@InterfaceAudience.Private public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
A single instance of AuthenticationTokenSecretManager
will be
running as the "leader" in a given HBase cluster. The leader is responsible
for periodically generating new secret keys, which are then distributed to
followers via ZooKeeper, and for expiring previously used secret keys that
are no longer needed (as any tokens using them have expired).
Modifier and Type | Class and Description |
---|---|
private class |
AuthenticationTokenSecretManager.LeaderElector |
Modifier and Type | Field and Description |
---|---|
private Map<Integer,AuthenticationKey> |
allKeys |
private ZKClusterId |
clusterId |
private AuthenticationKey |
currentKey |
private int |
idSeq |
private long |
keyUpdateInterval |
private long |
lastKeyUpdate |
private AuthenticationTokenSecretManager.LeaderElector |
leaderElector |
private static org.apache.commons.logging.Log |
LOG |
private String |
name |
(package private) static String |
NAME_PREFIX |
private long |
tokenMaxLifetime |
private AtomicLong |
tokenSeq |
private ZKSecretWatcher |
zkWatcher |
Constructor and Description |
---|
AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
ZooKeeperWatcher zk,
String serverName,
long keyUpdateInterval,
long tokenMaxLifetime)
Create a new secret manager instance for generating keys.
|
Modifier and Type | Method and Description |
---|---|
void |
addKey(AuthenticationKey key) |
AuthenticationTokenIdentifier |
createIdentifier() |
protected byte[] |
createPassword(AuthenticationTokenIdentifier identifier) |
static SecretKey |
createSecretKey(byte[] raw) |
org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> |
generateToken(String username) |
(package private) AuthenticationKey |
getCurrentKey() |
(package private) AuthenticationKey |
getKey(int keyId) |
(package private) long |
getLastKeyUpdate() |
String |
getName() |
(package private) boolean |
isCurrentKeyRolled() |
boolean |
isMaster() |
(package private) void |
removeExpiredKeys() |
(package private) boolean |
removeKey(Integer keyId) |
byte[] |
retrievePassword(AuthenticationTokenIdentifier identifier) |
(package private) void |
rollCurrentKey() |
void |
start() |
void |
stop() |
static final String NAME_PREFIX
private static final org.apache.commons.logging.Log LOG
private long lastKeyUpdate
private long keyUpdateInterval
private long tokenMaxLifetime
private ZKSecretWatcher zkWatcher
private AuthenticationTokenSecretManager.LeaderElector leaderElector
private ZKClusterId clusterId
private Map<Integer,AuthenticationKey> allKeys
private AuthenticationKey currentKey
private int idSeq
private AtomicLong tokenSeq
private String name
public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf, ZooKeeperWatcher zk, String serverName, long keyUpdateInterval, long tokenMaxLifetime)
conf
- Configuration to usezk
- Connection to zookeeper for handling leader electionskeyUpdateInterval
- Time (in milliseconds) between rolling a new master key for token signingtokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer validpublic void start()
public void stop()
public boolean isMaster()
public String getName()
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
createPassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.hadoop.security.token.SecretManager.InvalidToken
public AuthenticationTokenIdentifier createIdentifier()
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)
public void addKey(AuthenticationKey key) throws IOException
IOException
boolean removeKey(Integer keyId)
AuthenticationKey getCurrentKey()
AuthenticationKey getKey(int keyId)
void removeExpiredKeys()
boolean isCurrentKeyRolled()
void rollCurrentKey()
long getLastKeyUpdate()
public static SecretKey createSecretKey(byte[] raw)
Copyright © 2007–2019 The Apache Software Foundation. All rights reserved.