org.apache.hadoop.hbase.security.token
Class AuthenticationTokenSecretManager

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
      extended by org.apache.hadoop.hbase.security.token.AuthenticationTokenSecretManager

public class AuthenticationTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

Manages an internal list of secret keys used to sign new authentication tokens as they are generated, and to valid existing tokens used for authentication.

A single instance of AuthenticationTokenSecretManager will be running as the "leader" in a given HBase cluster. The leader is responsible for periodically generating new secret keys, which are then distributed to followers via ZooKeeper, and for expiring previously used secret keys that are no longer needed (as any tokens using them have expired).


Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
 
Constructor Summary
AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf, ZooKeeperWatcher zk, String serverName, long keyUpdateInterval, long tokenMaxLifetime)
          Create a new secret manager instance for generating keys.
 
Method Summary
 void addKey(AuthenticationKey key)
           
 AuthenticationTokenIdentifier createIdentifier()
           
protected  byte[] createPassword(AuthenticationTokenIdentifier identifier)
           
static SecretKey createSecretKey(byte[] raw)
           
 org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)
           
 String getName()
           
 boolean isMaster()
           
 byte[] retrievePassword(AuthenticationTokenIdentifier identifier)
           
 void start()
           
 void stop()
           
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
createPassword, generateSecret
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthenticationTokenSecretManager

public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
                                        ZooKeeperWatcher zk,
                                        String serverName,
                                        long keyUpdateInterval,
                                        long tokenMaxLifetime)
Create a new secret manager instance for generating keys.

Parameters:
conf - Configuration to use
zk - Connection to zookeeper for handling leader elections
keyUpdateInterval - Time (in milliseconds) between rolling a new master key for token signing
tokenMaxLifetime - Maximum age (in milliseconds) before a token expires and is no longer valid
Method Detail

start

public void start()

stop

public void stop()

isMaster

public boolean isMaster()

getName

public String getName()

createPassword

protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
Specified by:
createPassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

retrievePassword

public byte[] retrievePassword(AuthenticationTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
Specified by:
retrievePassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public AuthenticationTokenIdentifier createIdentifier()
Specified by:
createIdentifier in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

generateToken

public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)

addKey

public void addKey(AuthenticationKey key)
            throws IOException
Throws:
IOException

createSecretKey

public static SecretKey createSecretKey(byte[] raw)


Copyright © 2015 The Apache Software Foundation. All Rights Reserved.