Examples with Authorizations org.apache.accumulo.core.security.Authorizations used on opensource projects

Example 96 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class PcjVisibilityIT method visibilitySimplified.

@Test
public void visibilitySimplified() throws Exception {
    // Create a PCJ index within Rya.
    final String sparql = "SELECT ?customer ?worker ?city " + "{ " + "?customer <" + TALKS_TO + "> ?worker. " + "?worker <" + LIVES_IN + "> ?city. " + "?worker <" + WORKS_AT + "> <" + BURGER_JOINT + ">. " + "}";
    final Connector accumuloConn = super.getAccumuloConnector();
    final String instanceName = super.getMiniAccumuloCluster().getInstanceName();
    final String zookeepers = super.getMiniAccumuloCluster().getZooKeepers();
    final RyaClient ryaClient = AccumuloRyaClientFactory.build(createConnectionDetails(), accumuloConn);
    final String pcjId = ryaClient.getCreatePCJ().createPCJ(getRyaInstanceName(), sparql);
    // Grant the root user the "u" authorization.
    super.getAccumuloConnector().securityOperations().changeUserAuthorizations(getUsername(), new Authorizations("u"));
    // Setup a connection to the Rya instance that uses the "u" authorizations. This ensures
    // any statements that are inserted will have the "u" authorization on them and that the
    // PCJ updating application will have to maintain visibilities.
    final AccumuloRdfConfiguration ryaConf = new AccumuloRdfConfiguration();
    ryaConf.setTablePrefix(getRyaInstanceName());
    // Accumulo connection information.
    ryaConf.setAccumuloUser(getUsername());
    ryaConf.setAccumuloPassword(getPassword());
    ryaConf.setAccumuloInstance(super.getAccumuloConnector().getInstance().getInstanceName());
    ryaConf.setAccumuloZookeepers(super.getAccumuloConnector().getInstance().getZooKeepers());
    ryaConf.set(ConfigUtils.CLOUDBASE_AUTHS, "u");
    ryaConf.set(RdfCloudTripleStoreConfiguration.CONF_CV, "u");
    // PCJ configuration information.
    ryaConf.set(ConfigUtils.USE_PCJ, "true");
    ryaConf.set(ConfigUtils.USE_PCJ_UPDATER_INDEX, "true");
    ryaConf.set(ConfigUtils.FLUO_APP_NAME, super.getFluoConfiguration().getApplicationName());
    ryaConf.set(ConfigUtils.PCJ_STORAGE_TYPE, PrecomputedJoinIndexerConfig.PrecomputedJoinStorageType.ACCUMULO.toString());
    ryaConf.set(ConfigUtils.PCJ_UPDATER_TYPE, PrecomputedJoinIndexerConfig.PrecomputedJoinUpdaterType.FLUO.toString());
    Sail sail = null;
    RyaSailRepository ryaRepo = null;
    RepositoryConnection ryaConn = null;
    try {
        sail = RyaSailFactory.getInstance(ryaConf);
        ryaRepo = new RyaSailRepository(sail);
        ryaConn = ryaRepo.getConnection();
        // Load a few Statements into Rya.
        ryaConn.add(VF.createStatement(ALICE, TALKS_TO, BOB));
        ryaConn.add(VF.createStatement(BOB, LIVES_IN, HAPPYVILLE));
        ryaConn.add(VF.createStatement(BOB, WORKS_AT, BURGER_JOINT));
        // Wait for Fluo to finish processing.
        super.getMiniFluo().waitForObservers();
        // Fetch the exported result and show that its column visibility has been simplified.
        final String pcjTableName = new PcjTableNameFactory().makeTableName(getRyaInstanceName(), pcjId);
        final Scanner scan = accumuloConn.createScanner(pcjTableName, new Authorizations("u"));
        scan.fetchColumnFamily(new Text("customer;worker;city"));
        final Entry<Key, Value> result = scan.iterator().next();
        final Key key = result.getKey();
        assertEquals(new Text("u"), key.getColumnVisibility());
    } finally {
        if (ryaConn != null) {
            try {
                ryaConn.close();
            } finally {
            }
        }
        if (ryaRepo != null) {
            try {
                ryaRepo.shutDown();
            } finally {
            }
        }
        if (sail != null) {
            try {
                sail.shutDown();
            } finally {
            }
        }
    }
}

Example 97 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class PcjVisibilityIT method setupTestUsers.

