| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc (1.8.0_292) on Tue Jun 15 06:01:17 GMT 2021 --> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <title>JWTRedirectAuthenticationHandler (Apache Hadoop Auth 3.3.1 API)</title> |
| <meta name="date" content="2021-06-15"> |
| <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="JWTRedirectAuthenticationHandler (Apache Hadoop Auth 3.3.1 API)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/JWTRedirectAuthenticationHandler.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/HttpConstants.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" target="_top">Frames</a></li> |
| <li><a href="JWTRedirectAuthenticationHandler.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li><a href="#field.detail">Field</a> | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.hadoop.security.authentication.server</div> |
| <h2 title="Class JWTRedirectAuthenticationHandler" class="title">Class JWTRedirectAuthenticationHandler</h2> |
| </div> |
| <div class="contentContainer"> |
| <ul class="inheritance"> |
| <li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Implemented Interfaces:</dt> |
| <dd><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public class <span class="typeNameLabel">JWTRedirectAuthenticationHandler</span> |
| extends <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></pre> |
| <div class="block">The <a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><code>JWTRedirectAuthenticationHandler</code></a> extends |
| AltKerberosAuthenticationHandler to add WebSSO behavior for UIs. The expected |
| SSO token is a JsonWebToken (JWT). The supported algorithm is RS256 which |
| uses PKI between the token issuer and consumer. The flow requires a redirect |
| to a configured authentication server URL and a subsequent request with the |
| expected JWT token. This token is cryptographically verified and validated. |
| The user identity is then extracted from the token and used to create an |
| AuthenticationToken - as expected by the AuthenticationFilter. |
| |
| <p> |
| The supported configuration properties are: |
| </p> |
| <ul> |
| <li>authentication.provider.url: the full URL to the authentication server. |
| This is the URL that the handler will redirect the browser to in order to |
| authenticate the user. It does not have a default value.</li> |
| <li>public.key.pem: This is the PEM formatted public key of the issuer of the |
| JWT token. It is required for verifying that the issuer is a trusted party. |
| DO NOT include the PEM header and footer portions of the PEM encoded |
| certificate. It does not have a default value.</li> |
| <li>expected.jwt.audiences: This is a list of strings that identify |
| acceptable audiences for the JWT token. The audience is a way for the issuer |
| to indicate what entity/s that the token is intended for. Default value is |
| null which indicates that all audiences will be accepted.</li> |
| <li>jwt.cookie.name: the name of the cookie that contains the JWT token. |
| Default value is "hadoop-jwt".</li> |
| </ul></div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== FIELD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field.summary"> |
| <!-- --> |
| </a> |
| <h3>Field Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation"> |
| <caption><span>Fields</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Field and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#AUTHENTICATION_PROVIDER_URL">AUTHENTICATION_PROVIDER_URL</a></span></code> </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#EXPECTED_JWT_AUDIENCES">EXPECTED_JWT_AUDIENCES</a></span></code> </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#JWT_COOKIE_NAME">JWT_COOKIE_NAME</a></span></code> </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#PUBLIC_KEY_PEM">PUBLIC_KEY_PEM</a></span></code> </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler"> |
| <!-- --> |
| </a> |
| <h3>Fields inherited from class org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></h3> |
| <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#NON_BROWSER_USER_AGENTS">NON_BROWSER_USER_AGENTS</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#TYPE">TYPE</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler"> |
| <!-- --> |
| </a> |
| <h3>Fields inherited from class org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">KerberosAuthenticationHandler</a></h3> |
| <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#KEYTAB">KEYTAB</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#NAME_RULES">NAME_RULES</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#PRINCIPAL">PRINCIPAL</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#RULE_MECHANISM">RULE_MECHANISM</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.AuthenticationHandler"> |
| <!-- --> |
| </a> |
| <h3>Fields inherited from interface org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></h3> |
| <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html#WWW_AUTHENTICATE">WWW_AUTHENTICATE</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ======== CONSTRUCTOR SUMMARY ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.summary"> |
| <!-- --> |
| </a> |
| <h3>Constructor Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation"> |
| <caption><span>Constructors</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colOne" scope="col">Constructor and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#JWTRedirectAuthenticationHandler--">JWTRedirectAuthenticationHandler</a></span>()</code> </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationToken.html" title="class in org.apache.hadoop.security.authentication.server">AuthenticationToken</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">alternateAuthenticate</a></span>(javax.servlet.http.HttpServletRequest request, |
| javax.servlet.http.HttpServletResponse response)</code> |
| <div class="block">Subclasses should implement this method to provide the custom |
| authentication to be used for browsers.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#getJWTFromCookie-javax.servlet.http.HttpServletRequest-">getJWTFromCookie</a></span>(javax.servlet.http.HttpServletRequest req)</code> |
| <div class="block">Encapsulate the acquisition of the JWT token from HTTP cookies within the |
| request.</div> |
| </td> |
| </tr> |
| <tr id="i2" class="altColor"> |
