Package org.apache.accumulo.server.rpc
Class TCredentialsUpdatingInvocationHandler<I>
- java.lang.Object
-
- org.apache.accumulo.server.rpc.TCredentialsUpdatingInvocationHandler<I>
-
- All Implemented Interfaces:
InvocationHandler
public class TCredentialsUpdatingInvocationHandler<I> extends Object implements InvocationHandler
Extracts the TCredentials object from the RPC argument list and asserts that the Accumulo principal is equal to the Kerberos 'primary' component of the Kerberos principal (e.g. Accumulo principal of "frank" equals "frank" from "frank/hostname@DOMAIN").
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
TCredentialsUpdatingInvocationHandler(I serverInstance, AccumuloConfiguration conf)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected ConcurrentHashMap<String,Class<? extends AuthenticationToken>>
getTokenCache()
Visibile for testingprotected Class<? extends AuthenticationToken>
getTokenClassFromName(String tokenClassName)
Object
invoke(Object proxy, Method method, Object[] args)
protected void
principalMismatch(String expected, String actual)
protected void
updateArgs(Object[] args)
Try to find a TCredentials object in the argument list, and, when the AuthenticationToken is a KerberosToken, set the principal from the SASL server as the TCredentials principal.
-
-
-
Constructor Detail
-
TCredentialsUpdatingInvocationHandler
protected TCredentialsUpdatingInvocationHandler(I serverInstance, AccumuloConfiguration conf)
-
-
Method Detail
-
invoke
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable
- Specified by:
invoke
in interfaceInvocationHandler
- Throws:
Throwable
-
updateArgs
protected void updateArgs(Object[] args) throws ThriftSecurityException
Try to find a TCredentials object in the argument list, and, when the AuthenticationToken is a KerberosToken, set the principal from the SASL server as the TCredentials principal. This ensures that users can't spoof a different principal into the Credentials than what they used to authenticate.- Throws:
ThriftSecurityException
-
principalMismatch
protected void principalMismatch(String expected, String actual) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
getTokenClassFromName
protected Class<? extends AuthenticationToken> getTokenClassFromName(String tokenClassName)
-
getTokenCache
protected ConcurrentHashMap<String,Class<? extends AuthenticationToken>> getTokenCache()
Visibile for testing
-
-