@Override protected Authenticator getFallBackAuthenticator() { return new PseudoDelegationTokenAuthenticator(); } });
/** * Returns the remote {@link UserGroupInformation} in context for the current * HTTP request, taking into account proxy user requests. * * @return the remote {@link UserGroupInformation}, <code>NULL</code> if none. */ public static UserGroupInformation get() { return DelegationTokenAuthenticationFilter. getHttpUserGroupInformationInContext(); }
@SuppressWarnings("unchecked") public Token<? extends AbstractDelegationTokenIdentifier> createToken( UserGroupInformation ugi, String renewer) { return createToken(ugi, renewer, null); }
@Override public Token<?> run() throws Exception { // Not using the cached token here.. Creating a new token here // everytime. LOG.debug("Getting new token from {}, renewer:{}", url, renewer); return authUrl.getDelegationToken(url, new DelegationTokenAuthenticatedURL.Token(), renewer, doAsUser); } });
/** * Returns an authenticated {@link HttpURLConnection}. If the Delegation * Token is present, it will be used taking precedence over the configured * <code>Authenticator</code>. * * @param url the URL to connect to. Only HTTP/S URLs are supported. * @param token the authentication token being used for the user. * @return an authenticated {@link HttpURLConnection}. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public HttpURLConnection openConnection(URL url, Token token) throws IOException, AuthenticationException { return openConnection(url, token, null); }
/** * Requests a delegation token using the configured <code>Authenticator</code> * for authentication. * * @param url the URL to get the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token being used for the user where the * Delegation token will be stored. * @param renewer the renewer user. * @return a delegation token. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, Token token, String renewer) throws IOException, AuthenticationException { return getDelegationToken(url, token, renewer, null); }
@Override public Long run() throws Exception { return authUrl.renewDelegationToken(url, token, doAsUser); } }
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, Token token) throws IOException { cancelDelegationToken(url, token, null); }
public DelegationTokenManager(Configuration conf, Text tokenKind) { if (conf.getBoolean(ENABLE_ZK_KEY, false)) { this.secretManager = new ZKSecretManager(conf, tokenKind); } else { this.secretManager = new DelegationTokenSecretManager(conf, tokenKind); } managedSecretManager = true; }
@Override public void init(Properties config) throws ServletException { authHandler.init(config); initTokenManager(config); initJsonFactory(config); }
@Override public DelegationTokenIdentifier createIdentifier() { return new DelegationTokenIdentifier(tokenKind); }
@Override public void destroy() { tokenManager.destroy(); authHandler.destroy(); }
/** * Sets an external <code>DelegationTokenSecretManager</code> instance to * manage creation and verification of Delegation Tokens. * <p/> * This is useful for use cases where secrets must be shared across multiple * services. * * @param secretManager a <code>DelegationTokenSecretManager</code> instance */ public void setExternalDelegationTokenSecretManager( AbstractDelegationTokenSecretManager secretManager) { tokenManager.setExternalDelegationTokenSecretManager(secretManager); }
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken) throws IOException { cancelDelegationToken(url, token, dToken, null); }
/** * Renews a delegation token from the server end-point using the * configured <code>Authenticator</code> for authentication. * * @param url the URL to renew the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token with the Delegation Token to renew. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public long renewDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken) throws IOException, AuthenticationException { return renewDelegationToken(url, token, dToken, null); }
/** * Requests a delegation token using the configured <code>Authenticator</code> * for authentication. * * @param url the URL to get the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token being used for the user where the * Delegation token will be stored. * @param renewer the renewer user. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, AuthenticatedURL.Token token, String renewer) throws IOException, AuthenticationException { return getDelegationToken(url, token, renewer, null); }
/** * Creates an <code>DelegationTokenAuthenticatedURL</code>. * * @param authenticator the {@link DelegationTokenAuthenticator} instance to * use, if <code>null</code> the default one will be used. * @param connConfigurator a connection configurator. */ public DelegationTokenAuthenticatedURL( DelegationTokenAuthenticator authenticator, ConnectionConfigurator connConfigurator) { super(obtainDelegationTokenAuthenticator(authenticator, connConfigurator), connConfigurator); }
@Override public HttpURLConnection run() throws Exception { DelegationTokenAuthenticatedURL authUrl = createAuthenticatedURL(); return authUrl.openConnection(url, authToken, doAsUser); } });
/** * Renews a delegation token from the server end-point using the * configured <code>Authenticator</code> for authentication. * * @param url the URL to renew the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token with the Delegation Token to renew. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public long renewDelegationToken(URL url, Token token) throws IOException, AuthenticationException { return renewDelegationToken(url, token, null); }
@Override public DelegationTokenIdentifier createIdentifier() { return new DelegationTokenIdentifier(tokenKind); }