Package org.apache.accumulo.server.rpc
Class TCredentialsUpdatingInvocationHandler<I>
java.lang.Object
org.apache.accumulo.server.rpc.TCredentialsUpdatingInvocationHandler<I>
- All Implemented Interfaces:
InvocationHandler
Extracts the TCredentials object from the RPC argument list and asserts that the Accumulo
principal is equal to the Kerberos 'primary' component of the Kerberos principal (e.g. Accumulo
principal of "frank" equals "frank" from "frank/hostname@DOMAIN").
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedTCredentialsUpdatingInvocationHandler(I serverInstance, AccumuloConfiguration conf) -
Method Summary
Modifier and TypeMethodDescriptionprotected ConcurrentHashMap<String,Class<? extends AuthenticationToken>> Visibile for testingprotected Class<? extends AuthenticationToken>getTokenClassFromName(String tokenClassName) protected voidprincipalMismatch(String expected, String actual) protected voidupdateArgs(Object[] args) Try to find a TCredentials object in the argument list, and, when the AuthenticationToken is a KerberosToken, set the principal from the SASL server as the TCredentials principal.
-
Constructor Details
-
TCredentialsUpdatingInvocationHandler
-
-
Method Details
-
invoke
- Specified by:
invokein interfaceInvocationHandler- Throws:
Throwable
-
updateArgs
Try to find a TCredentials object in the argument list, and, when the AuthenticationToken is a KerberosToken, set the principal from the SASL server as the TCredentials principal. This ensures that users can't spoof a different principal into the Credentials than what they used to authenticate.- Throws:
ThriftSecurityException
-
principalMismatch
- Throws:
ThriftSecurityException
-
getTokenClassFromName
-
getTokenCache
Visibile for testing
-