Google Git
Sign in
apache / hadoop-site / 952d547359cafef280f0a0324055741b2ed55be1 / . / content / docs / r3.3.1 / hadoop-auth / apidocs / org / apache / hadoop / security / authentication / server / JWTRedirectAuthenticationHandler.html
blob: 779b54cd2022f896e9ba0327261731c84925d7f0 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (1.8.0_292) on Tue Jun 15 06:01:17 GMT 2021 -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JWTRedirectAuthenticationHandler (Apache Hadoop Auth 3.3.1 API)</title>
<meta name="date" content="2021-06-15">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="JWTRedirectAuthenticationHandler (Apache Hadoop Auth 3.3.1 API)";
}
}
catch(err) {
}
//-->
var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/JWTRedirectAuthenticationHandler.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/HttpConstants.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../../../index.html?org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" target="_top">Frames</a></li>
<li><a href="JWTRedirectAuthenticationHandler.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">org.apache.hadoop.security.authentication.server</div>
<h2 title="Class JWTRedirectAuthenticationHandler" class="title">Class JWTRedirectAuthenticationHandler</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler</a></li>
<li>
<ul class="inheritance">
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler</a></li>
<li>
<ul class="inheritance">
<li>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></dd>
</dl>
<hr>
<br>
<pre>public class <span class="typeNameLabel">JWTRedirectAuthenticationHandler</span>
extends <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></pre>
<div class="block">The <a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><code>JWTRedirectAuthenticationHandler</code></a> extends
AltKerberosAuthenticationHandler to add WebSSO behavior for UIs. The expected
SSO token is a JsonWebToken (JWT). The supported algorithm is RS256 which
uses PKI between the token issuer and consumer. The flow requires a redirect
to a configured authentication server URL and a subsequent request with the
expected JWT token. This token is cryptographically verified and validated.
The user identity is then extracted from the token and used to create an
AuthenticationToken - as expected by the AuthenticationFilter.
<p>
The supported configuration properties are:
</p>
<ul>
<li>authentication.provider.url: the full URL to the authentication server.
This is the URL that the handler will redirect the browser to in order to
authenticate the user. It does not have a default value.</li>
<li>public.key.pem: This is the PEM formatted public key of the issuer of the
JWT token. It is required for verifying that the issuer is a trusted party.
DO NOT include the PEM header and footer portions of the PEM encoded
certificate. It does not have a default value.</li>
<li>expected.jwt.audiences: This is a list of strings that identify
acceptable audiences for the JWT token. The audience is a way for the issuer
to indicate what entity/s that the token is intended for. Default value is
null which indicates that all audiences will be accepted.</li>
<li>jwt.cookie.name: the name of the cookie that contains the JWT token.
Default value is "hadoop-jwt".</li>
</ul></div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Field and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#AUTHENTICATION_PROVIDER_URL">AUTHENTICATION_PROVIDER_URL</a></span></code>&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#EXPECTED_JWT_AUDIENCES">EXPECTED_JWT_AUDIENCES</a></span></code>&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#JWT_COOKIE_NAME">JWT_COOKIE_NAME</a></span></code>&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#PUBLIC_KEY_PEM">PUBLIC_KEY_PEM</a></span></code>&nbsp;</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></h3>
<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#NON_BROWSER_USER_AGENTS">NON_BROWSER_USER_AGENTS</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#TYPE">TYPE</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">KerberosAuthenticationHandler</a></h3>
<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#KEYTAB">KEYTAB</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#NAME_RULES">NAME_RULES</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#PRINCIPAL">PRINCIPAL</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#RULE_MECHANISM">RULE_MECHANISM</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="fields.inherited.from.class.org.apache.hadoop.security.authentication.server.AuthenticationHandler">
<!-- -->
</a>
<h3>Fields inherited from interface&nbsp;org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></h3>
<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html#WWW_AUTHENTICATE">WWW_AUTHENTICATE</a></code></li>
</ul>
</li>
</ul>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#JWTRedirectAuthenticationHandler--">JWTRedirectAuthenticationHandler</a></span>()</code>&nbsp;</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationToken.html" title="class in org.apache.hadoop.security.authentication.server">AuthenticationToken</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">alternateAuthenticate</a></span>(javax.servlet.http.HttpServletRequest&nbsp;request,
javax.servlet.http.HttpServletResponse&nbsp;response)</code>
<div class="block">Subclasses should implement this method to provide the custom
authentication to be used for browsers.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#getJWTFromCookie-javax.servlet.http.HttpServletRequest-">getJWTFromCookie</a></span>(javax.servlet.http.HttpServletRequest&nbsp;req)</code>
<div class="block">Encapsulate the acquisition of the JWT token from HTTP cookies within the
