Class ZKDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
java.lang.Object
org.apache.hadoop.security.token.SecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager<TokenIdent>
@Private
public abstract class ZKDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
extends AbstractDelegationTokenSecretManager<TokenIdent>
An implementation of
AbstractDelegationTokenSecretManager that
persists TokenIdentifiers and DelegationKeys in Zookeeper. This class can
be used by HA (Highly available) services that consists of multiple nodes.
This class ensures that Identifiers and Keys are replicated to all nodes of
the service.-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
AbstractDelegationTokenSecretManager.DelegationTokenInformationNested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
SecretManager.InvalidToken -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final intstatic final Stringstatic final booleanprotected static final Stringstatic final Stringstatic final Stringstatic final Stringstatic final intstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final intstatic final Stringstatic final intstatic final Stringstatic final intstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringprotected final org.apache.curator.framework.CuratorFrameworkFields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddOrUpdateToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation info, boolean isUpdate) cancelToken(Token<TokenIdent> token, String canceller) Cancel a token by removing it from cache.protected static org.apache.curator.framework.CuratorFrameworkprotected intFor subclasses externalizing the storage, for example Zookeeper based implementations.protected DelegationKeygetDelegationKey(int keyId) For subclasses externalizing the storage, for example Zookeeper based implementations.protected intFor subclasses externalizing the storage, for example Zookeeper based implementations.getTokenInfo(TokenIdent ident) For subclasses externalizing the storage, for example Zookeeper based implementationsgetTokenInfoFromZK(String nodePath, boolean quiet) getTokenInfoFromZK(TokenIdent ident) getTokenInfoFromZK(TokenIdent ident, boolean quiet) protected intFor subclasses externalizing the storage, for example Zookeeper based implementations.protected intFor subclasses externalizing the storage, for example Zookeeper based implementations.booleanprotected TokenIdentprocessTokenAddOrUpdate(byte[] data) protected voidprotected voidremoveStoredToken(TokenIdent ident) protected voidremoveStoredToken(TokenIdent ident, boolean checkAgainstZkBeforeDeletion) static voidsetCurator(org.apache.curator.framework.CuratorFramework curator) protected voidsetDelegationTokenSeqNum(int seqNum) For subclasses externalizing the storage, for example Zookeeper based implementations.voidshould be called before this object is used.voidprotected voidFor subclasses externalizing the storage, for example Zookeeper based implementations.protected voidstoreToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) For subclasses externalizing the storage, for example Zookeeper based implementations.protected voidsyncLocalCacheWithZk(TokenIdent ident) This method synchronizes the state of a delegation token information in local cache with its actual value in Zookeeper.protected voidFor subclasses externalizing the storage, for example Zookeeper based implementations.protected voidupdateToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) For subclasses externalizing the storage, for example Zookeeper based implementations.Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
addKey, addPersistedDelegationToken, addTokenForOwnerStats, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCandidateTokensForCleanup, getCurrentTokensSize, getMetrics, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, removeExpiredStoredToken, renewToken, reset, retrievePassword, rollMasterKey, setCurrentKeyId, storeNewMasterKey, storeNewToken, syncTokenOwnerStats, updateStoredToken, verifyTokenMethods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createIdentifier, createPassword, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength
-
Field Details
-
ZK_CONF_PREFIX
- See Also:
-
ZK_DTSM_ZK_NUM_RETRIES
- See Also:
-
ZK_DTSM_ZK_SESSION_TIMEOUT
- See Also:
-
ZK_DTSM_ZK_CONNECTION_TIMEOUT
- See Also:
-
ZK_DTSM_ZK_SHUTDOWN_TIMEOUT
- See Also:
-
ZK_DTSM_ZNODE_WORKING_PATH
- See Also:
-
ZK_DTSM_ZK_AUTH_TYPE
- See Also:
-
ZK_DTSM_ZK_CONNECTION_STRING
- See Also:
-
ZK_DTSM_ZK_KERBEROS_KEYTAB
- See Also:
-
ZK_DTSM_ZK_KERBEROS_PRINCIPAL
- See Also:
-
ZK_DTSM_ZK_KERBEROS_SERVER_PRINCIPAL
- See Also:
-
ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE
- See Also:
-
ZK_DTSM_TOKEN_WATCHER_ENABLED
- See Also:
-
ZK_DTSM_TOKEN_WATCHER_ENABLED_DEFAULT
public static final boolean ZK_DTSM_TOKEN_WATCHER_ENABLED_DEFAULT- See Also:
-
ZK_DTSM_ZK_SSL_ENABLED
- See Also:
-
ZK_DTSM_ZK_SSL_KEYSTORE_LOCATION
- See Also:
-
ZK_DTSM_ZK_SSL_KEYSTORE_PASSWORD
- See Also:
-
ZK_DTSM_ZK_SSL_TRUSTSTORE_LOCATION
- See Also:
-
ZK_DTSM_ZK_SSL_TRUSTSTORE_PASSWORD
- See Also:
-
ZK_DTSM_ZK_NUM_RETRIES_DEFAULT
public static final int ZK_DTSM_ZK_NUM_RETRIES_DEFAULT- See Also:
-
ZK_DTSM_ZK_SESSION_TIMEOUT_DEFAULT
public static final int ZK_DTSM_ZK_SESSION_TIMEOUT_DEFAULT- See Also:
-
ZK_DTSM_ZK_CONNECTION_TIMEOUT_DEFAULT
public static final int ZK_DTSM_ZK_CONNECTION_TIMEOUT_DEFAULT- See Also:
-
ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT
public static final int ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT- See Also:
-
ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT
- See Also:
-
ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE_DEFAULT
public static final int ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE_DEFAULT- See Also:
-
ZK_DTSM_TOKENS_ROOT
- See Also:
-
zkClient
protected final org.apache.curator.framework.CuratorFramework zkClient
-
-
Constructor Details
-
ZKDelegationTokenSecretManager
-
-
Method Details
-
setCurator
public static void setCurator(org.apache.curator.framework.CuratorFramework curator) -
getCurator
@VisibleForTesting protected static org.apache.curator.framework.CuratorFramework getCurator() -
startThreads
Description copied from class:AbstractDelegationTokenSecretManagershould be called before this object is used.- Overrides:
startThreadsin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Throws:
IOException- raised on errors performing I/O.
