HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc comments.

This commit is contained in:
Steve Loughran 2014-12-09 11:15:19 +00:00
parent a7be36384a
commit 2bc3f1064f
18 changed files with 86 additions and 94 deletions

View File

@ -24,19 +24,18 @@ import java.util.Map;
/**
* The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class
* against HTTP endpoints protected with the {@link AuthenticationFilter}.
* <p/>
* <p>
* The authentication mechanisms supported by default are Hadoop Simple authentication
* (also known as pseudo authentication) and Kerberos SPNEGO authentication.
* <p/>
* <p>
* Additional authentication mechanisms can be supported via {@link Authenticator} implementations.
* <p/>
* <p>
* The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports
* automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.
* <p/>
* <p>
* <code>AuthenticatedURL</code> instances are not thread-safe.
* <p/>
* <p>
* The usage pattern of the {@link AuthenticatedURL} is:
* <p/>
* <pre>
*
* // establishing an initial connection
@ -240,7 +239,7 @@ public class AuthenticatedURL {
/**
* Helper method that extracts an authentication token received from a connection.
* <p/>
* <p>
* This method is used by {@link Authenticator} implementations.
*
* @param conn connection to extract the authentication token from.

View File

@ -19,7 +19,7 @@ import java.net.URL;
/**
* Interface for client authentication mechanisms.
* <p/>
* <p>
* Implementations are use-once instances, they don't need to be thread safe.
*/
public interface Authenticator {

View File

@ -43,9 +43,9 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
/**
* The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence.
* <p/>
* <p>
* It uses the default principal for the Kerberos cache (normally set via kinit).
* <p/>
* <p>
* It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication
* sequence.
*/
@ -162,9 +162,9 @@ public class KerberosAuthenticator implements Authenticator {
/**
* Performs SPNEGO authentication against the specified URL.
* <p/>
* <p>
* If a token is given it does a NOP and returns the given token.
* <p/>
* <p>
* If no token is given, it will perform the SPNEGO authentication sequence using an
* HTTP <code>OPTIONS</code> request.
*
@ -211,7 +211,7 @@ public class KerberosAuthenticator implements Authenticator {
/**
* If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used.
* <p/>
* <p>
* This implementation returns a {@link PseudoAuthenticator}.
*
* @return the fallback {@link Authenticator}.

View File

@ -20,7 +20,7 @@ import java.net.URL;
/**
* The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's
* Simple authentication, it trusts the value of the 'user.name' Java System property.
* <p/>
* <p>
* The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name').
*/
public class PseudoAuthenticator implements Authenticator {
@ -47,13 +47,13 @@ public class PseudoAuthenticator implements Authenticator {
/**
* Performs simple authentication against the specified URL.
* <p/>
* <p>
* If a token is given it does a NOP and returns the given token.
* <p/>
* <p>
* If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
* parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()}
* method.
* <p/>
* <p>
* If the response is successful it will update the authentication token.
*
* @param url the URl to authenticate against.
@ -79,7 +79,7 @@ public class PseudoAuthenticator implements Authenticator {
/**
* Returns the current user name.
* <p/>
* <p>
* This implementation returns the value of the Java system property 'user.name'
*
* @return the current user name.

View File

@ -28,7 +28,6 @@ import org.apache.hadoop.security.authentication.client.AuthenticationException;
* to allow a developer to implement their own custom authentication for browser
* access. The alternateAuthenticate method will be called whenever a request
* comes from a browser.
* <p/>
*/
public abstract class AltKerberosAuthenticationHandler
extends KerberosAuthenticationHandler {
@ -52,7 +51,6 @@ public abstract class AltKerberosAuthenticationHandler
/**
* Returns the authentication type of the authentication handler,
* 'alt-kerberos'.
* <p/>
*
* @return the authentication type of the authentication handler,
* 'alt-kerberos'.
@ -80,7 +78,6 @@ public abstract class AltKerberosAuthenticationHandler
* completed successfully (in the case of Java access) and only after the
* custom authentication implemented by the subclass in alternateAuthenticate
* has completed successfully (in the case of browser access).
* <p/>
*
* @param request the HTTP client request.
* @param response the HTTP client response.
@ -109,7 +106,7 @@ public abstract class AltKerberosAuthenticationHandler
* refers to a browser. If its not a browser, then Kerberos authentication
* will be used; if it is a browser, alternateAuthenticate from the subclass
* will be used.
* <p/>
* <p>
* A User-Agent String is considered to be a browser if it does not contain
* any of the values from alt-kerberos.non-browser.user-agents; the default
* behavior is to consider everything a browser unless it contains one of:

