HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc comments.
(cherry picked from commit 2bc3f1064f
)
This commit is contained in:
parent
cab916cc7b
commit
6165fd8663
|
@ -24,19 +24,18 @@ import java.util.Map;
|
|||
/**
|
||||
* The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class
|
||||
* against HTTP endpoints protected with the {@link AuthenticationFilter}.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The authentication mechanisms supported by default are Hadoop Simple authentication
|
||||
* (also known as pseudo authentication) and Kerberos SPNEGO authentication.
|
||||
* <p/>
|
||||
* <p>
|
||||
* Additional authentication mechanisms can be supported via {@link Authenticator} implementations.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports
|
||||
* automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.
|
||||
* <p/>
|
||||
* <p>
|
||||
* <code>AuthenticatedURL</code> instances are not thread-safe.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The usage pattern of the {@link AuthenticatedURL} is:
|
||||
* <p/>
|
||||
* <pre>
|
||||
*
|
||||
* // establishing an initial connection
|
||||
|
@ -240,7 +239,7 @@ public class AuthenticatedURL {
|
|||
|
||||
/**
|
||||
* Helper method that extracts an authentication token received from a connection.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is used by {@link Authenticator} implementations.
|
||||
*
|
||||
* @param conn connection to extract the authentication token from.
|
||||
|
|
|
@ -19,7 +19,7 @@ import java.net.URL;
|
|||
|
||||
/**
|
||||
* Interface for client authentication mechanisms.
|
||||
* <p/>
|
||||
* <p>
|
||||
* Implementations are use-once instances, they don't need to be thread safe.
|
||||
*/
|
||||
public interface Authenticator {
|
||||
|
|
|
@ -41,9 +41,9 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
|||
|
||||
/**
|
||||
* The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It uses the default principal for the Kerberos cache (normally set via kinit).
|
||||
* <p/>
|
||||
* <p>
|
||||
* It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication
|
||||
* sequence.
|
||||
*/
|
||||
|
@ -160,9 +160,9 @@ public class KerberosAuthenticator implements Authenticator {
|
|||
|
||||
/**
|
||||
* Performs SPNEGO authentication against the specified URL.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If a token is given it does a NOP and returns the given token.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If no token is given, it will perform the SPNEGO authentication sequence using an
|
||||
* HTTP <code>OPTIONS</code> request.
|
||||
*
|
||||
|
@ -209,7 +209,7 @@ public class KerberosAuthenticator implements Authenticator {
|
|||
|
||||
/**
|
||||
* If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This implementation returns a {@link PseudoAuthenticator}.
|
||||
*
|
||||
* @return the fallback {@link Authenticator}.
|
||||
|
|
|
@ -20,7 +20,7 @@ import java.net.URL;
|
|||
/**
|
||||
* The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's
|
||||
* Simple authentication, it trusts the value of the 'user.name' Java System property.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name').
|
||||
*/
|
||||
public class PseudoAuthenticator implements Authenticator {
|
||||
|
@ -47,13 +47,13 @@ public class PseudoAuthenticator implements Authenticator {
|
|||
|
||||
/**
|
||||
* Performs simple authentication against the specified URL.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If a token is given it does a NOP and returns the given token.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
|
||||
* parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()}
|
||||
* method.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the response is successful it will update the authentication token.
|
||||
*
|
||||
* @param url the URl to authenticate against.
|
||||
|
@ -79,7 +79,7 @@ public class PseudoAuthenticator implements Authenticator {
|
|||
|
||||
/**
|
||||
* Returns the current user name.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This implementation returns the value of the Java system property 'user.name'
|
||||
*
|
||||
* @return the current user name.
|
||||
|
|
|
@ -28,7 +28,6 @@ import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
|||
* to allow a developer to implement their own custom authentication for browser
|
||||
* access. The alternateAuthenticate method will be called whenever a request
|
||||
* comes from a browser.
