001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.hadoop.lib.service;
019    
020    import org.apache.hadoop.classification.InterfaceAudience;
021    import org.apache.hadoop.security.UserGroupInformation;
022    import org.apache.hadoop.security.token.Token;
023    
024    /**
025     * Service interface to manage HttpFS delegation tokens.
026     */
027    @InterfaceAudience.Private
028    public interface DelegationTokenManager {
029    
030      /**
031       * Creates a delegation token.
032       *
033       * @param ugi UGI creating the token.
034       * @param renewer token renewer.
035       * @return new delegation token.
036       * @throws DelegationTokenManagerException thrown if the token could not be
037       * created.
038       */
039      public Token<DelegationTokenIdentifier> createToken(UserGroupInformation ugi,
040                                                          String renewer)
041        throws DelegationTokenManagerException;
042    
043      /**
044       * Renews a delegation token.
045       *
046       * @param token delegation token to renew.
047       * @param renewer token renewer.
048       * @return epoc expiration time.
049       * @throws DelegationTokenManagerException thrown if the token could not be
050       * renewed.
051       */
052      public long renewToken(Token<DelegationTokenIdentifier> token, String renewer)
053        throws DelegationTokenManagerException;
054    
055      /**
056       * Cancels a delegation token.
057       *
058       * @param token delegation token to cancel.
059       * @param canceler token canceler.
060       * @throws DelegationTokenManagerException thrown if the token could not be
061       * canceled.
062       */
063      public void cancelToken(Token<DelegationTokenIdentifier> token,
064                              String canceler)
065        throws DelegationTokenManagerException;
066    
067      /**
068       * Verifies a delegation token.
069       *
070       * @param token delegation token to verify.
071       * @return the UGI for the token.
072       * @throws DelegationTokenManagerException thrown if the token could not be
073       * verified.
074       */
075      public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier> token)
076        throws DelegationTokenManagerException;
077    
078    }