request.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#init-java.util.Properties-">init</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a>&nbsp;config)</code>
<div class="block">Initializes the authentication handler instance.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#setPublicKey-java.security.interfaces.RSAPublicKey-">setPublicKey</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/security/interfaces/RSAPublicKey.html?is-external=true" title="class or interface in java.security.interfaces">RSAPublicKey</a>&nbsp;pk)</code>
<div class="block">Primarily for testing, this provides a way to set the publicKey for
signature verification without needing to get a PEM encoded value.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateAudiences-com.nimbusds.jwt.SignedJWT-">validateAudiences</a></span>(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</code>
<div class="block">Validate whether any of the accepted audience claims is present in the
issued token claims list for audience.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>protected boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateExpiration-com.nimbusds.jwt.SignedJWT-">validateExpiration</a></span>(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</code>
<div class="block">Validate that the expiration time of the JWT token has not been violated.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateSignature-com.nimbusds.jwt.SignedJWT-">validateSignature</a></span>(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</code>
<div class="block">Verify the signature of the JWT token in this method.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>protected boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html#validateToken-com.nimbusds.jwt.SignedJWT-">validateToken</a></span>(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</code>
<div class="block">This method provides a single method for validating the JWT for use in
request processing.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></h3>
<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#authenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">authenticate</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#getType--">getType</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#isBrowser-java.lang.String-">isBrowser</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.hadoop.security.authentication.server.<a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">KerberosAuthenticationHandler</a></h3>
<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#destroy--">destroy</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#getKeytab--">getKeytab</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#getPrincipals--">getPrincipals</a>, <a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html#managementOperation-org.apache.hadoop.security.authentication.server.AuthenticationToken-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">managementOperation</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.detail">
<!-- -->
</a>
<h3>Field Detail</h3>
<a name="AUTHENTICATION_PROVIDER_URL">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>AUTHENTICATION_PROVIDER_URL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> AUTHENTICATION_PROVIDER_URL</pre>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.AUTHENTICATION_PROVIDER_URL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="PUBLIC_KEY_PEM">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>PUBLIC_KEY_PEM</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> PUBLIC_KEY_PEM</pre>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.PUBLIC_KEY_PEM">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="EXPECTED_JWT_AUDIENCES">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>EXPECTED_JWT_AUDIENCES</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> EXPECTED_JWT_AUDIENCES</pre>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.EXPECTED_JWT_AUDIENCES">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="JWT_COOKIE_NAME">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>JWT_COOKIE_NAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> JWT_COOKIE_NAME</pre>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler.JWT_COOKIE_NAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
</li>
</ul>
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="JWTRedirectAuthenticationHandler--">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>JWTRedirectAuthenticationHandler</h4>
<pre>public&nbsp;JWTRedirectAuthenticationHandler()</pre>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="setPublicKey-java.security.interfaces.RSAPublicKey-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setPublicKey</h4>
<pre>public&nbsp;void&nbsp;setPublicKey(<a href="https://docs.oracle.com/javase/8/docs/api/java/security/interfaces/RSAPublicKey.html?is-external=true" title="class or interface in java.security.interfaces">RSAPublicKey</a>&nbsp;pk)</pre>
<div class="block">Primarily for testing, this provides a way to set the publicKey for
signature verification without needing to get a PEM encoded value.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>pk</code> - publicKey for the token signtature verification</dd>
</dl>
</li>
</ul>
<a name="init-java.util.Properties-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>init</h4>
<pre>public&nbsp;void&nbsp;init(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a>&nbsp;config)
throws javax.servlet.ServletException</pre>
<div class="block">Initializes the authentication handler instance.
<p>
This method is invoked by the <a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationFilter.html#init-javax.servlet.FilterConfig-"><code>AuthenticationFilter.init(javax.servlet.FilterConfig)</code></a> method.
