RolloverSignerSecretProvider (Apache Hadoop Auth 2.10.2 API)

java.lang.Object
- org.apache.hadoop.security.authentication.util.SignerSecretProvider
- - org.apache.hadoop.security.authentication.util.RolloverSignerSecretProvider

Direct Known Subclasses:

RandomSignerSecretProvider, ZKSignerSecretProvider
```
@InterfaceStability.Unstable
@InterfaceAudience.Private
public abstract class RolloverSignerSecretProvider
extends SignerSecretProvider
```
An abstract SignerSecretProvider that can be use used as the base for a rolling secret. The secret will roll over at the same interval as the token validity, so there are only ever a maximum of two valid secrets at any given time. This class handles storing and returning the secrets, as well as the rolling over. At a minimum, subclasses simply need to implement the generateNewSecret() method. More advanced implementations can override other methods to provide more advanced behavior, but should be careful when doing so.

Constructor Summary

Constructors
Constructor and Description

RolloverSignerSecretProvider()

Constructors
Constructor and Description
`RolloverSignerSecretProvider()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`destroy()` Will be called on shutdown; subclasses should perform any cleanup here.
`protected abstract byte[]`	`generateNewSecret()` Subclasses should implement this to return a new secret.
`byte[][]`	`getAllSecrets()` Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().
`byte[]`	`getCurrentSecret()` Returns the current secret to be used by the Signer for signing new cookies.
`void`	`init(Properties config, javax.servlet.ServletContext servletContext, long tokenValidity)` Initialize the SignerSecretProvider.
`protected void`	`initSecrets(byte[] currentSecret, byte[] previousSecret)` Initializes the secrets array.
`protected void`	`rollSecret()` Rolls the secret.
`protected void`	`startScheduler(long initialDelay, long period)` Starts the scheduler for the rollover to run at an interval.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - RolloverSignerSecretProvider
```
public RolloverSignerSecretProvider()
```
- Method Detail
  - init
```
public void init(Properties config,
        javax.servlet.ServletContext servletContext,
        long tokenValidity)
          throws Exception
```
    Initialize the SignerSecretProvider. It initializes the current secret and starts the scheduler for the rollover to run at an interval of tokenValidity.
    
    Specified by:
    
    init in class SignerSecretProvider
    
    Parameters:
    config - configuration properties
    servletContext - servlet context
    tokenValidity - The amount of time a token is valid for
    
    Throws:
    
    Exception - thrown if an error occurred
  - initSecrets
```
protected void initSecrets(byte[] currentSecret,
               byte[] previousSecret)
```
    Initializes the secrets array. This should typically be called only once, during init but some implementations may wish to call it other times. previousSecret can be null if there isn't a previous secret, but currentSecret should never be null.
    
    Parameters:
    currentSecret - The current secret
    previousSecret - The previous secret
  - startScheduler
```
protected void startScheduler(long initialDelay,
                  long period)
```
    Starts the scheduler for the rollover to run at an interval.
    
    Parameters:
    initialDelay - The initial delay in the rollover in milliseconds
    period - The interval for the rollover in milliseconds
  - destroy
```
public void destroy()
```
    Description copied from class: SignerSecretProvider
    
    Will be called on shutdown; subclasses should perform any cleanup here.
    
    Overrides:
    
    destroy in class SignerSecretProvider
  - rollSecret
```
protected void rollSecret()
```
    Rolls the secret. It is called automatically at the rollover interval.
  - generateNewSecret
```
protected abstract byte[] generateNewSecret()
```
    Subclasses should implement this to return a new secret. It will be called automatically at the secret rollover interval. It should never return null.
    
    Returns:
    a new secret
  - getCurrentSecret
```
public byte[] getCurrentSecret()
```
    Description copied from class: SignerSecretProvider
    
    Returns the current secret to be used by the Signer for signing new cookies. This should never return null.
    Callers should be careful not to modify the returned value.
    
    Specified by:
    
    getCurrentSecret in class SignerSecretProvider
    
    Returns:
    the current secret
  - getAllSecrets
```
public byte[][] getAllSecrets()
```
    Description copied from class: SignerSecretProvider
    
    Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().
    Callers should be careful not to modify the returned value.
    
    Specified by:
    
    getAllSecrets in class SignerSecretProvider
    
    Returns:
    the secrets

Class RolloverSignerSecretProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

RolloverSignerSecretProvider

Method Detail

init

initSecrets

startScheduler

destroy

rollSecret

generateNewSecret

getCurrentSecret

getAllSecrets