@InterfaceAudience.Private public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
A single instance of AuthenticationTokenSecretManager
will be running as the "leader" in
a given HBase cluster. The leader is responsible for periodically generating new secret keys,
which are then distributed to followers via ZooKeeper, and for expiring previously used secret
keys that are no longer needed (as any tokens using them have expired).
Modifier and Type | Class and Description |
---|---|
private class |
AuthenticationTokenSecretManager.LeaderElector |
Modifier and Type | Field and Description |
---|---|
private Map<Integer,AuthenticationKey> |
allKeys |
private ZKClusterId |
clusterId |
private AuthenticationKey |
currentKey |
private int |
idSeq |
private long |
keyUpdateInterval |
private long |
lastKeyUpdate |
private AuthenticationTokenSecretManager.LeaderElector |
leaderElector |
private static org.slf4j.Logger |
LOG |
private String |
name |
(package private) static String |
NAME_PREFIX |
private long |
tokenMaxLifetime |
private AtomicLong |
tokenSeq |
private ZKSecretWatcher |
zkWatcher |
Constructor and Description |
---|
AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
ZKWatcher zk,
String serverName,
long keyUpdateInterval,
long tokenMaxLifetime)
Create a new secret manager instance for generating keys.
|
Modifier and Type | Method and Description |
---|---|
void |
addKey(AuthenticationKey key) |
AuthenticationTokenIdentifier |
createIdentifier() |
protected byte[] |
createPassword(AuthenticationTokenIdentifier identifier) |
static SecretKey |
createSecretKey(byte[] raw) |
org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> |
generateToken(String username) |
(package private) AuthenticationKey |
getCurrentKey() |
(package private) AuthenticationKey |
getKey(int keyId) |
(package private) long |
getLastKeyUpdate() |
String |
getName() |
(package private) boolean |
isCurrentKeyRolled() |
boolean |
isMaster() |
(package private) void |
removeExpiredKeys() |
(package private) boolean |
removeKey(Integer keyId) |
byte[] |
retrievePassword(AuthenticationTokenIdentifier identifier) |
(package private) void |
rollCurrentKey() |
void |
start() |
void |
stop() |
static final String NAME_PREFIX
private static final org.slf4j.Logger LOG
private long lastKeyUpdate
private long keyUpdateInterval
private long tokenMaxLifetime
private ZKSecretWatcher zkWatcher
private AuthenticationTokenSecretManager.LeaderElector leaderElector
private ZKClusterId clusterId
private Map<Integer,AuthenticationKey> allKeys
private AuthenticationKey currentKey
private int idSeq
private AtomicLong tokenSeq
public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf, ZKWatcher zk, String serverName, long keyUpdateInterval, long tokenMaxLifetime)
conf
- Configuration to usezk
- Connection to zookeeper for handling leader electionskeyUpdateInterval
- Time (in milliseconds) between rolling a new master key for token
signingtokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer
validpublic void start()
public void stop()
public boolean isMaster()
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
createPassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.hadoop.security.token.SecretManager.InvalidToken
public AuthenticationTokenIdentifier createIdentifier()
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)
public void addKey(AuthenticationKey key) throws IOException
IOException
AuthenticationKey getCurrentKey()
AuthenticationKey getKey(int keyId)
void removeExpiredKeys()
boolean isCurrentKeyRolled()
void rollCurrentKey()
long getLastKeyUpdate()
public static SecretKey createSecretKey(byte[] raw)
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.