Examples with VisibilityEvaluator org.apache.accumulo.core.security.VisibilityEvaluator used on opensource projects

Example 1 with VisibilityEvaluator

use of org.apache.accumulo.core.security.VisibilityEvaluator in project incubator-rya by apache.

the class DocumentVisibilityUtil method doesUserHaveDocumentAccess.

/**
 * Checks if the user's authorizations allows them to have access to the
 * provided document based on its document visibility.
 * @param authorizations the {@link Authorizations}.
 * @param documentVisibility the {@link DocumentVisibility}.
 * @param doesEmptyAccessPass {@code true} if an empty authorization pass
 * allows access to everything. {@code false} otherwise.
 * @return {@code true} if the user has access to the document.
 * {@code false} otherwise.
 */
public static boolean doesUserHaveDocumentAccess(final Authorizations authorizations, final DocumentVisibility documentVisibility, final boolean doesEmptyAccessPass) {
    final Authorizations userAuths = authorizations != null ? authorizations : MongoDbRdfConstants.ALL_AUTHORIZATIONS;
    final VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(userAuths);
    boolean accept = false;
    if (doesEmptyAccessPass && MongoDbRdfConstants.ALL_AUTHORIZATIONS.equals(userAuths)) {
        accept = true;
    } else {
        try {
            accept = visibilityEvaluator.evaluate(documentVisibility);
        } catch (final VisibilityParseException e) {
            log.error("Could not parse document visibility.");
        }
    }
    return accept;
}

Example 2 with VisibilityEvaluator

use of org.apache.accumulo.core.security.VisibilityEvaluator in project accumulo by apache.

the class VisibilityFilter method init.

@Override
public void init(SortedKeyValueIterator<Key, Value> source, Map<String, String> options, IteratorEnvironment env) throws IOException {
    super.init(source, options, env);
    validateOptions(options);
    this.filterInvalid = Boolean.parseBoolean(options.get(FILTER_INVALID_ONLY));
    if (!filterInvalid) {
        String auths = options.get(AUTHS);
        Authorizations authObj = auths == null || auths.isEmpty() ? new Authorizations() : new Authorizations(auths.getBytes(UTF_8));
        this.ve = new VisibilityEvaluator(authObj);
    }
    this.cache = new LRUMap(1000);
}

Example 3 with VisibilityEvaluator

use of org.apache.accumulo.core.security.VisibilityEvaluator in project accumulo by apache.

the class VisibilityConstraint method check.

@Override
public List<Short> check(Environment env, Mutation mutation) {
    List<ColumnUpdate> updates = mutation.getUpdates();
    HashSet<String> ok = null;
    if (updates.size() > 1)
        ok = new HashSet<>();
    VisibilityEvaluator ve = null;
    for (ColumnUpdate update : updates) {
        byte[] cv = update.getColumnVisibility();
        if (cv.length > 0) {
            String key = null;
            if (ok != null && ok.contains(key = new String(cv, UTF_8)))
                continue;
            try {
                if (ve == null)
                    ve = new VisibilityEvaluator(env.getAuthorizationsContainer());
                if (!ve.evaluate(new ColumnVisibility(cv)))
                    return Collections.singletonList((short) 2);
            } catch (BadArgumentException | VisibilityParseException bae) {
                return Collections.singletonList((short) 1);
            }
            if (ok != null)
                ok.add(key);
        }
    }
    return null;
}

Example 4 with VisibilityEvaluator

use of org.apache.accumulo.core.security.VisibilityEvaluator in project accumulo by apache.

the class TransformingIterator method init.

@Override
public void init(SortedKeyValueIterator<Key, Value> source, Map<String, String> options, IteratorEnvironment env) throws IOException {
    super.init(source, options, env);
    scanning = IteratorScope.scan.equals(env.getIteratorScope());
    if (scanning) {
        String auths = options.get(AUTH_OPT);
        if (auths != null && !auths.isEmpty()) {
            ve = new VisibilityEvaluator(new Authorizations(auths.getBytes(UTF_8)));
            visibleCache = new LRUMap(100);
        }
    }
    if (options.containsKey(MAX_BUFFER_SIZE_OPT)) {
        maxBufferSize = ConfigurationTypeHelper.getFixedMemoryAsBytes(options.get(MAX_BUFFER_SIZE_OPT));
    } else {
        maxBufferSize = DEFAULT_MAX_BUFFER_SIZE;
    }
    parsedVisibilitiesCache = new LRUMap(100);
}

Example 5 with VisibilityEvaluator

use of org.apache.accumulo.core.security.VisibilityEvaluator in project vertexium by visallo.

the class AccumuloAuthorizations method canRead.

@Override
public boolean canRead(Visibility visibility) {
    Preconditions.checkNotNull(visibility, "visibility is required");
    // this is just a shortcut so that we don't need to construct evaluators and visibility objects to check for an empty string.
    if (visibility.getVisibilityString().length() == 0) {
        return true;
    }
    VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new org.apache.accumulo.core.security.Authorizations(this.getAuthorizations()));
    ColumnVisibility columnVisibility = new ColumnVisibility(visibility.getVisibilityString());
    try {
        return visibilityEvaluator.evaluate(columnVisibility);
    } catch (VisibilityParseException e) {
        throw new VertexiumException("could not evaluate visibility " + visibility.getVisibilityString(), e);
    }
}