private void setupTestUsers(final Connector accumuloConn, final String ryaInstanceName, final String pcjId) throws AccumuloException, AccumuloSecurityException {
    final PasswordToken pass = new PasswordToken("password");
    final SecurityOperations secOps = accumuloConn.securityOperations();
    // We need the table name so that we can update security for the users.
    final String pcjTableName = new PcjTableNameFactory().makeTableName(ryaInstanceName, pcjId);
    // Give the 'roor' user authorizations to see everything.
    secOps.changeUserAuthorizations("root", new Authorizations("A", "B", "C", "D", "E"));
    // Create a user that can see things with A and B.
    secOps.createLocalUser("abUser", pass);
    secOps.changeUserAuthorizations("abUser", new Authorizations("A", "B"));
    secOps.grantTablePermission("abUser", pcjTableName, TablePermission.READ);
    // Create a user that can see things with A, B, and C.
    secOps.createLocalUser("abcUser", pass);
    secOps.changeUserAuthorizations("abcUser", new Authorizations("A", "B", "C"));
    secOps.grantTablePermission("abcUser", pcjTableName, TablePermission.READ);
    // Create a user that can see things with A, D, and E.
    secOps.createLocalUser("adeUser", pass);
    secOps.changeUserAuthorizations("adeUser", new Authorizations("A", "D", "E"));
    secOps.grantTablePermission("adeUser", pcjTableName, TablePermission.READ);
    // Create a user that can't see anything.
    secOps.createLocalUser("noAuth", pass);
    secOps.changeUserAuthorizations("noAuth", new Authorizations());
    secOps.grantTablePermission("noAuth", pcjTableName, TablePermission.READ);
}

Example 98 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class AccumuloRyaDAO method purge.

private void purge(final String tableName, final String[] auths) throws TableNotFoundException, MutationsRejectedException {
    if (tableExists(tableName)) {
        logger.info("Purging accumulo table: " + tableName);
        final BatchDeleter batchDeleter = createBatchDeleter(tableName, new Authorizations(auths));
        try {
            batchDeleter.setRanges(Collections.singleton(new Range()));
            batchDeleter.delete();
        } finally {
            batchDeleter.close();
        }
    }
}

Example 99 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class AccumuloRyaQueryEngine method queryWithBindingSet.

@Override
public CloseableIteration<? extends Map.Entry<RyaStatement, BindingSet>, RyaDAOException> queryWithBindingSet(Collection<Map.Entry<RyaStatement, BindingSet>> stmts, AccumuloRdfConfiguration conf) throws RyaDAOException {
    if (conf == null) {
        conf = configuration;
    }
    // query configuration
    Authorizations authorizations = conf.getAuthorizations();
    Long ttl = conf.getTtl();
    Long maxResults = conf.getLimit();
    Integer maxRanges = conf.getMaxRangesForScanner();
    Integer numThreads = conf.getNumThreads();
    // TODO: cannot span multiple tables here
    try {
        Collection<Range> ranges = new HashSet<Range>();
        RangeBindingSetEntries rangeMap = new RangeBindingSetEntries();
        TABLE_LAYOUT layout = null;
        RyaURI context = null;
        TriplePatternStrategy strategy = null;
        RyaURI columnFamily = null;
        boolean columnFamilySet = false;
        for (Map.Entry<RyaStatement, BindingSet> stmtbs : stmts) {
            RyaStatement stmt = stmtbs.getKey();
            context = stmt.getContext();
            // Scanner will fetch all ColumnFamilies.
            if (!columnFamilySet) {
                columnFamily = context;
                columnFamilySet = true;
            } else if (columnFamily != null && !columnFamily.equals(context)) {
                columnFamily = null;
            }
            BindingSet bs = stmtbs.getValue();
            strategy = ryaContext.retrieveStrategy(stmt);
            if (strategy == null) {
                throw new IllegalArgumentException("TriplePattern[" + stmt + "] not supported");
            }
            Map.Entry<RdfCloudTripleStoreConstants.TABLE_LAYOUT, ByteRange> entry = strategy.defineRange(stmt.getSubject(), stmt.getPredicate(), stmt.getObject(), stmt.getContext(), conf);
            // use range to set scanner
            // populate scanner based on authorizations, ttl
            layout = entry.getKey();
            ByteRange byteRange = entry.getValue();
            Range range = new Range(new Text(byteRange.getStart()), new Text(byteRange.getEnd()));
            Range rangeMapRange = range;
            // as the Value specified in the BindingSet
            if (context != null) {
                byte[] contextBytes = context.getData().getBytes("UTF-8");
                rangeMapRange = range.bound(new Column(contextBytes, new byte[] { (byte) 0x00 }, new byte[] { (byte) 0x00 }), new Column(contextBytes, new byte[] { (byte) 0xff }, new byte[] { (byte) 0xff }));
            }
            // ranges gets a Range that has no Column bounds, but
            // rangeMap gets a Range that does have Column bounds
            // If we inserted multiple Ranges with the same Row (but
            // distinct Column bounds) into the Set ranges, we would get
            // duplicate
            // results when the Row is not exact. So RyaStatements that
            // differ only in their context are all mapped to the same
            // Range (with no Column bounds) for scanning purposes.
            // However, context information is included in a Column that
            // bounds the Range inserted into rangeMap. This is because
            // in the class {@link RyaStatementBindingSetKeyValueIterator},
            // the rangeMap is
            // used to join the scan results with the BindingSets to produce
            // the query results. The additional ColumnFamily info is
            // required in this join
            // process to allow for the Statement contexts to be compared
            // with the BindingSet contexts
            // See {@link RangeBindingSetEntries#containsKey}.
            ranges.add(range);
            rangeMap.put(rangeMapRange, bs);
        }
        // no ranges. if strategy alone is null, it would be thrown in the loop above.
        if (layout == null || strategy == null) {
            return null;
        }
        String regexSubject = conf.getRegexSubject();
        String regexPredicate = conf.getRegexPredicate();
        String regexObject = conf.getRegexObject();
        TripleRowRegex tripleRowRegex = strategy.buildRegex(regexSubject, regexPredicate, regexObject, null, null);
        String table = layoutToTable(layout, conf);
        boolean useBatchScanner = ranges.size() > maxRanges;
        RyaStatementBindingSetKeyValueIterator iterator = null;
        if (useBatchScanner) {
            ScannerBase scanner = connector.createBatchScanner(table, authorizations, numThreads);
            ((BatchScanner) scanner).setRanges(ranges);
            fillScanner(scanner, columnFamily, null, ttl, null, tripleRowRegex, conf);
            iterator = new RyaStatementBindingSetKeyValueIterator(layout, ryaContext, scanner, rangeMap);
        } else {
            Scanner scannerBase = null;
            Iterator<Map.Entry<Key, Value>>[] iters = new Iterator[ranges.size()];
            int i = 0;
            for (Range range : ranges) {
                scannerBase = connector.createScanner(table, authorizations);
                scannerBase.setRange(range);
                fillScanner(scannerBase, columnFamily, null, ttl, null, tripleRowRegex, conf);
                iters[i] = scannerBase.iterator();
                i++;
            }
            iterator = new RyaStatementBindingSetKeyValueIterator(layout, Iterators.concat(iters), rangeMap, ryaContext);
        }
        if (maxResults != null) {
            iterator.setMaxResults(maxResults);
        }
        return iterator;
    } catch (Exception e) {
        throw new RyaDAOException(e);
    }
}