|
||||
* <p/>
|
||||
*/
|
||||
public abstract class AltKerberosAuthenticationHandler
|
||||
extends KerberosAuthenticationHandler {
|
||||
|
@ -52,7 +51,6 @@ public abstract class AltKerberosAuthenticationHandler
|
|||
/**
|
||||
* Returns the authentication type of the authentication handler,
|
||||
* 'alt-kerberos'.
|
||||
* <p/>
|
||||
*
|
||||
* @return the authentication type of the authentication handler,
|
||||
* 'alt-kerberos'.
|
||||
|
@ -80,7 +78,6 @@ public abstract class AltKerberosAuthenticationHandler
|
|||
* completed successfully (in the case of Java access) and only after the
|
||||
* custom authentication implemented by the subclass in alternateAuthenticate
|
||||
* has completed successfully (in the case of browser access).
|
||||
* <p/>
|
||||
*
|
||||
* @param request the HTTP client request.
|
||||
* @param response the HTTP client response.
|
||||
|
@ -109,7 +106,7 @@ public abstract class AltKerberosAuthenticationHandler
|
|||
* refers to a browser. If its not a browser, then Kerberos authentication
|
||||
* will be used; if it is a browser, alternateAuthenticate from the subclass
|
||||
* will be used.
|
||||
* <p/>
|
||||
* <p>
|
||||
* A User-Agent String is considered to be a browser if it does not contain
|
||||
* any of the values from alt-kerberos.non-browser.user-agents; the default
|
||||
* behavior is to consider everything a browser unless it contains one of:
|
||||
|
|
|
@ -42,18 +42,20 @@ import java.text.SimpleDateFormat;
|
|||
import java.util.*;
|
||||
|
||||
/**
|
||||
* The {@link AuthenticationFilter} enables protecting web application resources with different (pluggable)
|
||||
* <p>The {@link AuthenticationFilter} enables protecting web application
|
||||
* resources with different (pluggable)
|
||||
* authentication mechanisms and signer secret providers.
|
||||
* <p/>
|
||||
* </p>
|
||||
* <p>
|
||||
* Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO.
|
||||
* <p/>
|
||||
* </p>
|
||||
* Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This filter delegates to the configured authentication handler for authentication and once it obtains an
|
||||
* {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests
|
||||
* that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
|
||||
* and lets the request proceed to the target resource.
|
||||
* <p/>
|
||||
* </p>
|
||||
* The supported configuration properties are:
|
||||
* <ul>
|
||||
* <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value
|
||||
|
@ -71,18 +73,19 @@ import java.util.*;
|
|||
* <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li>
|
||||
* <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li>
|
||||
* </ul>
|
||||
* <p/>
|
||||
* <p>
|
||||
* The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the
|
||||
* {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove
|
||||
* the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
|
||||
* not start with the prefix will not be passed to the authentication handler initialization.
|
||||
* <p/>
|
||||
* </p>
|
||||
* <p>
|
||||
* Out of the box it provides 3 signer secret provider implementations:
|
||||
* "string", "random", and "zookeeper"
|
||||
* <p/>
|
||||
* </p>
|
||||
* Additional signer secret providers are supported via the
|
||||
* {@link SignerSecretProvider} class.
|
||||
* <p/>
|
||||
* <p>
|
||||
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to
|
||||
* determine the secret to use for signing the cookies. Different
|
||||
* implementations can have different behaviors. The "string" implementation
|
||||
|
@ -92,7 +95,7 @@ import java.util.*;
|
|||
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
|
||||
* is like the "random" one, except that it synchronizes the random secret
|
||||
* and rollovers between multiple servers; it's meant for HA services.
|
||||
* <p/>
|
||||
* </p>
|
||||
* The relevant configuration properties are:
|
||||
* <ul>
|
||||
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider
|
||||
|
@ -106,10 +109,10 @@ import java.util.*;
|
|||
* implementations are specified, this value is used as the rollover
|
||||
* interval.</li>
|
||||
* </ul>
|
||||
* <p/>
|
||||
* <p>
|
||||
* The "zookeeper" implementation has additional configuration properties that
|
||||
* must be specified; see {@link ZKSignerSecretProvider} for details.
