Examples with ThriftSecurityException org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException used on opensource projects

Example 16 with ThriftSecurityException

use of org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException in project accumulo by apache.

the class SecurityOperation method grantSystemPermission.

public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
    if (!canGrantSystem(credentials, user, permissionById))
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    targetUserExists(user);
    try {
        permHandle.grantSystemPermission(user, permissionById);
        log.info("Granted system permission {} for user {} at the request of user {}", permissionById, user, credentials.getPrincipal());
    } catch (AccumuloSecurityException e) {
        throw e.asThriftException();
    }
}

Example 17 with ThriftSecurityException

use of org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException in project accumulo by apache.

the class SecurityOperation method revokeTablePermission.

public void revokeTablePermission(TCredentials c, String user, Table.ID tableId, TablePermission permission, Namespace.ID namespaceId) throws ThriftSecurityException {
    if (!canRevokeTable(c, user, tableId, namespaceId))
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    targetUserExists(user);
    try {
        permHandle.revokeTablePermission(user, tableId.canonicalID(), permission);
        log.info("Revoked table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal());
    } catch (AccumuloSecurityException e) {
        throw e.asThriftException();
    } catch (TableNotFoundException e) {
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
    }
}

Example 18 with ThriftSecurityException

use of org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException in project accumulo by apache.

the class SecurityOperation method grantTablePermission.

public void grantTablePermission(TCredentials c, String user, Table.ID tableId, TablePermission permission, Namespace.ID namespaceId) throws ThriftSecurityException {
    if (!canGrantTable(c, user, tableId, namespaceId))
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    targetUserExists(user);
    try {
        permHandle.grantTablePermission(user, tableId.canonicalID(), permission);
        log.info("Granted table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal());
    } catch (AccumuloSecurityException e) {
        throw e.asThriftException();
    } catch (TableNotFoundException e) {
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
    }
}

Example 19 with ThriftSecurityException

use of org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException in project accumulo by apache.

the class AuditedSecurityOperation method canScan.

@Override
public boolean canScan(TCredentials credentials, Table.ID tableId, Namespace.ID namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
    if (shouldAudit(credentials, tableId)) {
        Range convertedRange = new Range(range);
        List<String> convertedColumns = truncate(Translator.translate(columns, new Translator.TColumnTranslator()));
        String tableName = getTableName(tableId);
        try {
            boolean canScan = super.canScan(credentials, tableId, namespaceId);
            audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
            return canScan;
        } catch (ThriftSecurityException ex) {
            audit(credentials, ex, CAN_SCAN_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedRange, convertedColumns, ssiList, ssio);
            throw ex;
        }
    } else {
        return super.canScan(credentials, tableId, namespaceId);
    }
}

Example 20 with ThriftSecurityException

use of org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException in project accumulo by apache.

the class SecurityOperation method changePassword.

public void changePassword(TCredentials credentials, Credentials toChange) throws ThriftSecurityException {
    if (!canChangePassword(credentials, toChange.getPrincipal()))
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    try {
        AuthenticationToken token = toChange.getToken();
        authenticator.changePassword(toChange.getPrincipal(), token);
        log.info("Changed password for user {} at the request of user {}", toChange.getPrincipal(), credentials.getPrincipal());
    } catch (AccumuloSecurityException e) {
        throw e.asThriftException();
    }
}