public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
SecretManager
so
that each can authenticate requests from clients presenting delegation tokens. The Master will
also run an instance of AuthenticationTokenKeyManager
which handles generation of new
keys and removal of old keys. That class will call the methods here to ensure the in-memory cache
is consistent with what is advertised in ZooKeeper.Constructor and Description |
---|
AuthenticationTokenSecretManager(Instance instance,
long tokenMaxLifetime)
Create a new secret manager instance for generating keys.
|
Modifier and Type | Method and Description |
---|---|
void |
addKey(AuthenticationKey key)
Add the provided
key to the in-memory copy of all AuthenticationKey s. |
AuthenticationTokenIdentifier |
createIdentifier() |
protected byte[] |
createPassword(AuthenticationTokenIdentifier identifier) |
static SecretKey |
createSecretKey(byte[] raw) |
protected SecretKey |
generateSecret() |
Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> |
generateToken(String username,
DelegationTokenConfig cfg)
Generates a delegation token for the user with the provided
username . |
void |
removeAllKeys()
Atomic operation to remove all AuthenticationKeys
|
byte[] |
retrievePassword(AuthenticationTokenIdentifier identifier) |
public AuthenticationTokenSecretManager(Instance instance, long tokenMaxLifetime)
instance
- Accumulo instancetokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer validprotected byte[] createPassword(AuthenticationTokenIdentifier identifier)
createPassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.hadoop.security.token.SecretManager.InvalidToken
public AuthenticationTokenIdentifier createIdentifier()
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username, DelegationTokenConfig cfg) throws AccumuloException
username
.username
- The client to generate the delegation token for.cfg
- A configuration object for obtaining the delegation tokenusername
created using the currentKey
.AccumuloException
public void addKey(AuthenticationKey key)
key
to the in-memory copy of all AuthenticationKey
s.key
- The key to add.public void removeAllKeys()
protected SecretKey generateSecret()
generateSecret
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public static SecretKey createSecretKey(byte[] raw)
Copyright © 2011–2018 The Apache Software Foundation. All rights reserved.