Package org.apache.hadoop.security.token

Interface DelegationTokenIssuer

All Known Subinterfaces:

KeyProviderDelegationTokenExtension.DelegationTokenExtension, KeyProviderTokenIssuer

All Known Implementing Classes:

AbstractMapRFileSystem, ChecksumFileSystem, FileSystem, FilterFileSystem, FTPFileSystem, HarFileSystem, HttpFileSystem, HttpsFileSystem, KeyProviderDelegationTokenExtension, KMSClientProvider, LoadBalancingKMSClientProvider, LocalFileSystem, RawLocalFileSystem, SFTPFileSystem, ViewFileSystem, ViewFileSystemOverloadScheme

@LimitedPrivate({"HDFS","MapReduce","Yarn"})
@Unstable
public interface DelegationTokenIssuer

Class for issuing delegation tokens.

Field Summary

Fields

Modifier and Type	Field	Description
static org.slf4j.Logger	TOKEN_LOG

Method Summary

Modifier and Type	Method	Description
default Token<?>[]	addDelegationTokens(java.lang.String renewer, Credentials credentials)	Given a renewer, add delegation tokens for issuer and it's child issuers to the Credentials object if it is not already present.
static void	collectDelegationTokens(DelegationTokenIssuer issuer, java.lang.String renewer, Credentials credentials, java.util.List<Token<?>> tokens)	NEVER call this method directly.
default DelegationTokenIssuer[]	getAdditionalTokenIssuers()	Issuers may need tokens from additional services.
java.lang.String	getCanonicalServiceName()	The service name used as the alias for the token in the credential token map.
Token<?>	getDelegationToken(java.lang.String renewer)	Unconditionally get a new token with the optional renewer.

Field Detail

TOKEN_LOG

static final org.slf4j.Logger TOKEN_LOG

Method Detail

getCanonicalServiceName

java.lang.String getCanonicalServiceName()

The service name used as the alias for the token in the credential token map. addDelegationTokens will use this to determine if a token exists, and if not, add a new token with this alias.

Returns:

the token.

getDelegationToken

Token<?> getDelegationToken(java.lang.String renewer)
                     throws java.io.IOException

Unconditionally get a new token with the optional renewer. Returning null indicates the service does not issue tokens.

Parameters:

renewer - renewer.

Returns:

the token.

Throws:

java.io.IOException - raised on errors performing I/O.

getAdditionalTokenIssuers

default DelegationTokenIssuer[] getAdditionalTokenIssuers()
                                                   throws java.io.IOException

Issuers may need tokens from additional services.

Returns:

delegation token issuer.

Throws:

java.io.IOException - raised on errors performing I/O.

addDelegationTokens

default Token<?>[] addDelegationTokens(java.lang.String renewer,
                                       Credentials credentials)
                                throws java.io.IOException

Given a renewer, add delegation tokens for issuer and it's child issuers to the Credentials object if it is not already present.

Note: This method is not intended to be overridden. Issuers should implement getCanonicalService and getDelegationToken to ensure consistent token acquisition behavior.

Parameters:

renewer - the user allowed to renew the delegation tokens

credentials - cache in which to add new delegation tokens

Returns:

list of new delegation tokens

Throws:

java.io.IOException - thrown if IOException if an IO error occurs.

collectDelegationTokens

@Private
static void collectDelegationTokens(DelegationTokenIssuer issuer,
                                    java.lang.String renewer,
                                    Credentials credentials,
                                    java.util.List<Token<?>> tokens)
                             throws java.io.IOException

NEVER call this method directly.

Parameters:

issuer - issuer.

renewer - renewer.

credentials - cache in which to add new delegation tokens.

tokens - list of new delegation tokens.

Throws:

java.io.IOException - raised on errors performing I/O.