-
processTokenAddOrUpdate
- Throws:
IOException
-
stopThreads
public void stopThreads()- Overrides:
stopThreadsin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
-
getDelegationTokenSeqNum
protected int getDelegationTokenSeqNum()Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
getDelegationTokenSeqNumin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Returns:
- delegationTokenSequenceNumber.
-
incrementDelegationTokenSeqNum
protected int incrementDelegationTokenSeqNum()Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
incrementDelegationTokenSeqNumin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Returns:
- delegationTokenSequenceNumber.
-
setDelegationTokenSeqNum
protected void setDelegationTokenSeqNum(int seqNum) Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
setDelegationTokenSeqNumin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
seqNum- seqNum.
-
getCurrentKeyId
protected int getCurrentKeyId()Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
getCurrentKeyIdin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Returns:
- currentId.
-
incrementCurrentKeyId
protected int incrementCurrentKeyId()Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
incrementCurrentKeyIdin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Returns:
- currentId.
-
getDelegationKey
Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
getDelegationKeyin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
keyId- keyId.- Returns:
- DelegationKey.
-
getTokenInfo
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfo(TokenIdent ident) Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations- Overrides:
getTokenInfoin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
ident- ident.- Returns:
- DelegationTokenInformation.
-
syncLocalCacheWithZk
This method synchronizes the state of a delegation token information in local cache with its actual value in Zookeeper.- Parameters:
ident- Identifier of the token
-
getTokenInfoFromZK
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent ident) throws IOException - Throws:
IOException
-
getTokenInfoFromZK
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent ident, boolean quiet) throws IOException - Throws:
IOException
-
getTokenInfoFromZK
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(String nodePath, boolean quiet) throws IOException - Throws:
IOException
-
storeDelegationKey
Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
storeDelegationKeyin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
key- DelegationKey.- Throws:
IOException- raised on errors performing I/O.
-
updateDelegationKey
Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
updateDelegationKeyin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
key- DelegationKey.- Throws:
IOException- raised on errors performing I/O.
-
removeStoredMasterKey
- Overrides:
removeStoredMasterKeyin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
-
storeToken
protected void storeToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) throws IOException Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
storeTokenin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
ident- ident.tokenInfo- tokenInfo.- Throws:
IOException- raised on errors performing I/O.
-
updateToken
protected void updateToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) throws IOException Description copied from class:AbstractDelegationTokenSecretManagerFor subclasses externalizing the storage, for example Zookeeper based implementations.- Overrides:
updateTokenin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
ident- ident.tokenInfo- tokenInfo.- Throws:
IOException- raised on errors performing I/O.
-
removeStoredToken
- Overrides:
removeStoredTokenin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Throws:
IOException
-
removeStoredToken
protected void removeStoredToken(TokenIdent ident, boolean checkAgainstZkBeforeDeletion) throws IOException - Throws:
IOException
-
cancelToken
Description copied from class:AbstractDelegationTokenSecretManagerCancel a token by removing it from cache.- Overrides:
cancelTokenin classAbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>- Parameters:
token- token.canceller- canceller.- Returns:
- Identifier of the canceled token
- Throws:
SecretManager.InvalidToken- for invalid tokenAccessControlException- if the user isn't allowed to cancelIOException
-
addOrUpdateToken
protected void addOrUpdateToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation info, boolean isUpdate) throws Exception - Throws:
Exception
-
isTokenWatcherEnabled
public boolean isTokenWatcherEnabled()
-