View File

@ -44,18 +44,20 @@ import java.text.SimpleDateFormat;
import java.util.*;
/**
* The {@link AuthenticationFilter} enables protecting web application resources with different (pluggable)
* <p>The {@link AuthenticationFilter} enables protecting web application
* resources with different (pluggable)
* authentication mechanisms and signer secret providers.
* <p/>
* </p>
* <p>
* Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO.
* <p/>
* </p>
* Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface.
* <p/>
* <p>
* This filter delegates to the configured authentication handler for authentication and once it obtains an
* {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests
* that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
* and lets the request proceed to the target resource.
* <p/>
* </p>
* The supported configuration properties are:
* <ul>
* <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value
@ -73,18 +75,19 @@ import java.util.*;
* <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li>
* <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li>
* </ul>
* <p/>
* <p>
* The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the
* {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove
* the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
* not start with the prefix will not be passed to the authentication handler initialization.
* <p/>
* </p>
* <p>
* Out of the box it provides 3 signer secret provider implementations:
* "string", "random", and "zookeeper"
* <p/>
* </p>
* Additional signer secret providers are supported via the
* {@link SignerSecretProvider} class.
* <p/>
* <p>
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
* determine the secret to use for signing the cookies. Different
* implementations can have different behaviors. The "string" implementation
@ -94,7 +97,7 @@ import java.util.*;
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
* is like the "random" one, except that it synchronizes the random secret
* and rollovers between multiple servers; it's meant for HA services.
* <p/>
* </p>
* The relevant configuration properties are:
* <ul>
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
@ -108,10 +111,10 @@ import java.util.*;
* implementations are specified, this value is used as the rollover
* interval.</li>
* </ul>
* <p/>
* <p>
* The "zookeeper" implementation has additional configuration properties that
* must be specified; see {@link ZKSignerSecretProvider} for details.
* <p/>
* </p>
* For subclasses of AuthenticationFilter that want additional control over the
* SignerSecretProvider, they can use the following attribute set in the
* ServletContext:
@ -190,10 +193,9 @@ public class AuthenticationFilter implements Filter {
private String cookiePath;
/**
* Initializes the authentication filter and signer secret provider.
* <p/>
* It instantiates and initializes the specified {@link AuthenticationHandler}.
* <p/>
* <p>Initializes the authentication filter and signer secret provider.</p>
* It instantiates and initializes the specified {@link
* AuthenticationHandler}.
*
* @param filterConfig filter configuration.
*
@ -375,7 +377,7 @@ public class AuthenticationFilter implements Filter {
/**
* Destroys the filter.
* <p/>
* <p>
* It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold.
*/
@Override
@ -393,7 +395,7 @@ public class AuthenticationFilter implements Filter {
* Returns the filtered configuration (only properties starting with the specified prefix). The property keys
* are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the
* {@link AuthenticationHandler}.
* <p/>
* <p>
* This method can be overriden by subclasses to obtain the configuration from other configuration source than
* the web.xml file.
*
@ -419,7 +421,7 @@ public class AuthenticationFilter implements Filter {
/**
* Returns the full URL of the request including the query string.
* <p/>
* <p>
* Used as a convenience method for logging purposes.
*
* @param request the request object.
@ -436,11 +438,11 @@ public class AuthenticationFilter implements Filter {
/**
* Returns the {@link AuthenticationToken} for the request.
* <p/>
* <p>
* It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
* if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
* it.
* <p/>
* <p>
* If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
* to perform user authentication.
*
@ -597,7 +599,7 @@ public class AuthenticationFilter implements Filter {
*
* @param token authentication token for the cookie.
* @param expires UNIX timestamp that indicates the expire date of the
* cookie. It has no effect if its value < 0.
* cookie. It has no effect if its value &lt; 0.
*
* XXX the following code duplicate some logic in Jetty / Servlet API,
* because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6

