented Interfaces:

ServletFilterHolder, Authenticator

public class BasicHTTPAuthenticator
extends Object
implements Authenticator

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	BasicHTTPAuthenticator.BasicHTTPAuthenticationFilter

Constructor Summary

Constructors

Constructor and Description
BasicHTTPAuthenticator(com.google.inject.Provider<BasicAuthenticatorCacheManager> cacheManager, String name, String authorizerName, String initialAdminPassword, String initialInternalClientPassword, Boolean enableCacheNotifications, Long cacheNotificationTimeout, Integer credentialIterations)

Method Summary

Modifier and Type	Method and Description
AuthenticationResult	authenticateJDBCContext(Map<String,Object> context) Given a JDBC connection context, authenticate the identity represented by the information in the context.
String	getAuthChallengeHeader() Return a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.
BasicAuthDBConfig	getDbConfig()
EnumSet<javax.servlet.DispatcherType>	getDispatcherType() The dispatcher type that this Filter should apply to
javax.servlet.Filter	getFilter() Create a Filter that performs authentication checks on incoming HTTP requests.
Class<? extends javax.servlet.Filter>	getFilterClass() Get the class of the Filter object that should be added to the servlet.
Map<String,String>	getInitParameters() Get Filter initialization parameters.
String	getPath() The path that this Filter should apply to

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicHTTPAuthenticator

public BasicHTTPAuthenticator(com.google.inject.Provider<BasicAuthenticatorCacheManager> cacheManager,
                              String name,
                              String authorizerName,
                              String initialAdminPassword,
                              String initialInternalClientPassword,
                              Boolean enableCacheNotifications,
                              Long cacheNotificationTimeout,
                              Integer credentialIterations)

Method Detail

getFilter

public javax.servlet.Filter getFilter()

Description copied from interface: Authenticator

Create a Filter that performs authentication checks on incoming HTTP requests.

If the authentication succeeds, the Filter should set the "Druid-Authentication-Result" attribute in the request, containing an AuthenticationResult that represents the authenticated identity of the requester, along with the name of the Authorizer instance that should authorize the request. An Authenticator may choose to add a Map context to the authentication result, containing additional information to be used by the Authorizer. The contents of this map are left for Authenticator/Authorizer implementors to decide.

If the "Druid-Authentication-Result" attribute is already set (i.e., request has been authenticated by an earlier Filter), this Filter should skip any authentication checks and proceed to the next Filter.

If a filter cannot recognize a request's format (e.g., the request does not have credentials compatible with a filter's authentication scheme), the filter should not send an error response, allowing other filters to handle the request. A challenge response will be sent if the filter chain is exhausted.

If the authentication fails (i.e., a filter recognized the authentication scheme of a request, but the credentials failed to authenticate successfully) the Filter should send an error response, without needing to proceed to other filters in the chain..

Specified by:

getFilter in interface ServletFilterHolder

Specified by:

getFilter in interface Authenticator

Returns:

Filter that authenticates HTTP requests

getAuthChallengeHeader

public String getAuthChallengeHeader()

Description copied from interface: Authenticator

Return a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.

For example, a Basic HTTP implementation should return "Basic", while a Kerberos implementation would return "Negotiate". If this method returns null, no authentication scheme will be added for that Authenticator implementation.

Specified by:

getAuthChallengeHeader in interface Authenticator

Returns:

Authentication scheme

authenticateJDBCContext

@Nullable
public AuthenticationResult authenticateJDBCContext(Map<String,Object> context)

Description copied from interface: Authenticator

Given a JDBC connection context, authenticate the identity represented by the information in the context. This is used to secure JDBC access for Druid SQL.

For example, a Basic HTTP auth implementation could read the "user" and "password" fields from the JDBC context.

The expected contents of the context are left to the implementation.

Specified by:

authenticateJDBCContext in interface Authenticator

Parameters:

context - JDBC connection context

Returns:

AuthenticationResult of the identity represented by the context is successfully authenticated, null if authentication failed

getFilterClass

public Class<? extends javax.servlet.Filter> getFilterClass()

Description copied from interface: ServletFilterHolder

Get the class of the Filter object that should be added to the servlet. This method is considered "mutually exclusive" from the getFilter method. That is, one of them should return null and the other should return an actual value.

Specified by:

getFilterClass in interface ServletFilterHolder

Returns:

The class of the Filter object to be added to the servlet

getInitParameters

public Map<String,String> getInitParameters()

Description copied from interface: ServletFilterHolder

Get Filter initialization parameters.

Specified by:

getInitParameters in interface ServletFilterHolder

Returns:

a map containing all the Filter initialization parameters

getPath

public String getPath()

Description copied from interface: ServletFilterHolder

The path that this Filter should apply to

Specified by:

getPath in interface ServletFilterHolder

Returns:

the path that this Filter should apply to

getDispatcherType

public EnumSet<javax.servlet.DispatcherType> getDispatcherType()

Description copied from interface: ServletFilterHolder

The dispatcher type that this Filter should apply to

Specified by:

getDispatcherType in interface ServletFilterHolder

Returns:

the enumeration of DispatcherTypes that this Filter should apply to

getDbConfig

public BasicAuthDBConfig getDbConfig()