Package org.apache.hadoop.security.alias

Class CredentialProvider

java.lang.Object

org.apache.hadoop.security.alias.CredentialProvider

Direct Known Subclasses:

AbstractJavaKeyStoreProvider, UserProvider

@Public
@Unstable
public abstract class CredentialProvider
extends java.lang.Object

A provider of credentials or password for Hadoop applications. Provides an abstraction to separate credential storage from users of them. It is intended to support getting or storing passwords in a variety of ways, including third party bindings. CredentialProvider implementations must be thread safe.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CredentialProvider.CredentialEntry	The combination of both the alias and the actual credential value.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	CLEAR_TEXT_FALLBACK

Constructor Summary

Constructors

Constructor	Description
CredentialProvider()

Method Summary

Modifier and Type	Method	Description
abstract CredentialProvider.CredentialEntry	createCredentialEntry(java.lang.String name, char[] credential)	Create a new credential.
abstract void	deleteCredentialEntry(java.lang.String name)	Delete the given credential.
abstract void	flush()	Ensures that any changes to the credentials are written to persistent store.
abstract java.util.List<java.lang.String>	getAliases()	Get the aliases for all credentials.
abstract CredentialProvider.CredentialEntry	getCredentialEntry(java.lang.String alias)	Get the credential entry for a specific alias.
boolean	isTransient()	Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is.
boolean	needsPassword()	Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means.
java.lang.String	noPasswordError()	If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
java.lang.String	noPasswordWarning()	If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLEAR_TEXT_FALLBACK

public static final java.lang.String CLEAR_TEXT_FALLBACK

See Also:

Constant Field Values

Constructor Detail

CredentialProvider

public CredentialProvider()

Method Detail

isTransient

public boolean isTransient()

Indicates whether this provider represents a store that is intended for transient use - such as the UserProvider is. These providers are generally used to provide job access to passwords rather than for long term storage.

Returns:

true if transient, false otherwise

flush

public abstract void flush()
                    throws java.io.IOException

Ensures that any changes to the credentials are written to persistent store.

Throws:

java.io.IOException - raised on errors performing I/O.

getCredentialEntry

public abstract CredentialProvider.CredentialEntry getCredentialEntry(java.lang.String alias)
                                                               throws java.io.IOException

Get the credential entry for a specific alias.

Parameters:

alias - the name of a specific credential

Returns:

the credentialEntry

Throws:

java.io.IOException - raised on errors performing I/O.

getAliases

public abstract java.util.List<java.lang.String> getAliases()
                                                     throws java.io.IOException

Get the aliases for all credentials.

Returns:

the list of alias names

Throws:

java.io.IOException - raised on errors performing I/O.

createCredentialEntry

public abstract CredentialProvider.CredentialEntry createCredentialEntry(java.lang.String name,
                                                                         char[] credential)
                                                                  throws java.io.IOException

Create a new credential. The given alias must not already exist.

Parameters:

name - the alias of the credential

credential - the credential value for the alias.

Returns:

CredentialEntry.

Throws:

java.io.IOException - raised on errors performing I/O.

deleteCredentialEntry

public abstract void deleteCredentialEntry(java.lang.String name)
                                    throws java.io.IOException

Delete the given credential.

Parameters:

name - the alias of the credential to delete

Throws:

java.io.IOException - raised on errors performing I/O.

needsPassword

public boolean needsPassword()
                      throws java.io.IOException

Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means. If true, the password should be provided by the caller using setPassword().

Returns:

Whether or not the provider requires a password

Throws:

java.io.IOException - raised on errors performing I/O.

noPasswordWarning

public java.lang.String noPasswordWarning()

If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.

Returns:

A warning and instructions for supplying the password

noPasswordError

public java.lang.String noPasswordError()

If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.

Returns:

An error message and instructions for supplying the password