001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.hadoop.lib.service; 019 020 import org.apache.hadoop.classification.InterfaceAudience; 021 import org.apache.hadoop.security.UserGroupInformation; 022 import org.apache.hadoop.security.token.Token; 023 024 /** 025 * Service interface to manage HttpFS delegation tokens. 026 */ 027 @InterfaceAudience.Private 028 public interface DelegationTokenManager { 029 030 /** 031 * Creates a delegation token. 032 * 033 * @param ugi UGI creating the token. 034 * @param renewer token renewer. 035 * @return new delegation token. 036 * @throws DelegationTokenManagerException thrown if the token could not be 037 * created. 038 */ 039 public Token<DelegationTokenIdentifier> createToken(UserGroupInformation ugi, 040 String renewer) 041 throws DelegationTokenManagerException; 042 043 /** 044 * Renews a delegation token. 045 * 046 * @param token delegation token to renew. 047 * @param renewer token renewer. 048 * @return epoc expiration time. 049 * @throws DelegationTokenManagerException thrown if the token could not be 050 * renewed. 051 */ 052 public long renewToken(Token<DelegationTokenIdentifier> token, String renewer) 053 throws DelegationTokenManagerException; 054 055 /** 056 * Cancels a delegation token. 057 * 058 * @param token delegation token to cancel. 059 * @param canceler token canceler. 060 * @throws DelegationTokenManagerException thrown if the token could not be 061 * canceled. 062 */ 063 public void cancelToken(Token<DelegationTokenIdentifier> token, 064 String canceler) 065 throws DelegationTokenManagerException; 066 067 /** 068 * Verifies a delegation token. 069 * 070 * @param token delegation token to verify. 071 * @return the UGI for the token. 072 * @throws DelegationTokenManagerException thrown if the token could not be 073 * verified. 074 */ 075 public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier> token) 076 throws DelegationTokenManagerException; 077 078 }