org.apache.nifi.security.krb

Class AbstractKerberosUser

java.lang.Object

org.apache.nifi.security.krb.AbstractKerberosUser

All Implemented Interfaces:

KerberosUser

Direct Known Subclasses:

KerberosKeytabUser, KerberosPasswordUser, KerberosTicketCacheUser

public abstract class AbstractKerberosUser
extends Object
implements KerberosUser

Field Summary

Fields

Modifier and Type	Field and Description
(package private) static String	DATE_FORMAT
protected AtomicBoolean	loggedIn
private static org.slf4j.Logger	LOGGER
protected LoginContext	loginContext
protected String	principal
protected Subject	subject
(package private) static float	TICKET_RENEW_WINDOW Percentage of the ticket window to use before we renew the TGT.

Constructor Summary

Constructors

Constructor and Description
AbstractKerberosUser(String principal)

Method Summary

Modifier and Type	Method and Description
boolean	checkTGTAndRelogin() Re-login a user from keytab if TGT is expired or is close to expiry.
protected abstract LoginContext	createLoginContext(Subject subject)
<T> T	doAs(PrivilegedAction<T> action) Executes the PrivilegedAction as this user.
<T> T	doAs(PrivilegedExceptionAction<T> action) Executes the PrivilegedAction as this user.
String	getPrincipal()
private long	getRefreshTime(KerberosTicket tgt)
(package private) Subject	getSubject()
private KerberosTicket	getTGT() Get the Kerberos TGT.
boolean	isLoggedIn()
private boolean	isTGSPrincipal(KerberosPrincipal principal) TGS must have the server principal of the form "krbtgt/FOO@FOO".
void	login() Performs a login using the specified principal and keytab.
void	logout() Performs a logout of the current user.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOGGER

private static final org.slf4j.Logger LOGGER

DATE_FORMAT

static final String DATE_FORMAT

See Also:

Constant Field Values

TICKET_RENEW_WINDOW

static final float TICKET_RENEW_WINDOW

Percentage of the ticket window to use before we renew the TGT.

See Also:

Constant Field Values

principal

protected final String principal

loggedIn

protected final AtomicBoolean loggedIn

subject

protected Subject subject

loginContext

protected LoginContext loginContext

Constructor Detail

AbstractKerberosUser

public AbstractKerberosUser(String principal)

Method Detail

login

public void login()
           throws LoginException

Performs a login using the specified principal and keytab.

Specified by:

login in interface KerberosUser

Throws:

LoginException - if the login fails

createLoginContext

protected abstract LoginContext createLoginContext(Subject subject)
                                            throws LoginException

Throws:

LoginException

logout

public void logout()
            throws LoginException

Performs a logout of the current user.

Specified by:

logout in interface KerberosUser

Throws:

LoginException - if the logout fails

doAs

public <T> T doAs(PrivilegedAction<T> action)
           throws IllegalStateException

Executes the PrivilegedAction as this user.

Specified by:

doAs in interface KerberosUser

Type Parameters:

T - the type of result

Parameters:

action - the action to execute

Returns:

the result of the action

Throws:

IllegalStateException - if this method is called while not logged in

doAs

public <T> T doAs(PrivilegedExceptionAction<T> action)
           throws IllegalStateException,
                  PrivilegedActionException

Executes the PrivilegedAction as this user.

Specified by:

doAs in interface KerberosUser

Type Parameters:

T - the type of result

Parameters:

action - the action to execute

Returns:

the result of the action

Throws:

IllegalStateException - if this method is called while not logged in

PrivilegedActionException - if an exception is thrown from the action

checkTGTAndRelogin

public boolean checkTGTAndRelogin()
                           throws LoginException

Re-login a user from keytab if TGT is expired or is close to expiry.

Specified by:

checkTGTAndRelogin in interface KerberosUser

Returns:

true if a relogin was performed, false otherwise

Throws:

LoginException - if an error happens performing the re-login

getTGT

private KerberosTicket getTGT()

Get the Kerberos TGT.

Returns:

the user's TGT or null if none was found

isTGSPrincipal

private boolean isTGSPrincipal(KerberosPrincipal principal)

TGS must have the server principal of the form "krbtgt/FOO@FOO".

Parameters:

principal - the principal to check

Returns:

true if the principal is the TGS, false otherwise

getRefreshTime

private long getRefreshTime(KerberosTicket tgt)

isLoggedIn

public boolean isLoggedIn()

Specified by:

isLoggedIn in interface KerberosUser

Returns:

true if this user is currently logged in, false otherwise

getPrincipal

public String getPrincipal()

Specified by:

getPrincipal in interface KerberosUser

Returns:

the principal for this user

getSubject

Subject getSubject()

toString

public String toString()

Overrides:

toString in class Object