Package org.apache.hadoop.yarn.security.client

Class BaseClientToAMTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<ClientToAMTokenIdentifier>

org.apache.hadoop.yarn.security.client.BaseClientToAMTokenSecretManager

Direct Known Subclasses:

ClientToAMTokenSecretManager

@Public
@Evolving
public abstract class BaseClientToAMTokenSecretManager
extends SecretManager<ClientToAMTokenIdentifier>

A base SecretManager for AMs to extend and validate Client-RM tokens issued to clients by the RM using the underlying master-key shared by RM to the AMs on their launch. All the methods are called by either Hadoop RPC or YARN, so this class is strictly for the purpose of inherit/extend and register with Hadoop RPC.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

Fields inherited from class org.apache.hadoop.security.token.SecretManager

LOG

Constructor Summary

Constructors

Constructor	Description
BaseClientToAMTokenSecretManager()

Method Summary

Modifier and Type	Method	Description
ClientToAMTokenIdentifier	createIdentifier()	Create an empty token identifier.
byte[]	createPassword(ClientToAMTokenIdentifier identifier)	Create the password for the given identifier.
abstract SecretKey	getMasterKey(ApplicationAttemptId applicationAttemptId)
byte[]	retrievePassword(ClientToAMTokenIdentifier identifier)	Retrieve the password for the given token identifier.

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BaseClientToAMTokenSecretManager

public BaseClientToAMTokenSecretManager()

Method Details

getMasterKey

@Private
public abstract SecretKey getMasterKey(ApplicationAttemptId applicationAttemptId)

createPassword

@Private
public byte[] createPassword(ClientToAMTokenIdentifier identifier)

Description copied from class: SecretManager

Create the password for the given identifier. identifier may be modified inside this method.

Specified by:

createPassword in class SecretManager<ClientToAMTokenIdentifier>

Parameters:

identifier - the identifier to use

Returns:

the new password

retrievePassword

@Private
public byte[] retrievePassword(ClientToAMTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Description copied from class: SecretManager

Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.

Specified by:

retrievePassword in class SecretManager<ClientToAMTokenIdentifier>

Parameters:

identifier - the identifier to validate

Returns:

the password to use

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken - the token was invalid

createIdentifier

@Private
public ClientToAMTokenIdentifier createIdentifier()

Description copied from class: SecretManager

Create an empty token identifier.

Specified by:

createIdentifier in class SecretManager<ClientToAMTokenIdentifier>

Returns:

the newly created empty token identifier