</p></div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html#init-java.util.Properties-">init</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationHandler.html" title="interface in org.apache.hadoop.security.authentication.server">AuthenticationHandler</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#init-java.util.Properties-">init</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>config</code> - configuration properties to initialize the handler.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>javax.servlet.ServletException</code> - thrown if the handler could not be initialized.</dd>
</dl>
</li>
</ul>
<a name="alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>alternateAuthenticate</h4>
<pre>public&nbsp;<a href="../../../../../../org/apache/hadoop/security/authentication/server/AuthenticationToken.html" title="class in org.apache.hadoop.security.authentication.server">AuthenticationToken</a>&nbsp;alternateAuthenticate(javax.servlet.http.HttpServletRequest&nbsp;request,
javax.servlet.http.HttpServletResponse&nbsp;response)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a>,
<a href="../../../../../../org/apache/hadoop/security/authentication/client/AuthenticationException.html" title="class in org.apache.hadoop.security.authentication.client">AuthenticationException</a></pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from class:&nbsp;<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">AltKerberosAuthenticationHandler</a></code></span></div>
<div class="block">Subclasses should implement this method to provide the custom
authentication to be used for browsers.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html#alternateAuthenticate-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-">alternateAuthenticate</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../org/apache/hadoop/security/authentication/server/AltKerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server">AltKerberosAuthenticationHandler</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - the HTTP client request.</dd>
<dd><code>response</code> - the HTTP client response.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>an authentication token if the request is authorized, or null</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></code> - thrown if an IO error occurs</dd>
<dd><code><a href="../../../../../../org/apache/hadoop/security/authentication/client/AuthenticationException.html" title="class in org.apache.hadoop.security.authentication.client">AuthenticationException</a></code> - thrown if an authentication error occurs</dd>
</dl>
</li>
</ul>
<a name="getJWTFromCookie-javax.servlet.http.HttpServletRequest-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getJWTFromCookie</h4>
<pre>protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;getJWTFromCookie(javax.servlet.http.HttpServletRequest&nbsp;req)</pre>
<div class="block">Encapsulate the acquisition of the JWT token from HTTP cookies within the
request.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>req</code> - servlet request to get the JWT token from</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>serialized JWT token</dd>
</dl>
</li>
</ul>
<a name="validateToken-com.nimbusds.jwt.SignedJWT-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>validateToken</h4>
<pre>protected&nbsp;boolean&nbsp;validateToken(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</pre>
<div class="block">This method provides a single method for validating the JWT for use in
request processing. It provides for the override of specific aspects of
this implementation through submethods used within but also allows for the
override of the entire token validation algorithm.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>jwtToken</code> - the token to validate</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if valid</dd>
</dl>
</li>
</ul>
<a name="validateSignature-com.nimbusds.jwt.SignedJWT-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>validateSignature</h4>
<pre>protected&nbsp;boolean&nbsp;validateSignature(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</pre>
<div class="block">Verify the signature of the JWT token in this method. This method depends
on the public key that was established during init based upon the
provisioned public key. Override this method in subclasses in order to
customize the signature verification behavior.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>jwtToken</code> - the token that contains the signature to be validated</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>valid true if signature verifies successfully; false otherwise</dd>
</dl>
</li>
</ul>
<a name="validateAudiences-com.nimbusds.jwt.SignedJWT-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>validateAudiences</h4>
<pre>protected&nbsp;boolean&nbsp;validateAudiences(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</pre>
<div class="block">Validate whether any of the accepted audience claims is present in the
issued token claims list for audience. Override this method in subclasses
in order to customize the audience validation behavior.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>jwtToken</code> - the JWT token where the allowed audiences will be found</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if an expected audience is present, otherwise false</dd>
</dl>
</li>
</ul>
<a name="validateExpiration-com.nimbusds.jwt.SignedJWT-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>validateExpiration</h4>
<pre>protected&nbsp;boolean&nbsp;validateExpiration(com.nimbusds.jwt.SignedJWT&nbsp;jwtToken)</pre>
<div class="block">Validate that the expiration time of the JWT token has not been violated.
If it has then throw an AuthenticationException. Override this method in
subclasses in order to customize the expiration validation behavior.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>jwtToken</code> - the token that contains the expiration date to validate</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>valid true if the token has not expired; false otherwise</dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/JWTRedirectAuthenticationHandler.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/HttpConstants.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../../../../org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.html" title="class in org.apache.hadoop.security.authentication.server"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../../../index.html?org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.html" target="_top">Frames</a></li>
<li><a href="JWTRedirectAuthenticationHandler.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<p class="legalCopy"><small>Copyright &#169; 2008&#x2013;2021 <a href="https://www.apache.org">Apache Software Foundation</a>. All rights reserved.</small></p>
</body>
</html>