Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-12902. JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter. Contributed by Gabor Liptak. 

(cherry picked from commit acca149ec9)
This commit is contained in:
Akira Ajisaka 2016-03-31 16:04:47 +09:00
parent 0795ee687b
commit b4fbc22688
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
View File

@ -61,9 +61,9 @@ import java.util.*;
* <li>[#PREFIX#.]type: simple|kerberos|#CLASS#, 'simple' is short for the * <li>[#PREFIX#.]type: simple|kerberos|#CLASS#, 'simple' is short for the
* {@link PseudoAuthenticationHandler}, 'kerberos' is short for {@link KerberosAuthenticationHandler}, otherwise * {@link PseudoAuthenticationHandler}, 'kerberos' is short for {@link KerberosAuthenticationHandler}, otherwise
* the full class name of the {@link AuthenticationHandler} must be specified.</li> * the full class name of the {@link AuthenticationHandler} must be specified.</li>
* <li>[#PREFIX#.]signature.secret: when signer.secret.provider is set to * <li>[#PREFIX#.]signature.secret.file: when signer.secret.provider is set to
* "string" or not specified, this is the value for the secret used to sign the * "file" or not specified, this is the location of file including the secret
* HTTP cookie.</li> * used to sign the HTTP cookie.</li>
* <li>[#PREFIX#.]token.validity: time -in seconds- that the generated token is * <li>[#PREFIX#.]token.validity: time -in seconds- that the generated token is
* valid before a new authentication is triggered, default value is * valid before a new authentication is triggered, default value is
* <code>3600</code> seconds. This is also used for the rollover interval for * <code>3600</code> seconds. This is also used for the rollover interval for
@ -79,17 +79,16 @@ import java.util.*;
* </p> * </p>
* <p> * <p>
* Out of the box it provides 3 signer secret provider implementations: * Out of the box it provides 3 signer secret provider implementations:
* "string", "random", and "zookeeper" * "file", "random" and "zookeeper"
* </p> * </p>
* Additional signer secret providers are supported via the * Additional signer secret providers are supported via the
* {@link SignerSecretProvider} class. * {@link SignerSecretProvider} class.
* <p> * <p>
* For the HTTP cookies mentioned above, the SignerSecretProvider is used to * For the HTTP cookies mentioned above, the SignerSecretProvider is used to
* determine the secret to use for signing the cookies. Different * determine the secret to use for signing the cookies. Different
* implementations can have different behaviors. The "string" implementation * implementations can have different behaviors. The "file" implementation
* simply uses the string set in the [#PREFIX#.]signature.secret property * loads the secret from a specified file. The "random" implementation uses a
* mentioned above. The "random" implementation uses a randomly generated * randomly generated secret that rolls over at the interval specified by the
* secret that rolls over at the interval specified by the
* [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation * [#PREFIX#.]token.validity mentioned above. The "zookeeper" implementation
* is like the "random" one, except that it synchronizes the random secret * is like the "random" one, except that it synchronizes the random secret
* and rollovers between multiple servers; it's meant for HA services. * and rollovers between multiple servers; it's meant for HA services.
@ -97,12 +96,12 @@ import java.util.*;
* The relevant configuration properties are: * The relevant configuration properties are:
* <ul> * <ul>
* <li>signer.secret.provider: indicates the name of the SignerSecretProvider * <li>signer.secret.provider: indicates the name of the SignerSecretProvider
* class to use. Possible values are: "string", "random", "zookeeper", or a * class to use. Possible values are: "file", "random", "zookeeper", or a
* classname. If not specified, the "string" implementation will be used with * classname. If not specified, the "file" implementation will be used with
* [#PREFIX#.]signature.secret; and if that's not specified, the "random" * [#PREFIX#.]signature.secret.file; and if that's not specified, the "random"
* implementation will be used.</li> * implementation will be used.</li>
* <li>[#PREFIX#.]signature.secret: When the "string" implementation is * <li>[#PREFIX#.]signature.secret.file: When the "file" implementation is
* specified, this value is used as the secret.</li> * specified, this content of this file is used as the secret.</li>
* <li>[#PREFIX#.]token.validity: When the "random" or "zookeeper" * <li>[#PREFIX#.]token.validity: When the "random" or "zookeeper"
* implementations are specified, this value is used as the rollover * implementations are specified, this value is used as the rollover
* interval.</li> * interval.</li>
@ -176,10 +175,10 @@ public class AuthenticationFilter implements Filter {
/** /**
* Constant for the configuration property that indicates the name of the * Constant for the configuration property that indicates the name of the
* SignerSecretProvider class to use. * SignerSecretProvider class to use.
* Possible values are: "string", "random", "zookeeper", or a classname. * Possible values are: "file", "random", "zookeeper", or a classname.
* If not specified, the "string" implementation will be used with * If not specified, the "file" implementation will be used with
* SIGNATURE_SECRET; and if that's not specified, the "random" implementation * SIGNATURE_SECRET_FILE; and if that's not specified, the "random"
* will be used. * implementation will be used.
*/ */
public static final String SIGNER_SECRET_PROVIDER = public static final String SIGNER_SECRET_PROVIDER =
"signer.secret.provider"; "signer.secret.provider";