@InterfaceAudience.Private public class DelegationTokenSecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
AbstractDelegationTokenSecretManager.DelegationTokenInformation
SecretManager.InvalidToken
allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId
Constructor and Description |
---|
DelegationTokenSecretManager(long delegationKeyUpdateInterval,
long delegationTokenMaxLifetime,
long delegationTokenRenewInterval,
long delegationTokenRemoverScanInterval,
boolean storeTokenTrackingId,
FSNamesystem namesystem)
Create a secret manager
|
DelegationTokenSecretManager(long delegationKeyUpdateInterval,
long delegationTokenMaxLifetime,
long delegationTokenRenewInterval,
long delegationTokenRemoverScanInterval,
FSNamesystem namesystem) |
Modifier and Type | Method and Description |
---|---|
void |
addPersistedDelegationToken(DelegationTokenIdentifier identifier,
long expiryTime)
This method is intended to be used only while reading edit logs.
|
static Credentials |
createCredentials(NameNode namenode,
UserGroupInformation ugi,
String renewer)
A utility method for creating credentials.
|
DelegationTokenIdentifier |
createIdentifier()
Create an empty token identifier.
|
int |
getNumberOfKeys()
Returns the number of delegation keys currently stored.
|
long |
getTokenExpiryTime(DelegationTokenIdentifier dtId)
Returns expiry time of a token given its identifier.
|
void |
loadSecretManagerState(DataInput in)
Load SecretManager state from fsimage.
|
protected void |
logExpireToken(DelegationTokenIdentifier dtId) |
protected void |
logUpdateMasterKey(DelegationKey key)
Call namesystem to update editlogs for new master key.
|
byte[] |
retrievePassword(DelegationTokenIdentifier identifier)
Retrieve the password for the given token identifier.
|
void |
saveSecretManagerState(DataOutputStream out,
String sdPath)
Store the current state of the SecretManager for persistence
|
void |
updatePersistedMasterKey(DelegationKey key)
Add a MasterKey to the list of keys.
|
void |
updatePersistedTokenCancellation(DelegationTokenIdentifier identifier)
Update the token cache with the cancel record in edit logs
|
void |
updatePersistedTokenRenewal(DelegationTokenIdentifier identifier,
long expiryTime)
Update the token cache with renewal record in edit logs.
|
addKey, cancelToken, createPassword, createSecretKey, getAllKeys, getTokenTrackingId, getTrackingIdIfEnabled, isRunning, removeStoredMasterKey, removeStoredToken, renewToken, reset, startThreads, stopThreads, storeNewMasterKey, storeNewToken, updateStoredToken, verifyToken
checkAvailableForRead, createPassword, generateSecret
public DelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, FSNamesystem namesystem)
public DelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, boolean storeTokenTrackingId, FSNamesystem namesystem)
delegationKeyUpdateInterval
- the number of seconds for rolling new
secret keys.delegationTokenMaxLifetime
- the maximum lifetime of the delegation
tokensdelegationTokenRenewInterval
- how often the tokens must be reneweddelegationTokenRemoverScanInterval
- how often the tokens are scanned
for expired tokensstoreTokenTrackingId
- whether to store the token's tracking idpublic DelegationTokenIdentifier createIdentifier()
SecretManager
createIdentifier
in class SecretManager<DelegationTokenIdentifier>
public byte[] retrievePassword(DelegationTokenIdentifier identifier) throws SecretManager.InvalidToken
SecretManager
retrievePassword
in class AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
identifier
- the identifier to validateSecretManager.InvalidToken
- the token was invalidpublic long getTokenExpiryTime(DelegationTokenIdentifier dtId) throws IOException
dtId
- DelegationTokenIdentifier of a tokenIOException
public void loadSecretManagerState(DataInput in) throws IOException
in
- input stream to read fsimageIOException
public void saveSecretManagerState(DataOutputStream out, String sdPath) throws IOException
out
- Output stream for writing into fsimage.sdPath
- String storage directory pathIOException
public void addPersistedDelegationToken(DelegationTokenIdentifier identifier, long expiryTime) throws IOException
addPersistedDelegationToken
in class AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
identifier
- DelegationTokenIdentifier read from the edit logs or
fsimageexpiryTime
- token expiry timeIOException
public void updatePersistedMasterKey(DelegationKey key) throws IOException
key
- DelegationKeyIOException
public void updatePersistedTokenRenewal(DelegationTokenIdentifier identifier, long expiryTime) throws IOException
identifier
- DelegationTokenIdentifier of the renewed tokenexpiryTime
- IOException
public void updatePersistedTokenCancellation(DelegationTokenIdentifier identifier) throws IOException
identifier
- DelegationTokenIdentifier of the canceled tokenIOException
public int getNumberOfKeys()
protected void logUpdateMasterKey(DelegationKey key) throws IOException
logUpdateMasterKey
in class AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
IOException
protected void logExpireToken(DelegationTokenIdentifier dtId) throws IOException
logExpireToken
in class AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
IOException
public static Credentials createCredentials(NameNode namenode, UserGroupInformation ugi, String renewer) throws IOException
IOException
Copyright © 2013 Apache Software Foundation. All rights reserved.