Search in sources :

Example 1 with TDelegationTokenConfig

use of org.apache.accumulo.core.security.thrift.TDelegationTokenConfig in project accumulo by apache.

the class SecurityOperationsImpl method getDelegationToken.

@Override
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException {
    final TDelegationTokenConfig tConfig;
    if (null != cfg) {
        tConfig = DelegationTokenConfigSerializer.serialize(cfg);
    } else {
        tConfig = new TDelegationTokenConfig();
    }
    TDelegationToken thriftToken;
    try {
        thriftToken = MasterClient.execute(context, new ClientExecReturn<TDelegationToken, Client>() {

            @Override
            public TDelegationToken execute(Client client) throws Exception {
                return client.getDelegationToken(Tracer.traceInfo(), context.rpcCreds(), tConfig);
            }
        });
    } catch (TableNotFoundException e) {
        // should never happen
        throw new AssertionError("Received TableNotFoundException on method which should not throw that exception", e);
    }
    AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(thriftToken.getIdentifier());
    // Get the password out of the thrift delegation token
    return new DelegationTokenImpl(thriftToken.getPassword(), identifier);
}
Also used : TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig) TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken) Client(org.apache.accumulo.core.master.thrift.MasterClientService.Client)

Example 2 with TDelegationTokenConfig

use of org.apache.accumulo.core.security.thrift.TDelegationTokenConfig in project accumulo by apache.

the class DelegationTokenConfigSerializer method serialize.

/**
 * Serialize the delegation token config into the thrift variant
 *
 * @param config
 *          The configuration
 */
public static TDelegationTokenConfig serialize(DelegationTokenConfig config) {
    TDelegationTokenConfig tconfig = new TDelegationTokenConfig();
    tconfig.setLifetime(config.getTokenLifetime(TimeUnit.MILLISECONDS));
    return tconfig;
}
Also used : TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)

Example 3 with TDelegationTokenConfig

use of org.apache.accumulo.core.security.thrift.TDelegationTokenConfig in project accumulo by apache.

the class MasterClientServiceHandler method getDelegationToken.

@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
    if (!master.security.canObtainDelegationToken(credentials)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }
    // Round-about way to verify that SASL is also enabled.
    if (!master.delegationTokensAvailable()) {
        throw new TException("Delegation tokens are not available for use");
    }
    final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
    final AuthenticationTokenSecretManager secretManager = master.getSecretManager();
    try {
        Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
        return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
    } catch (Exception e) {
        throw new TException(e.getMessage());
    }
}
Also used : TException(org.apache.thrift.TException) DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig) TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken) TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken) Token(org.apache.hadoop.security.token.Token) ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) TabletDeletedException(org.apache.accumulo.server.util.TabletIterator.TabletDeletedException) KeeperException(org.apache.zookeeper.KeeperException) TException(org.apache.thrift.TException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException) ThriftTableOperationException(org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)

Example 4 with TDelegationTokenConfig

use of org.apache.accumulo.core.security.thrift.TDelegationTokenConfig in project accumulo by apache.

the class DelegationTokenConfigSerializerTest method test.

@Test
public void test() {
    DelegationTokenConfig cfg = new DelegationTokenConfig();
    cfg.setTokenLifetime(8323, TimeUnit.HOURS);
    TDelegationTokenConfig tCfg = DelegationTokenConfigSerializer.serialize(cfg);
    assertEquals(tCfg.getLifetime(), cfg.getTokenLifetime(TimeUnit.MILLISECONDS));
    assertEquals(cfg, DelegationTokenConfigSerializer.deserialize(tCfg));
}
Also used : TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig) DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig) TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig) Test(org.junit.Test)

Aggregations

TDelegationTokenConfig (org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)4 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)2 DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)2 TDelegationToken (org.apache.accumulo.core.security.thrift.TDelegationToken)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 AccumuloException (org.apache.accumulo.core.client.AccumuloException)1 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)1 AuthenticationTokenIdentifier (org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier)1 ThriftSecurityException (org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)1 ThriftTableOperationException (org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)1 Client (org.apache.accumulo.core.master.thrift.MasterClientService.Client)1 AuthenticationTokenSecretManager (org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager)1 TabletDeletedException (org.apache.accumulo.server.util.TabletIterator.TabletDeletedException)1 Token (org.apache.hadoop.security.token.Token)1 TException (org.apache.thrift.TException)1 KeeperException (org.apache.zookeeper.KeeperException)1 NoNodeException (org.apache.zookeeper.KeeperException.NoNodeException)1 Test (org.junit.Test)1