Class KerberosToken
java.lang.Object
org.apache.accumulo.core.client.security.tokens.KerberosToken
- All Implemented Interfaces:
Cloneable
,Destroyable
,AuthenticationToken
,org.apache.hadoop.io.Writable
Authentication token for Kerberos authenticated clients
- Since:
- 1.7.0
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.accumulo.core.client.security.tokens.AuthenticationToken
AuthenticationToken.AuthenticationTokenSerializer, AuthenticationToken.Properties, AuthenticationToken.TokenProperty
-
Field Summary
-
Constructor Summary
ConstructorDescriptionCreates a token using the login user as returned byUserGroupInformation.getCurrentUser()
KerberosToken
(String principal) Creates a token using the provided principal and the currently logged-in user viaUserGroupInformation
.KerberosToken
(String principal, File keytab) Creates a Kerberos token for the specified principal using the provided keytab. -
Method Summary
Modifier and TypeMethodDescriptionclone()
void
destroy()
boolean
The keytab file used to perform Kerberos login.The identity of the user to which this token belongs to according to Kerberosint
hashCode()
void
init
(AuthenticationToken.Properties properties) boolean
void
readFields
(DataInput in) void
write
(DataOutput out)
-
Field Details
-
CLASS_NAME
-
-
Constructor Details
-
KerberosToken
Creates a token using the provided principal and the currently logged-in user viaUserGroupInformation
. This method expects the current user (as defined byUserGroupInformation.getCurrentUser()
to be authenticated via Kerberos or as a Proxy (on top of another user). AnIllegalArgumentException
will be thrown for all other cases.- Parameters:
principal
- The user that is logged in- Throws:
IllegalArgumentException
- If the current user is not authentication via Kerberos or Proxy methods.IOException
- See Also:
-
UserGroupInformation.getCurrentUser()
UserGroupInformation.getAuthenticationMethod()
-
KerberosToken
Creates a Kerberos token for the specified principal using the provided keytab. The principal and keytab combination are verified by attempting a log in.This constructor does not have any side effects.
- Parameters:
principal
- The Kerberos principalkeytab
- A keytab file containing the principal's credentials.- Throws:
IOException
-
KerberosToken
Creates a token using the login user as returned byUserGroupInformation.getCurrentUser()
- Throws:
IOException
- If the current logged in user cannot be computed.
-
-
Method Details
-
clone
- Specified by:
clone
in interfaceAuthenticationToken
- Overrides:
clone
in classObject
-
equals
-
getPrincipal
The identity of the user to which this token belongs to according to Kerberos- Returns:
- The principal
-
getKeytab
The keytab file used to perform Kerberos login. Optional, may be null. -
write
- Specified by:
write
in interfaceorg.apache.hadoop.io.Writable
- Throws:
IOException
-
readFields
- Specified by:
readFields
in interfaceorg.apache.hadoop.io.Writable
- Throws:
IOException
-
destroy
- Specified by:
destroy
in interfaceDestroyable
- Throws:
DestroyFailedException
-
isDestroyed
public boolean isDestroyed()- Specified by:
isDestroyed
in interfaceDestroyable
-
init
- Specified by:
init
in interfaceAuthenticationToken
-
getProperties
- Specified by:
getProperties
in interfaceAuthenticationToken
-
hashCode
public int hashCode()
-