コード例 #1
0
        /// <summary>
        /// Authenticates a request looking for the <code>delegation</code>
        /// query-string parameter and verifying it is a valid token.
        /// </summary>
        /// <remarks>
        /// Authenticates a request looking for the <code>delegation</code>
        /// query-string parameter and verifying it is a valid token. If there is not
        /// <code>delegation</code> query-string parameter, it delegates the
        /// authentication to the
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler
        ///     "/>
        /// unless it is
        /// disabled.
        /// </remarks>
        /// <param name="request">the HTTP client request.</param>
        /// <param name="response">the HTTP client response.</param>
        /// <returns>the authentication token for the authenticated request.</returns>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     ">thrown if the authentication failed.</exception>
        public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                         response)
        {
            AuthenticationToken token;
            string delegationParam = GetDelegationToken(request);

            if (delegationParam != null)
            {
                try
                {
                    Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new
                                                                                                    Org.Apache.Hadoop.Security.Token.Token();
                    dt.DecodeFromUrlString(delegationParam);
                    UserGroupInformation ugi = tokenManager.VerifyToken(dt);
                    string shortName         = ugi.GetShortUserName();
                    // creating a ephemeral token
                    token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType());
                    token.SetExpires(0);
                    request.SetAttribute(DelegationTokenUgiAttribute, ugi);
                }
                catch (Exception ex)
                {
                    token = null;
                    HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
                                                                      , new AuthenticationException(ex));
                }
            }
            else
            {
                token = authHandler.Authenticate(request, response);
            }
            return(token);
        }