View File

@ -24,9 +24,7 @@ import java.util.Properties;
/**
* Interface for server authentication mechanisms.
* <p/>
* The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
* <p/>
* Implementations must be thread-safe as one instance is initialized and used for all requests.
*/
public interface AuthenticationHandler {
@ -35,7 +33,6 @@ public interface AuthenticationHandler {
/**
* Returns the authentication type of the authentication handler.
* <p/>
* This should be a name that uniquely identifies the authentication type.
* For example 'simple' or 'kerberos'.
*
@ -45,7 +42,7 @@ public interface AuthenticationHandler {
/**
* Initializes the authentication handler instance.
* <p/>
* <p>
* This method is invoked by the {@link AuthenticationFilter#init} method.
*
* @param config configuration properties to initialize the handler.
@ -56,21 +53,21 @@ public interface AuthenticationHandler {
/**
* Destroys the authentication handler instance.
* <p/>
* <p>
* This method is invoked by the {@link AuthenticationFilter#destroy} method.
*/
public void destroy();
/**
* Performs an authentication management operation.
* <p/>
* <p>
* This is useful for handling operations like get/renew/cancel
* delegation tokens which are being handled as operations of the
* service end-point.
* <p/>
* <p>
* If the method returns <code>TRUE</code> the request will continue normal
* processing, this means the method has not produced any HTTP response.
* <p/>
* <p>
* If the method returns <code>FALSE</code> the request will end, this means
* the method has produced the corresponding HTTP response.
*
@ -91,17 +88,17 @@ public interface AuthenticationHandler {
/**
* Performs an authentication step for the given HTTP client request.
* <p/>
* <p>
* This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
* not yet authenticated.
* <p/>
* <p>
* Depending upon the authentication mechanism being implemented, a particular HTTP client may
* end up making a sequence of invocations before authentication is successfully established (this is
* the case of Kerberos SPNEGO).
* <p/>
* <p>
* This method must return an {@link AuthenticationToken} only if the the HTTP client request has
* been successfully and fully authenticated.
* <p/>
* <p>
* If the HTTP client request has not been completely authenticated, this method must take over
* the corresponding HTTP response and it must return <code>null</code>.
*

View File

@ -29,7 +29,7 @@ import javax.servlet.http.HttpServletRequest;
* The {@link AuthenticationToken} contains information about an authenticated
* HTTP client and doubles as the {@link Principal} to be returned by
* authenticated {@link HttpServletRequest}s
* <p/>
* <p>
* The token can be serialized/deserialized to and from a string as it is sent
* and received in HTTP client responses and requests as a HTTP cookie (this is
* done by the {@link AuthenticationFilter}).
@ -170,7 +170,7 @@ public class AuthenticationToken implements Principal {
/**
* Returns the string representation of the token.
* <p/>
* <p>
* This string representation is parseable by the {@link #parse} method.
*
* @return the string representation of the token.

View File

@ -51,7 +51,7 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
/**
* The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP.
* <p/>
* <p>
* The supported configuration properties are:
* <ul>
* <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO
@ -168,9 +168,9 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/**
* Initializes the authentication handler instance.
* <p/>
* <p>
* It creates a Kerberos context using the principal and keytab specified in the configuration.
* <p/>
* <p>
* This method is invoked by the {@link AuthenticationFilter#init} method.
*
* @param config configuration properties to initialize the handler.
@ -243,7 +243,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/**
* Releases any resources initialized by the authentication handler.
* <p/>
* <p>
* It destroys the Kerberos context.
*/
@Override
@ -262,7 +262,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/**
* Returns the authentication type of the authentication handler, 'kerberos'.
* <p/>
* <p>
*
* @return the authentication type of the authentication handler, 'kerberos'.
*/
@ -313,7 +313,6 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/**
* It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only
* after the Kerberos SPNEGO sequence has completed successfully.
* <p/>
*
* @param request the HTTP client request.
* @param response the HTTP client response.

View File

@ -30,12 +30,12 @@ import java.util.Properties;
/**
* The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts
* the user name specified as a query string parameter.
* <p/>
* <p>
* This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in
* the configuration object.
* <p/>
* <p>
* This handler can be configured to support anonymous users.
* <p/>
* <p>
* The only supported configuration property is:
* <ul>
* <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li>
@ -80,7 +80,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/**
* Initializes the authentication handler instance.
* <p/>
* <p>
* This method is invoked by the {@link AuthenticationFilter#init} method.
*
* @param config configuration properties to initialize the handler.
@ -103,7 +103,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/**
* Releases any resources initialized by the authentication handler.
* <p/>
* <p>
* This implementation does a NOP.
*/
@Override
@ -112,7 +112,6 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/**
* Returns the authentication type of the authentication handler, 'simple'.
* <p/>
*
* @return the authentication type of the authentication handler, 'simple'.
*/
@ -156,14 +155,14 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/**
* Authenticates an HTTP client request.
* <p/>
* <p>
* It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates
* an {@link AuthenticationToken} with it.
* <p/>
* <p>
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
* the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS}
* token.
* <p/>
* <p>
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
* the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}.
*

View File

@ -92,7 +92,7 @@ public class KerberosName {
/**
* Create a name from the full Kerberos principal name.
* @param name
* @param name full Kerberos principal name.
*/
public KerberosName(String name) {
Matcher match = nameParser.matcher(name);
@ -367,7 +367,7 @@ public class KerberosName {
* Get the translation of the principal name into an operating system
* user name.
* @return the short name
* @throws IOException
* @throws IOException throws if something is wrong with the rules
*/
public String getShortName() throws IOException {
String[] params;