|
||||
* <p/>
|
||||
* </p>
|
||||
* For subclasses of AuthenticationFilter that want additional control over the
|
||||
* SignerSecretProvider, they can use the following attribute set in the
|
||||
* ServletContext:
|
||||
|
@ -188,10 +191,9 @@ public class AuthenticationFilter implements Filter {
|
|||
private String cookiePath;
|
||||
|
||||
/**
|
||||
* Initializes the authentication filter and signer secret provider.
|
||||
* <p/>
|
||||
* It instantiates and initializes the specified {@link AuthenticationHandler}.
|
||||
* <p/>
|
||||
* <p>Initializes the authentication filter and signer secret provider.</p>
|
||||
* It instantiates and initializes the specified {@link
|
||||
* AuthenticationHandler}.
|
||||
*
|
||||
* @param filterConfig filter configuration.
|
||||
*
|
||||
|
@ -362,7 +364,7 @@ public class AuthenticationFilter implements Filter {
|
|||
|
||||
/**
|
||||
* Destroys the filter.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold.
|
||||
*/
|
||||
@Override
|
||||
|
@ -380,7 +382,7 @@ public class AuthenticationFilter implements Filter {
|
|||
* Returns the filtered configuration (only properties starting with the specified prefix). The property keys
|
||||
* are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the
|
||||
* {@link AuthenticationHandler}.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method can be overriden by subclasses to obtain the configuration from other configuration source than
|
||||
* the web.xml file.
|
||||
*
|
||||
|
@ -406,7 +408,7 @@ public class AuthenticationFilter implements Filter {
|
|||
|
||||
/**
|
||||
* Returns the full URL of the request including the query string.
|
||||
* <p/>
|
||||
* <p>
|
||||
* Used as a convenience method for logging purposes.
|
||||
*
|
||||
* @param request the request object.
|
||||
|
@ -423,11 +425,11 @@ public class AuthenticationFilter implements Filter {
|
|||
|
||||
/**
|
||||
* Returns the {@link AuthenticationToken} for the request.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
|
||||
* if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
|
||||
* it.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
|
||||
* to perform user authentication.
|
||||
*
|
||||
|
@ -577,7 +579,7 @@ public class AuthenticationFilter implements Filter {
|
|||
*
|
||||
* @param token authentication token for the cookie.
|
||||
* @param expires UNIX timestamp that indicates the expire date of the
|
||||
* cookie. It has no effect if its value < 0.
|
||||
* cookie. It has no effect if its value < 0.
|
||||
*
|
||||
* XXX the following code duplicate some logic in Jetty / Servlet API,
|
||||
* because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
|
||||
|
|
|
@ -23,16 +23,13 @@ import java.util.Properties;
|
|||
|
||||
/**
|
||||
* Interface for server authentication mechanisms.
|
||||
* <p/>
|
||||
* The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
|
||||
* <p/>
|
||||
* Implementations must be thread-safe as one instance is initialized and used for all requests.
|
||||
*/
|
||||
public interface AuthenticationHandler {
|
||||
|
||||
/**
|
||||
* Returns the authentication type of the authentication handler.
|
||||
* <p/>
|
||||
* This should be a name that uniquely identifies the authentication type.
|
||||
* For example 'simple' or 'kerberos'.
|
||||
*
|
||||
|
@ -42,7 +39,7 @@ public interface AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Initializes the authentication handler instance.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||
*
|
||||
* @param config configuration properties to initialize the handler.
|
||||
|
@ -53,21 +50,21 @@ public interface AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Destroys the authentication handler instance.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is invoked by the {@link AuthenticationFilter#destroy} method.
