/// <summary> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. /// </summary> /// <remarks> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. If there is not /// <code>delegation</code> query-string parameter, it delegates the /// authentication to the /// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler /// "/> /// unless it is /// disabled. /// </remarks> /// <param name="request">the HTTP client request.</param> /// <param name="response">the HTTP client response.</param> /// <returns>the authentication token for the authenticated request.</returns> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">thrown if the authentication failed.</exception> public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse response) { AuthenticationToken token; string delegationParam = GetDelegationToken(request); if (delegationParam != null) { try { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); dt.DecodeFromUrlString(delegationParam); UserGroupInformation ugi = tokenManager.VerifyToken(dt); string shortName = ugi.GetShortUserName(); // creating a ephemeral token token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType()); token.SetExpires(0); request.SetAttribute(DelegationTokenUgiAttribute, ugi); } catch (Exception ex) { token = null; HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , new AuthenticationException(ex)); } } else { token = authHandler.Authenticate(request, response); } return(token); }