org.apache.hadoop.security.token.delegation

类 AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

java.lang.Object

org.apache.hadoop.security.token.SecretManager<TokenIdent>

org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>

直接已知子类:

DelegationTokenSecretManager, DelegationTokenSecretManager

public abstract class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>
extends SecretManager<TokenIdent>

嵌套类概要

嵌套类

限定符和类型	类和说明
static class	AbstractDelegationTokenSecretManager.DelegationTokenInformation Class to encapsulate a token's renew date and password.

从类继承的嵌套类/接口 org.apache.hadoop.security.token.SecretManager

SecretManager.InvalidToken

字段概要

字段

限定符和类型	字段和说明
protected Map<Integer,DelegationKey>	allKeys Access to allKeys is protected by this object lock
protected int	currentId Access to currentId is protected by this object lock.
protected Map<TokenIdent,AbstractDelegationTokenSecretManager.DelegationTokenInformation>	currentTokens Cache of currently valid tokens, mapping from DelegationTokenIdentifier to DelegationTokenInformation.
protected int	delegationTokenSequenceNumber Sequence number to create DelegationTokenIdentifier.
protected Object	noInterruptsLock If the delegation token update thread holds this lock, it will not get interrupted.
protected boolean	running

构造器概要

构造器

构造器和说明
AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval)

方法概要

方法

限定符和类型	方法和说明
void	addKey(DelegationKey key) Add a previously used master key to cache (when NN restarts), should be called before activate().
TokenIdent	cancelToken(Token<TokenIdent> token, String canceller) Cancel a token by removing it from cache.
protected byte[]	createPassword(TokenIdent identifier) Create the password for the given identifier.
static SecretKey	createSecretKey(byte[] key) Convert the byte[] to a secret key
DelegationKey[]	getAllKeys()
boolean	isRunning() is secretMgr running
protected void	logUpdateMasterKey(DelegationKey key)
long	renewToken(Token<TokenIdent> token, String renewer) Renew a delegation token.
byte[]	retrievePassword(TokenIdent identifier) Retrieve the password for the given token identifier.
void	startThreads() should be called before this object is used
void	stopThreads()
void	verifyToken(TokenIdent identifier, byte[] password) Verifies that the given identifier and password are valid and match.

从类继承的方法 org.apache.hadoop.security.token.SecretManager

createIdentifier, createPassword, generateSecret

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

currentTokens

protected final Map<TokenIdent extends AbstractDelegationTokenIdentifier,AbstractDelegationTokenSecretManager.DelegationTokenInformation> currentTokens

Cache of currently valid tokens, mapping from DelegationTokenIdentifier to DelegationTokenInformation. Protected by this object lock.

delegationTokenSequenceNumber

protected int delegationTokenSequenceNumber

Sequence number to create DelegationTokenIdentifier. Protected by this object lock.

allKeys

protected final Map<Integer,DelegationKey> allKeys

Access to allKeys is protected by this object lock

currentId

protected int currentId

Access to currentId is protected by this object lock.

running

protected volatile boolean running

noInterruptsLock

protected Object noInterruptsLock

If the delegation token update thread holds this lock, it will not get interrupted.

构造器详细资料

AbstractDelegationTokenSecretManager

public AbstractDelegationTokenSecretManager(long delegationKeyUpdateInterval,
                                    long delegationTokenMaxLifetime,
                                    long delegationTokenRenewInterval,
                                    long delegationTokenRemoverScanInterval)

方法详细资料

startThreads

public void startThreads()
                  throws IOException

should be called before this object is used

抛出:

IOException

isRunning

public boolean isRunning()

is secretMgr running

返回:

true if secret mgr is running

addKey

public void addKey(DelegationKey key)
            throws IOException

Add a previously used master key to cache (when NN restarts), should be called before activate().

抛出:

IOException

getAllKeys

public DelegationKey[] getAllKeys()

logUpdateMasterKey

protected void logUpdateMasterKey(DelegationKey key)
                           throws IOException

抛出:

IOException

createPassword

protected byte[] createPassword(TokenIdent identifier)

从类复制的说明: SecretManager

Create the password for the given identifier. identifier may be modified inside this method.

指定者:

createPassword 在类中 SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

参数:

identifier - the identifier to use

返回:

the new password

retrievePassword

public byte[] retrievePassword(TokenIdent identifier)
                        throws SecretManager.InvalidToken

从类复制的说明: SecretManager

Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.

指定者:

retrievePassword 在类中 SecretManager<TokenIdent extends AbstractDelegationTokenIdentifier>

参数:

identifier - the identifier to validate

返回:

the password to use

抛出:

SecretManager.InvalidToken - the token was invalid

verifyToken

public void verifyToken(TokenIdent identifier,
               byte[] password)
                 throws SecretManager.InvalidToken

Verifies that the given identifier and password are valid and match.

参数:

identifier - Token identifier.

password - Password in the token.

抛出:

InvalidToken

SecretManager.InvalidToken

renewToken

public long renewToken(Token<TokenIdent> token,
              String renewer)
                throws SecretManager.InvalidToken,
                       IOException

Renew a delegation token.

参数:

token - the token to renew

renewer - the full principal name of the user doing the renewal

返回:

the new expiration time

抛出:

InvalidToken - if the token is invalid

AccessControlException - if the user can't renew token

SecretManager.InvalidToken

IOException

cancelToken

public TokenIdent cancelToken(Token<TokenIdent> token,
                     String canceller)
                                                                 throws IOException

Cancel a token by removing it from cache.

返回:

Identifier of the canceled token

抛出:

InvalidToken - for invalid token

AccessControlException - if the user isn't allowed to cancel

IOException

createSecretKey

public static SecretKey createSecretKey(byte[] key)

Convert the byte[] to a secret key

参数:

key - the byte[] to create the secret key from

返回:

the secret key

stopThreads

public void stopThreads()