|
||||
*/
|
||||
public void destroy();
|
||||
|
||||
/**
|
||||
* Performs an authentication management operation.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This is useful for handling operations like get/renew/cancel
|
||||
* delegation tokens which are being handled as operations of the
|
||||
* service end-point.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the method returns <code>TRUE</code> the request will continue normal
|
||||
* processing, this means the method has not produced any HTTP response.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the method returns <code>FALSE</code> the request will end, this means
|
||||
* the method has produced the corresponding HTTP response.
|
||||
*
|
||||
|
@ -88,17 +85,17 @@ public interface AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Performs an authentication step for the given HTTP client request.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
|
||||
* not yet authenticated.
|
||||
* <p/>
|
||||
* <p>
|
||||
* Depending upon the authentication mechanism being implemented, a particular HTTP client may
|
||||
* end up making a sequence of invocations before authentication is successfully established (this is
|
||||
* the case of Kerberos SPNEGO).
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method must return an {@link AuthenticationToken} only if the the HTTP client request has
|
||||
* been successfully and fully authenticated.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the HTTP client request has not been completely authenticated, this method must take over
|
||||
* the corresponding HTTP response and it must return <code>null</code>.
|
||||
*
|
||||
|
|
|
@ -29,7 +29,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
* The {@link AuthenticationToken} contains information about an authenticated
|
||||
* HTTP client and doubles as the {@link Principal} to be returned by
|
||||
* authenticated {@link HttpServletRequest}s
|
||||
* <p/>
|
||||
* <p>
|
||||
* The token can be serialized/deserialized to and from a string as it is sent
|
||||
* and received in HTTP client responses and requests as a HTTP cookie (this is
|
||||
* done by the {@link AuthenticationFilter}).
|
||||
|
@ -170,7 +170,7 @@ public class AuthenticationToken implements Principal {
|
|||
|
||||
/**
|
||||
* Returns the string representation of the token.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This string representation is parseable by the {@link #parse} method.
|
||||
*
|
||||
* @return the string representation of the token.
|
||||
|
|
|
@ -51,7 +51,7 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
|||
|
||||
/**
|
||||
* The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The supported configuration properties are:
|
||||
* <ul>
|
||||
* <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO
|
||||
|
@ -168,9 +168,9 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Initializes the authentication handler instance.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It creates a Kerberos context using the principal and keytab specified in the configuration.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||
*
|
||||
* @param config configuration properties to initialize the handler.
|
||||
|
@ -243,7 +243,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Releases any resources initialized by the authentication handler.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It destroys the Kerberos context.
|
||||
*/
|
||||
@Override
|
||||
|
@ -262,7 +262,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Returns the authentication type of the authentication handler, 'kerberos'.
|
||||
* <p/>
|
||||
* <p>
|
||||
*
|
||||
* @return the authentication type of the authentication handler, 'kerberos'.
|
||||
*/
|
||||
|
@ -313,7 +313,6 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
/**
|
||||
* It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only
|
||||
* after the Kerberos SPNEGO sequence has completed successfully.
|
||||
* <p/>
|
||||
*
|
||||
* @param request the HTTP client request.
|
||||
* @param response the HTTP client response.
|
||||
|
|
|
@ -30,12 +30,12 @@ import java.util.Properties;
|
|||
/**
|
||||
* The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts
|
||||
* the user name specified as a query string parameter.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in
|
||||
* the configuration object.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This handler can be configured to support anonymous users.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The only supported configuration property is:
|
||||
* <ul>
|
||||
* <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li>
|
||||
|
@ -77,7 +77,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Initializes the authentication handler instance.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This method is invoked by the {@link AuthenticationFilter#init} method.
|
||||
*
|
||||
* @param config configuration properties to initialize the handler.
|
||||
|
@ -100,7 +100,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Releases any resources initialized by the authentication handler.
|
||||
* <p/>
|
||||
* <p>
|
||||
* This implementation does a NOP.
