Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.security.authentication.util
Class RolloverSignerSecretProvider

java.lang.Object
  extended by org.apache.hadoop.security.authentication.util.SignerSecretProvider
      extended by org.apache.hadoop.security.authentication.util.RolloverSignerSecretProvider
Direct Known Subclasses:
RandomSignerSecretProvider, ZKSignerSecretProvider
@InterfaceStability.Unstable
@InterfaceAudience.Private
public abstract class RolloverSignerSecretProvider
extends SignerSecretProvider

An abstract SignerSecretProvider that can be use used as the base for a rolling secret. The secret will roll over at the same interval as the token validity, so there are only ever a maximum of two valid secrets at any given time. This class handles storing and returning the secrets, as well as the rolling over. At a minimum, subclasses simply need to implement the generateNewSecret() method. More advanced implementations can override other methods to provide more advanced behavior, but should be careful when doing so.

Constructor Summary
RolloverSignerSecretProvider()
           
 
Method Summary
 void destroy()
          Will be called on shutdown; subclasses should perform any cleanup here.
protected abstract  byte[] generateNewSecret()
          Subclasses should implement this to return a new secret.
 byte[][] getAllSecrets()
          Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().
 byte[] getCurrentSecret()
          Returns the current secret to be used by the Signer for signing new cookies.
 void init(Properties config, javax.servlet.ServletContext servletContext, long tokenValidity)
          Initialize the SignerSecretProvider.
protected  void initSecrets(byte[] currentSecret, byte[] previousSecret)
          Initializes the secrets array.
protected  void rollSecret()
          Rolls the secret.
protected  void startScheduler(long initialDelay, long period)
          Starts the scheduler for the rollover to run at an interval.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RolloverSignerSecretProvider

public RolloverSignerSecretProvider()
Method Detail

init

public void init(Properties config,
                 javax.servlet.ServletContext servletContext,
                 long tokenValidity)
          throws Exception
Initialize the SignerSecretProvider. It initializes the current secret and starts the scheduler for the rollover to run at an interval of tokenValidity.

Specified by:
init in class SignerSecretProvider
Parameters:
config - configuration properties
servletContext - servlet context
tokenValidity - The amount of time a token is valid for
Throws:
Exception

initSecrets

protected void initSecrets(byte[] currentSecret,
                           byte[] previousSecret)
Initializes the secrets array. This should typically be called only once, during init but some implementations may wish to call it other times. previousSecret can be null if there isn't a previous secret, but currentSecret should never be null.

Parameters:
currentSecret - The current secret
previousSecret - The previous secret

startScheduler

protected void startScheduler(long initialDelay,
                              long period)
Starts the scheduler for the rollover to run at an interval.

Parameters:
initialDelay - The initial delay in the rollover in milliseconds
period - The interval for the rollover in milliseconds

destroy

public void destroy()
Description copied from class: SignerSecretProvider
Will be called on shutdown; subclasses should perform any cleanup here.

Overrides:
destroy in class SignerSecretProvider

rollSecret

protected void rollSecret()
Rolls the secret. It is called automatically at the rollover interval.

generateNewSecret

protected abstract byte[] generateNewSecret()
Subclasses should implement this to return a new secret. It will be called automatically at the secret rollover interval. It should never return null.

Returns:
a new secret

getCurrentSecret

public byte[] getCurrentSecret()
Description copied from class: SignerSecretProvider
Returns the current secret to be used by the Signer for signing new cookies. This should never return null.

Callers should be careful not to modify the returned value.

Specified by:
getCurrentSecret in class SignerSecretProvider
Returns:
the current secret

getAllSecrets

public byte[][] getAllSecrets()
Description copied from class: SignerSecretProvider
Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().

Callers should be careful not to modify the returned value.

Specified by:
getAllSecrets in class SignerSecretProvider
Returns:
the secrets
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2014 Apache Software Foundation. All Rights Reserved.