org.apache.hadoop.hdfs.security.token.delegation
Class DelegationTokenSecretManager

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<TokenIdent>
      extended by org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
          extended by org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager

@InterfaceAudience.Private
public class DelegationTokenSecretManager
extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>

A HDFS specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.


Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
 
Field Summary
 
Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
allKeys, currentId, currentTokens, delegationTokenSequenceNumber, running
 
Constructor Summary
DelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, FSNamesystem namesystem)
          Create a secret manager
 
Method Summary
 void addPersistedDelegationToken(DelegationTokenIdentifier identifier, long expiryTime)
          This method is intended to be used only while reading edit logs.
 DelegationTokenIdentifier createIdentifier()
           
 int getNumberOfKeys()
          Returns the number of delegation keys currently stored.
 long getTokenExpiryTime(DelegationTokenIdentifier dtId)
          Returns expiry time of a token given its identifier.
 void loadSecretManagerState(DataInputStream in)
          Load SecretManager state from fsimage.
protected  void logUpdateMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
          Call namesystem to update editlogs for new master key.
 void saveSecretManagerState(DataOutputStream out)
          Store the current state of the SecretManager for persistence
 void updatePersistedMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
          Add a MasterKey to the list of keys.
 void updatePersistedTokenCancellation(DelegationTokenIdentifier identifier)
          Update the token cache with the cancel record in edit logs
 void updatePersistedTokenRenewal(DelegationTokenIdentifier identifier, long expiryTime)
          Update the token cache with renewal record in edit logs.
 
Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
addKey, cancelToken, createPassword, createSecretKey, getAllKeys, renewToken, retrievePassword, startThreads, stopThreads
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
createPassword, generateSecret
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DelegationTokenSecretManager

public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
                                    long delegationTokenMaxLifetime,
                                    long delegationTokenRenewInterval,
                                    long delegationTokenRemoverScanInterval,
                                    FSNamesystem namesystem)
Create a secret manager

Parameters:
delegationKeyUpdateInterval - the number of seconds for rolling new secret keys.
delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens
delegationTokenRenewInterval - how often the tokens must be renewed
delegationTokenRemoverScanInterval - how often the tokens are scanned for expired tokens
Method Detail

createIdentifier

public DelegationTokenIdentifier createIdentifier()
Specified by:
createIdentifier in class org.apache.hadoop.security.token.SecretManager<DelegationTokenIdentifier>

getTokenExpiryTime

public long getTokenExpiryTime(DelegationTokenIdentifier dtId)
                        throws IOException
Returns expiry time of a token given its identifier.

Parameters:
dtId - DelegationTokenIdentifier of a token
Returns:
Expiry time of the token
Throws:
IOException

loadSecretManagerState

public void loadSecretManagerState(DataInputStream in)
                            throws IOException
Load SecretManager state from fsimage.

Parameters:
in - input stream to read fsimage
Throws:
IOException

saveSecretManagerState

public void saveSecretManagerState(DataOutputStream out)
                            throws IOException
Store the current state of the SecretManager for persistence

Parameters:
out - Output stream for writing into fsimage.
Throws:
IOException

addPersistedDelegationToken

public void addPersistedDelegationToken(DelegationTokenIdentifier identifier,
                                        long expiryTime)
                                 throws IOException
This method is intended to be used only while reading edit logs.

Parameters:
identifier - DelegationTokenIdentifier read from the edit logs or fsimage
expiryTime - token expiry time
Throws:
IOException

updatePersistedMasterKey

public void updatePersistedMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
                              throws IOException
Add a MasterKey to the list of keys.

Parameters:
key - DelegationKey
Throws:
IOException

updatePersistedTokenRenewal

public void updatePersistedTokenRenewal(DelegationTokenIdentifier identifier,
                                        long expiryTime)
                                 throws IOException
Update the token cache with renewal record in edit logs.

Parameters:
identifier - DelegationTokenIdentifier of the renewed token
expiryTime -
Throws:
IOException

updatePersistedTokenCancellation

public void updatePersistedTokenCancellation(DelegationTokenIdentifier identifier)
                                      throws IOException
Update the token cache with the cancel record in edit logs

Parameters:
identifier - DelegationTokenIdentifier of the canceled token
Throws:
IOException

getNumberOfKeys

public int getNumberOfKeys()
Returns the number of delegation keys currently stored.

Returns:
number of delegation keys

logUpdateMasterKey

protected void logUpdateMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
                           throws IOException
Call namesystem to update editlogs for new master key.

Overrides:
logUpdateMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<DelegationTokenIdentifier>
Throws:
IOException


Copyright © 2009 The Apache Software Foundation