Package org.apache.hadoop.hdfs.server.federation.router.security

Class RouterSecurityManager

java.lang.Object

org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager

public class RouterSecurityManager
extends java.lang.Object

Manager to hold underlying delegation token secret manager implementations.

Constructor Summary

Constructors

Constructor	Description
RouterSecurityManager(org.apache.hadoop.conf.Configuration conf)
RouterSecurityManager(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> dtSecretManager)

Method Summary

Modifier and Type	Method	Description
void	cancelDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
static org.apache.hadoop.security.Credentials	createCredentials(Router router, org.apache.hadoop.security.UserGroupInformation ugi, java.lang.String renewer)	A utility method for creating credentials.
org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier>	getDelegationToken(org.apache.hadoop.io.Text renewer)
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier>	getSecretManager()
long	renewDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
void	stop()
void	verifyToken(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier identifier, byte[] password)	Delegation token verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RouterSecurityManager

public RouterSecurityManager(org.apache.hadoop.conf.Configuration conf)
                      throws java.io.IOException

Throws:

java.io.IOException

RouterSecurityManager

@VisibleForTesting
public RouterSecurityManager(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> dtSecretManager)

Method Detail

getSecretManager

public org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> getSecretManager()

stop

public void stop()

getDelegationToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> getDelegationToken(org.apache.hadoop.io.Text renewer)
                                                                                                                                      throws java.io.IOException

Parameters:

renewer - Renewer information

Returns:

delegation token

Throws:

java.io.IOException - on error

renewDelegationToken

public long renewDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
                          throws org.apache.hadoop.security.token.SecretManager.InvalidToken,
                                 java.io.IOException

Parameters:

token - token to renew

Returns:

new expiryTime of the token

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken - if token is invalid

java.io.IOException - on errors

cancelDelegationToken

public void cancelDelegationToken(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier> token)
                           throws java.io.IOException

Parameters:

token - token to cancel

Throws:

java.io.IOException - on error

createCredentials

public static org.apache.hadoop.security.Credentials createCredentials(Router router,
                                                                       org.apache.hadoop.security.UserGroupInformation ugi,
                                                                       java.lang.String renewer)
                                                                throws java.io.IOException

A utility method for creating credentials. Used by web hdfs to return url encoded token.

Parameters:

router - the router object.

ugi - object with username and group information for the given user.

renewer - the renewer for the token.

Returns:

the credentials object for tokens.

Throws:

java.io.IOException - if error occurs while obtaining the credentials.

verifyToken

public void verifyToken(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier identifier,
                        byte[] password)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Delegation token verification. Used by web hdfs to verify url encoded token.

Parameters:

identifier - the delegation token identifier.

password - the password in the token.

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken - if password doesn't match.