Package org.apache.hadoop.hdfs.server.federation.router.security

Class RouterSecurityManager

java.lang.Object
org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager
public class RouterSecurityManager extends Object
Manager to hold underlying delegation token secret manager implementations.

  • Constructor Summary

    Constructors
    Constructor
    Description
    RouterSecurityManager(org.apache.hadoop.conf.Configuration conf)
     
    RouterSecurityManager(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> dtSecretManager)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    cancelDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
     
    static org.apache.hadoop.security.Credentials
    createCredentials(Router router, org.apache.hadoop.security.UserGroupInformation ugi, String renewer)
    A utility method for creating credentials.
    org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier>
    getDelegationToken(org.apache.hadoop.io.Text renewer)
     
    org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier>
    getSecretManager()
     
    long
    renewDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
     
    void
    stop()
     
    void
    verifyToken(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier identifier, byte[] password)
    Delegation token verification.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RouterSecurityManager

      public RouterSecurityManager(org.apache.hadoop.conf.Configuration conf) throws IOException
      Throws:
      IOException

    • RouterSecurityManager

      @VisibleForTesting public RouterSecurityManager(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> dtSecretManager)

  • Method Details

    • getSecretManager

      public org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> getSecretManager()

    • stop

      public void stop()

    • getDelegationToken

      public org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> getDelegationToken(org.apache.hadoop.io.Text renewer) throws IOException
      Parameters:
      renewer - Renewer information
      Returns:
      delegation token
      Throws:
      IOException - on error

    • renewDelegationToken

      public long renewDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token) throws org.apache.hadoop.security.token.SecretManager.InvalidToken, IOException
      Parameters:
      token - token to renew
      Returns:
      new expiryTime of the token
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken - if token is invalid
      IOException - on errors

    • cancelDelegationToken

      public void cancelDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token) throws IOException
      Parameters:
      token - token to cancel
      Throws:
      IOException - on error

    • createCredentials

      public static org.apache.hadoop.security.Credentials createCredentials(Router router, org.apache.hadoop.security.UserGroupInformation ugi, String renewer) throws IOException
      A utility method for creating credentials. Used by web hdfs to return url encoded token.
      Parameters:
      router - the router object.
      ugi - object with username and group information for the given user.
      renewer - the renewer for the token.
      Returns:
      the credentials object for tokens.
      Throws:
      IOException - if error occurs while obtaining the credentials.

    • verifyToken

      public void verifyToken(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier identifier, byte[] password) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
      Delegation token verification. Used by web hdfs to verify url encoded token.
      Parameters:
      identifier - the delegation token identifier.
      password - the password in the token.
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken - if password doesn't match.