Examples with Action org.apache.hadoop.hbase.security.access.Permission.Action used on opensource projects

Search in sources :

Example 11 with Action

use of org.apache.hadoop.hbase.security.access.Permission.Action in project hbase by apache.

the class AccessChecker method hasUserPermission.

/**
 * Authorizes that if the current user has the given permissions.
 * @param user Active user to which authorization checks should be applied
 * @param request Request type
 * @param permission Actions being requested
 * @return True if the user has the specific permission
 */
public boolean hasUserPermission(User user, String request, Permission permission) {
    if (permission instanceof TablePermission) {
        TablePermission tPerm = (TablePermission) permission;
        for (Permission.Action action : permission.getActions()) {
            AuthResult authResult = permissionGranted(request, user, action, tPerm.getTableName(), tPerm.getFamily(), tPerm.getQualifier());
            AccessChecker.logResult(authResult);
            if (!authResult.isAllowed()) {
                return false;
            }
        }
    } else if (permission instanceof NamespacePermission) {
        NamespacePermission nsPerm = (NamespacePermission) permission;
        AuthResult authResult;
        for (Action action : nsPerm.getActions()) {
            if (getAuthManager().authorizeUserNamespace(user, nsPerm.getNamespace(), action)) {
                authResult = AuthResult.allow(request, "Namespace action allowed", user, action, null, null);
            } else {
                authResult = AuthResult.deny(request, "Namespace action denied", user, action, null, null);
            }
            AccessChecker.logResult(authResult);
            if (!authResult.isAllowed()) {
                return false;
            }
        }
    } else {
        AuthResult authResult;
        for (Permission.Action action : permission.getActions()) {
            if (getAuthManager().authorizeUserGlobal(user, action)) {
                authResult = AuthResult.allow(request, "Global action allowed", user, action, null, null);
            } else {
                authResult = AuthResult.deny(request, "Global action denied", user, action, null, null);
            }
            AccessChecker.logResult(authResult);
            if (!authResult.isAllowed()) {
                return false;
            }
        }
    }
    return true;
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) Action(org.apache.hadoop.hbase.security.access.Permission.Action)

Example 12 with Action

use of org.apache.hadoop.hbase.security.access.Permission.Action in project hbase by apache.

the class AccessChecker method requirePermission.

/**
 * Authorizes that the current user has any of the given permissions for the
 * given table, column family and column qualifier.
 *
 * @param user Active user to which authorization checks should be applied
 * @param request Request type
 * @param tableName Table requested
 * @param family    Column family requested
 * @param qualifier Column qualifier requested
 * @param filterUser User name to be filtered from permission as requested
 * @param permissions Actions being requested
 * @throws IOException if obtaining the current user fails
 * @throws AccessDeniedException if user has no authorization
 */
public void requirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, String filterUser, Action... permissions) throws IOException {
    AuthResult result = null;
    for (Action permission : permissions) {
        if (authManager.authorizeUserTable(user, tableName, family, qualifier, permission)) {
            result = AuthResult.allow(request, "Table permission granted", user, permission, tableName, family, qualifier);
            break;
        } else {
            // rest of the world
            result = AuthResult.deny(request, "Insufficient permissions", user, permission, tableName, family, qualifier);
        }
    }
    result.getParams().addExtraParam("filterUser", filterUser);
    logResult(result);
    if (!result.isAllowed()) {
        throw new AccessDeniedException("Insufficient permissions " + result.toContextString());
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)

Example 13 with Action

use of org.apache.hadoop.hbase.security.access.Permission.Action in project hbase by apache.

the class AccessChecker method requireAccess.

/**
 * Authorizes that the current user has any of the given permissions to access the table.
 *
 * @param user Active user to which authorization checks should be applied
 * @param request Request type.
 * @param tableName   Table requested
 * @param permissions Actions being requested
 * @throws IOException if obtaining the current user fails
 * @throws AccessDeniedException if user has no authorization
 */
public void requireAccess(User user, String request, TableName tableName, Action... permissions) throws IOException {
    AuthResult result = null;
    for (Action permission : permissions) {
        if (authManager.accessUserTable(user, tableName, permission)) {
            result = AuthResult.allow(request, "Table permission granted", user, permission, tableName, null, null);
            break;
        } else {
            // rest of the world
            result = AuthResult.deny(request, "Insufficient permissions", user, permission, tableName, null, null);
        }
    }
    logResult(result);
    if (!result.isAllowed()) {
        throw new AccessDeniedException("Insufficient permissions " + result.toContextString());
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)

Example 14 with Action

use of org.apache.hadoop.hbase.security.access.Permission.Action in project hbase by apache.

the class AccessChecker method requireTablePermission.

/**
 * Authorizes that the current user has any of the given permissions for the
 * given table, column family and column qualifier.
 *
 * @param user Active user to which authorization checks should be applied
 * @param request Request type
 * @param tableName Table requested
 * @param family    Column family param
 * @param qualifier Column qualifier param
 * @throws IOException           if obtaining the current user fails
 * @throws AccessDeniedException if user has no authorization
 */
public void requireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Action... permissions) throws IOException {
    AuthResult result = null;
    for (Action permission : permissions) {
        if (authManager.authorizeUserTable(user, tableName, permission)) {
            result = AuthResult.allow(request, "Table permission granted", user, permission, tableName, null, null);
            result.getParams().setFamily(family).setQualifier(qualifier);
            break;
        } else {
            // rest of the world
            result = AuthResult.deny(request, "Insufficient permissions", user, permission, tableName, family, qualifier);
            result.getParams().setFamily(family).setQualifier(qualifier);
        }
    }
    logResult(result);
    if (!result.isAllowed()) {
        throw new AccessDeniedException("Insufficient permissions " + result.toContextString());
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)

Example 15 with Action

use of org.apache.hadoop.hbase.security.access.Permission.Action in project hbase by apache.

the class AccessChecker method requireNamespacePermission.

/**
 * Checks that the user has the given global or namespace permission.
 * @param user Active user to which authorization checks should be applied
 * @param request Request type
 * @param namespace Name space as requested
 * @param filterUser User name to be filtered from permission as requested
 * @param permissions Actions being requested
 */
public void requireNamespacePermission(User user, String request, String namespace, String filterUser, Action... permissions) throws IOException {
    AuthResult result = null;
    for (Action permission : permissions) {
        if (authManager.authorizeUserNamespace(user, namespace, permission)) {
            result = AuthResult.allow(request, "Namespace permission granted", user, permission, namespace);
            break;
        } else {
            // rest of the world
            result = AuthResult.deny(request, "Insufficient permissions", user, permission, namespace);
        }
    }
    result.getParams().addExtraParam("filterUser", filterUser);
    logResult(result);
    if (!result.isAllowed()) {
        throw new AccessDeniedException("Insufficient permissions " + result.toContextString());
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)

Aggregations

Action (org.apache.hadoop.hbase.security.access.Permission.Action)19 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)17 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)13 PrivilegedAction (java.security.PrivilegedAction)7 User (org.apache.hadoop.hbase.security.User)4 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 TableName (org.apache.hadoop.hbase.TableName)2 Connection (org.apache.hadoop.hbase.client.Connection)2 Table (org.apache.hadoop.hbase.client.Table)2 BlockingRpcChannel (com.google.protobuf.BlockingRpcChannel)1 ServiceException (com.google.protobuf.ServiceException)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 TreeSet (java.util.TreeSet)1 Cell (org.apache.hadoop.hbase.Cell)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial