Search in sources :

Example 1 with AuthResult

use of org.apache.hadoop.hbase.security.access.AuthResult in project phoenix by apache.

the class PhoenixAccessController method requireAccess.

/**
 * Authorizes that the current user has all the given permissions for the
 * given table and for the hbase namespace of the table
 * @param tableName Table requested
 * @throws IOException if obtaining the current user fails
 * @throws AccessDeniedException if user has no authorization
 */
private void requireAccess(String request, TableName tableName, Action... permissions) throws IOException {
    User user = getActiveUser();
    AuthResult result = null;
    List<Action> requiredAccess = new ArrayList<Action>();
    for (Action permission : permissions) {
        if (hasAccess(getUserPermissions(tableName), tableName, permission, user)) {
            result = AuthResult.allow(request, "Table permission granted", user, permission, tableName, null, null);
        } else {
            result = AuthResult.deny(request, "Insufficient permissions", user, permission, tableName, null, null);
            requiredAccess.add(permission);
        }
        logResult(result);
    }
    if (!requiredAccess.isEmpty()) {
        result = AuthResult.deny(request, "Insufficient permissions", user, requiredAccess.get(0), tableName, null, null);
    }
    if (!result.isAllowed()) {
        throw new AccessDeniedException("Insufficient permissions " + authString(user.getName(), tableName, new HashSet<Permission.Action>(Arrays.asList(permissions))));
    }
}
Also used : PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) User(org.apache.hadoop.hbase.security.User) ArrayList(java.util.ArrayList) AuthResult(org.apache.hadoop.hbase.security.access.AuthResult)

Aggregations

PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1 ArrayList (java.util.ArrayList)1 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)1 User (org.apache.hadoop.hbase.security.User)1 AuthResult (org.apache.hadoop.hbase.security.access.AuthResult)1 Action (org.apache.hadoop.hbase.security.access.Permission.Action)1