Class KerberosToken
java.lang.Object
org.apache.accumulo.core.client.security.tokens.KerberosToken
- All Implemented Interfaces:
Cloneable,Destroyable,AuthenticationToken,org.apache.hadoop.io.Writable
Authentication token for Kerberos authenticated clients
- Since:
- 1.7.0
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.accumulo.core.client.security.tokens.AuthenticationToken
AuthenticationToken.AuthenticationTokenSerializer, AuthenticationToken.Properties, AuthenticationToken.TokenProperty -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionCreates a token using the login user as returned byUserGroupInformation.getCurrentUser()KerberosToken(String principal) Creates a token using the provided principal and the currently logged-in user viaUserGroupInformation.KerberosToken(String principal, File keytab) Creates a Kerberos token for the specified principal using the provided keytab.KerberosToken(String principal, File keytab, boolean replaceCurrentUser) Deprecated.since 1.8.0, @see #KerberosToken(String, File) -
Method Summary
Modifier and TypeMethodDescriptionclone()voiddestroy()booleanThe keytab file used to perform Kerberos login.The identity of the user to which this token belongs to according to KerberosinthashCode()voidinit(AuthenticationToken.Properties properties) booleanvoidreadFields(DataInput in) voidwrite(DataOutput out)
-
Field Details
-
CLASS_NAME
-
-
Constructor Details
-
KerberosToken
Creates a token using the provided principal and the currently logged-in user viaUserGroupInformation. This method expects the current user (as defined byUserGroupInformation.getCurrentUser()to be authenticated via Kerberos or as a Proxy (on top of another user). AnIllegalArgumentExceptionwill be thrown for all other cases.- Parameters:
principal- The user that is logged in- Throws:
IllegalArgumentException- If the current user is not authentication via Kerberos or Proxy methods.IOException- See Also:
-
UserGroupInformation.getCurrentUser()UserGroupInformation.getAuthenticationMethod()
-
KerberosToken
Creates a Kerberos token for the specified principal using the provided keytab. The principal and keytab combination are verified by attempting a log in.This constructor does not have any side effects.
- Parameters:
principal- The Kerberos principalkeytab- A keytab file containing the principal's credentials.- Throws:
IOException
-
KerberosToken
@Deprecated public KerberosToken(String principal, File keytab, boolean replaceCurrentUser) throws IOException Deprecated.since 1.8.0, @see #KerberosToken(String, File)Creates a token and logs in viaUserGroupInformationusing the provided principal and keytab. A key for the principal must exist in the keytab, otherwise login will fail.- Parameters:
principal- The Kerberos principalkeytab- A keytab filereplaceCurrentUser- Should the current Hadoop user be replaced with this user- Throws:
IOException
-
KerberosToken
Creates a token using the login user as returned byUserGroupInformation.getCurrentUser()- Throws:
IOException- If the current logged in user cannot be computed.
-
-
Method Details
-
clone
- Specified by:
clonein interfaceAuthenticationToken- Overrides:
clonein classObject
-
equals
-
getPrincipal
The identity of the user to which this token belongs to according to Kerberos- Returns:
- The principal
-
getKeytab
The keytab file used to perform Kerberos login. Optional, may be null. -
write
- Specified by:
writein interfaceorg.apache.hadoop.io.Writable- Throws:
IOException
-
readFields
- Specified by:
readFieldsin interfaceorg.apache.hadoop.io.Writable- Throws:
IOException
-
destroy
- Specified by:
destroyin interfaceDestroyable- Throws:
DestroyFailedException
-
isDestroyed
public boolean isDestroyed()- Specified by:
isDestroyedin interfaceDestroyable
-
init
- Specified by:
initin interfaceAuthenticationToken
-
getProperties
- Specified by:
getPropertiesin interfaceAuthenticationToken
-
hashCode
public int hashCode()
-