| <td class="colFirst"><code>void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#init-java.util.Properties-">init</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> config)</code> |
| <div class="block">Initializes the authentication handler instance.</div> |
| </td> |
| </tr> |
| <tr id="i3" class="rowColor"> |
| <td class="colFirst"><code>void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#setPublicKey-java.security.interfaces.RSAPublicKey-">setPublicKey</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/security/interfaces/RSAPublicKey.html?is-external=true" title="class or interface in java.security.interfaces">RSAPublicKey</a> pk)</code> |
| <div class="block">Primarily for testing, this provides a way to set the publicKey for |
| signature verification without needing to get a PEM encoded value.</div> |
| </td> |
| </tr> |
| <tr id="i4" class="altColor"> |
| <td class="colFirst"><code>protected boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateAudiences-com.nimbusds.jwt.SignedJWT-">validateAudiences</a></span>(com.nimbusds.jwt.SignedJWT jwtToken)</code> |
| <div class="block">Validate whether any of the accepted audience claims is present in the |
| issued token claims list for audience.</div> |
| </td> |
| </tr> |
| <tr id="i5" class="rowColor"> |
| <td class="colFirst"><code>protected boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateExpiration-com.nimbusds.jwt.SignedJWT-">validateExpiration</a></span>(com.nimbusds.jwt.SignedJWT jwtToken)</code> |
| <div class="block">Validate that the expiration time of the JWT token has not been violated.</div> |
| </td> |
| </tr> |
| <tr id="i6" class="altColor"> |
| <td class="colFirst"><code>protected boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateSignature-com.nimbusds.jwt.SignedJWT-">validateSignature</a></span>(com.nimbusds.jwt.SignedJWT jwtToken)</code> |
| <div class="block">Verify the signature of the JWT token in this method.</div> |
| </td> |
| </tr> |
| <tr id="i7" class="rowColor"> |
| <td class="colFirst"><code>protected boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateToken-com.nimbusds.jwt.SignedJWT-">validateToken</a></span>(com.nimbusds.jwt.SignedJWT jwtToken)</code> |
| <div class="block">This method provides a single method for validating the JWT for use in |
| request processing.</div> |
| </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></h3> |
| <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#authenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">authenticate</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#getType--">getType</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#isBrowser-java.lang.String-">isBrowser</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">KerberosAuthenticationHandler</a></h3> |
| <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#destroy--">destroy</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#getKeytab--">getKeytab</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#getPrincipals--">getPrincipals</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#managementOperation-org.apache.hadoop.security.authentication.server.AuthenticationToken-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">managementOperation</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.java.lang.Object"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3> |
| <code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ FIELD DETAIL =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field.detail"> |
| <!-- --> |
| </a> |
| <h3>Field Detail</h3> |
| <a name="AUTHENTICATION_PROVIDER_URL"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>AUTHENTICATION_PROVIDER_URL</h4> |
| <pre>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> AUTHENTICATION_PROVIDER_URL</pre> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.AUTHENTICATION_PROVIDER_URL">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="PUBLIC_KEY_PEM"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>PUBLIC_KEY_PEM</h4> |
| <pre>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> PUBLIC_KEY_PEM</pre> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.PUBLIC_KEY_PEM">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="EXPECTED_JWT_AUDIENCES"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>EXPECTED_JWT_AUDIENCES</h4> |
| <pre>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> EXPECTED_JWT_AUDIENCES</pre> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.EXPECTED_JWT_AUDIENCES">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="JWT_COOKIE_NAME"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>JWT_COOKIE_NAME</h4> |
| <pre>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> JWT_COOKIE_NAME</pre> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.JWT_COOKIE_NAME">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ========= CONSTRUCTOR DETAIL ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.detail"> |
| <!-- --> |
| </a> |
| <h3>Constructor Detail</h3> |
| <a name="JWTRedirectAuthenticationHandler--"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>JWTRedirectAuthenticationHandler</h4> |
| <pre>public JWTRedirectAuthenticationHandler()</pre> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="setPublicKey-java.security.interfaces.RSAPublicKey-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>setPublicKey</h4> |
| <pre>public void setPublicKey(<a href="https://docs.oracle.com/javase/8/docs/api/java/security/interfaces/RSAPublicKey.html?is-external=true" title="class or interface in java.security.interfaces">RSAPublicKey</a> pk)</pre> |
| <div class="block">Primarily for testing, this provides a way to set the publicKey for |
| signature verification without needing to get a PEM encoded value.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>pk</code> - publicKey for the token signtature verification</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="init-java.util.Properties-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>init</h4> |
| <pre>public void init(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> config) |
| throws javax.servlet.ServletException</pre> |
| <div class="block">Initializes the authentication handler instance. |
| <p> |
| This method is invoked by the <a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationFilter.html#init-javax.servlet.FilterConfig-"><code>AuthenticationFilter.init(javax.servlet.FilterConfig)</code></a> method. |
