Examples with Authorizations org.apache.accumulo.core.security.Authorizations used on opensource projects

Example 76 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class CountPlan method query.

@Override
public List<IndexEntry> query(final Connector connector, final String tableName, final List<Long> prospectTimes, final String type, final String compositeIndex, final String dataType, final String[] auths) throws TableNotFoundException {
    assert connector != null && tableName != null && type != null && compositeIndex != null;
    final BatchScanner bs = connector.createBatchScanner(tableName, new Authorizations(auths), 4);
    final List<Range> ranges = new ArrayList<>();
    // by default only return 1000 prospects maximum
    int max = 1000;
    if (prospectTimes != null) {
        for (final Long prospectTime : prospectTimes) {
            ranges.add(new Range(type + DELIM + compositeIndex + DELIM + ProspectorUtils.getReverseIndexDateTime(new Date(prospectTime))));
        }
    } else {
        // only return the latest if no prospectTimes given
        max = 1;
        final String prefix = type + DELIM + compositeIndex + DELIM;
        ranges.add(new Range(prefix, prefix + RdfCloudTripleStoreConstants.LAST));
    }
    bs.setRanges(ranges);
    if (dataType != null) {
        bs.fetchColumn(new Text(COUNT), new Text(dataType));
    } else {
        bs.fetchColumnFamily(new Text(COUNT));
    }
    final List<IndexEntry> indexEntries = new ArrayList<IndexEntry>();
    final Iterator<Entry<Key, Value>> iter = bs.iterator();
    while (iter.hasNext() && indexEntries.size() <= max) {
        final Entry<Key, Value> entry = iter.next();
        final Key k = entry.getKey();
        final Value v = entry.getValue();
        final String[] rowArr = k.getRow().toString().split(DELIM);
        String values = "";
        // if it is a composite index, then return the type as a composite index
        if (type.equalsIgnoreCase(TripleValueType.SUBJECT_PREDICATE.getIndexType()) || type.equalsIgnoreCase(TripleValueType.SUBJECT_OBJECT.getIndexType()) || type.equalsIgnoreCase(TripleValueType.PREDICATE_OBJECT.getIndexType())) {
            values = rowArr[1] + DELIM + rowArr[2];
        } else {
            values = rowArr[1];
        }
        // Create an entry using the values that were found.
        final String entryDataType = k.getColumnQualifier().toString();
        final String entryVisibility = k.getColumnVisibility().toString();
        final Long entryCount = Long.parseLong(new String(v.get(), StandardCharsets.UTF_8));
        indexEntries.add(IndexEntry.builder().setData(values).setTripleValueType(rowArr[0]).setIndex(COUNT).setDataType(entryDataType).setVisibility(entryVisibility).setCount(entryCount).setTimestamp(k.getTimestamp()).build());
    }
    bs.close();
    return indexEntries;
}

Example 77 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class DocumentVisibilityUtil method doesUserHaveDocumentAccess.

/**
 * Checks if the user's authorizations allows them to have access to the
 * provided document based on its document visibility.
 * @param authorizations the {@link Authorizations}.
 * @param documentVisibility the {@link DocumentVisibility}.
 * @param doesEmptyAccessPass {@code true} if an empty authorization pass
 * allows access to everything. {@code false} otherwise.
 * @return {@code true} if the user has access to the document.
 * {@code false} otherwise.
 */
public static boolean doesUserHaveDocumentAccess(final Authorizations authorizations, final DocumentVisibility documentVisibility, final boolean doesEmptyAccessPass) {
    final Authorizations userAuths = authorizations != null ? authorizations : MongoDbRdfConstants.ALL_AUTHORIZATIONS;
    final VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(userAuths);
    boolean accept = false;
    if (doesEmptyAccessPass && MongoDbRdfConstants.ALL_AUTHORIZATIONS.equals(userAuths)) {
        accept = true;
    } else {
        try {
            accept = visibilityEvaluator.evaluate(documentVisibility);
        } catch (final VisibilityParseException e) {
            log.error("Could not parse document visibility.");
        }
    }
    return accept;
}

Example 78 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class ConfigUtils method createBatchScanner.

public static BatchScanner createBatchScanner(final String tablename, final Configuration conf) throws AccumuloException, AccumuloSecurityException, TableNotFoundException {
    final Connector connector = ConfigUtils.getConnector(conf);
    final Authorizations auths = ConfigUtils.getAuthorizations(conf);
    Integer numThreads = null;
    if (conf instanceof RdfCloudTripleStoreConfiguration) {
        numThreads = ((RdfCloudTripleStoreConfiguration) conf).getNumThreads();
    } else {
        numThreads = conf.getInt(RdfCloudTripleStoreConfiguration.CONF_NUM_THREADS, 2);
    }
    return connector.createBatchScanner(tablename, auths, numThreads);
}

Example 79 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class DisjunctiveNormalFormConverter method convertToDisjunctiveNormalForm.

