Package org.apache.hadoop.security.token

Interface DelegationTokenIssuer

All Known Subinterfaces:

KeyProviderDelegationTokenExtension.DelegationTokenExtension, KeyProviderTokenIssuer

All Known Implementing Classes:

ChecksumFileSystem, FileSystem, FilterFileSystem, FTPFileSystem, HarFileSystem, HttpFileSystem, HttpsFileSystem, KeyProviderDelegationTokenExtension, KMSClientProvider, LoadBalancingKMSClientProvider, LocalFileSystem, RawLocalFileSystem, SFTPFileSystem, ViewFileSystem, ViewFileSystemOverloadScheme

@LimitedPrivate({"HDFS","MapReduce","Yarn"})
@Unstable
public interface DelegationTokenIssuer

Class for issuing delegation tokens.

Field Summary

Fields

Modifier and Type	Field	Description
static final org.slf4j.Logger	TOKEN_LOG

Method Summary

Modifier and Type	Method	Description
default Token<?>[]	addDelegationTokens(String renewer, Credentials credentials)	Given a renewer, add delegation tokens for issuer and it's child issuers to the Credentials object if it is not already present.
static void	collectDelegationTokens(DelegationTokenIssuer issuer, String renewer, Credentials credentials, List<Token<?>> tokens)	NEVER call this method directly.
default DelegationTokenIssuer[]	getAdditionalTokenIssuers()	Issuers may need tokens from additional services.
String	getCanonicalServiceName()	The service name used as the alias for the token in the credential token map.
Token<?>	getDelegationToken(String renewer)	Unconditionally get a new token with the optional renewer.

Field Details

TOKEN_LOG

static final org.slf4j.Logger TOKEN_LOG

Method Details

getCanonicalServiceName

String getCanonicalServiceName()

The service name used as the alias for the token in the credential token map. addDelegationTokens will use this to determine if a token exists, and if not, add a new token with this alias.

Returns:

the token.

getDelegationToken

Token<?> getDelegationToken(String renewer)
                     throws IOException

Unconditionally get a new token with the optional renewer. Returning null indicates the service does not issue tokens.

Parameters:

renewer - renewer.

Returns:

the token.

Throws:

IOException - raised on errors performing I/O.

getAdditionalTokenIssuers

default DelegationTokenIssuer[] getAdditionalTokenIssuers()
                                                   throws IOException

Issuers may need tokens from additional services.

Returns:

delegation token issuer.

Throws:

IOException - raised on errors performing I/O.

addDelegationTokens

default Token<?>[] addDelegationTokens(String renewer,
 Credentials credentials)
                                throws IOException

Given a renewer, add delegation tokens for issuer and it's child issuers to the Credentials object if it is not already present.

Note: This method is not intended to be overridden. Issuers should implement getCanonicalService and getDelegationToken to ensure consistent token acquisition behavior.

Parameters:

renewer - the user allowed to renew the delegation tokens

credentials - cache in which to add new delegation tokens

Returns:

list of new delegation tokens

Throws:

IOException - thrown if IOException if an IO error occurs.

collectDelegationTokens

@Private
static void collectDelegationTokens(DelegationTokenIssuer issuer,
 String renewer,
 Credentials credentials,
 List<Token<?>> tokens)
                             throws IOException

NEVER call this method directly.

Parameters:

issuer - issuer.

renewer - renewer.

credentials - cache in which to add new delegation tokens.

tokens - list of new delegation tokens.

Throws:

IOException - raised on errors performing I/O.