|
||||
*/
|
||||
@Override
|
||||
|
@ -109,7 +109,6 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Returns the authentication type of the authentication handler, 'simple'.
|
||||
* <p/>
|
||||
*
|
||||
* @return the authentication type of the authentication handler, 'simple'.
|
||||
*/
|
||||
|
@ -153,14 +152,14 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
|
|||
|
||||
/**
|
||||
* Authenticates an HTTP client request.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates
|
||||
* an {@link AuthenticationToken} with it.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
||||
* the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS}
|
||||
* token.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
|
||||
* the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}.
|
||||
*
|
||||
|
|
|
@ -92,7 +92,7 @@ public class KerberosName {
|
|||
|
||||
/**
|
||||
* Create a name from the full Kerberos principal name.
|
||||
* @param name
|
||||
* @param name full Kerberos principal name.
|
||||
*/
|
||||
public KerberosName(String name) {
|
||||
Matcher match = nameParser.matcher(name);
|
||||
|
@ -367,7 +367,7 @@ public class KerberosName {
|
|||
* Get the translation of the principal name into an operating system
|
||||
* user name.
|
||||
* @return the short name
|
||||
* @throws IOException
|
||||
* @throws IOException throws if something is wrong with the rules
|
||||
*/
|
||||
public String getShortName() throws IOException {
|
||||
String[] params;
|
||||
|
|
|
@ -135,12 +135,10 @@ public class KerberosUtil {
|
|||
/**
|
||||
* Get all the unique principals from keytabfile which matches a pattern.
|
||||
*
|
||||
* @param keytab
|
||||
* Name of the keytab file to be read.
|
||||
* @param pattern
|
||||
* pattern to be matched.
|
||||
* @param keytab Name of the keytab file to be read.
|
||||
* @param pattern pattern to be matched.
|
||||
* @return list of unique principals which matches the pattern.
|
||||
* @throws IOException
|
||||
* @throws IOException if cannot get the principal name
|
||||
*/
|
||||
public static final String[] getPrincipalNames(String keytab,
|
||||
Pattern pattern) throws IOException {
|
||||
|
|
|
@ -41,8 +41,6 @@ public class Signer {
|
|||
|
||||
/**
|
||||
* Returns a signed string.
|
||||
* <p/>
|
||||
* The signature '&s=SIGNATURE' is appended at the end of the string.
|
||||
*
|
||||
* @param str string to sign.
|
||||
*
|
||||
|
|
|
@ -44,7 +44,7 @@ import org.slf4j.LoggerFactory;
|
|||
/**
|
||||
* A SignerSecretProvider that synchronizes a rolling random secret between
|
||||
* multiple servers using ZooKeeper.
|
||||
* <p/>
|
||||
* <p>
|
||||
* It works by storing the secrets and next rollover time in a ZooKeeper znode.
|
||||
* All ZKSignerSecretProviders looking at that znode will use those
|
||||
* secrets and next rollover time to ensure they are synchronized. There is no
|
||||
|
@ -55,7 +55,7 @@ import org.slf4j.LoggerFactory;
|
|||
* your own Curator client, you can pass it to ZKSignerSecretProvider; see
|
||||
* {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter}
|
||||
* for more details.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The supported configuration properties are:
|
||||
* <ul>
|
||||
* <li>signer.secret.provider.zookeeper.connection.string: indicates the
|
||||
|
@ -77,11 +77,13 @@ import org.slf4j.LoggerFactory;
|
|||
* </ul>
|
||||
*
|
||||
* The following attribute in the ServletContext can also be set if desired:
|
||||
* <ul>
|
||||
* <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework
|
||||
* client object can be passed here. If given, the "zookeeper" implementation
|
||||
* will use this Curator client instead of creating its own, which is useful if
|
||||
* you already have a Curator client or want more control over its
|
||||
* configuration.</li>
|
||||
* </ul>
|
||||
*/
|
||||
@InterfaceStability.Unstable
|
||||
@InterfaceAudience.Private
|
||||
|
@ -374,7 +376,7 @@ public class ZKSignerSecretProvider extends RolloverSignerSecretProvider {
|
|||
* This method creates the Curator client and connects to ZooKeeper.