| </p></div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html#init-java.util.Properties-">init</a></code> in interface <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></code></dd> |
| <dt><span class="overrideSpecifyLabel">Overrides:</span></dt> |
| <dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#init-java.util.Properties-">init</a></code> in class <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>config</code> - configuration properties to initialize the handler.</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code>javax.servlet.ServletException</code> - thrown if the handler could not be initialized.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>alternateAuthenticate</h4> |
| <pre>public <a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationToken.html" title="class in org.apache.hadoop.security.authentication.server">AuthenticationToken</a> alternateAuthenticate(javax.servlet.http.HttpServletRequest request, |
| javax.servlet.http.HttpServletResponse response) |
| throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a>, |
| <a href="../../../../../../org/apache/hadoop/security/authentication/client/AuthenticationException.html" title="class in org.apache.hadoop.security.authentication.client">AuthenticationException</a></pre> |
| <div class="block"><span class="descfrmTypeLabel">Description copied from class: <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">AltKerberosAuthenticationHandler</a></code></span></div> |
| <div class="block">Subclasses should implement this method to provide the custom |
| authentication to be used for browsers.</div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">alternateAuthenticate</a></code> in class <code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>request</code> - the HTTP client request.</dd> |
| <dd><code>response</code> - the HTTP client response.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>an authentication token if the request is authorized, or null</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></code> - thrown if an IO error occurs</dd> |
| <dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/client/AuthenticationException.html" title="class in org.apache.hadoop.security.authentication.client">AuthenticationException</a></code> - thrown if an authentication error occurs</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="getJWTFromCookie-javax.servlet.http.HttpServletRequest-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getJWTFromCookie</h4> |
| <pre>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> getJWTFromCookie(javax.servlet.http.HttpServletRequest req)</pre> |
| <div class="block">Encapsulate the acquisition of the JWT token from HTTP cookies within the |
| request.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>req</code> - servlet request to get the JWT token from</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>serialized JWT token</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="validateToken-com.nimbusds.jwt.SignedJWT-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>validateToken</h4> |
| <pre>protected boolean validateToken(com.nimbusds.jwt.SignedJWT jwtToken)</pre> |
| <div class="block">This method provides a single method for validating the JWT for use in |
| request processing. It provides for the override of specific aspects of |
| this implementation through submethods used within but also allows for the |
| override of the entire token validation algorithm.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>jwtToken</code> - the token to validate</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if valid</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="validateSignature-com.nimbusds.jwt.SignedJWT-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>validateSignature</h4> |
| <pre>protected boolean validateSignature(com.nimbusds.jwt.SignedJWT jwtToken)</pre> |
| <div class="block">Verify the signature of the JWT token in this method. This method depends |
| on the public key that was established during init based upon the |
| provisioned public key. Override this method in subclasses in order to |
| customize the signature verification behavior.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>jwtToken</code> - the token that contains the signature to be validated</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>valid true if signature verifies successfully; false otherwise</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="validateAudiences-com.nimbusds.jwt.SignedJWT-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>validateAudiences</h4> |
| <pre>protected boolean validateAudiences(com.nimbusds.jwt.SignedJWT jwtToken)</pre> |
| <div class="block">Validate whether any of the accepted audience claims is present in the |
| issued token claims list for audience. Override this method in subclasses |
| in order to customize the audience validation behavior.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>jwtToken</code> - the JWT token where the allowed audiences will be found</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if an expected audience is present, otherwise false</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="validateExpiration-com.nimbusds.jwt.SignedJWT-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>validateExpiration</h4> |
| <pre>protected boolean validateExpiration(com.nimbusds.jwt.SignedJWT jwtToken)</pre> |
| <div class="block">Validate that the expiration time of the JWT token has not been violated. |
| If it has then throw an AuthenticationException. Override this method in |
| subclasses in order to customize the expiration validation behavior.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>jwtToken</code> - the token that contains the expiration date to validate</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>valid true if the token has not expired; false otherwise</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/JWTRedirectAuthenticationHandler.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/HttpConstants.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" target="_top">Frames</a></li> |
| <li><a href="JWTRedirectAuthenticationHandler.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li><a href="#field.detail">Field</a> | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| <p class="legalCopy"><small>Copyright © 2008–2021 <a href="https://www.apache.org">Apache Software Foundation</a>. All rights reserved.</small></p> |
| </body> |
| </html> |