HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc comments.

(cherry picked from commit 2bc3f1064f)
This commit is contained in:
Steve Loughran 2014-12-09 11:15:19 +00:00 committed by Sangjin Lee
parent cab916cc7b
commit 6165fd8663
18 changed files with 86 additions and 94 deletions

View File

@ -24,19 +24,18 @@ import java.util.Map;
/** /**
* The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class * The {@link AuthenticatedURL} class enables the use of the JDK {@link URL} class
* against HTTP endpoints protected with the {@link AuthenticationFilter}. * against HTTP endpoints protected with the {@link AuthenticationFilter}.
* <p/> * <p>
* The authentication mechanisms supported by default are Hadoop Simple authentication * The authentication mechanisms supported by default are Hadoop Simple authentication
* (also known as pseudo authentication) and Kerberos SPNEGO authentication. * (also known as pseudo authentication) and Kerberos SPNEGO authentication.
* <p/> * <p>
* Additional authentication mechanisms can be supported via {@link Authenticator} implementations. * Additional authentication mechanisms can be supported via {@link Authenticator} implementations.
* <p/> * <p>
* The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports * The default {@link Authenticator} is the {@link KerberosAuthenticator} class which supports
* automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication. * automatic fallback from Kerberos SPNEGO to Hadoop Simple authentication.
* <p/> * <p>
* <code>AuthenticatedURL</code> instances are not thread-safe. * <code>AuthenticatedURL</code> instances are not thread-safe.
* <p/> * <p>
* The usage pattern of the {@link AuthenticatedURL} is: * The usage pattern of the {@link AuthenticatedURL} is:
* <p/>
* <pre> * <pre>
* *
* // establishing an initial connection * // establishing an initial connection
@ -240,7 +239,7 @@ public class AuthenticatedURL {
/** /**
* Helper method that extracts an authentication token received from a connection. * Helper method that extracts an authentication token received from a connection.
* <p/> * <p>
* This method is used by {@link Authenticator} implementations. * This method is used by {@link Authenticator} implementations.
* *
* @param conn connection to extract the authentication token from. * @param conn connection to extract the authentication token from.

View File

@ -19,7 +19,7 @@ import java.net.URL;
/** /**
* Interface for client authentication mechanisms. * Interface for client authentication mechanisms.
* <p/> * <p>
* Implementations are use-once instances, they don't need to be thread safe. * Implementations are use-once instances, they don't need to be thread safe.
*/ */
public interface Authenticator { public interface Authenticator {

View File

@ -41,9 +41,9 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
/** /**
* The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence. * The {@link KerberosAuthenticator} implements the Kerberos SPNEGO authentication sequence.
* <p/> * <p>
* It uses the default principal for the Kerberos cache (normally set via kinit). * It uses the default principal for the Kerberos cache (normally set via kinit).
* <p/> * <p>
* It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication * It falls back to the {@link PseudoAuthenticator} if the HTTP endpoint does not trigger an SPNEGO authentication
* sequence. * sequence.
*/ */
@ -160,9 +160,9 @@ public class KerberosAuthenticator implements Authenticator {
/** /**
* Performs SPNEGO authentication against the specified URL. * Performs SPNEGO authentication against the specified URL.
* <p/> * <p>
* If a token is given it does a NOP and returns the given token. * If a token is given it does a NOP and returns the given token.
* <p/> * <p>
* If no token is given, it will perform the SPNEGO authentication sequence using an * If no token is given, it will perform the SPNEGO authentication sequence using an
* HTTP <code>OPTIONS</code> request. * HTTP <code>OPTIONS</code> request.
* *
@ -209,7 +209,7 @@ public class KerberosAuthenticator implements Authenticator {
/** /**
* If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used. * If the specified URL does not support SPNEGO authentication, a fallback {@link Authenticator} will be used.
* <p/> * <p>
* This implementation returns a {@link PseudoAuthenticator}. * This implementation returns a {@link PseudoAuthenticator}.
* *
* @return the fallback {@link Authenticator}. * @return the fallback {@link Authenticator}.

