use of org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig in project accumulo by apache.
the class DelegationTokenConfigSerializerTest method test.
@Test
public void test() {
DelegationTokenConfig cfg = new DelegationTokenConfig();
cfg.setTokenLifetime(8323, HOURS);
TDelegationTokenConfig tCfg = DelegationTokenConfigSerializer.serialize(cfg);
assertEquals(tCfg.getLifetime(), cfg.getTokenLifetime(MILLISECONDS));
assertEquals(cfg, DelegationTokenConfigSerializer.deserialize(tCfg));
}
use of org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig in project accumulo by apache.
the class SecurityOperationsImpl method getDelegationToken.
@Override
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException {
final TDelegationTokenConfig tConfig;
if (cfg != null) {
tConfig = DelegationTokenConfigSerializer.serialize(cfg);
} else {
tConfig = new TDelegationTokenConfig();
}
TDelegationToken thriftToken;
try {
thriftToken = ManagerClient.execute(context, client -> client.getDelegationToken(TraceUtil.traceInfo(), context.rpcCreds(), tConfig));
} catch (TableNotFoundException e) {
// should never happen
throw new AssertionError("Received TableNotFoundException on method which should not throw that exception", e);
}
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(thriftToken.getIdentifier());
// Get the password out of the thrift delegation token
return new DelegationTokenImpl(thriftToken.getPassword(), identifier);
}
use of org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig in project accumulo by apache.
the class DelegationTokenConfigSerializer method serialize.
/**
* Serialize the delegation token config into the thrift variant
*
* @param config
* The configuration
*/
public static TDelegationTokenConfig serialize(DelegationTokenConfig config) {
TDelegationTokenConfig tconfig = new TDelegationTokenConfig();
tconfig.setLifetime(config.getTokenLifetime(MILLISECONDS));
return tconfig;
}
use of org.apache.accumulo.core.securityImpl.thrift.TDelegationTokenConfig in project accumulo by apache.
the class ManagerClientServiceHandler method getDelegationToken.
@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
if (!manager.security.canObtainDelegationToken(credentials)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
// Round-about way to verify that SASL is also enabled.
if (!manager.delegationTokensAvailable()) {
throw new TException("Delegation tokens are not available for use");
}
final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
final AuthenticationTokenSecretManager secretManager = manager.getContext().getSecretManager();
try {
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
} catch (Exception e) {
throw new TException(e.getMessage());
}
}
Aggregations