Example 100 with Authorizations

use of org.apache.accumulo.core.security.Authorizations in project incubator-rya by apache.

the class AccumuloRyaQueryEngine method query.

@Override
public CloseableIterable<RyaStatement> query(RyaQuery ryaQuery) throws RyaDAOException {
    Preconditions.checkNotNull(ryaQuery);
    RyaStatement stmt = ryaQuery.getQuery();
    Preconditions.checkNotNull(stmt);
    // query configuration
    String[] auths = ryaQuery.getAuths();
    Authorizations authorizations = auths != null ? new Authorizations(auths) : configuration.getAuthorizations();
    Long ttl = ryaQuery.getTtl();
    Long currentTime = ryaQuery.getCurrentTime();
    Long maxResults = ryaQuery.getMaxResults();
    Integer batchSize = ryaQuery.getBatchSize();
    String regexSubject = ryaQuery.getRegexSubject();
    String regexPredicate = ryaQuery.getRegexPredicate();
    String regexObject = ryaQuery.getRegexObject();
    TableLayoutStrategy tableLayoutStrategy = configuration.getTableLayoutStrategy();
    try {
        // find triple pattern range
        TriplePatternStrategy strategy = ryaContext.retrieveStrategy(stmt);
        TABLE_LAYOUT layout;
        Range range;
        RyaURI subject = stmt.getSubject();
        RyaURI predicate = stmt.getPredicate();
        RyaType object = stmt.getObject();
        RyaURI context = stmt.getContext();
        String qualifier = stmt.getQualifer();
        TripleRowRegex tripleRowRegex = null;
        if (strategy != null) {
            // otherwise, full table scan is supported
            Map.Entry<RdfCloudTripleStoreConstants.TABLE_LAYOUT, ByteRange> entry = strategy.defineRange(subject, predicate, object, context, null);
            layout = entry.getKey();
            ByteRange byteRange = entry.getValue();
            range = new Range(new Text(byteRange.getStart()), new Text(byteRange.getEnd()));
        } else {
            range = new Range();
            layout = TABLE_LAYOUT.SPO;
            strategy = ryaContext.retrieveStrategy(layout);
        }
        byte[] objectTypeInfo = null;
        if (object != null) {
            // TODO: Not good to serialize this twice
            if (object instanceof RyaRange) {
                objectTypeInfo = RyaContext.getInstance().serializeType(((RyaRange) object).getStart())[1];
            } else {
                objectTypeInfo = RyaContext.getInstance().serializeType(object)[1];
            }
        }
        tripleRowRegex = strategy.buildRegex(regexSubject, regexPredicate, regexObject, null, objectTypeInfo);
        // use range to set scanner
        // populate scanner based on authorizations, ttl
        String table = layoutToTable(layout, tableLayoutStrategy);
        Scanner scanner = connector.createScanner(table, authorizations);
        scanner.setRange(range);
        if (batchSize != null) {
            scanner.setBatchSize(batchSize);
        }
        fillScanner(scanner, context, qualifier, ttl, currentTime, tripleRowRegex, ryaQuery.getConf());
        FluentCloseableIterable<RyaStatement> results = FluentCloseableIterable.from(new ScannerBaseCloseableIterable(scanner)).transform(keyValueToRyaStatementFunctionMap.get(layout));
        if (maxResults != null) {
            results = results.limit(maxResults.intValue());
        }
        return results;
    } catch (Exception e) {
        throw new RyaDAOException(e);
    }
}