View File

@ -20,7 +20,7 @@ import java.net.URL;
/** /**
* The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's * The {@link PseudoAuthenticator} implementation provides an authentication equivalent to Hadoop's
* Simple authentication, it trusts the value of the 'user.name' Java System property. * Simple authentication, it trusts the value of the 'user.name' Java System property.
* <p/> * <p>
* The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name'). * The 'user.name' value is propagated using an additional query string parameter {@link #USER_NAME} ('user.name').
*/ */
public class PseudoAuthenticator implements Authenticator { public class PseudoAuthenticator implements Authenticator {
@ -47,13 +47,13 @@ public class PseudoAuthenticator implements Authenticator {
/** /**
* Performs simple authentication against the specified URL. * Performs simple authentication against the specified URL.
* <p/> * <p>
* If a token is given it does a NOP and returns the given token. * If a token is given it does a NOP and returns the given token.
* <p/> * <p>
* If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional * If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
* parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()} * parameter {@link #USER_NAME} in the query string with the value returned by the {@link #getUserName()}
* method. * method.
* <p/> * <p>
* If the response is successful it will update the authentication token. * If the response is successful it will update the authentication token.
* *
* @param url the URl to authenticate against. * @param url the URl to authenticate against.
@ -79,7 +79,7 @@ public class PseudoAuthenticator implements Authenticator {
/** /**
* Returns the current user name. * Returns the current user name.
* <p/> * <p>
* This implementation returns the value of the Java system property 'user.name' * This implementation returns the value of the Java system property 'user.name'
* *
* @return the current user name. * @return the current user name.

View File

@ -28,7 +28,6 @@ import org.apache.hadoop.security.authentication.client.AuthenticationException;
* to allow a developer to implement their own custom authentication for browser * to allow a developer to implement their own custom authentication for browser
* access. The alternateAuthenticate method will be called whenever a request * access. The alternateAuthenticate method will be called whenever a request
* comes from a browser. * comes from a browser.
* <p/>
*/ */
public abstract class AltKerberosAuthenticationHandler public abstract class AltKerberosAuthenticationHandler
extends KerberosAuthenticationHandler { extends KerberosAuthenticationHandler {
@ -52,7 +51,6 @@ public abstract class AltKerberosAuthenticationHandler
/** /**
* Returns the authentication type of the authentication handler, * Returns the authentication type of the authentication handler,
* 'alt-kerberos'. * 'alt-kerberos'.
* <p/>
* *
* @return the authentication type of the authentication handler, * @return the authentication type of the authentication handler,
* 'alt-kerberos'. * 'alt-kerberos'.
@ -80,7 +78,6 @@ public abstract class AltKerberosAuthenticationHandler
* completed successfully (in the case of Java access) and only after the * completed successfully (in the case of Java access) and only after the
* custom authentication implemented by the subclass in alternateAuthenticate * custom authentication implemented by the subclass in alternateAuthenticate
* has completed successfully (in the case of browser access). * has completed successfully (in the case of browser access).
* <p/>
* *
* @param request the HTTP client request. * @param request the HTTP client request.
* @param response the HTTP client response. * @param response the HTTP client response.
@ -109,7 +106,7 @@ public abstract class AltKerberosAuthenticationHandler
* refers to a browser. If its not a browser, then Kerberos authentication * refers to a browser. If its not a browser, then Kerberos authentication
* will be used; if it is a browser, alternateAuthenticate from the subclass * will be used; if it is a browser, alternateAuthenticate from the subclass
* will be used. * will be used.
* <p/> * <p>
* A User-Agent String is considered to be a browser if it does not contain * A User-Agent String is considered to be a browser if it does not contain
* any of the values from alt-kerberos.non-browser.user-agents; the default * any of the values from alt-kerberos.non-browser.user-agents; the default
* behavior is to consider everything a browser unless it contains one of: * behavior is to consider everything a browser unless it contains one of:

View File

@ -42,18 +42,20 @@ import java.text.SimpleDateFormat;
import java.util.*; import java.util.*;
/** /**
* The {@link AuthenticationFilter} enables protecting web application resources with different (pluggable) * <p>The {@link AuthenticationFilter} enables protecting web application
* resources with different (pluggable)
* authentication mechanisms and signer secret providers. * authentication mechanisms and signer secret providers.
* <p/> * </p>
* <p>
* Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO. * Out of the box it provides 2 authentication mechanisms: Pseudo and Kerberos SPNEGO.
* <p/> * </p>
* Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface. * Additional authentication mechanisms are supported via the {@link AuthenticationHandler} interface.
* <p/> * <p>
* This filter delegates to the configured authentication handler for authentication and once it obtains an * This filter delegates to the configured authentication handler for authentication and once it obtains an
* {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests * {@link AuthenticationToken} from it, sets a signed HTTP cookie with the token. For client requests
* that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information * that provide the signed HTTP cookie, it verifies the validity of the cookie, extracts the user information
* and lets the request proceed to the target resource. * and lets the request proceed to the target resource.
* <p/> * </p>
* The supported configuration properties are: * The supported configuration properties are:
* <ul> * <ul>
* <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value * <li>config.prefix: indicates the prefix to be used by all other configuration properties, the default value
@ -71,18 +73,19 @@ import java.util.*;
* <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li> * <li>[#PREFIX#.]cookie.domain: domain to use for the HTTP cookie that stores the authentication token.</li>
* <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li> * <li>[#PREFIX#.]cookie.path: path to use for the HTTP cookie that stores the authentication token.</li>
* </ul> * </ul>
* <p/> * <p>
* The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the * The rest of the configuration properties are specific to the {@link AuthenticationHandler} implementation and the
* {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove * {@link AuthenticationFilter} will take all the properties that start with the prefix #PREFIX#, it will remove
* the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do * the prefix from it and it will pass them to the the authentication handler for initialization. Properties that do
* not start with the prefix will not be passed to the authentication handler initialization. * not start with the prefix will not be passed to the authentication handler initialization.
* <p/> * </p>
* <p>
* Out of the box it provides 3 signer secret provider implementations: * Out of the box it provides 3 signer secret provider implementations:
* "string", "random", and "zookeeper" * "string", "random", and "zookeeper"
* <p/> * </p>
* Additional signer secret providers are supported via the * Additional signer secret providers are supported via the
* {@link SignerSecretProvider} class. * {@link SignerSecretProvider} class.
* <p/> * <p>
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to * For the HTTP cookies mentioned above, the SignerSecretProvider is used to
* determine the secret to use for signing the cookies. Different * determine the secret to use for signing the cookies. Different
* implementations can have different behaviors. The "string" implementation * implementations can have different behaviors. The "string" implementation
@ -92,7 +95,7 @@ import java.util.*;
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation * [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
* is like the "random" one, except that it synchronizes the random secret * is like the "random" one, except that it synchronizes the random secret
* and rollovers between multiple servers; it's meant for HA services. * and rollovers between multiple servers; it's meant for HA services.
* <p/> * </p>
* The relevant configuration properties are: * The relevant configuration properties are:
