Package org.apache.hadoop.hdfs.server.federation.router.security.token

Class SQLDelegationTokenSecretManagerImpl

java.lang.Object
org.apache.hadoop.security.token.SecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
org.apache.hadoop.hdfs.server.federation.router.security.token.SQLDelegationTokenSecretManagerImpl
public class SQLDelegationTokenSecretManagerImpl extends org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
An implementation of SQLDelegationTokenSecretManager that persists TokenIdentifiers and DelegationKeys in a SQL database. This implementation relies on the Datanucleus JDO PersistenceManager, which can be configured with datanucleus.* configuration properties.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

    org.apache.hadoop.security.token.SecretManager.InvalidToken

  • Field Summary

    Fields inherited from class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager

    DEFAULT_SEQ_NUM_BATCH_SIZE, SQL_DTSM_CONF_PREFIX, SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION, SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT, SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE, SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE_DEFAULT, SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS, SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS_DEFAULT

    Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats

  • Constructor Summary

    Constructors
    Constructor
    Description
    SQLDelegationTokenSecretManagerImpl(org.apache.hadoop.conf.Configuration conf)
     
    SQLDelegationTokenSecretManagerImpl(org.apache.hadoop.conf.Configuration conf, SQLConnectionFactory connectionFactory, SQLSecretManagerRetriableHandler retryHandler)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier
    createIdentifier()
     
    protected void
    deleteDelegationKey(int keyId)
     
    protected void
    deleteToken(int sequenceNum, byte[] tokenIdentifier)
     
    protected SQLConnectionFactory
    getConnectionFactory()
     
    protected int
    incrementKeyId(int amount)
     
    protected int
    incrementSequenceNum(int amount)
     
    protected void
    insertDelegationKey(int keyId, byte[] delegationKey)
     
    protected void
    insertToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo)
     
    protected byte[]
    selectDelegationKey(int keyId)
     
    protected int
    selectKeyId()
     
    protected int
    selectSequenceNum()
     
    protected Map<byte[],byte[]>
    selectStaleTokenInfos(long maxModifiedTime, int maxResults)
     
    protected byte[]
    selectTokenInfo(int sequenceNum, byte[] tokenIdentifier)
     
    void
    stopThreads()
     
    protected void
    updateDelegationKey(int keyId, byte[] delegationKey)
     
    protected void
    updateKeyId(int value)
     
    protected void
    updateSequenceNum(int value)
     
    protected void
    updateToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo)
     

    Methods inherited from class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager

    cancelToken, getCandidateTokensForCleanup, getCurrentKeyId, getDelegationKey, getDelegationTokenSeqNum, getTokenInfoFromSQL, incrementCurrentKeyId, incrementDelegationTokenSeqNum, removeExpiredStoredToken, removeStoredMasterKey, removeStoredToken, setCurrentKeyId, setDelegationTokenSeqNum, storeDelegationKey, storeToken, updateDelegationKey, updateToken

    Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    addKey, addPersistedDelegationToken, addTokenForOwnerStats, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCurrentTokensSize, getMetrics, getTokenInfo, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, renewToken, reset, retrievePassword, rollMasterKey, startThreads, storeNewMasterKey, storeNewToken, syncTokenOwnerStats, updateStoredToken, verifyToken

    Methods inherited from class org.apache.hadoop.security.token.SecretManager

    checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SQLDelegationTokenSecretManagerImpl

      public SQLDelegationTokenSecretManagerImpl(org.apache.hadoop.conf.Configuration conf)

    • SQLDelegationTokenSecretManagerImpl

      public SQLDelegationTokenSecretManagerImpl(org.apache.hadoop.conf.Configuration conf, SQLConnectionFactory connectionFactory, SQLSecretManagerRetriableHandler retryHandler)

  • Method Details

    • createIdentifier

      public org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier createIdentifier()
      Specified by:
      createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>

    • stopThreads

      public void stopThreads()
      Overrides:
      stopThreads in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>

    • insertToken

      protected void insertToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo) throws SQLException
      Specified by:
      insertToken in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • updateToken

      protected void updateToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo) throws SQLException
      Specified by:
      updateToken in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • deleteToken

      protected void deleteToken(int sequenceNum, byte[] tokenIdentifier) throws SQLException
      Specified by:
      deleteToken in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • selectTokenInfo

      protected byte[] selectTokenInfo(int sequenceNum, byte[] tokenIdentifier) throws SQLException
      Specified by:
      selectTokenInfo in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • selectStaleTokenInfos

      protected Map<byte[],byte[]> selectStaleTokenInfos(long maxModifiedTime, int maxResults) throws SQLException
      Specified by:
      selectStaleTokenInfos in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • insertDelegationKey

      protected void insertDelegationKey(int keyId, byte[] delegationKey) throws SQLException
      Specified by:
      insertDelegationKey in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • updateDelegationKey

      protected void updateDelegationKey(int keyId, byte[] delegationKey) throws SQLException
      Specified by:
      updateDelegationKey in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • deleteDelegationKey

      protected void deleteDelegationKey(int keyId) throws SQLException
      Specified by:
      deleteDelegationKey in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • selectDelegationKey

      protected byte[] selectDelegationKey(int keyId) throws SQLException
      Specified by:
      selectDelegationKey in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • selectSequenceNum

      protected int selectSequenceNum() throws SQLException
      Specified by:
      selectSequenceNum in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • updateSequenceNum

      protected void updateSequenceNum(int value) throws SQLException
      Specified by:
      updateSequenceNum in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • incrementSequenceNum

      protected int incrementSequenceNum(int amount) throws SQLException
      Specified by:
      incrementSequenceNum in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • selectKeyId

      protected int selectKeyId() throws SQLException
      Specified by:
      selectKeyId in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • updateKeyId

      protected void updateKeyId(int value) throws SQLException
      Specified by:
      updateKeyId in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • incrementKeyId

      protected int incrementKeyId(int amount) throws SQLException
      Specified by:
      incrementKeyId in class org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier>
      Throws:
      SQLException

    • getConnectionFactory

      @VisibleForTesting protected SQLConnectionFactory getConnectionFactory()