Search in sources :

Example 1 with TDelegationToken

use of org.apache.accumulo.core.securityImpl.thrift.TDelegationToken in project accumulo by apache.

the class SecurityOperationsImpl method getDelegationToken.

@Override
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException {
    final TDelegationTokenConfig tConfig;
    if (cfg != null) {
        tConfig = DelegationTokenConfigSerializer.serialize(cfg);
    } else {
        tConfig = new TDelegationTokenConfig();
    }
    TDelegationToken thriftToken;
    try {
        thriftToken = ManagerClient.execute(context, client -> client.getDelegationToken(TraceUtil.traceInfo(), context.rpcCreds(), tConfig));
    } catch (TableNotFoundException e) {
        // should never happen
        throw new AssertionError("Received TableNotFoundException on method which should not throw that exception", e);
    }
    AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(thriftToken.getIdentifier());
    // Get the password out of the thrift delegation token
    return new DelegationTokenImpl(thriftToken.getPassword(), identifier);
}
Also used : DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig) DelegationToken(org.apache.accumulo.core.client.security.tokens.DelegationToken) ByteBuffer(java.nio.ByteBuffer) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) TablePermission(org.apache.accumulo.core.security.TablePermission) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) TableOperationExceptionType(org.apache.accumulo.core.clientImpl.thrift.TableOperationExceptionType) EXISTING_NAMESPACE_NAME(org.apache.accumulo.core.util.Validators.EXISTING_NAMESPACE_NAME) TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig) TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) ClientService(org.apache.accumulo.core.clientImpl.thrift.ClientService) SecurityErrorCode(org.apache.accumulo.core.clientImpl.thrift.SecurityErrorCode) AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken) Set(java.util.Set) ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException) Authorizations(org.apache.accumulo.core.security.Authorizations) AccumuloException(org.apache.accumulo.core.client.AccumuloException) NAMESPACE_DOESNT_EXIST(org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST) PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) ThriftTableOperationException(org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException) SystemPermission(org.apache.accumulo.core.security.SystemPermission) TraceUtil(org.apache.accumulo.core.trace.TraceUtil) ByteBufferUtil(org.apache.accumulo.core.util.ByteBufferUtil) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig) TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)

Example 2 with TDelegationToken

use of org.apache.accumulo.core.securityImpl.thrift.TDelegationToken in project accumulo by apache.

the class ManagerClientServiceHandler method getDelegationToken.

@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
    if (!manager.security.canObtainDelegationToken(credentials)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }
    // Round-about way to verify that SASL is also enabled.
    if (!manager.delegationTokensAvailable()) {
        throw new TException("Delegation tokens are not available for use");
    }
    final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
    final AuthenticationTokenSecretManager secretManager = manager.getContext().getSecretManager();
    try {
        Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
        return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
    } catch (Exception e) {
        throw new TException(e.getMessage());
    }
}
Also used : TException(org.apache.thrift.TException) TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig) DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig) AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken) TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken) Token(org.apache.hadoop.security.token.Token) ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException) TabletDeletedException(org.apache.accumulo.core.metadata.schema.TabletDeletedException) KeeperException(org.apache.zookeeper.KeeperException) TException(org.apache.thrift.TException) ThriftTableOperationException(org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException) NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)

Aggregations

TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)2 DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)2 ThriftSecurityException (org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)2 ThriftTableOperationException (org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)2 TDelegationToken (org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)2 TDelegationTokenConfig (org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig)2 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 ByteBuffer (java.nio.ByteBuffer)1 Set (java.util.Set)1 AccumuloException (org.apache.accumulo.core.client.AccumuloException)1 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)1 SecurityOperations (org.apache.accumulo.core.client.admin.SecurityOperations)1 NAMESPACE_DOESNT_EXIST (org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)1 AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)1 DelegationToken (org.apache.accumulo.core.client.security.tokens.DelegationToken)1 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)1 AuthenticationTokenIdentifier (org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)1 ClientService (org.apache.accumulo.core.clientImpl.thrift.ClientService)1 SecurityErrorCode (org.apache.accumulo.core.clientImpl.thrift.SecurityErrorCode)1