* <ul> * <ul>
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider * <li>signer.secret.provider: indicates the name of the SignerSecretProvider
@ -106,10 +109,10 @@ import java.util.*;
* implementations are specified, this value is used as the rollover * implementations are specified, this value is used as the rollover
* interval.</li> * interval.</li>
* </ul> * </ul>
* <p/> * <p>
* The "zookeeper" implementation has additional configuration properties that * The "zookeeper" implementation has additional configuration properties that
* must be specified; see {@link ZKSignerSecretProvider} for details. * must be specified; see {@link ZKSignerSecretProvider} for details.
* <p/> * </p>
* For subclasses of AuthenticationFilter that want additional control over the * For subclasses of AuthenticationFilter that want additional control over the
* SignerSecretProvider, they can use the following attribute set in the * SignerSecretProvider, they can use the following attribute set in the
* ServletContext: * ServletContext:
@ -188,10 +191,9 @@ public class AuthenticationFilter implements Filter {
private String cookiePath; private String cookiePath;
/** /**
* Initializes the authentication filter and signer secret provider. * <p>Initializes the authentication filter and signer secret provider.</p>
* <p/> * It instantiates and initializes the specified {@link
* It instantiates and initializes the specified {@link AuthenticationHandler}. * AuthenticationHandler}.
* <p/>
* *
* @param filterConfig filter configuration. * @param filterConfig filter configuration.
* *
@ -362,7 +364,7 @@ public class AuthenticationFilter implements Filter {
/** /**
* Destroys the filter. * Destroys the filter.
* <p/> * <p>
* It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold. * It invokes the {@link AuthenticationHandler#destroy()} method to release any resources it may hold.
*/ */
@Override @Override
@ -380,7 +382,7 @@ public class AuthenticationFilter implements Filter {
* Returns the filtered configuration (only properties starting with the specified prefix). The property keys * Returns the filtered configuration (only properties starting with the specified prefix). The property keys
* are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the * are also trimmed from the prefix. The returned {@link Properties} object is used to initialized the
* {@link AuthenticationHandler}. * {@link AuthenticationHandler}.
* <p/> * <p>
* This method can be overriden by subclasses to obtain the configuration from other configuration source than * This method can be overriden by subclasses to obtain the configuration from other configuration source than
* the web.xml file. * the web.xml file.
* *
@ -406,7 +408,7 @@ public class AuthenticationFilter implements Filter {
/** /**
* Returns the full URL of the request including the query string. * Returns the full URL of the request including the query string.
* <p/> * <p>
* Used as a convenience method for logging purposes. * Used as a convenience method for logging purposes.
* *
* @param request the request object. * @param request the request object.
@ -423,11 +425,11 @@ public class AuthenticationFilter implements Filter {
/** /**
* Returns the {@link AuthenticationToken} for the request. * Returns the {@link AuthenticationToken} for the request.
* <p/> * <p>
* It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
* if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
* it. * it.
* <p/> * <p>
* If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
* to perform user authentication. * to perform user authentication.
* *
@ -577,7 +579,7 @@ public class AuthenticationFilter implements Filter {
* *
* @param token authentication token for the cookie. * @param token authentication token for the cookie.
* @param expires UNIX timestamp that indicates the expire date of the * @param expires UNIX timestamp that indicates the expire date of the
* cookie. It has no effect if its value < 0. * cookie. It has no effect if its value &lt; 0.
* *
* XXX the following code duplicate some logic in Jetty / Servlet API, * XXX the following code duplicate some logic in Jetty / Servlet API,
* because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6 * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6

