Package org.apache.hadoop.security.alias

Class CredentialProvider

java.lang.Object
org.apache.hadoop.security.alias.CredentialProvider
Direct Known Subclasses:
AbstractJavaKeyStoreProvider, UserProvider
@Public @Unstable public abstract class CredentialProvider extends Object
A provider of credentials or password for Hadoop applications. Provides an abstraction to separate credential storage from users of them. It is intended to support getting or storing passwords in a variety of ways, including third party bindings. CredentialProvider implementations must be thread safe.

  • Field Details

  • Constructor Details

    • CredentialProvider

      public CredentialProvider()

  • Method Details

    • isTransient

      public boolean isTransient()
      Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is. These providers are generally used to provide job access to passwords rather than for long term storage.
      Returns:
      true if transient, false otherwise

    • flush

      public abstract void flush() throws IOException
      Ensures that any changes to the credentials are written to persistent store.
      Throws:
      IOException - raised on errors performing I/O.

    • getCredentialEntry

      public abstract CredentialProvider.CredentialEntry getCredentialEntry(String alias) throws IOException
      Get the credential entry for a specific alias.
      Parameters:
      alias - the name of a specific credential
      Returns:
      the credentialEntry
      Throws:
      IOException - raised on errors performing I/O.

    • getAliases

      public abstract List<String> getAliases() throws IOException
      Get the aliases for all credentials.
      Returns:
      the list of alias names
      Throws:
      IOException - raised on errors performing I/O.

    • createCredentialEntry

      public abstract CredentialProvider.CredentialEntry createCredentialEntry(String name, char[] credential) throws IOException
      Create a new credential. The given alias must not already exist.
      Parameters:
      name - the alias of the credential
      credential - the credential value for the alias.
      Returns:
      CredentialEntry.
      Throws:
      IOException - raised on errors performing I/O.

    • deleteCredentialEntry

      public abstract void deleteCredentialEntry(String name) throws IOException
      Delete the given credential.
      Parameters:
      name - the alias of the credential to delete
      Throws:
      IOException - raised on errors performing I/O.

    • needsPassword

      public boolean needsPassword() throws IOException
      Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means. If true, the password should be provided by the caller using setPassword().
      Returns:
      Whether or not the provider requires a password
      Throws:
      IOException - raised on errors performing I/O.

    • noPasswordWarning

      public String noPasswordWarning()
      If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.
      Returns:
      A warning and instructions for supplying the password

    • noPasswordError

      public String noPasswordError()
      If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
      Returns:
      An error message and instructions for supplying the password