Module org.elasticsearch.security
Class KerberosAuthenticationToken
java.lang.Object
org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationToken
- All Implemented Interfaces:
AuthenticationToken
This class represents an AuthenticationToken for Kerberos authentication
using SPNEGO. The token stores base 64 decoded token bytes, extracted from
the Authorization header with auth scheme 'Negotiate'.
Example Authorization header "Authorization: Negotiate YIIChgYGKwYBBQUCoII..."
If there is any error handling during extraction of 'Negotiate' header then
it throws ElasticsearchSecurityException with
RestStatus.UNAUTHORIZED and header 'WWW-Authenticate: Negotiate'
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidbooleanstatic KerberosAuthenticationTokenextractToken(String authorizationHeader) Extract token from authorization header and if it is valid "Negotiate " then returnsKerberosAuthenticationTokeninthashCode()
-
Field Details
-
WWW_AUTHENTICATE
- See Also:
-
AUTH_HEADER
- See Also:
-
NEGOTIATE_SCHEME_NAME
- See Also:
-
NEGOTIATE_AUTH_HEADER_PREFIX
- See Also:
-
-
Constructor Details
-
KerberosAuthenticationToken
public KerberosAuthenticationToken(byte[] decodedToken)
-
-
Method Details
-
extractToken
Extract token from authorization header and if it is valid "Negotiate " then returnsKerberosAuthenticationToken- Parameters:
authorizationHeader- Authorization header from request- Returns:
- returns
nullifAUTH_HEADERis empty or does not start with "Negotiate " else returns validKerberosAuthenticationToken - Throws:
ElasticsearchSecurityException- when negotiate header is invalid.
-
principal
- Specified by:
principalin interfaceAuthenticationToken
-
credentials
- Specified by:
credentialsin interfaceAuthenticationToken
-
clearCredentials
public void clearCredentials()- Specified by:
clearCredentialsin interfaceAuthenticationToken
-
hashCode
public int hashCode() -
equals
-