View File

@ -23,16 +23,13 @@ import java.util.Properties;
/** /**
* Interface for server authentication mechanisms. * Interface for server authentication mechanisms.
* <p/>
* The {@link AuthenticationFilter} manages the lifecycle of the authentication handler. * The {@link AuthenticationFilter} manages the lifecycle of the authentication handler.
* <p/>
* Implementations must be thread-safe as one instance is initialized and used for all requests. * Implementations must be thread-safe as one instance is initialized and used for all requests.
*/ */
public interface AuthenticationHandler { public interface AuthenticationHandler {
/** /**
* Returns the authentication type of the authentication handler. * Returns the authentication type of the authentication handler.
* <p/>
* This should be a name that uniquely identifies the authentication type. * This should be a name that uniquely identifies the authentication type.
* For example 'simple' or 'kerberos'. * For example 'simple' or 'kerberos'.
* *
@ -42,7 +39,7 @@ public interface AuthenticationHandler {
/** /**
* Initializes the authentication handler instance. * Initializes the authentication handler instance.
* <p/> * <p>
* This method is invoked by the {@link AuthenticationFilter#init} method. * This method is invoked by the {@link AuthenticationFilter#init} method.
* *
* @param config configuration properties to initialize the handler. * @param config configuration properties to initialize the handler.
@ -53,21 +50,21 @@ public interface AuthenticationHandler {
/** /**
* Destroys the authentication handler instance. * Destroys the authentication handler instance.
* <p/> * <p>
* This method is invoked by the {@link AuthenticationFilter#destroy} method. * This method is invoked by the {@link AuthenticationFilter#destroy} method.
*/ */
public void destroy(); public void destroy();
/** /**
* Performs an authentication management operation. * Performs an authentication management operation.
* <p/> * <p>
* This is useful for handling operations like get/renew/cancel * This is useful for handling operations like get/renew/cancel
* delegation tokens which are being handled as operations of the * delegation tokens which are being handled as operations of the
* service end-point. * service end-point.
* <p/> * <p>
* If the method returns <code>TRUE</code> the request will continue normal * If the method returns <code>TRUE</code> the request will continue normal
* processing, this means the method has not produced any HTTP response. * processing, this means the method has not produced any HTTP response.
* <p/> * <p>
* If the method returns <code>FALSE</code> the request will end, this means * If the method returns <code>FALSE</code> the request will end, this means
* the method has produced the corresponding HTTP response. * the method has produced the corresponding HTTP response.
* *
@ -88,17 +85,17 @@ public interface AuthenticationHandler {
/** /**
* Performs an authentication step for the given HTTP client request. * Performs an authentication step for the given HTTP client request.
* <p/> * <p>
* This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is * This method is invoked by the {@link AuthenticationFilter} only if the HTTP client request is
* not yet authenticated. * not yet authenticated.
* <p/> * <p>
* Depending upon the authentication mechanism being implemented, a particular HTTP client may * Depending upon the authentication mechanism being implemented, a particular HTTP client may
* end up making a sequence of invocations before authentication is successfully established (this is * end up making a sequence of invocations before authentication is successfully established (this is
* the case of Kerberos SPNEGO). * the case of Kerberos SPNEGO).
* <p/> * <p>
* This method must return an {@link AuthenticationToken} only if the the HTTP client request has * This method must return an {@link AuthenticationToken} only if the the HTTP client request has
* been successfully and fully authenticated. * been successfully and fully authenticated.
* <p/> * <p>
* If the HTTP client request has not been completely authenticated, this method must take over * If the HTTP client request has not been completely authenticated, this method must take over
* the corresponding HTTP response and it must return <code>null</code>. * the corresponding HTTP response and it must return <code>null</code>.
* *

View File

@ -29,7 +29,7 @@ import javax.servlet.http.HttpServletRequest;
* The {@link AuthenticationToken} contains information about an authenticated * The {@link AuthenticationToken} contains information about an authenticated
* HTTP client and doubles as the {@link Principal} to be returned by * HTTP client and doubles as the {@link Principal} to be returned by
* authenticated {@link HttpServletRequest}s * authenticated {@link HttpServletRequest}s
* <p/> * <p>
* The token can be serialized/deserialized to and from a string as it is sent * The token can be serialized/deserialized to and from a string as it is sent
* and received in HTTP client responses and requests as a HTTP cookie (this is * and received in HTTP client responses and requests as a HTTP cookie (this is
* done by the {@link AuthenticationFilter}). * done by the {@link AuthenticationFilter}).
@ -170,7 +170,7 @@ public class AuthenticationToken implements Principal {
/** /**
* Returns the string representation of the token. * Returns the string representation of the token.
* <p/> * <p>
* This string representation is parseable by the {@link #parse} method. * This string representation is parseable by the {@link #parse} method.
* *
* @return the string representation of the token. * @return the string representation of the token.

