org.apache.hadoop.hbase.security.token
Class AuthenticationTokenSecretManager
java.lang.Object
org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.hadoop.hbase.security.token.AuthenticationTokenSecretManager
public class AuthenticationTokenSecretManager
- extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
Manages an internal list of secret keys used to sign new authentication
tokens as they are generated, and to valid existing tokens used for
authentication.
A single instance of AuthenticationTokenSecretManager
will be
running as the "leader" in a given HBase cluster. The leader is responsible
for periodically generating new secret keys, which are then distributed to
followers via ZooKeeper, and for expiring previously used secret keys that
are no longer needed (as any tokens using them have expired).
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
org.apache.hadoop.security.token.SecretManager.InvalidToken |
Methods inherited from class org.apache.hadoop.security.token.SecretManager |
checkAvailableForRead, createPassword, generateSecret |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthenticationTokenSecretManager
public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
ZooKeeperWatcher zk,
String serverName,
long keyUpdateInterval,
long tokenMaxLifetime)
- Create a new secret manager instance for generating keys.
- Parameters:
conf
- Configuration to usezk
- Connection to zookeeper for handling leader electionskeyUpdateInterval
- Time (in milliseconds) between rolling a new master key for token signingtokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer valid
start
public void start()
stop
public void stop()
isMaster
public boolean isMaster()
getName
public String getName()
createPassword
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
- Specified by:
createPassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
retrievePassword
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier)
throws org.apache.hadoop.security.token.SecretManager.InvalidToken
- Specified by:
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
createIdentifier
public AuthenticationTokenIdentifier createIdentifier()
- Specified by:
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
generateToken
public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)
addKey
public void addKey(AuthenticationKey key)
throws IOException
- Throws:
IOException
createSecretKey
public static SecretKey createSecretKey(byte[] raw)
Copyright © 2013 The Apache Software Foundation. All Rights Reserved.