Package org.apache.hadoop.security.token.delegation

Class SQLDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

java.lang.Object

org.apache.hadoop.security.token.SecretManager<TokenIdent>

org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>

org.apache.hadoop.security.token.delegation.SQLDelegationTokenSecretManager<TokenIdent>

public abstract class SQLDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
extends AbstractDelegationTokenSecretManager<TokenIdent>

An implementation of AbstractDelegationTokenSecretManager that persists TokenIdentifiers and DelegationKeys in an existing SQL database.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

AbstractDelegationTokenSecretManager.DelegationTokenInformation

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

SecretManager.InvalidToken

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_SEQ_NUM_BATCH_SIZE
static java.lang.String	SQL_DTSM_CONF_PREFIX
static java.lang.String	SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION
static long	SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT
static java.lang.String	SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE
static long	SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE_DEFAULT
static java.lang.String	SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS
static int	SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS_DEFAULT

Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats

Constructor Summary

Constructors

Constructor	Description
SQLDelegationTokenSecretManager(Configuration conf)

Method Summary

Modifier and Type	Method	Description
TokenIdent	cancelToken(Token<TokenIdent> token, java.lang.String canceller)	Cancels a token by removing it from the SQL database.
protected abstract void	deleteDelegationKey(int keyId)
protected abstract void	deleteToken(int sequenceNum, byte[] tokenIdentifier)
protected java.util.Map<TokenIdent,AbstractDelegationTokenSecretManager.DelegationTokenInformation>	getCandidateTokensForCleanup()	Obtain a list of tokens that will be considered for cleanup, based on the last time the token was updated in SQL.
int	getCurrentKeyId()	Obtains the value of the last delegation key id.
protected DelegationKey	getDelegationKey(int keyId)	Obtains the DelegationKey from the SQL database.
int	getDelegationTokenSeqNum()	Obtains the value of the last reserved sequence number.
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation	getTokenInfoFromSQL(TokenIdent ident)	Obtains the DelegationTokenInformation associated with the given TokenIdentifier in the SQL database.
int	incrementCurrentKeyId()	Obtains the next available delegation key id that can be allocated to a DelegationKey.
int	incrementDelegationTokenSeqNum()	Obtains the next available sequence number that can be allocated to a Token.
protected abstract int	incrementKeyId(int amount)
protected abstract int	incrementSequenceNum(int amount)
protected abstract void	insertDelegationKey(int keyId, byte[] delegationKey)
protected abstract void	insertToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo)
protected void	removeExpiredStoredToken(TokenIdent ident)
protected void	removeStoredMasterKey(DelegationKey key)	Removes the existing DelegationKey from the SQL database to invalidate it.
protected void	removeStoredToken(TokenIdent ident)	Removes the existing TokenInformation from the SQL database to invalidate it.
protected abstract byte[]	selectDelegationKey(int keyId)
protected abstract int	selectKeyId()
protected abstract int	selectSequenceNum()
protected abstract java.util.Map<byte[],byte[]>	selectStaleTokenInfos(long maxModifiedTime, int maxResults)
protected abstract byte[]	selectTokenInfo(int sequenceNum, byte[] tokenIdentifier)
void	setCurrentKeyId(int keyId)	Updates the value of the last delegation key id.
void	setDelegationTokenSeqNum(int seqNum)	Updates the value of the last reserved sequence number.
protected void	storeDelegationKey(DelegationKey key)	Persists a DelegationKey into the SQL database.
protected void	storeToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)	Persists a TokenIdentifier and its corresponding TokenInformation into the SQL database.
protected abstract void	updateDelegationKey(int keyId, byte[] delegationKey)
protected void	updateDelegationKey(DelegationKey key)	Updates an existing DelegationKey in the SQL database.
protected abstract void	updateKeyId(int value)
protected abstract void	updateSequenceNum(int value)
protected abstract void	updateToken(int sequenceNum, byte[] tokenIdentifier, byte[] tokenInfo)
protected void	updateToken(TokenIdent ident, AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)	Updates the TokenInformation of an existing TokenIdentifier in the SQL database.

Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

addKey, addPersistedDelegationToken, addTokenForOwnerStats, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCurrentTokensSize, getMetrics, getTokenInfo, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, renewToken, reset, retrievePassword, rollMasterKey, startThreads, stopThreads, storeNewMasterKey, storeNewToken, syncTokenOwnerStats, updateStoredToken, verifyToken

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createIdentifier, createPassword, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SQL_DTSM_CONF_PREFIX

public static final java.lang.String SQL_DTSM_CONF_PREFIX

See Also:

Constant Field Values

DEFAULT_SEQ_NUM_BATCH_SIZE

public static final int DEFAULT_SEQ_NUM_BATCH_SIZE

See Also:

Constant Field Values

SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS

public static final java.lang.String SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS

See Also:

Constant Field Values

SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS_DEFAULT

public static final int SQL_DTSM_TOKEN_MAX_CLEANUP_RESULTS_DEFAULT

See Also:

Constant Field Values

SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION

public static final java.lang.String SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION

See Also:

Constant Field Values

SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT

public static final long SQL_DTSM_TOKEN_LOADING_CACHE_EXPIRATION_DEFAULT

SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE

public static final java.lang.String SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE

See Also:

Constant Field Values

SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE_DEFAULT

public static final long SQL_DTSM_TOKEN_LOADING_CACHE_MAX_SIZE_DEFAULT

See Also:

Constant Field Values

Constructor Detail

SQLDelegationTokenSecretManager

public SQLDelegationTokenSecretManager(Configuration conf)

Method Detail

storeToken

protected void storeToken(TokenIdent ident,
                          AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
                   throws java.io.IOException

Persists a TokenIdentifier and its corresponding TokenInformation into the SQL database. The TokenIdentifier is expected to be unique and any duplicate token attempts will result in an IOException.

Overrides:

storeToken in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

ident - TokenIdentifier to persist.

tokenInfo - DelegationTokenInformation associated with the TokenIdentifier.

Throws:

java.io.IOException - raised on errors performing I/O.

updateToken

protected void updateToken(TokenIdent ident,
                           AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
                    throws java.io.IOException

Updates the TokenInformation of an existing TokenIdentifier in the SQL database.

Overrides:

updateToken in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

ident - Existing TokenIdentifier in the SQL database.

tokenInfo - Updated DelegationTokenInformation associated with the TokenIdentifier.

Throws:

java.io.IOException - raised on errors performing I/O.

cancelToken

public TokenIdent cancelToken(Token<TokenIdent> token,
                              java.lang.String canceller)
                       throws java.io.IOException

Cancels a token by removing it from the SQL database. This will call the corresponding method in AbstractDelegationTokenSecretManager to perform validation and remove the token from the cache.

Overrides:

cancelToken in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

token - token.

canceller - canceller.

Returns:

Identifier of the canceled token

Throws:

SecretManager.InvalidToken - for invalid token

AccessControlException - if the user isn't allowed to cancel

java.io.IOException

getCandidateTokensForCleanup

protected java.util.Map<TokenIdent,AbstractDelegationTokenSecretManager.DelegationTokenInformation> getCandidateTokensForCleanup()

Obtain a list of tokens that will be considered for cleanup, based on the last time the token was updated in SQL. This list may include tokens that are not expired and should not be deleted (e.g. if the token was last renewed using a higher renewal interval). The number of results is limited to reduce performance impact. Some level of contention is expected when multiple routers run cleanup simultaneously.

Overrides:

getCandidateTokensForCleanup in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Returns:

Map of tokens that have not been updated in SQL after the token renewal period.

removeStoredToken

protected void removeStoredToken(TokenIdent ident)
                          throws java.io.IOException

Removes the existing TokenInformation from the SQL database to invalidate it.

Overrides:

removeStoredToken in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

ident - TokenInformation to remove from the SQL database.

Throws:

java.io.IOException

removeExpiredStoredToken

protected void removeExpiredStoredToken(TokenIdent ident)

Overrides:

removeExpiredStoredToken in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

getTokenInfoFromSQL

@VisibleForTesting
protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromSQL(TokenIdent ident)

Obtains the DelegationTokenInformation associated with the given TokenIdentifier in the SQL database.

Parameters:

ident - Existing TokenIdentifier in the SQL database.

Returns:

DelegationTokenInformation that matches the given TokenIdentifier or null if it doesn't exist in the database.

getDelegationTokenSeqNum

public int getDelegationTokenSeqNum()

Obtains the value of the last reserved sequence number.

Overrides:

getDelegationTokenSeqNum in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Returns:

Last reserved sequence number.

setDelegationTokenSeqNum

public void setDelegationTokenSeqNum(int seqNum)

Updates the value of the last reserved sequence number.

Overrides:

setDelegationTokenSeqNum in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

seqNum - Value to update the sequence number to.

incrementDelegationTokenSeqNum

public int incrementDelegationTokenSeqNum()

Obtains the next available sequence number that can be allocated to a Token. Sequence numbers need to be reserved using the shared sequenceNumberCounter once the local batch has been exhausted, which handles sequenceNumber allocation concurrently with other secret managers. This method ensures that sequence numbers are incremental in a single secret manager, but not across secret managers.