|
||||
* @param config configuration properties
|
||||
* @return A Curator client
|
||||
* @throws java.lang.Exception
|
||||
* @throws Exception
|
||||
*/
|
||||
protected CuratorFramework createCuratorClient(Properties config)
|
||||
throws Exception {
|
||||
|
|
|
@ -27,6 +27,9 @@ Release 2.6.3 - UNRELEASED
|
|||
HADOOP-11267. TestSecurityUtil fails when run with JDK8 because of empty
|
||||
principal names. (Stephen Chu via wheat9)
|
||||
|
||||
HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc
|
||||
comments. (apurtell via stevel)
|
||||
|
||||
Release 2.6.2 - 2015-10-28
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -79,9 +79,9 @@ import java.util.UUID;
|
|||
/**
|
||||
* Mini KDC based on Apache Directory Server that can be embedded in testcases
|
||||
* or used from command line as a standalone KDC.
|
||||
* <p/>
|
||||
* <p>
|
||||
* <b>From within testcases:</b>
|
||||
* <p/>
|
||||
* <p>
|
||||
* MiniKdc sets 2 System properties when started and un-sets them when stopped:
|
||||
* <ul>
|
||||
* <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li>
|
||||
|
@ -92,7 +92,7 @@ import java.util.UUID;
|
|||
* For example, running testcases in parallel that start a KDC each. To
|
||||
* accomplish this a single MiniKdc should be used for all testcases running
|
||||
* in parallel.
|
||||
* <p/>
|
||||
* <p>
|
||||
* MiniKdc default configuration values are:
|
||||
* <ul>
|
||||
* <li>org.name=EXAMPLE (used to create the REALM)</li>
|
||||
|
@ -106,7 +106,6 @@ import java.util.UUID;
|
|||
* <li>debug=false</li>
|
||||
* </ul>
|
||||
* The generated krb5.conf forces TCP connections.
|
||||
* <p/>
|
||||
*/
|
||||
public class MiniKdc {
|
||||
|
||||
|
@ -218,7 +217,7 @@ public class MiniKdc {
|
|||
|
||||
/**
|
||||
* Convenience method that returns MiniKdc default configuration.
|
||||
* <p/>
|
||||
* <p>
|
||||
* The returned configuration is a copy, it can be customized before using
|
||||
* it to create a MiniKdc.
|
||||
* @return a MiniKdc default configuration.
|
||||
|
@ -484,7 +483,6 @@ public class MiniKdc {
|
|||
|
||||
/**
|
||||
* Stops the MiniKdc
|
||||
* @throws Exception
|
||||
*/
|
||||
public synchronized void stop() {
|
||||
if (kdc != null) {
|
||||
|
|
|
@ -42,8 +42,8 @@ public class Exec {
|
|||
* Runs the specified command and saves each line of the command's output to
|
||||
* the given list.
|
||||
*
|
||||
* @param command List<String> containing command and all arguments
|
||||
* @param output List<String> in/out parameter to receive command output
|
||||
* @param command List containing command and all arguments
|
||||
* @param output List in/out parameter to receive command output
|
||||
* @return int exit code of command
|
||||
*/
|
||||
public int run(List<String> command, List<String> output) {
|
||||
|
|
|
@ -47,7 +47,7 @@ public class FileSetUtils {
|
|||
* Converts a Maven FileSet to a list of File objects.
|
||||
*
|
||||
* @param source FileSet to convert
|
||||
* @return List<File> containing every element of the FileSet as a File
|
||||
* @return List containing every element of the FileSet as a File
|
||||
* @throws IOException if an I/O error occurs while trying to find the files
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
|
|
Loading…
Reference in New Issue