/// <summary>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token.
/// </summary>
/// <remarks>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token. If there is not
/// <code>delegation</code> query-string parameter, it delegates the
/// authentication to the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler
/// "/>
/// unless it is
/// disabled.
/// </remarks>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>the authentication token for the authenticated request.</returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if the authentication failed.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token;
string delegationParam = GetDelegationToken(request);
if (delegationParam != null)
{
try
{
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new
Org.Apache.Hadoop.Security.Token.Token();
dt.DecodeFromUrlString(delegationParam);
UserGroupInformation ugi = tokenManager.VerifyToken(dt);
string shortName = ugi.GetShortUserName();
// creating a ephemeral token
token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType());
token.SetExpires(0);
request.SetAttribute(DelegationTokenUgiAttribute, ugi);
}
catch (Exception ex)
{
token = null;
HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
, new AuthenticationException(ex));
}
}
else
{
token = authHandler.Authenticate(request, response);
}
return(token);
}