Class AuthenticationTokenSecretManager
- java.lang.Object
-
- org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
- org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager
-
public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
Manages an internal list of secret keys used to sign new authentication tokens as they are generated, and to validate existing tokens used for authentication. Each TabletServer, in addition to the Manager, has an instance of thisSecretManagerso that each can authenticate requests from clients presenting delegation tokens. The Manager will also run an instance ofAuthenticationTokenKeyManagerwhich handles generation of new keys and removal of old keys. That class will call the methods here to ensure the in-memory cache is consistent with what is advertised in ZooKeeper.
-
-
Constructor Summary
Constructors Constructor Description AuthenticationTokenSecretManager(InstanceId instanceID, long tokenMaxLifetime)Create a new secret manager instance for generating keys.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddKey(AuthenticationKey key)Add the providedkeyto the in-memory copy of allAuthenticationKeys.AuthenticationTokenIdentifiercreateIdentifier()protected byte[]createPassword(AuthenticationTokenIdentifier identifier)static SecretKeycreateSecretKey(byte[] raw)protected SecretKeygenerateSecret()Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier>generateToken(String username, DelegationTokenConfig cfg)Generates a delegation token for the user with the providedusername.voidremoveAllKeys()Atomic operation to remove all AuthenticationKeysbyte[]retrievePassword(AuthenticationTokenIdentifier identifier)
-
-
-
Constructor Detail
-
AuthenticationTokenSecretManager
public AuthenticationTokenSecretManager(InstanceId instanceID, long tokenMaxLifetime)
Create a new secret manager instance for generating keys.- Parameters:
instanceID- Accumulo instance IDtokenMaxLifetime- Maximum age (in milliseconds) before a token expires and is no longer valid
-
-
Method Detail
-
createPassword
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
- Specified by:
createPasswordin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
retrievePassword
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
- Specified by:
retrievePasswordin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
-
createIdentifier
public AuthenticationTokenIdentifier createIdentifier()
- Specified by:
createIdentifierin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
generateToken
public Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username, DelegationTokenConfig cfg) throws AccumuloException
Generates a delegation token for the user with the providedusername.- Parameters:
username- The client to generate the delegation token for.cfg- A configuration object for obtaining the delegation token- Returns:
- A delegation token for
usernamecreated using thecurrentKey. - Throws:
AccumuloException
-
addKey
public void addKey(AuthenticationKey key)
Add the providedkeyto the in-memory copy of allAuthenticationKeys.- Parameters:
key- The key to add.
-
removeAllKeys
public void removeAllKeys()
Atomic operation to remove all AuthenticationKeys
-
generateSecret
protected SecretKey generateSecret()
- Overrides:
generateSecretin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
createSecretKey
public static SecretKey createSecretKey(byte[] raw)
-
-