org.apache.hadoop.yarn.server.resourcemanager.security
Class RMDelegationTokenSecretManager
java.lang.Object
org.apache.hadoop.security.token.SecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager
- All Implemented Interfaces:
- Recoverable
@InterfaceAudience.Private
@InterfaceStability.Unstable
public class RMDelegationTokenSecretManager
- extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
- implements Recoverable
A ResourceManager specific delegation token secret manager.
The secret manager is responsible for generating and accepting the password
for each token.
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager |
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation |
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
org.apache.hadoop.security.token.SecretManager.InvalidToken |
Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager |
allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId |
Constructor Summary |
RMDelegationTokenSecretManager(long delegationKeyUpdateInterval,
long delegationTokenMaxLifetime,
long delegationTokenRenewInterval,
long delegationTokenRemoverScanInterval,
RMContext rmContext)
Create a secret manager |
Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager |
addKey, addPersistedDelegationToken, cancelToken, checkToken, createPassword, createSecretKey, getAllKeys, getTokenTrackingId, getTrackingIdIfEnabled, isRunning, logExpireToken, logUpdateMasterKey, renewToken, reset, retrievePassword, startThreads, stopThreads, verifyToken |
Methods inherited from class org.apache.hadoop.security.token.SecretManager |
checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
rmContext
protected final RMContext rmContext
RMDelegationTokenSecretManager
public RMDelegationTokenSecretManager(long delegationKeyUpdateInterval,
long delegationTokenMaxLifetime,
long delegationTokenRenewInterval,
long delegationTokenRemoverScanInterval,
RMContext rmContext)
- Create a secret manager
- Parameters:
delegationKeyUpdateInterval
- the number of seconds for rolling new
secret keys.delegationTokenMaxLifetime
- the maximum lifetime of the delegation
tokensdelegationTokenRenewInterval
- how often the tokens must be reneweddelegationTokenRemoverScanInterval
- how often the tokens are scanned
for expired tokens
createIdentifier
public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()
- Specified by:
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
storeNewMasterKey
protected void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
- Overrides:
storeNewMasterKey
in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
removeStoredMasterKey
protected void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
- Overrides:
removeStoredMasterKey
in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
storeNewToken
protected void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier,
long renewDate)
- Overrides:
storeNewToken
in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
updateStoredToken
protected void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id,
long renewDate)
- Overrides:
updateStoredToken
in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
removeStoredToken
protected void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
throws IOException
- Overrides:
removeStoredToken
in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
- Throws:
IOException
getAllMasterKeys
@InterfaceAudience.Private
public Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()
getAllTokens
@InterfaceAudience.Private
public Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long> getAllTokens()
getLatestDTSequenceNumber
@InterfaceAudience.Private
public int getLatestDTSequenceNumber()
recover
public void recover(RMStateStore.RMState rmState)
throws Exception
- Specified by:
recover
in interface Recoverable
- Throws:
Exception
Copyright © 2014 Apache Software Foundation. All Rights Reserved.