AuthenticationTokenSecretManager (Server Base 1.7.0 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
- - org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager

```
public class AuthenticationTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
```
Manages an internal list of secret keys used to sign new authentication tokens as they are generated, and to validate existing tokens used for authentication. Each TabletServer, in addition to the Master, has an instance of this SecretManager so that each can authenticate requests from clients presenting delegation tokens. The Master will also run an instance of AuthenticationTokenKeyManager which handles generation of new keys and removal of old keys. That class will call the methods here to ensure the in-memory cache is consistent with what is advertised in ZooKeeper.

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
  org.apache.hadoop.security.token.SecretManager.InvalidToken

Constructor Summary

Constructors
Constructor and Description
`AuthenticationTokenSecretManager(Instance instance, long tokenMaxLifetime)` Create a new secret manager instance for generating keys.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addKey(AuthenticationKey key)` Add the provided `key` to the in-memory copy of all `AuthenticationKey`s.
`AuthenticationTokenIdentifier`	`createIdentifier()`
`protected byte[]`	`createPassword(AuthenticationTokenIdentifier identifier)`
`static SecretKey`	`createSecretKey(byte[] raw)`
`protected SecretKey`	`generateSecret()`
`Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier>`	`generateToken(String username, DelegationTokenConfig cfg)` Generates a delegation token for the user with the provided `username`.
`void`	`removeAllKeys()` Atomic operation to remove all AuthenticationKeys
`byte[]`	`retrievePassword(AuthenticationTokenIdentifier identifier)`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthenticationTokenSecretManager
```
public AuthenticationTokenSecretManager(Instance instance,
                                long tokenMaxLifetime)
```
    Create a new secret manager instance for generating keys.
    
    Parameters:
    instance - Accumulo instance
    tokenMaxLifetime - Maximum age (in milliseconds) before a token expires and is no longer valid
- Method Detail
  - createPassword
```
protected byte[] createPassword(AuthenticationTokenIdentifier identifier)
```
    Specified by:
    
    createPassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
  - retrievePassword
```
public byte[] retrievePassword(AuthenticationTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
    Specified by:
    
    retrievePassword in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
    
    Throws:
    
    org.apache.hadoop.security.token.SecretManager.InvalidToken
  - createIdentifier
```
public AuthenticationTokenIdentifier createIdentifier()
```
    Specified by:
    
    createIdentifier in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
  - generateToken
```
public Map.Entry<org.apache.hadoop.security.token.Token<AuthenticationTokenIdentifier>,AuthenticationTokenIdentifier> generateToken(String username,
                                                                                                                           DelegationTokenConfig cfg)
                                                                                                                             throws AccumuloException
```
    Generates a delegation token for the user with the provided username.
    
    Parameters:
    username - The client to generate the delegation token for.
    cfg - A configuration object for obtaining the delegation token
    
    Returns:
    A delegation token for username created using the currentKey.
    
    Throws:
    
    AccumuloException
  - addKey
```
public void addKey(AuthenticationKey key)
```
    Add the provided key to the in-memory copy of all AuthenticationKeys.
    
    Parameters:
    key - The key to add.
  - removeAllKeys
```
public void removeAllKeys()
```
    Atomic operation to remove all AuthenticationKeys
  - generateSecret
```
protected SecretKey generateSecret()
```
    Overrides:
    
    generateSecret in class org.apache.hadoop.security.token.SecretManager<AuthenticationTokenIdentifier>
  - createSecretKey
```
public static SecretKey createSecretKey(byte[] raw)
```

Class AuthenticationTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.token.SecretManager

Methods inherited from class java.lang.Object

Constructor Detail

AuthenticationTokenSecretManager

Method Detail

createPassword

retrievePassword

createIdentifier

generateToken

addKey

removeAllKeys

generateSecret

createSecretKey