@InterfaceAudience.Private public class AuthenticationTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
A single instance of AuthenticationTokenSecretManager
will be
running as the "leader" in a given HBase cluster. The leader is responsible
for periodically generating new secret keys, which are then distributed to
followers via ZooKeeper, and for expiring previously used secret keys that
are no longer needed (as any tokens using them have expired).
Constructor and Description |
---|
AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
ZKWatcher zk,
String serverName,
long keyUpdateInterval,
long tokenMaxLifetime)
Create a new secret manager instance for generating keys.
|
Modifier and Type | Method and Description |
---|---|
void |
addKey(AuthenticationKey key) |
AuthenticationTokenIdentifier |
createIdentifier() |
protected byte[] |
createPassword(AuthenticationTokenIdentifier identifier) |
static SecretKey |
createSecretKey(byte[] raw) |
org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> |
generateToken(String username) |
String |
getName() |
boolean |
isMaster() |
byte[] |
retrievePassword(AuthenticationTokenIdentifier identifier) |
void |
start() |
void |
stop() |
public AuthenticationTokenSecretManager(org.apache.hadoop.conf.Configuration conf, ZKWatcher zk, String serverName, long keyUpdateInterval, long tokenMaxLifetime)
conf
- Configuration to usezk
- Connection to zookeeper for handling leader electionskeyUpdateInterval
- Time (in milliseconds) between rolling a new master key for token signingtokenMaxLifetime
- Maximum age (in milliseconds) before a token expires and is no longer validpublic void start()
public void stop()
public boolean isMaster()
public String getName()
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
createPassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
org.apache.hadoop.security.token.SecretManager.InvalidToken
public AuthenticationTokenIdentifier createIdentifier()
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
public org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier> generateToken(String username)
public void addKey(AuthenticationKey key) throws IOException
IOException
public static SecretKey createSecretKey(byte[] raw)
Copyright © 2007–2019 Cloudera. All rights reserved.