View File

@ -51,7 +51,7 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
/** /**
* The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP. * The {@link KerberosAuthenticationHandler} implements the Kerberos SPNEGO authentication mechanism for HTTP.
* <p/> * <p>
* The supported configuration properties are: * The supported configuration properties are:
* <ul> * <ul>
* <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO * <li>kerberos.principal: the Kerberos principal to used by the server. As stated by the Kerberos SPNEGO
@ -168,9 +168,9 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/** /**
* Initializes the authentication handler instance. * Initializes the authentication handler instance.
* <p/> * <p>
* It creates a Kerberos context using the principal and keytab specified in the configuration. * It creates a Kerberos context using the principal and keytab specified in the configuration.
* <p/> * <p>
* This method is invoked by the {@link AuthenticationFilter#init} method. * This method is invoked by the {@link AuthenticationFilter#init} method.
* *
* @param config configuration properties to initialize the handler. * @param config configuration properties to initialize the handler.
@ -243,7 +243,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/** /**
* Releases any resources initialized by the authentication handler. * Releases any resources initialized by the authentication handler.
* <p/> * <p>
* It destroys the Kerberos context. * It destroys the Kerberos context.
*/ */
@Override @Override
@ -262,7 +262,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/** /**
* Returns the authentication type of the authentication handler, 'kerberos'. * Returns the authentication type of the authentication handler, 'kerberos'.
* <p/> * <p>
* *
* @return the authentication type of the authentication handler, 'kerberos'. * @return the authentication type of the authentication handler, 'kerberos'.
*/ */
@ -313,7 +313,6 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
/** /**
* It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only * It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only
* after the Kerberos SPNEGO sequence has completed successfully. * after the Kerberos SPNEGO sequence has completed successfully.
* <p/>
* *
* @param request the HTTP client request. * @param request the HTTP client request.
* @param response the HTTP client response. * @param response the HTTP client response.

View File

@ -30,12 +30,12 @@ import java.util.Properties;
/** /**
* The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts * The <code>PseudoAuthenticationHandler</code> provides a pseudo authentication mechanism that accepts
* the user name specified as a query string parameter. * the user name specified as a query string parameter.
* <p/> * <p>
* This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in * This mimics the model of Hadoop Simple authentication which trust the 'user.name' property provided in
* the configuration object. * the configuration object.
* <p/> * <p>
* This handler can be configured to support anonymous users. * This handler can be configured to support anonymous users.
* <p/> * <p>
* The only supported configuration property is: * The only supported configuration property is:
* <ul> * <ul>
* <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li> * <li>simple.anonymous.allowed: <code>true|false</code>, default value is <code>false</code></li>
@ -77,7 +77,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/** /**
* Initializes the authentication handler instance. * Initializes the authentication handler instance.
* <p/> * <p>
* This method is invoked by the {@link AuthenticationFilter#init} method. * This method is invoked by the {@link AuthenticationFilter#init} method.
* *
* @param config configuration properties to initialize the handler. * @param config configuration properties to initialize the handler.
@ -100,7 +100,7 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/** /**
* Releases any resources initialized by the authentication handler. * Releases any resources initialized by the authentication handler.
* <p/> * <p>
* This implementation does a NOP. * This implementation does a NOP.
*/ */
@Override @Override
@ -109,7 +109,6 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/** /**
* Returns the authentication type of the authentication handler, 'simple'. * Returns the authentication type of the authentication handler, 'simple'.
* <p/>
* *
* @return the authentication type of the authentication handler, 'simple'. * @return the authentication type of the authentication handler, 'simple'.
*/ */
@ -153,14 +152,14 @@ public class PseudoAuthenticationHandler implements AuthenticationHandler {
/** /**
* Authenticates an HTTP client request. * Authenticates an HTTP client request.
* <p/> * <p>
* It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates * It extracts the {@link PseudoAuthenticator#USER_NAME} parameter from the query string and creates
* an {@link AuthenticationToken} with it. * an {@link AuthenticationToken} with it.
* <p/> * <p>
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and * If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
* the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS} * the handler is configured to allow anonymous users it returns the {@link AuthenticationToken#ANONYMOUS}
* token. * token.
* <p/> * <p>
* If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and * If the HTTP client request does not contain the {@link PseudoAuthenticator#USER_NAME} parameter and
* the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}. * the handler is configured to disallow anonymous users it throws an {@link AuthenticationException}.
* *

