org.apache.hadoop.hbase.security.token

Class AuthenticationTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

org.apache.hadoop.hbase.security.token.AuthenticationTokenSecretManager

@InterfaceAudience.Private
public class AuthenticationTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

Manages an internal list of secret keys used to sign new authentication tokens as they are generated, and to valid existing tokens used for authentication.

A single instance of AuthenticationTokenSecretManager will be running as the "leader" in a given HBase cluster. The leader is responsible for periodically generating new secret keys, which are then distributed to followers via ZooKeeper, and for expiring previously used secret keys that are no longer needed (as any tokens using them have expired).

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Constructor Summary

Constructors

Constructor and Description
AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf, ZooKeeperWatcher zk, String serverName, long keyUpdateInterval, long tokenMaxLifetime) Create a new secret manager instance for generating keys.

Method Summary

Methods

Modifier and Type	Method and Description
void	addKey(AuthenticationKey key)
AuthenticationTokenIdentifier	createIdentifier()
protected byte[]	createPassword(AuthenticationTokenIdentifier identifier)
static SecretKey	createSecretKey(byte[] raw)
org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>	generateToken(String username)
String	getName()
boolean	isMaster()
byte[]	retrievePassword(AuthenticationTokenIdentifier identifier)
void	start()
void	stop()

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationTokenSecretManager

public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
                                ZooKeeperWatcher zk,
                                String serverName,
                                long keyUpdateInterval,
                                long tokenMaxLifetime)

Create a new secret manager instance for generating keys.

Parameters:

conf - Configuration to use

zk - Connection to zookeeper for handling leader elections

keyUpdateInterval - Time (in milliseconds) between rolling a new master key for token signing

tokenMaxLifetime - Maximum age (in milliseconds) before a token expires and is no longer valid

Method Detail

start

public void start()

stop

public void stop()

isMaster

public boolean isMaster()

getName

public String getName()

createPassword

protected byte[] createPassword(AuthenticationTokenIdentifier identifier)

Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

retrievePassword

public byte[] retrievePassword(AuthenticationTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public AuthenticationTokenIdentifier createIdentifier()

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>

generateToken

public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)

addKey

public void addKey(AuthenticationKey key)
            throws IOException

Throws:

IOException

createSecretKey

public static SecretKey createSecretKey(byte[] raw)