org.apache.hadoop.security.token.delegation
Class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<TokenIdent>
      extended by org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
Direct Known Subclasses:
DelegationTokenSecretManager

public abstract class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
extends SecretManager<TokenIdent>


Nested Class Summary
static class AbstractDelegationTokenSecretManager.DelegationTokenInformation
          Class to encapsulate a token's renew date and password.
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
SecretManager.InvalidToken
 
Field Summary
protected  Map<Integer,DelegationKey> allKeys
          Access to allKeys is protected by this object lock
protected  int currentId
          Access to currentId is protected by this object lock.
protected  Map<TokenIdent,AbstractDelegationTokenSecretManager.DelegationTokenInformation> currentTokens
          Cache of currently valid tokens, mapping from DelegationTokenIdentifier to DelegationTokenInformation.
protected  int delegationTokenSequenceNumber
          Sequence number to create DelegationTokenIdentifier.
protected  Object noInterruptsLock
          If the delegation token update thread holds this lock, it will not get interrupted.
protected  boolean running
           
 
Constructor Summary
AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval)
           
 
Method Summary
 void addKey(DelegationKey key)
          Add a previously used master key to cache (when NN restarts), should be called before activate().
 TokenIdent cancelToken(Token<TokenIdent> token, String canceller)
          Cancel a token by removing it from cache.
protected  byte[] createPassword(TokenIdent identifier)
          Create the password for the given identifier.
static SecretKey createSecretKey(byte[] key)
          Convert the byte[] to a secret key
 DelegationKey[] getAllKeys()
           
 boolean isRunning()
          is secretMgr running
protected  void logUpdateMasterKey(DelegationKey key)
           
 long renewToken(Token<TokenIdent> token, String renewer)
          Renew a delegation token.
 byte[] retrievePassword(TokenIdent identifier)
          Retrieve the password for the given token identifier.
 void startThreads()
          should be called before this object is used
 void stopThreads()
           
 void verifyToken(TokenIdent identifier, byte[] password)
          Verifies that the given identifier and password are valid and match.
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
createIdentifier, createPassword, generateSecret
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

currentTokens

protected final Map<TokenIdent extends AbstractDelegationTokenIdentifier,AbstractDelegationTokenSecretManager.DelegationTokenInformation> currentTokens
Cache of currently valid tokens, mapping from DelegationTokenIdentifier to DelegationTokenInformation. Protected by this object lock.


delegationTokenSequenceNumber

protected int delegationTokenSequenceNumber
Sequence number to create DelegationTokenIdentifier. Protected by this object lock.


allKeys

protected final Map<Integer,DelegationKey> allKeys
Access to allKeys is protected by this object lock


currentId

protected int currentId
Access to currentId is protected by this object lock.


running

protected volatile boolean running

noInterruptsLock

protected Object noInterruptsLock
If the delegation token update thread holds this lock, it will not get interrupted.

Constructor Detail

AbstractDelegationTokenSecretManager

public AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval,
                                            long delegationTokenMaxLifetime,
                                            long delegationTokenRenewInterval,
                                            long delegationTokenRemoverScanInterval)
Method Detail

startThreads

public void startThreads()
                  throws IOException
should be called before this object is used

Throws:
IOException

isRunning

public boolean isRunning()
is secretMgr running

Returns:
true if secret mgr is running

addKey

public void addKey(DelegationKey key)
            throws IOException
Add a previously used master key to cache (when NN restarts), should be called before activate().

Throws:
IOException

getAllKeys

public DelegationKey[] getAllKeys()

logUpdateMasterKey

protected void logUpdateMasterKey(DelegationKey key)
                           throws IOException
Throws:
IOException

createPassword

protected byte[] createPassword(TokenIdent identifier)
Description copied from class: SecretManager
Create the password for the given identifier. identifier may be modified inside this method.

Specified by:
createPassword in class SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
Parameters:
identifier - the identifier to use
Returns:
the new password

retrievePassword

public byte[] retrievePassword(TokenIdent identifier)
                        throws SecretManager.InvalidToken
Description copied from class: SecretManager
Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.

Specified by:
retrievePassword in class SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
Parameters:
identifier - the identifier to validate
Returns:
the password to use
Throws:
SecretManager.InvalidToken - the token was invalid

verifyToken

public void verifyToken(TokenIdent identifier,
                        byte[] password)
                 throws SecretManager.InvalidToken
Verifies that the given identifier and password are valid and match.

Parameters:
identifier - Token identifier.
password - Password in the token.
Throws:
InvalidToken
SecretManager.InvalidToken

renewToken

public long renewToken(Token<TokenIdent> token,
                       String renewer)
                throws SecretManager.InvalidToken,
                       IOException
Renew a delegation token.

Parameters:
token - the token to renew
renewer - the full principal name of the user doing the renewal
Returns:
the new expiration time
Throws:
InvalidToken - if the token is invalid
AccessControlException - if the user can't renew token
SecretManager.InvalidToken
IOException

cancelToken

public TokenIdent cancelToken(Token<TokenIdent> token,
                              String canceller)
                                                                 throws IOException
Cancel a token by removing it from cache.

Returns:
Identifier of the canceled token
Throws:
InvalidToken - for invalid token
AccessControlException - if the user isn't allowed to cancel
IOException

createSecretKey

public static SecretKey createSecretKey(byte[] key)
Convert the byte[] to a secret key

Parameters:
key - the byte[] to create the secret key from
Returns:
the secret key

stopThreads

public void stopThreads()


Copyright © 2009 The Apache Software Foundation