Package org.apache.hadoop.security.authentication.util

Class SignerSecretProvider

java.lang.Object
org.apache.hadoop.security.authentication.util.SignerSecretProvider
Direct Known Subclasses:
FileSignerSecretProvider, RolloverSignerSecretProvider
@Unstable @Private public abstract class SignerSecretProvider extends Object
The SignerSecretProvider is an abstract way to provide a secret to be used by the Signer so that we can have different implementations that potentially do more complicated things in the backend. See the RolloverSignerSecretProvider class for an implementation that supports rolling over the secret at a regular interval.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SignerSecretProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
    Will be called on shutdown; subclasses should perform any cleanup here.
    abstract byte[][]
    getAllSecrets()
    Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().
    abstract byte[]
    getCurrentSecret()
    Returns the current secret to be used by the Signer for signing new cookies.
    abstract void
    init(Properties config, javax.servlet.ServletContext servletContext, long tokenValidity)
    Initialize the SignerSecretProvider

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SignerSecretProvider

      public SignerSecretProvider()

  • Method Details

    • init

      public abstract void init(Properties config, javax.servlet.ServletContext servletContext, long tokenValidity) throws Exception
      Initialize the SignerSecretProvider
      Parameters:
      config - configuration properties
      servletContext - servlet context
      tokenValidity - The amount of time a token is valid for
      Throws:
      Exception - thrown if an error occurred

    • destroy

      public void destroy()
      Will be called on shutdown; subclasses should perform any cleanup here.

    • getCurrentSecret

      public abstract byte[] getCurrentSecret()
      Returns the current secret to be used by the Signer for signing new cookies. This should never return null.

      Callers should be careful not to modify the returned value.

      Returns:
      the current secret

    • getAllSecrets

      public abstract byte[][] getAllSecrets()
      Returns all secrets that a cookie could have been signed with and are still valid; this should include the secret returned by getCurrentSecret().

      Callers should be careful not to modify the returned value.

      Returns:
      the secrets