View File

@ -135,12 +135,10 @@ public class KerberosUtil {
/**
* Get all the unique principals from keytabfile which matches a pattern.
*
* @param keytab
* Name of the keytab file to be read.
* @param pattern
* pattern to be matched.
* @param keytab Name of the keytab file to be read.
* @param pattern pattern to be matched.
* @return list of unique principals which matches the pattern.
* @throws IOException
* @throws IOException if cannot get the principal name
*/
public static final String[] getPrincipalNames(String keytab,
Pattern pattern) throws IOException {

View File

@ -41,8 +41,6 @@ public class Signer {
/**
* Returns a signed string.
* <p/>
* The signature '&s=SIGNATURE' is appended at the end of the string.
*
* @param str string to sign.
*

View File

@ -44,7 +44,7 @@ import org.slf4j.LoggerFactory;
/**
* A SignerSecretProvider that synchronizes a rolling random secret between
* multiple servers using ZooKeeper.
* <p/>
* <p>
* It works by storing the secrets and next rollover time in a ZooKeeper znode.
* All ZKSignerSecretProviders looking at that znode will use those
* secrets and next rollover time to ensure they are synchronized. There is no
@ -55,7 +55,7 @@ import org.slf4j.LoggerFactory;
* your own Curator client, you can pass it to ZKSignerSecretProvider; see
* {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter}
* for more details.
* <p/>
* <p>
* The supported configuration properties are:
* <ul>
* <li>signer.secret.provider.zookeeper.connection.string: indicates the
@ -77,11 +77,13 @@ import org.slf4j.LoggerFactory;
* </ul>
*
* The following attribute in the ServletContext can also be set if desired:
* <ul>
* <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework
* client object can be passed here. If given, the "zookeeper" implementation
* will use this Curator client instead of creating its own, which is useful if
* you already have a Curator client or want more control over its
* configuration.</li>
* </ul>
*/
@InterfaceStability.Unstable
@InterfaceAudience.Private
@ -374,7 +376,7 @@ public class ZKSignerSecretProvider extends RolloverSignerSecretProvider {
* This method creates the Curator client and connects to ZooKeeper.
* @param config configuration properties
* @return A Curator client
* @throws java.lang.Exception
* @throws Exception
*/
protected CuratorFramework createCuratorClient(Properties config)
throws Exception {

View File

@ -163,6 +163,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11363 Hadoop maven surefire-plugin uses must set heap size. (stevel)
HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc
comments. (apurtell via stevel)
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES

View File

@ -79,9 +79,9 @@ import java.util.UUID;
/**
* Mini KDC based on Apache Directory Server that can be embedded in testcases
* or used from command line as a standalone KDC.
* <p/>
* <p>
* <b>From within testcases:</b>
* <p/>
* <p>
* MiniKdc sets 2 System properties when started and un-sets them when stopped:
* <ul>
* <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li>
@ -92,7 +92,7 @@ import java.util.UUID;
* For example, running testcases in parallel that start a KDC each. To
* accomplish this a single MiniKdc should be used for all testcases running
* in parallel.
* <p/>
* <p>
* MiniKdc default configuration values are:
* <ul>
* <li>org.name=EXAMPLE (used to create the REALM)</li>
@ -106,7 +106,6 @@ import java.util.UUID;
* <li>debug=false</li>
* </ul>
* The generated krb5.conf forces TCP connections.
* <p/>
*/
public class MiniKdc {
@ -218,7 +217,7 @@ public class MiniKdc {
/**
* Convenience method that returns MiniKdc default configuration.
* <p/>
* <p>
* The returned configuration is a copy, it can be customized before using
* it to create a MiniKdc.
* @return a MiniKdc default configuration.
@ -484,7 +483,6 @@ public class MiniKdc {
/**
* Stops the MiniKdc
* @throws Exception
*/
public synchronized void stop() {
if (kdc != null) {

View File

@ -42,8 +42,8 @@ public class Exec {
* Runs the specified command and saves each line of the command's output to
* the given list.
*
* @param command List<String> containing command and all arguments
* @param output List<String> in/out parameter to receive command output
* @param command List containing command and all arguments
* @param output List in/out parameter to receive command output
* @return int exit code of command
*/
public int run(List<String> command, List<String> output) {

View File

@ -47,7 +47,7 @@ public class FileSetUtils {
* Converts a Maven FileSet to a list of File objects.
*
* @param source FileSet to convert
* @return List<File> containing every element of the FileSet as a File
* @return List containing every element of the FileSet as a File
* @throws IOException if an I/O error occurs while trying to find the files
*/
@SuppressWarnings("unchecked")