/** * Converts the serialized form to an instance of {@link Credentials}. The original serialized * form will not be affected. * * @param serializedForm * serialized form of credentials * @return deserialized credentials */ public static final Credentials deserialize(String serializedForm) { String[] split = serializedForm.split(":", 3); String principal = split[0].equals("-") ? null : new String(Base64.getDecoder().decode(split[0]), UTF_8); String tokenType = split[1].equals("-") ? null : new String(Base64.getDecoder().decode(split[1]), UTF_8); AuthenticationToken token = null; if (!split[2].equals("-")) { byte[] tokenBytes = Base64.getDecoder().decode(split[2]); token = AuthenticationTokenSerializer.deserialize(tokenType, tokenBytes); } return new Credentials(principal, token); }
@Override public void changeLocalUserPassword(TInfo tinfo, TCredentials credentials, String principal, ByteBuffer password) throws ThriftSecurityException { PasswordToken token = new PasswordToken(password); Credentials toChange = new Credentials(principal, token); security.changePassword(credentials, toChange); }
/** * Retrieve the credentials used to construct this context */ public synchronized Credentials getCredentials() { ensureOpen(); if (creds == null) { creds = new Credentials(info.getPrincipal(), info.getAuthenticationToken()); } return creds; }
@Override public void changeLocalUserPassword(final String principal, final PasswordToken token) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(token != null, "token is null"); final Credentials toChange = new Credentials(principal, token); executeVoid(client -> client.changeLocalUserPassword(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(token.getPassword()))); if (context.getCredentials().getPrincipal().equals(principal)) { context.setCredentials(toChange); } }
@Override public boolean authenticateUser(final String principal, final AuthenticationToken token) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(token != null, "token is null"); final Credentials toAuth = new Credentials(principal, token); return execute(client -> client.authenticateUser(Tracer.traceInfo(), context.rpcCreds(), toAuth.toThrift(context.getInstanceID()))); }
/** * Converts a given thrift object to our internal Credentials representation. * * @param serialized * a Thrift encoded set of credentials * @return a new Credentials instance; destroy the token when you're done. */ public static Credentials fromThrift(TCredentials serialized) { return new Credentials(serialized.getPrincipal(), AuthenticationTokenSerializer .deserialize(serialized.getTokenClassName(), serialized.getToken())); }
@Override public void createLocalUser(TInfo tinfo, TCredentials credentials, String principal, ByteBuffer password) throws ThriftSecurityException { AuthenticationToken token; if (context.getSaslParams() != null) { try { token = new KerberosToken(); } catch (IOException e) { log.warn("Failed to create KerberosToken"); throw new ThriftSecurityException(e.getMessage(), SecurityErrorCode.DEFAULT_SECURITY_ERROR); } } else { token = new PasswordToken(password); } Credentials newUser = new Credentials(principal, token); security.createUser(credentials, newUser, new Authorizations()); }