|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.hadoop.security.token.SecretManager<BlockTokenIdentifier>
org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
@InterfaceAudience.Private public class BlockTokenSecretManager
BlockTokenSecretManager can be instantiated in 2 modes, master mode and slave mode. Master can generate new block keys and export block keys to slaves, while slaves can only import and use block keys received from master. Both master and slave can generate and verify block tokens. Typically, master mode is used by NN and slave mode is used by DN.
Nested Class Summary | |
---|---|
static class |
BlockTokenSecretManager.AccessMode
|
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
---|
org.apache.hadoop.security.token.SecretManager.InvalidToken |
Field Summary | |
---|---|
static org.apache.hadoop.security.token.Token<BlockTokenIdentifier> |
DUMMY_TOKEN
|
static org.apache.commons.logging.Log |
LOG
|
Constructor Summary | |
---|---|
BlockTokenSecretManager(boolean isMaster,
long keyUpdateInterval,
long tokenLifetime)
Constructor |
Method Summary | |
---|---|
void |
checkAccess(BlockTokenIdentifier id,
String userId,
Block block,
BlockTokenSecretManager.AccessMode mode)
Check if access should be allowed. |
void |
checkAccess(org.apache.hadoop.security.token.Token<BlockTokenIdentifier> token,
String userId,
Block block,
BlockTokenSecretManager.AccessMode mode)
Check if access should be allowed. |
BlockTokenIdentifier |
createIdentifier()
Create an empty block token identifier |
protected byte[] |
createPassword(BlockTokenIdentifier identifier)
Create a new password/secret for the given block token identifier. |
ExportedBlockKeys |
exportKeys()
Export block keys, only to be used in master mode |
org.apache.hadoop.security.token.Token<BlockTokenIdentifier> |
generateToken(Block block,
EnumSet<BlockTokenSecretManager.AccessMode> modes)
Generate an block token for current user |
org.apache.hadoop.security.token.Token<BlockTokenIdentifier> |
generateToken(String userId,
Block block,
EnumSet<BlockTokenSecretManager.AccessMode> modes)
Generate a block token for a specified user |
byte[] |
retrievePassword(BlockTokenIdentifier identifier)
Look up the token password/secret for the given block token identifier. |
void |
setKeys(ExportedBlockKeys exportedKeys)
Set block keys, only to be used in slave mode |
void |
setTokenLifetime(long tokenLifetime)
set token lifetime. |
void |
updateKeys()
Update block keys, only to be used in master mode |
Methods inherited from class org.apache.hadoop.security.token.SecretManager |
---|
createPassword, createSecretKey, generateSecret |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final org.apache.commons.logging.Log LOG
public static final org.apache.hadoop.security.token.Token<BlockTokenIdentifier> DUMMY_TOKEN
Constructor Detail |
---|
public BlockTokenSecretManager(boolean isMaster, long keyUpdateInterval, long tokenLifetime) throws IOException
isMaster
- keyUpdateInterval
- tokenLifetime
-
IOException
Method Detail |
---|
public ExportedBlockKeys exportKeys()
public void setKeys(ExportedBlockKeys exportedKeys) throws IOException
IOException
public void updateKeys() throws IOException
IOException
public org.apache.hadoop.security.token.Token<BlockTokenIdentifier> generateToken(Block block, EnumSet<BlockTokenSecretManager.AccessMode> modes) throws IOException
IOException
public org.apache.hadoop.security.token.Token<BlockTokenIdentifier> generateToken(String userId, Block block, EnumSet<BlockTokenSecretManager.AccessMode> modes) throws IOException
IOException
public void checkAccess(BlockTokenIdentifier id, String userId, Block block, BlockTokenSecretManager.AccessMode mode) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
org.apache.hadoop.security.token.SecretManager.InvalidToken
public void checkAccess(org.apache.hadoop.security.token.Token<BlockTokenIdentifier> token, String userId, Block block, BlockTokenSecretManager.AccessMode mode) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
org.apache.hadoop.security.token.SecretManager.InvalidToken
public void setTokenLifetime(long tokenLifetime)
public BlockTokenIdentifier createIdentifier()
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<BlockTokenIdentifier>
protected byte[] createPassword(BlockTokenIdentifier identifier)
createPassword
in class org.apache.hadoop.security.token.SecretManager<BlockTokenIdentifier>
identifier
- the block token identifier
public byte[] retrievePassword(BlockTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<BlockTokenIdentifier>
identifier
- the block token identifier to look up
InvalidToken
org.apache.hadoop.security.token.SecretManager.InvalidToken
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |