Example 1 with TDelegationToken
use of org.apache.accumulo.core.securityImpl.thrift.TDelegationToken in project accumulo by apache.
the class SecurityOperationsImpl method getDelegationToken.
@Override
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException {
final TDelegationTokenConfig tConfig;
if (cfg != null) {
tConfig = DelegationTokenConfigSerializer.serialize(cfg);
} else {
tConfig = new TDelegationTokenConfig();
}
TDelegationToken thriftToken;
try {
thriftToken = ManagerClient.execute(context, client -> client.getDelegationToken(TraceUtil.traceInfo(), context.rpcCreds(), tConfig));
} catch (TableNotFoundException e) {
// should never happen
throw new AssertionError("Received TableNotFoundException on method which should not throw that exception", e);
}
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(thriftToken.getIdentifier());
// Get the password out of the thrift delegation token
return new DelegationTokenImpl(thriftToken.getPassword(), identifier);
}
Also used :
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
DelegationToken(org.apache.accumulo.core.client.security.tokens.DelegationToken)
ByteBuffer(java.nio.ByteBuffer)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
TablePermission(org.apache.accumulo.core.security.TablePermission)
Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument)
NamespacePermission(org.apache.accumulo.core.security.NamespacePermission)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
TableOperationExceptionType(org.apache.accumulo.core.clientImpl.thrift.TableOperationExceptionType)
EXISTING_NAMESPACE_NAME(org.apache.accumulo.core.util.Validators.EXISTING_NAMESPACE_NAME)
TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig)
TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)
SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations)
ClientService(org.apache.accumulo.core.clientImpl.thrift.ClientService)
SecurityErrorCode(org.apache.accumulo.core.clientImpl.thrift.SecurityErrorCode)
AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken)
Set(java.util.Set)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
Authorizations(org.apache.accumulo.core.security.Authorizations)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
NAMESPACE_DOESNT_EXIST(org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)
PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken)
ThriftTableOperationException(org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)
SystemPermission(org.apache.accumulo.core.security.SystemPermission)
TraceUtil(org.apache.accumulo.core.trace.TraceUtil)
ByteBufferUtil(org.apache.accumulo.core.util.ByteBufferUtil)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig)
TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)
Example 2 with TDelegationToken
use of org.apache.accumulo.core.securityImpl.thrift.TDelegationToken in project accumulo by apache.
the class ManagerClientServiceHandler method getDelegationToken.
@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
if (!manager.security.canObtainDelegationToken(credentials)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
// Round-about way to verify that SASL is also enabled.
if (!manager.delegationTokensAvailable()) {
throw new TException("Delegation tokens are not available for use");
}
final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
final AuthenticationTokenSecretManager secretManager = manager.getContext().getSecretManager();
try {
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
} catch (Exception e) {
throw new TException(e.getMessage());
}
}
Also used :
TException(org.apache.thrift.TException)
TDelegationTokenConfig(org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig)
DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig)
AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)
AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager)
TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)
TDelegationToken(org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)
Token(org.apache.hadoop.security.token.Token)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
TabletDeletedException(org.apache.accumulo.core.metadata.schema.TabletDeletedException)
KeeperException(org.apache.zookeeper.KeeperException)
TException(org.apache.thrift.TException)
ThriftTableOperationException(org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)
NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)
Aggregations
TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)2
DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)2
ThriftSecurityException (org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)2
ThriftTableOperationException (org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)2
TDelegationToken (org.apache.accumulo.core.securityImpl.thrift.TDelegationToken)2
TDelegationTokenConfig (org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig)2
Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1
ByteBuffer (java.nio.ByteBuffer)1
Set (java.util.Set)1
AccumuloException (org.apache.accumulo.core.client.AccumuloException)1
AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)1
SecurityOperations (org.apache.accumulo.core.client.admin.SecurityOperations)1
NAMESPACE_DOESNT_EXIST (org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)1
AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)1
DelegationToken (org.apache.accumulo.core.client.security.tokens.DelegationToken)1
PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)1
AuthenticationTokenIdentifier (org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)1
ClientService (org.apache.accumulo.core.clientImpl.thrift.ClientService)1
SecurityErrorCode (org.apache.accumulo.core.clientImpl.thrift.SecurityErrorCode)1
