Examples with AccessControl org.apache.storm.generated.AccessControl used on opensource projects

Example 11 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreAclHandler method hasPermissions.

/**
     * Validates if the user has at least the set of permissions
     * mentioned in the mask.
     * @param acl ACL for the key.
     * @param mask mask holds the cumulative value of
     * READ = 1, WRITE = 2 or ADMIN = 4 permissions.
     * mask = 1 implies READ privilege.
     * mask = 5 implies READ and ADMIN privileges.
     * @param who Is the user against whom the permissions
     * are validated for a key using the ACL and the mask.
     * @param key Key used to identify the blob.
     * @throws AuthorizationException
     */
public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException {
    if (!doAclValidation) {
        return;
    }
    Set<String> user = constructUserFromPrincipals(who);
    LOG.debug("user {}", user);
    if (checkForValidUsers(who, mask)) {
        return;
    }
    for (AccessControl ac : acl) {
        int allowed = getAllowed(ac, user);
        mask = ~allowed & mask;
        LOG.debug(" user: {} allowed: {} disallowed: {} key: {}", user, allowed, mask, key);
    }
    if (mask == 0) {
        return;
    }
    throw new AuthorizationException(user + " does not have " + namedPerms(mask) + " access to " + key);
}

Example 12 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class Blobstore method createCli.

private static void createCli(String[] args) throws Exception {
    Map<String, Object> cl = CLI.opt("f", "file", null, CLI.AS_STRING).opt("a", "acl", Collections.emptyList(), new AsAclParser()).opt("r", "replication-factor", -1, CLI.AS_INT).arg("key", CLI.FIRST_WINS).parse(args);
    final String key = (String) cl.get("key");
    final String file = (String) cl.get("f");
    final List<AccessControl> acl = (List<AccessControl>) cl.get("a");
    final Integer replicationFactor = (Integer) cl.get("r");
    SettableBlobMeta meta = new SettableBlobMeta(acl);
    meta.set_replication_factor(replicationFactor);
    Utils.validateKeyName(key);
    LOG.info("Creating {} with ACL {}", key, generateAccessControlsInfo(acl));
    if (StringUtils.isNotEmpty(file)) {
        try (BufferedInputStream f = new BufferedInputStream(new FileInputStream(file))) {
            BlobStoreSupport.createBlobFromStream(key, f, meta);
        }
    } else {
        BlobStoreSupport.createBlobFromStream(key, System.in, meta);
    }
    LOG.info("Successfully created {}", key);
}

Example 13 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class ClientBlobStoreTest method testGoodACLsForCreate.

@Test
public void testGoodACLsForCreate() throws Exception {
    SettableBlobMeta meta = new SettableBlobMeta();
    AccessControl submitterAcl = BlobStoreAclHandler.parseAccessControl("u:tester:rwa");
    meta.add_to_acl(submitterAcl);
    String testKey = "testBlobKey";
    client.createBlob(testKey, meta);
    validatedBlobAcls(testKey);
}

Example 14 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class ClientBlobStoreTest method testDuplicateACLsForSetBlobMeta.

@Test(expected = AuthorizationException.class)
public void testDuplicateACLsForSetBlobMeta() throws Exception {
    String testKey = "testDuplicateACLsBlobKey";
    SettableBlobMeta meta = new SettableBlobMeta();
    createTestBlob(testKey, meta);
    AccessControl duplicateAcl = BlobStoreAclHandler.parseAccessControl("u:tester:r--");
    meta.add_to_acl(duplicateAcl);
    client.setBlobMeta(testKey, meta);
}