Class AuthenticationTokenSecretManager
java.lang.Object
org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager
public class AuthenticationTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
Manages an internal list of secret keys used to sign new authentication tokens as they are
generated, and to validate existing tokens used for authentication.
Each TabletServer, in addition to the Manager, has an instance of this
SecretManager so
that each can authenticate requests from clients presenting delegation tokens. The Manager will
also run an instance of AuthenticationTokenKeyManager which handles generation of new
keys and removal of old keys. That class will call the methods here to ensure the in-memory cache
is consistent with what is advertised in ZooKeeper.-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken -
Constructor Summary
ConstructorsConstructorDescriptionAuthenticationTokenSecretManager(InstanceId instanceID, long tokenMaxLifetime) Create a new secret manager instance for generating keys. -
Method Summary
Modifier and TypeMethodDescriptionvoidaddKey(AuthenticationKey key) Add the providedkeyto the in-memory copy of allAuthenticationKeys.protected byte[]createPassword(AuthenticationTokenIdentifier identifier) static SecretKeycreateSecretKey(byte[] raw) protected SecretKeyMap.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username, DelegationTokenConfig cfg) Generates a delegation token for the user with the providedusername.voidAtomic operation to remove all AuthenticationKeysbyte[]retrievePassword(AuthenticationTokenIdentifier identifier) Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, retriableRetrievePassword
-
Constructor Details
-
AuthenticationTokenSecretManager
Create a new secret manager instance for generating keys.- Parameters:
instanceID- Accumulo instance IDtokenMaxLifetime- Maximum age (in milliseconds) before a token expires and is no longer valid
-
-
Method Details
-
createPassword
- Specified by:
createPasswordin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
retrievePassword
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken - Specified by:
retrievePasswordin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
-
createIdentifier
- Specified by:
createIdentifierin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
generateToken
public Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username, DelegationTokenConfig cfg) throws AccumuloException Generates a delegation token for the user with the providedusername.- Parameters:
username- The client to generate the delegation token for.cfg- A configuration object for obtaining the delegation token- Returns:
- A delegation token for
usernamecreated using thecurrentKey. - Throws:
AccumuloException
-
addKey
Add the providedkeyto the in-memory copy of allAuthenticationKeys.- Parameters:
key- The key to add.
-
removeAllKeys
public void removeAllKeys()Atomic operation to remove all AuthenticationKeys -
generateSecret
- Overrides:
generateSecretin classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
createSecretKey
-