View File

@ -92,7 +92,7 @@ public class KerberosName {
/** /**
* Create a name from the full Kerberos principal name. * Create a name from the full Kerberos principal name.
* @param name * @param name full Kerberos principal name.
*/ */
public KerberosName(String name) { public KerberosName(String name) {
Matcher match = nameParser.matcher(name); Matcher match = nameParser.matcher(name);
@ -367,7 +367,7 @@ public class KerberosName {
* Get the translation of the principal name into an operating system * Get the translation of the principal name into an operating system
* user name. * user name.
* @return the short name * @return the short name
* @throws IOException * @throws IOException throws if something is wrong with the rules
*/ */
public String getShortName() throws IOException { public String getShortName() throws IOException {
String[] params; String[] params;

View File

@ -135,12 +135,10 @@ public class KerberosUtil {
/** /**
* Get all the unique principals from keytabfile which matches a pattern. * Get all the unique principals from keytabfile which matches a pattern.
* *
* @param keytab * @param keytab Name of the keytab file to be read.
* Name of the keytab file to be read. * @param pattern pattern to be matched.
* @param pattern
* pattern to be matched.
* @return list of unique principals which matches the pattern. * @return list of unique principals which matches the pattern.
* @throws IOException * @throws IOException if cannot get the principal name
*/ */
public static final String[] getPrincipalNames(String keytab, public static final String[] getPrincipalNames(String keytab,
Pattern pattern) throws IOException { Pattern pattern) throws IOException {

View File

@ -41,8 +41,6 @@ public class Signer {
/** /**
* Returns a signed string. * Returns a signed string.
* <p/>
* The signature '&s=SIGNATURE' is appended at the end of the string.
* *
* @param str string to sign. * @param str string to sign.
* *

View File

@ -44,7 +44,7 @@ import org.slf4j.LoggerFactory;
/** /**
* A SignerSecretProvider that synchronizes a rolling random secret between * A SignerSecretProvider that synchronizes a rolling random secret between
* multiple servers using ZooKeeper. * multiple servers using ZooKeeper.
* <p/> * <p>
* It works by storing the secrets and next rollover time in a ZooKeeper znode. * It works by storing the secrets and next rollover time in a ZooKeeper znode.
* All ZKSignerSecretProviders looking at that znode will use those * All ZKSignerSecretProviders looking at that znode will use those
* secrets and next rollover time to ensure they are synchronized. There is no * secrets and next rollover time to ensure they are synchronized. There is no
@ -55,7 +55,7 @@ import org.slf4j.LoggerFactory;
* your own Curator client, you can pass it to ZKSignerSecretProvider; see * your own Curator client, you can pass it to ZKSignerSecretProvider; see
* {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter} * {@link org.apache.hadoop.security.authentication.server.AuthenticationFilter}
* for more details. * for more details.
* <p/> * <p>
* The supported configuration properties are: * The supported configuration properties are:
* <ul> * <ul>
* <li>signer.secret.provider.zookeeper.connection.string: indicates the * <li>signer.secret.provider.zookeeper.connection.string: indicates the
@ -77,11 +77,13 @@ import org.slf4j.LoggerFactory;
* </ul> * </ul>
* *
* The following attribute in the ServletContext can also be set if desired: * The following attribute in the ServletContext can also be set if desired:
* <ul>
* <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework * <li>signer.secret.provider.zookeeper.curator.client: A CuratorFramework
* client object can be passed here. If given, the "zookeeper" implementation * client object can be passed here. If given, the "zookeeper" implementation
* will use this Curator client instead of creating its own, which is useful if * will use this Curator client instead of creating its own, which is useful if
* you already have a Curator client or want more control over its * you already have a Curator client or want more control over its
* configuration.</li> * configuration.</li>
* </ul>
*/ */
@InterfaceStability.Unstable @InterfaceStability.Unstable
@InterfaceAudience.Private @InterfaceAudience.Private
@ -374,7 +376,7 @@ public class ZKSignerSecretProvider extends RolloverSignerSecretProvider {
* This method creates the Curator client and connects to ZooKeeper. * This method creates the Curator client and connects to ZooKeeper.
* @param config configuration properties * @param config configuration properties
* @return A Curator client * @return A Curator client
* @throws java.lang.Exception * @throws Exception
*/ */
protected CuratorFramework createCuratorClient(Properties config) protected CuratorFramework createCuratorClient(Properties config)
throws Exception { throws Exception {

