Class AuthenticationTokenSecretManager
- java.lang.Object
-
- org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
- org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager
-
public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
Manages an internal list of secret keys used to sign new authentication tokens as they are generated, and to validate existing tokens used for authentication. Each TabletServer, in addition to the Manager, has an instance of thisSecretManager
so that each can authenticate requests from clients presenting delegation tokens. The Manager will also run an instance ofAuthenticationTokenKeyManager
which handles generation of new keys and removal of old keys. That class will call the methods here to ensure the in-memory cache is consistent with what is advertised in ZooKeeper.
-
-
Constructor Summary
Constructors Constructor Description AuthenticationTokenSecretManager(InstanceId instanceID, long tokenMaxLifetime)
Create a new secret manager instance for generating keys.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addKey(AuthenticationKey key)
Add the providedkey
to the in-memory copy of allAuthenticationKey
s.AuthenticationTokenIdentifier
createIdentifier()
protected byte[]
createPassword(AuthenticationTokenIdentifier identifier)
static SecretKey
createSecretKey(byte[] raw)
protected SecretKey
generateSecret()
Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier>
generateToken(String username, DelegationTokenConfig cfg)
Generates a delegation token for the user with the providedusername
.void
removeAllKeys()
Atomic operation to remove all AuthenticationKeysbyte[]
retrievePassword(AuthenticationTokenIdentifier identifier)
-
-
-
Constructor Detail
-
AuthenticationTokenSecretManager
public AuthenticationTokenSecretManager(InstanceId instanceID, long tokenMaxLifetime)
Create a new secret manager instance for generating keys.- Parameters:
instanceID
- Accumulo instance IDtokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer valid
-
-
Method Detail
-
createPassword
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
- Specified by:
createPassword
in classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
retrievePassword
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
- Specified by:
retrievePassword
in classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
-
createIdentifier
public AuthenticationTokenIdentifier createIdentifier()
- Specified by:
createIdentifier
in classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
generateToken
public Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username, DelegationTokenConfig cfg) throws AccumuloException
Generates a delegation token for the user with the providedusername
.- Parameters:
username
- The client to generate the delegation token for.cfg
- A configuration object for obtaining the delegation token- Returns:
- A delegation token for
username
created using thecurrentKey
. - Throws:
AccumuloException
-
addKey
public void addKey(AuthenticationKey key)
Add the providedkey
to the in-memory copy of allAuthenticationKey
s.- Parameters:
key
- The key to add.
-
removeAllKeys
public void removeAllKeys()
Atomic operation to remove all AuthenticationKeys
-
generateSecret
protected SecretKey generateSecret()
- Overrides:
generateSecret
in classorg.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
-
createSecretKey
public static SecretKey createSecretKey(byte[] raw)
-
-