Class SecurityOperationsImpl
- java.lang.Object
-
- org.apache.accumulo.core.clientImpl.SecurityOperationsImpl
-
- All Implemented Interfaces:
SecurityOperations
public class SecurityOperationsImpl extends Object implements SecurityOperations
-
-
Constructor Summary
Constructors Constructor Description SecurityOperationsImpl(ClientContext context)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authenticateUser(String principal, AuthenticationToken token)
Verify a username/password combination is validvoid
changeLocalUserPassword(String principal, PasswordToken token)
Set the user's passwordvoid
changeUserAuthorizations(String principal, Authorizations authorizations)
Set the user's record-level authorizationsvoid
createLocalUser(String principal, PasswordToken password)
Create a uservoid
dropLocalUser(String principal)
Delete a userDelegationToken
getDelegationToken(DelegationTokenConfig cfg)
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g.Authorizations
getUserAuthorizations(String principal)
Retrieves the user's authorizations for scanningvoid
grantNamespacePermission(String principal, String namespace, NamespacePermission permission)
Grant a user a specific permission for a specific namespacevoid
grantSystemPermission(String principal, SystemPermission permission)
Grant a user a system permissionvoid
grantTablePermission(String principal, String table, TablePermission permission)
Grant a user a specific permission for a specific tableboolean
hasNamespacePermission(String principal, String namespace, NamespacePermission permission)
Verify the user has a particular namespace permissionboolean
hasSystemPermission(String principal, SystemPermission perm)
Verify the user has a particular system permissionboolean
hasTablePermission(String principal, String table, TablePermission perm)
Verify the user has a particular table permissionSet<String>
listLocalUsers()
Return a list of users in accumulovoid
revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)
Revoke a namespace permission for a specific user on a specific namespacevoid
revokeSystemPermission(String principal, SystemPermission permission)
Revoke a system permission from a uservoid
revokeTablePermission(String principal, String table, TablePermission permission)
Revoke a table permission for a specific user on a specific table
-
-
-
Constructor Detail
-
SecurityOperationsImpl
public SecurityOperationsImpl(ClientContext context)
-
-
Method Detail
-
createLocalUser
public void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Create a user- Specified by:
createLocalUser
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to createpassword
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to create a user
-
dropLocalUser
public void dropLocalUser(String principal) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Delete a user- Specified by:
dropLocalUser
in interfaceSecurityOperations
- Parameters:
principal
- the user name to delete- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to delete a user
-
authenticateUser
public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify a username/password combination is valid- Specified by:
authenticateUser
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to authenticatetoken
- the SecurityToken for the user- Returns:
- true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to ask
-
changeLocalUserPassword
public void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Set the user's password- Specified by:
changeLocalUserPassword
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytoken
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
changeUserAuthorizations
public void changeUserAuthorizations(String principal, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Set the user's record-level authorizations- Specified by:
changeUserAuthorizations
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifyauthorizations
- the authorizations that the user has for scanning- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
getUserAuthorizations
public Authorizations getUserAuthorizations(String principal) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Retrieves the user's authorizations for scanning- Specified by:
getUserAuthorizations
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to query- Returns:
- the set of authorizations the user has available for scanning
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasSystemPermission
public boolean hasSystemPermission(String principal, SystemPermission perm) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular system permission- Specified by:
hasSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to queryperm
- the system permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasTablePermission
public boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular table permission- Specified by:
hasTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to querytable
- the name of the table to query aboutperm
- the table permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasNamespacePermission
public boolean hasNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular namespace permission- Specified by:
hasNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to querynamespace
- the name of the namespace to query aboutpermission
- the namespace permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
grantSystemPermission
public void grantSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a system permission- Specified by:
grantSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifypermission
- the system permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantTablePermission
public void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a specific permission for a specific table- Specified by:
grantTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantNamespacePermission
public void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a specific permission for a specific namespace- Specified by:
grantNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
revokeSystemPermission
public void revokeSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a system permission from a user- Specified by:
revokeSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifypermission
- the system permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeTablePermission
public void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a table permission for a specific user on a specific table- Specified by:
revokeTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeNamespacePermission
public void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a namespace permission for a specific user on a specific namespace- Specified by:
revokeNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
listLocalUsers
public Set<String> listLocalUsers() throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Return a list of users in accumulo- Specified by:
listLocalUsers
in interfaceSecurityOperations
- Returns:
- a set of user names
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query users
-
getDelegationToken
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g. YARN Jobs)- Specified by:
getDelegationToken
in interfaceSecurityOperations
- Throws:
AccumuloException
AccumuloSecurityException
-
-