View File

@ -27,6 +27,9 @@ Release 2.6.3 - UNRELEASED
HADOOP-11267. TestSecurityUtil fails when run with JDK8 because of empty HADOOP-11267. TestSecurityUtil fails when run with JDK8 because of empty
principal names. (Stephen Chu via wheat9) principal names. (Stephen Chu via wheat9)
HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc
comments. (apurtell via stevel)
Release 2.6.2 - 2015-10-28 Release 2.6.2 - 2015-10-28
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -79,9 +79,9 @@ import java.util.UUID;
/** /**
* Mini KDC based on Apache Directory Server that can be embedded in testcases * Mini KDC based on Apache Directory Server that can be embedded in testcases
* or used from command line as a standalone KDC. * or used from command line as a standalone KDC.
* <p/> * <p>
* <b>From within testcases:</b> * <b>From within testcases:</b>
* <p/> * <p>
* MiniKdc sets 2 System properties when started and un-sets them when stopped: * MiniKdc sets 2 System properties when started and un-sets them when stopped:
* <ul> * <ul>
* <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li> * <li>java.security.krb5.conf: set to the MiniKDC real/host/port</li>
@ -92,7 +92,7 @@ import java.util.UUID;
* For example, running testcases in parallel that start a KDC each. To * For example, running testcases in parallel that start a KDC each. To
* accomplish this a single MiniKdc should be used for all testcases running * accomplish this a single MiniKdc should be used for all testcases running
* in parallel. * in parallel.
* <p/> * <p>
* MiniKdc default configuration values are: * MiniKdc default configuration values are:
* <ul> * <ul>
* <li>org.name=EXAMPLE (used to create the REALM)</li> * <li>org.name=EXAMPLE (used to create the REALM)</li>
@ -106,7 +106,6 @@ import java.util.UUID;
* <li>debug=false</li> * <li>debug=false</li>
* </ul> * </ul>
* The generated krb5.conf forces TCP connections. * The generated krb5.conf forces TCP connections.
* <p/>
*/ */
public class MiniKdc { public class MiniKdc {
@ -218,7 +217,7 @@ public class MiniKdc {
/** /**
* Convenience method that returns MiniKdc default configuration. * Convenience method that returns MiniKdc default configuration.
* <p/> * <p>
* The returned configuration is a copy, it can be customized before using * The returned configuration is a copy, it can be customized before using
* it to create a MiniKdc. * it to create a MiniKdc.
* @return a MiniKdc default configuration. * @return a MiniKdc default configuration.
@ -484,7 +483,6 @@ public class MiniKdc {
/** /**
* Stops the MiniKdc * Stops the MiniKdc
* @throws Exception
*/ */
public synchronized void stop() { public synchronized void stop() {
if (kdc != null) { if (kdc != null) {

View File

@ -42,8 +42,8 @@ public class Exec {
* Runs the specified command and saves each line of the command's output to * Runs the specified command and saves each line of the command's output to
* the given list. * the given list.
* *
* @param command List<String> containing command and all arguments * @param command List containing command and all arguments
* @param output List<String> in/out parameter to receive command output * @param output List in/out parameter to receive command output
* @return int exit code of command * @return int exit code of command
*/ */
public int run(List<String> command, List<String> output) { public int run(List<String> command, List<String> output) {

View File

@ -47,7 +47,7 @@ public class FileSetUtils {
* Converts a Maven FileSet to a list of File objects. * Converts a Maven FileSet to a list of File objects.
* *
* @param source FileSet to convert * @param source FileSet to convert
* @return List<File> containing every element of the FileSet as a File * @return List containing every element of the FileSet as a File
* @throws IOException if an I/O error occurs while trying to find the files * @throws IOException if an I/O error occurs while trying to find the files
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")