Package org.apache.hadoop.security.alias

Class CredentialProvider

java.lang.Object
org.apache.hadoop.security.alias.CredentialProvider
@Public @Unstable public abstract class CredentialProvider extends Object
A provider of credentials or password for Hadoop applications. Provides an abstraction to separate credential storage from users of them. It is intended to support getting or storing passwords in a variety of ways, including third party bindings. CredentialProvider implementations must be thread safe.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    org.apache.hadoop.security.alias.CredentialProvider.CredentialEntry
    The combination of both the alias and the actual credential value.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    CLEAR_TEXT_FALLBACK
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    CredentialProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    abstract org.apache.hadoop.security.alias.CredentialProvider.CredentialEntry
    createCredentialEntry(String name, char[] credential)
    Create a new credential.
    abstract void
    deleteCredentialEntry(String name)
    Delete the given credential.
    abstract void
    flush()
    Ensures that any changes to the credentials are written to persistent store.
    abstract List<String>
    getAliases()
    Get the aliases for all credentials.
    abstract org.apache.hadoop.security.alias.CredentialProvider.CredentialEntry
    getCredentialEntry(String alias)
    Get the credential entry for a specific alias.
    boolean
    isTransient()
    Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is.
    boolean
    needsPassword()
    Does this provider require a password?
    String
    noPasswordError()
    If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
    String
    noPasswordWarning()
    If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • CredentialProvider

      public CredentialProvider()

  • Method Details

    • isTransient

      public boolean isTransient()
      Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is. These providers are generally used to provide job access to passwords rather than for long term storage.
      Returns:
      true if transient, false otherwise

    • flush

      public abstract void flush() throws IOException
      Ensures that any changes to the credentials are written to persistent store.
      Throws:
      IOException - raised on errors performing I/O.

    • getCredentialEntry

      public abstract org.apache.hadoop.security.alias.CredentialProvider.CredentialEntry getCredentialEntry(String alias) throws IOException
      Get the credential entry for a specific alias.
      Parameters:
      alias - the name of a specific credential
      Returns:
      the credentialEntry
      Throws:
      IOException - raised on errors performing I/O.

    • getAliases

      public abstract List<String> getAliases() throws IOException
      Get the aliases for all credentials.
      Returns:
      the list of alias names
      Throws:
      IOException - raised on errors performing I/O.

    • createCredentialEntry

      public abstract org.apache.hadoop.security.alias.CredentialProvider.CredentialEntry createCredentialEntry(String name, char[] credential) throws IOException
      Create a new credential. The given alias must not already exist.
      Parameters:
      name - the alias of the credential
      credential - the credential value for the alias.
      Returns:
      CredentialEntry.
      Throws:
      IOException - raised on errors performing I/O.

    • deleteCredentialEntry

      public abstract void deleteCredentialEntry(String name) throws IOException
      Delete the given credential.
      Parameters:
      name - the alias of the credential to delete
      Throws:
      IOException - raised on errors performing I/O.

    • needsPassword

      public boolean needsPassword() throws IOException
      Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means. If true, the password should be provided by the caller using setPassword().
      Returns:
      Whether or not the provider requires a password
      Throws:
      IOException - raised on errors performing I/O.

    • noPasswordWarning

      public String noPasswordWarning()
      If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.
      Returns:
      A warning and instructions for supplying the password

    • noPasswordError

      public String noPasswordError()
      If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
      Returns:
      An error message and instructions for supplying the password