KerberosAuthenticator (io.druid:druid 0.12.0 API)

java.lang.Object
- io.druid.security.kerberos.KerberosAuthenticator

All Implemented Interfaces:: ServletFilterHolder, Authenticator

public class KerberosAuthenticator
extends Object
implements Authenticator

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class KerberosAuthenticator.DruidKerberosConfiguration
Kerberos context configuration for the JDK GSS library.

Nested Classes
Modifier and Type	Class and Description
`static class`	`KerberosAuthenticator.DruidKerberosConfiguration` Kerberos context configuration for the JDK GSS library.

Field Summary

Fields
Modifier and Type Field and Description

static List<String> DEFAULT_EXCLUDED_PATHS

Fields
Modifier and Type	Field and Description
`static List<String>`	`DEFAULT_EXCLUDED_PATHS`

Constructor Summary

Constructors
Constructor and Description
`KerberosAuthenticator(String serverPrincipal, String serverKeytab, String internalClientPrincipal, String internalClientKeytab, String authToLocal, List<String> excludedPaths, String cookieSignatureSecret, String authorizerName, DruidNode node)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`AuthenticationResult`	`authenticateJDBCContext(Map<String,Object> context)` Given a JDBC connection context, authenticate the identity represented by the information in the context.
`String`	`getAuthChallengeHeader()` Return a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.
`EnumSet<javax.servlet.DispatcherType>`	`getDispatcherType()` The dispatcher type that this Filter should apply to
`javax.servlet.Filter`	`getFilter()` Create a Filter that performs authentication checks on incoming HTTP requests.
`Class<? extends javax.servlet.Filter>`	`getFilterClass()` Get the class of the Filter object that should be added to the servlet.
`Map<String,String>`	`getInitParameters()` Get Filter initialization parameters.
`String`	`getPath()` The path that this Filter should apply to

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DEFAULT_EXCLUDED_PATHS
```
public static final List<String> DEFAULT_EXCLUDED_PATHS
```
- Constructor Detail
  - KerberosAuthenticator
```
public KerberosAuthenticator(String serverPrincipal,
                             String serverKeytab,
                             String internalClientPrincipal,
                             String internalClientKeytab,
                             String authToLocal,
                             List<String> excludedPaths,
                             String cookieSignatureSecret,
                             String authorizerName,
                             DruidNode node)
```
- Method Detail
  - getFilter
```
public javax.servlet.Filter getFilter()
```
    Description copied from interface: Authenticator
    
    Create a Filter that performs authentication checks on incoming HTTP requests.
    If the authentication succeeds, the Filter should set the "Druid-Authentication-Result" attribute in the request, containing an AuthenticationResult that represents the authenticated identity of the requester, along with the name of the Authorizer instance that should authorize the request. An Authenticator may choose to add a Map context to the authentication result, containing additional information to be used by the Authorizer. The contents of this map are left for Authenticator/Authorizer implementors to decide.
    If the "Druid-Authentication-Result" attribute is already set (i.e., request has been authenticated by an earlier Filter), this Filter should skip any authentication checks and proceed to the next Filter.
    If a filter cannot recognize a request's format (e.g., the request does not have credentials compatible with a filter's authentication scheme), the filter should not send an error response, allowing other filters to handle the request. A challenge response will be sent if the filter chain is exhausted.
    If the authentication fails (i.e., a filter recognized the authentication scheme of a request, but the credentials failed to authenticate successfully) the Filter should send an error response, without needing to proceed to other filters in the chain..
    
    Specified by:
    
    getFilter in interface ServletFilterHolder
    
    Specified by:
    
    getFilter in interface Authenticator
    
    Returns:
    
    Filter that authenticates HTTP requests
  - getFilterClass
```
public Class<? extends javax.servlet.Filter> getFilterClass()
```
    Description copied from interface: ServletFilterHolder
    
    Get the class of the Filter object that should be added to the servlet. This method is considered "mutually exclusive" from the getFilter method. That is, one of them should return null and the other should return an actual value.
    
    Specified by:
    
    getFilterClass in interface ServletFilterHolder
    
    Returns:
    
    The class of the Filter object to be added to the servlet
  - getInitParameters
```
public Map<String,String> getInitParameters()
```
    Description copied from interface: ServletFilterHolder
    
    Get Filter initialization parameters.
    
    Specified by:
    
    getInitParameters in interface ServletFilterHolder
    
    Returns:
    
    a map containing all the Filter initialization parameters
  - getPath
```
public String getPath()
```
    Description copied from interface: ServletFilterHolder
    
    The path that this Filter should apply to
    
    Specified by:
    
    getPath in interface ServletFilterHolder
    
    Returns:
    
    the path that this Filter should apply to
  - getDispatcherType
```
public EnumSet<javax.servlet.DispatcherType> getDispatcherType()
```
    Description copied from interface: ServletFilterHolder
    
    The dispatcher type that this Filter should apply to
    
    Specified by:
    
    getDispatcherType in interface ServletFilterHolder
    
    Returns:
    
    the enumeration of DispatcherTypes that this Filter should apply to
  - getAuthChallengeHeader
```
public String getAuthChallengeHeader()
```
    Description copied from interface: Authenticator
    
    Return a WWW-Authenticate challenge scheme string appropriate for this Authenticator's authentication mechanism.
    For example, a Basic HTTP implementation should return "Basic", while a Kerberos implementation would return "Negotiate". If this method returns null, no authentication scheme will be added for that Authenticator implementation.
    
    Specified by:
    
    getAuthChallengeHeader in interface Authenticator
    
    Returns:
    
    Authentication scheme
  - authenticateJDBCContext
```
public AuthenticationResult authenticateJDBCContext(Map<String,Object> context)
```
    Description copied from interface: Authenticator
    
    Given a JDBC connection context, authenticate the identity represented by the information in the context. This is used to secure JDBC access for Druid SQL.
    For example, a Basic HTTP auth implementation could read the "user" and "password" fields from the JDBC context.
    The expected contents of the context are left to the implementation.
    
    Specified by:
    
    authenticateJDBCContext in interface Authenticator
    
    Parameters:
    
    context - JDBC connection context
    
    Returns:
    
    AuthenticationResult of the identity represented by the context is successfully authenticated, null if authentication failed

Class KerberosAuthenticator

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_EXCLUDED_PATHS

Constructor Detail

KerberosAuthenticator

Method Detail

getFilter

getFilterClass

getInitParameters

getPath

getDispatcherType

getAuthChallengeHeader

authenticateJDBCContext