@InterfaceAudience.LimitedPrivate(value={"HDFS","MapReduce"}) @InterfaceStability.Evolving public abstract class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier> extends SecretManager<TokenIdent>
Modifier and Type | Class and Description |
---|---|
static class |
AbstractDelegationTokenSecretManager.DelegationTokenInformation
Class to encapsulate a token's renew date and password.
|
SecretManager.InvalidToken
Modifier and Type | Field and Description |
---|---|
protected Map<Integer,DelegationKey> |
allKeys
Access to allKeys is protected by this object lock
|
protected int |
currentId
Access to currentId is protected by this object lock.
|
protected Map<TokenIdent,AbstractDelegationTokenSecretManager.DelegationTokenInformation> |
currentTokens
Cache of currently valid tokens, mapping from DelegationTokenIdentifier
to DelegationTokenInformation.
|
protected int |
delegationTokenSequenceNumber
Sequence number to create DelegationTokenIdentifier.
|
protected Object |
noInterruptsLock
If the delegation token update thread holds this lock, it will
not get interrupted.
|
protected boolean |
running |
protected boolean |
storeTokenTrackingId
Whether to store a token's tracking ID in its TokenInformation.
|
Constructor and Description |
---|
AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval,
long delegationTokenMaxLifetime,
long delegationTokenRenewInterval,
long delegationTokenRemoverScanInterval) |
Modifier and Type | Method and Description |
---|---|
void |
addKey(DelegationKey key)
Add a previously used master key to cache (when NN restarts),
should be called before activate().
|
void |
addPersistedDelegationToken(TokenIdent identifier,
long renewDate)
This method is intended to be used for recovering persisted delegation
tokens
|
TokenIdent |
cancelToken(Token<TokenIdent> token,
String canceller)
Cancel a token by removing it from cache.
|
protected byte[] |
createPassword(TokenIdent identifier)
Create the password for the given identifier.
|
static SecretKey |
createSecretKey(byte[] key)
Convert the byte[] to a secret key
|
DelegationKey[] |
getAllKeys() |
String |
getTokenTrackingId(TokenIdent identifier) |
protected String |
getTrackingIdIfEnabled(TokenIdent ident) |
boolean |
isRunning()
is secretMgr running
|
protected void |
logExpireToken(TokenIdent ident) |
protected void |
logUpdateMasterKey(DelegationKey key) |
protected void |
removeStoredMasterKey(DelegationKey key) |
protected void |
removeStoredToken(TokenIdent ident) |
long |
renewToken(Token<TokenIdent> token,
String renewer)
Renew a delegation token.
|
void |
reset()
Reset all data structures and mutable state.
|
byte[] |
retrievePassword(TokenIdent identifier)
Retrieve the password for the given token identifier.
|
void |
startThreads()
should be called before this object is used
|
void |
stopThreads() |
protected void |
storeNewMasterKey(DelegationKey key) |
protected void |
storeNewToken(TokenIdent ident,
long renewDate) |
protected void |
updateStoredToken(TokenIdent ident,
long renewDate) |
void |
verifyToken(TokenIdent identifier,
byte[] password)
Verifies that the given identifier and password are valid and match.
|
checkAvailableForRead, createIdentifier, createPassword, generateSecret
protected final Map<TokenIdent extends AbstractDelegationTokenIdentifier,AbstractDelegationTokenSecretManager.DelegationTokenInformation> currentTokens
protected int delegationTokenSequenceNumber
protected final Map<Integer,DelegationKey> allKeys
protected int currentId
protected boolean storeTokenTrackingId
protected volatile boolean running
protected Object noInterruptsLock
public AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval)
public void startThreads() throws IOException
IOException
public void reset()
public void addKey(DelegationKey key) throws IOException
IOException
public DelegationKey[] getAllKeys()
protected void logUpdateMasterKey(DelegationKey key) throws IOException
IOException
protected void logExpireToken(TokenIdent ident) throws IOException
IOException
protected void storeNewMasterKey(DelegationKey key) throws IOException
IOException
protected void removeStoredMasterKey(DelegationKey key)
protected void storeNewToken(TokenIdent ident, long renewDate)
protected void removeStoredToken(TokenIdent ident) throws IOException
IOException
protected void updateStoredToken(TokenIdent ident, long renewDate)
public void addPersistedDelegationToken(TokenIdent identifier, long renewDate) throws IOException
identifier
- identifier read from persistent storagerenewDate
- token renew timeIOException
protected byte[] createPassword(TokenIdent identifier)
SecretManager
createPassword
in class SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
identifier
- the identifier to usepublic byte[] retrievePassword(TokenIdent identifier) throws SecretManager.InvalidToken
SecretManager
retrievePassword
in class SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
identifier
- the identifier to validateSecretManager.InvalidToken
- the token was invalidprotected String getTrackingIdIfEnabled(TokenIdent ident)
public String getTokenTrackingId(TokenIdent identifier)
public void verifyToken(TokenIdent identifier, byte[] password) throws SecretManager.InvalidToken
identifier
- Token identifier.password
- Password in the token.InvalidToken
SecretManager.InvalidToken
public long renewToken(Token<TokenIdent> token, String renewer) throws SecretManager.InvalidToken, IOException
token
- the token to renewrenewer
- the full principal name of the user doing the renewalInvalidToken
- if the token is invalidAccessControlException
- if the user can't renew tokenSecretManager.InvalidToken
IOException
public TokenIdent cancelToken(Token<TokenIdent> token, String canceller) throws IOException
InvalidToken
- for invalid tokenAccessControlException
- if the user isn't allowed to cancelIOException
public static SecretKey createSecretKey(byte[] key)
key
- the byte[] to create the secret key frompublic void stopThreads()
public boolean isRunning()
Copyright © 2013 Apache Software Foundation. All rights reserved.