Package org.apache.hadoop.security
@LimitedPrivate({"HDFS","MapReduce","YARN","HBase"})
package org.apache.hadoop.security
Classes for hadoop security.
-
ClassDescriptionAn exception class for access control related issues.Constructs SecurityInfo from Annotations provided in protocol interface.Initializes hadoop-auth AuthenticationFilter which provides support for Kerberos HTTP SPNEGO authentication.Utility for managing a thread-local authorization header for RPC calls.An implementation of
GroupMappingServiceProviderwhich composites other group mapping providers for determining group membership.A class that provides the facilities of reading and writing secret keys and Tokens.For handling customizedCallback.Class for dealing with caching SASL client factories.Class for dealing with caching SASL server factories.An interface for the implementation of a user-to-groups mapping service used byGroups.A user-to-groups mapping service.This class implements parsing and handling of Kerberos principal names.Some constants for IdMappingAn interface for the implementation of <userId, userName> mapping and <groupId, groupName> mapping.An implementation of SaslPropertiesResolver.A JNI-based implementation ofGroupMappingServiceProviderthat invokes libC calls to get the group memberships of a given user.A JNI-based implementation ofGroupMappingServiceProviderthat invokes libC calls to get the group memberships of a given user.Kerberos diagnostics This operation expands some of the diagnostic output of the security code, but not all.Diagnostics failures return the exit code 41, "unauthorized".Thrown whenUserGroupInformationfailed with an unrecoverable error, such as failure in kerberos login/logout, invalid subject etc.Indicates Kerberos related information to be usedAn implementation ofGroupMappingServiceProviderwhich connects directly to an LDAP server for determining group membership.An private internal socket factory used to create SSL sockets with custom configuration.Class that caches the netgroups and inverts group-to-user map to user-to-group map, primarily intended for use with netgroups (as returned by getent netgrgoup) which only returns group to user mapping.This class provides groups mapping forUserGroupInformationwhen the user group information will not be used.Utility methods for both key and credential provider APIs.Protocol useThis class usesLdapGroupsMappingfor group lookup and applies the rule configured on the group names.A SaslInputStream is composed of an InputStream and a SaslServer (or SaslClient) so that read() methods return data that are read in from the underlying InputStream but have been additionally processed by the SaslServer (or SaslClient) object.SASL related constants.A SaslOutputStream is composed of an OutputStream and a SaslServer (or SaslClient) so that write() methods first process the data before writing them out to the underlying OutputStream.Provides SaslProperties to be used for a connection.A utility class that encapsulates SASL logic for RPC clientA utility class for dealing with SASL on RPC serverAuthentication methodCallbackHandler for SASL mechanism.CallbackHandler for SASL GSSAPI Kerberos mechanismSecurity Utils.This an alternate resolver with important properties that the standard java resolver lacks: 1) The hostname is fully qualified.Helper class to contain the Truststore/Keystore paths for the ZK client connection over SSL/TLS.A simple shell-based implementation ofIdMappingServiceProviderMap id to user name or group name.A simple shell-based implementation ofGroupMappingServiceProviderthat exec's thegroupsshell command to fetch the group memberships of a given user.A simple shell-based implementation ofGroupMappingServiceProviderthat exec's thegroupsshell command to fetch the group memberships of a given user.User and group information for Hadoop.existing types of authentications' methodsA login module that looks at the Kerberos, Unix, or Windows principal and adds the corresponding UserName.An implementation of the SaslPropertiesResolver.