HADOOP-12902. JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter. Contributed by Gabor Liptak.
(cherry picked from commitacca149ec9
) (cherry picked from commitb4fbc22688
)
This commit is contained in:
parent
3892efd3fb
commit
2d7084db20
|
@ -61,9 +61,9 @@ import java.util.*;
|
||||||
* <li>[#PREFIX#.]type: simple|kerberos|#CLASS#, 'simple' is short for the
|
* <li>[#PREFIX#.]type: simple|kerberos|#CLASS#, 'simple' is short for the
|
||||||
* {@link PseudoAuthenticationHandler}, 'kerberos' is short for {@link KerberosAuthenticationHandler}, otherwise
|
* {@link PseudoAuthenticationHandler}, 'kerberos' is short for {@link KerberosAuthenticationHandler}, otherwise
|
||||||
* the full class name of the {@link AuthenticationHandler} must be specified.</li>
|
* the full class name of the {@link AuthenticationHandler} must be specified.</li>
|
||||||
* <li>[#PREFIX#.]signature.secret: when signer.secret.provider is set to
|
* <li>[#PREFIX#.]signature.secret.file: when signer.secret.provider is set to
|
||||||
* "string" or not specified, this is the value for the secret used to sign the
|
* "file" or not specified, this is the location of file including the secret
|
||||||
* HTTP cookie.</li>
|
* used to sign the HTTP cookie.</li>
|
||||||
* <li>[#PREFIX#.]token.validity: time -in seconds- that the generated token is
|
* <li>[#PREFIX#.]token.validity: time -in seconds- that the generated token is
|
||||||
* valid before a new authentication is triggered, default value is
|
* valid before a new authentication is triggered, default value is
|
||||||
* <code>3600</code> seconds. This is also used for the rollover interval for
|
* <code>3600</code> seconds. This is also used for the rollover interval for
|
||||||
|
@ -79,17 +79,16 @@ import java.util.*;
|
||||||
* </p>
|
* </p>
|
||||||
* <p>
|
* <p>
|
||||||
* Out of the box it provides 3 signer secret provider implementations:
|
* Out of the box it provides 3 signer secret provider implementations:
|
||||||
* "string", "random", and "zookeeper"
|
* "file", "random" and "zookeeper"
|
||||||
* </p>
|
* </p>
|
||||||
* Additional signer secret providers are supported via the
|
* Additional signer secret providers are supported via the
|
||||||
* {@link SignerSecretProvider} class.
|
* {@link SignerSecretProvider} class.
|
||||||
* <p>
|
* <p>
|
||||||
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
|
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
|
||||||
* determine the secret to use for signing the cookies. Different
|
* determine the secret to use for signing the cookies. Different
|
||||||
* implementations can have different behaviors. The "string" implementation
|
* implementations can have different behaviors. The "file" implementation
|
||||||
* simply uses the string set in the [#PREFIX#.]signature.secret property
|
* loads the secret from a specified file. The "random" implementation uses a
|
||||||
* mentioned above. The "random" implementation uses a randomly generated
|
* randomly generated secret that rolls over at the interval specified by the
|
||||||
* secret that rolls over at the interval specified by the
|
|
||||||
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
|
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
|
||||||
* is like the "random" one, except that it synchronizes the random secret
|
* is like the "random" one, except that it synchronizes the random secret
|
||||||
* and rollovers between multiple servers; it's meant for HA services.
|
* and rollovers between multiple servers; it's meant for HA services.
|
||||||
|
@ -97,12 +96,12 @@ import java.util.*;
|
||||||
* The relevant configuration properties are:
|
* The relevant configuration properties are:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
|
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
|
||||||
* class to use. Possible values are: "string", "random", "zookeeper", or a
|
* class to use. Possible values are: "file", "random", "zookeeper", or a
|
||||||
* classname. If not specified, the "string" implementation will be used with
|
* classname. If not specified, the "file" implementation will be used with
|
||||||
* [#PREFIX#.]signature.secret; and if that's not specified, the "random"
|
* [#PREFIX#.]signature.secret.file; and if that's not specified, the "random"
|
||||||
* implementation will be used.</li>
|
* implementation will be used.</li>
|
||||||
* <li>[#PREFIX#.]signature.secret: When the "string" implementation is
|
* <li>[#PREFIX#.]signature.secret.file: When the "file" implementation is
|
||||||
* specified, this value is used as the secret.</li>
|
* specified, this content of this file is used as the secret.</li>
|
||||||
* <li>[#PREFIX#.]token.validity: When the "random" or "zookeeper"
|
* <li>[#PREFIX#.]token.validity: When the "random" or "zookeeper"
|
||||||
* implementations are specified, this value is used as the rollover
|
* implementations are specified, this value is used as the rollover
|
||||||
* interval.</li>
|
* interval.</li>
|
||||||
|
@ -176,10 +175,10 @@ public class AuthenticationFilter implements Filter {
|
||||||
/**
|
/**
|
||||||
* Constant for the configuration property that indicates the name of the
|
* Constant for the configuration property that indicates the name of the
|
||||||
* SignerSecretProvider class to use.
|
* SignerSecretProvider class to use.
|
||||||
* Possible values are: "string", "random", "zookeeper", or a classname.
|
* Possible values are: "file", "random", "zookeeper", or a classname.
|
||||||
* If not specified, the "string" implementation will be used with
|
* If not specified, the "file" implementation will be used with
|
||||||
* SIGNATURE_SECRET; and if that's not specified, the "random" implementation
|
* SIGNATURE_SECRET_FILE; and if that's not specified, the "random"
|
||||||
* will be used.
|
* implementation will be used.
|
||||||
*/
|
*/
|
||||||
public static final String SIGNER_SECRET_PROVIDER =
|
public static final String SIGNER_SECRET_PROVIDER =
|
||||||
"signer.secret.provider";
|
"signer.secret.provider";
|
||||||
|
|
Loading…
Reference in New Issue