Example 1 with TDelegationToken
use of org.apache.accumulo.core.security.thrift.TDelegationToken in project accumulo by apache.
the class SecurityOperationsImpl method getDelegationToken.
@Override
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException {
final TDelegationTokenConfig tConfig;
if (null != cfg) {
tConfig = DelegationTokenConfigSerializer.serialize(cfg);
} else {
tConfig = new TDelegationTokenConfig();
}
TDelegationToken thriftToken;
try {
thriftToken = MasterClient.execute(context, new ClientExecReturn<TDelegationToken, Client>() {
@Override
public TDelegationToken execute(Client client) throws Exception {
return client.getDelegationToken(Tracer.traceInfo(), context.rpcCreds(), tConfig);
}
});
} catch (TableNotFoundException e) {
// should never happen
throw new AssertionError("Received TableNotFoundException on method which should not throw that exception", e);
}
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(thriftToken.getIdentifier());
// Get the password out of the thrift delegation token
return new DelegationTokenImpl(thriftToken.getPassword(), identifier);
}
Also used :
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)
TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken)
Client(org.apache.accumulo.core.master.thrift.MasterClientService.Client)
Example 2 with TDelegationToken
use of org.apache.accumulo.core.security.thrift.TDelegationToken in project accumulo by apache.
the class MasterClientServiceHandler method getDelegationToken.
@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
if (!master.security.canObtainDelegationToken(credentials)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
// Round-about way to verify that SASL is also enabled.
if (!master.delegationTokensAvailable()) {
throw new TException("Delegation tokens are not available for use");
}
final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
final AuthenticationTokenSecretManager secretManager = master.getSecretManager();
try {
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
} catch (Exception e) {
throw new TException(e.getMessage());
}
}
Also used :
TException(org.apache.thrift.TException)
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)
AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier)
AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager)
TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken)
TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken)
Token(org.apache.hadoop.security.token.Token)
ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
TabletDeletedException(org.apache.accumulo.server.util.TabletIterator.TabletDeletedException)
KeeperException(org.apache.zookeeper.KeeperException)
TException(org.apache.thrift.TException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)
ThriftTableOperationException(org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)
Aggregations
TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)2
TDelegationToken (org.apache.accumulo.core.security.thrift.TDelegationToken)2
TDelegationTokenConfig (org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1
AccumuloException (org.apache.accumulo.core.client.AccumuloException)1
AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)1
DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)1
AuthenticationTokenIdentifier (org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier)1
ThriftSecurityException (org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)1
ThriftTableOperationException (org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)1
Client (org.apache.accumulo.core.master.thrift.MasterClientService.Client)1
AuthenticationTokenSecretManager (org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager)1
TabletDeletedException (org.apache.accumulo.server.util.TabletIterator.TabletDeletedException)1
Token (org.apache.hadoop.security.token.Token)1
TException (org.apache.thrift.TException)1
KeeperException (org.apache.zookeeper.KeeperException)1
NoNodeException (org.apache.zookeeper.KeeperException.NoNodeException)1