Overrides:

incrementDelegationTokenSeqNum in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Returns:

Next available sequence number.

storeDelegationKey

protected void storeDelegationKey(DelegationKey key)
                           throws java.io.IOException

Persists a DelegationKey into the SQL database. The delegation keyId is expected to be unique and any duplicate key attempts will result in an IOException.

Overrides:

storeDelegationKey in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

key - DelegationKey to persist into the SQL database.

Throws:

java.io.IOException - raised on errors performing I/O.

updateDelegationKey

protected void updateDelegationKey(DelegationKey key)
                            throws java.io.IOException

Updates an existing DelegationKey in the SQL database.

Overrides:

updateDelegationKey in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

key - Updated DelegationKey.

Throws:

java.io.IOException - raised on errors performing I/O.

removeStoredMasterKey

protected void removeStoredMasterKey(DelegationKey key)

Removes the existing DelegationKey from the SQL database to invalidate it.

Overrides:

removeStoredMasterKey in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

key - DelegationKey to remove from the SQL database.

getDelegationKey

protected DelegationKey getDelegationKey(int keyId)

Obtains the DelegationKey from the SQL database.

Overrides:

getDelegationKey in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

keyId - KeyId of the DelegationKey to obtain.

Returns:

DelegationKey that matches the given keyId or null if it doesn't exist in the database.

getCurrentKeyId

public int getCurrentKeyId()

Obtains the value of the last delegation key id.

Overrides:

getCurrentKeyId in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Returns:

Last delegation key id.

setCurrentKeyId

public void setCurrentKeyId(int keyId)

Updates the value of the last delegation key id.

Overrides:

setCurrentKeyId in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Parameters:

keyId - Value to update the delegation key id to.

incrementCurrentKeyId

public int incrementCurrentKeyId()

Obtains the next available delegation key id that can be allocated to a DelegationKey. Delegation key id need to be reserved using the shared delegationKeyIdCounter, which handles keyId allocation concurrently with other secret managers.

Overrides:

incrementCurrentKeyId in class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

Returns:

Next available delegation key id.

selectTokenInfo

protected abstract byte[] selectTokenInfo(int sequenceNum,
                                          byte[] tokenIdentifier)
                                   throws java.sql.SQLException

Throws:

java.sql.SQLException

selectStaleTokenInfos

protected abstract java.util.Map<byte[],byte[]> selectStaleTokenInfos(long maxModifiedTime,
                                                                            int maxResults)
                                                                     throws java.sql.SQLException

Throws:

java.sql.SQLException

insertToken

protected abstract void insertToken(int sequenceNum,
                                    byte[] tokenIdentifier,
                                    byte[] tokenInfo)
                             throws java.sql.SQLException

Throws:

java.sql.SQLException

updateToken

protected abstract void updateToken(int sequenceNum,
                                    byte[] tokenIdentifier,
                                    byte[] tokenInfo)
                             throws java.sql.SQLException

Throws:

java.sql.SQLException

deleteToken

protected abstract void deleteToken(int sequenceNum,
                                    byte[] tokenIdentifier)
                             throws java.sql.SQLException

Throws:

java.sql.SQLException

selectDelegationKey

protected abstract byte[] selectDelegationKey(int keyId)
                                       throws java.sql.SQLException

Throws:

java.sql.SQLException

insertDelegationKey

protected abstract void insertDelegationKey(int keyId,
                                            byte[] delegationKey)
                                     throws java.sql.SQLException

Throws:

java.sql.SQLException

updateDelegationKey

protected abstract void updateDelegationKey(int keyId,
                                            byte[] delegationKey)
                                     throws java.sql.SQLException

Throws:

java.sql.SQLException

deleteDelegationKey

protected abstract void deleteDelegationKey(int keyId)
                                     throws java.sql.SQLException

Throws:

java.sql.SQLException

selectSequenceNum

protected abstract int selectSequenceNum()
                                  throws java.sql.SQLException

Throws:

java.sql.SQLException

updateSequenceNum

protected abstract void updateSequenceNum(int value)
                                   throws java.sql.SQLException

Throws:

java.sql.SQLException

incrementSequenceNum

protected abstract int incrementSequenceNum(int amount)
                                     throws java.sql.SQLException

Throws:

java.sql.SQLException

selectKeyId

protected abstract int selectKeyId()
                            throws java.sql.SQLException

Throws:

java.sql.SQLException

updateKeyId

protected abstract void updateKeyId(int value)
                             throws java.sql.SQLException

Throws:

java.sql.SQLException

incrementKeyId

protected abstract int incrementKeyId(int amount)
                               throws java.sql.SQLException

Throws:

java.sql.SQLException