public class AutoTGT extends Object implements IAutoCredentials, ICredentialsRenewer
Automatically take a user’s TGT, and push it, and renew it in Nimbus.
Modifier and Type | Field and Description |
---|---|
protected static AtomicReference<KerberosTicket> |
kerbTicket |
Constructor and Description |
---|
AutoTGT() |
Modifier and Type | Method and Description |
---|---|
static void |
clearCredentials(Subject subject,
KerberosTicket tgt) |
static KerberosTicket |
getTGT(Map<String,String> credentials) |
static void |
main(String[] args) |
void |
populateCredentials(Map<String,String> credentials)
Called to populate the credentials on the client side.
|
void |
populateSubject(Subject subject,
Map<String,String> credentials)
Called to initially populate the subject on the worker side with credentials passed in.
|
void |
prepare(Map conf)
Called when initializing the service.
|
void |
renew(Map<String,String> credentials,
Map topologyConf)
Renew any credentials that need to be renewed.
|
void |
renew(Map<String,String> credentials,
Map<String,Object> topologyConf,
String topologyOwnerPrincipal)
Renew any credentials that need to be renewed.
|
static void |
saveTGT(KerberosTicket tgt,
Map<String,String> credentials) |
void |
updateSubject(Subject subject,
Map<String,String> credentials)
Called to update the subject on the worker side when new credentials are recieved.
|
protected static final AtomicReference<KerberosTicket> kerbTicket
public void prepare(Map conf)
ICredentialsRenewer
Called when initializing the service.
prepare
in interface IAutoCredentials
prepare
in interface ICredentialsRenewer
conf
- the storm cluster configuration.public void populateCredentials(Map<String,String> credentials)
IAutoCredentials
Called to populate the credentials on the client side.
populateCredentials
in interface IAutoCredentials
credentials
- the credentials to be populated.public static void saveTGT(KerberosTicket tgt, Map<String,String> credentials)
public static KerberosTicket getTGT(Map<String,String> credentials)
public void updateSubject(Subject subject, Map<String,String> credentials)
IAutoCredentials
Called to update the subject on the worker side when new credentials are recieved. This means that populateSubject has already been called on this subject.
updateSubject
in interface IAutoCredentials
subject
- the subject to optionally put credentials in.credentials
- the credentials to be used.public void populateSubject(Subject subject, Map<String,String> credentials)
IAutoCredentials
Called to initially populate the subject on the worker side with credentials passed in.
populateSubject
in interface IAutoCredentials
subject
- the subject to optionally put credentials in.credentials
- the credentials to be used.public static void clearCredentials(Subject subject, KerberosTicket tgt)
public void renew(Map<String,String> credentials, Map<String,Object> topologyConf, String topologyOwnerPrincipal)
ICredentialsRenewer
Renew any credentials that need to be renewed. (Update the credentials if needed)
renew
in interface ICredentialsRenewer
credentials
- the credentials that may have something to renew.topologyConf
- topology configuration.topologyOwnerPrincipal
- the full principal name of the owner of the topologypublic void renew(Map<String,String> credentials, Map topologyConf)
ICredentialsRenewer
Renew any credentials that need to be renewed. (Update the credentials if needed) NOTE: THIS WILL BE CALLED THROUGH REFLECTION. So if the newer renew exists it will be called instead, but if it does not exist this will be called. That means that this is binary compatible but not source compatible with older version. To make the compilation work this can become a noop when the new API is implemented.
renew
in interface ICredentialsRenewer
credentials
- the credentials that may have something to renew.topologyConf
- topology configuration.Copyright © 2022 The Apache Software Foundation. All Rights Reserved.