/**
 * Creates a document visibility boolean expression string into Disjunctive
 * Normal Form (DNF).  Expressions use this format in DNF:<pre>
 * (P1 & P2 & P3 ... Pn) | (Q1 & Q2 ... Qm) ...
 * </pre>
 * @param documentVisibility the {@link DocumentVisibility}.
 * @return a new {@link DocumentVisibility} with its expression in DNF.
 */
public static DocumentVisibility convertToDisjunctiveNormalForm(final DocumentVisibility documentVisibility) {
    // Find all the terms used in the expression
    final List<String> terms = findNodeTerms(documentVisibility.getParseTree(), documentVisibility.getExpression());
    // Create an appropriately sized truth table that has the correct 0's
    // and 1's in place based on the number of terms.
    // This size should be [numberOfTerms][2 ^ numberOfTerms].
    final byte[][] truthTable = createTruthTableInputs(terms);
    // Go through each row in the truth table.
    // If the row has a 1 for the term then create an Authorization for it
    // and test if it works.
    // If the row passes then that means all the terms that were a 1 and
    // were used can be AND'ed together to pass the expression.
    // All the rows that pass can be OR'd together.
    // Disjunction Normal Form: (P1 & P2 & P3 ... Pn) | (Q1 & Q2 ... Qm) ...
    final List<List<String>> termRowsThatPass = new ArrayList<>();
    for (final byte[] row : truthTable) {
        final List<String> termRowToCheck = new ArrayList<>();
        // term that it matches.
        for (int i = 0; i < row.length; i++) {
            final byte entry = row[i];
            if (entry == 1) {
                termRowToCheck.add(terms.get(i));
            }
        }
        final List<String> authList = new ArrayList<>();
        for (final String auth : termRowToCheck) {
            String formattedAuth = auth;
            formattedAuth = StringUtils.removeStart(formattedAuth, "\"");
            formattedAuth = StringUtils.removeEnd(formattedAuth, "\"");
            authList.add(formattedAuth);
        }
        final Authorizations auths = new Authorizations(authList.toArray(new String[0]));
        final boolean hasAccess = DocumentVisibilityUtil.doesUserHaveDocumentAccess(auths, documentVisibility, false);
        if (hasAccess) {
            boolean alreadyCoveredBySimplerTerms = false;
            // (it's a subset)
            for (final List<String> existingTermRowThatPassed : termRowsThatPass) {
                alreadyCoveredBySimplerTerms = termRowToCheck.containsAll(existingTermRowThatPassed);
                if (alreadyCoveredBySimplerTerms) {
                    break;
                }
            }
            if (!alreadyCoveredBySimplerTerms) {
                termRowsThatPass.add(termRowToCheck);
            }
        }
    }
    // Rebuild the term rows that passed as a document visibility boolean
    // expression string.
    final StringBuilder sb = new StringBuilder();
    boolean isFirst = true;
    final boolean hasMultipleGroups = termRowsThatPass.size() > 1;
    for (final List<String> termRowThatPassed : termRowsThatPass) {
        if (isFirst) {
            isFirst = false;
        } else {
            sb.append("|");
        }
        if (hasMultipleGroups && termRowThatPassed.size() > 1) {
            sb.append("(");
        }
        sb.append(Joiner.on("&").join(termRowThatPassed));
        if (hasMultipleGroups && termRowThatPassed.size() > 1) {
            sb.append(")");
        }
    }
    log.trace(sb.toString());
    final DocumentVisibility dnfDv = new DocumentVisibility(sb.toString());
    return dnfDv;
}

Example 80 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class PcjTablesIT method loadPcjResults.

/**
 * Scan accumulo for the results that are stored in a PCJ table. The
 * multimap stores a set of deserialized binding sets that were in the PCJ
 * table for every variable order that is found in the PCJ metadata.
 */
private static Multimap<String, BindingSet> loadPcjResults(final Connector accumuloConn, final String pcjTableName) throws PcjException, TableNotFoundException, BindingSetConversionException {
    final Multimap<String, BindingSet> fetchedResults = HashMultimap.create();
    // Get the variable orders the data was written to.
    final PcjTables pcjs = new PcjTables();
    final PcjMetadata pcjMetadata = pcjs.getPcjMetadata(accumuloConn, pcjTableName);
    // Scan Accumulo for the stored results.
    for (final VariableOrder varOrder : pcjMetadata.getVarOrders()) {
        final Scanner scanner = accumuloConn.createScanner(pcjTableName, new Authorizations());
        scanner.fetchColumnFamily(new Text(varOrder.toString()));
        for (final Entry<Key, Value> entry : scanner) {
            final byte[] serializedResult = entry.getKey().getRow().getBytes();
            final BindingSet result = converter.convert(serializedResult, varOrder);
            fetchedResults.put(varOrder.toString(), result);
        }
    }
    return fetchedResults;
}