public class SecurityOperation extends Object
Modifier and Type | Field and Description |
---|---|
protected Authenticator |
authenticator |
protected Authorizor |
authorizor |
protected AccumuloServerContext |
context |
protected boolean |
isKerberos |
protected PermissionHandler |
permHandle |
Modifier | Constructor and Description |
---|---|
protected |
SecurityOperation(AccumuloServerContext context) |
|
SecurityOperation(AccumuloServerContext context,
Authorizor author,
Authenticator authent,
PermissionHandler pm) |
Modifier and Type | Method and Description |
---|---|
protected void |
_createUser(TCredentials credentials,
Credentials newUser,
Authorizations authorizations) |
protected boolean |
_hasNamespacePermission(String user,
String namespace,
NamespacePermission permission,
boolean useCached)
Checks if a user has a namespace permission
This cannot check if a system user has permission. |
protected boolean |
_hasTablePermission(String user,
String table,
TablePermission permission,
boolean useCached)
Checks if a user has a table permission
This cannot check if a system user has permission. |
protected void |
authenticate(TCredentials credentials) |
boolean |
authenticateUser(TCredentials credentials,
TCredentials toAuth) |
boolean |
canAlterNamespace(TCredentials credentials,
String namespaceId) |
boolean |
canAlterTable(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canAskAboutUser(TCredentials credentials,
String user) |
boolean |
canBulkImport(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canBulkImport(TCredentials c,
String tableId,
String tableName,
String dir,
String failDir,
String namespaceId) |
boolean |
canChangeAuthorizations(TCredentials c,
String user) |
boolean |
canChangePassword(TCredentials c,
String user) |
boolean |
canCloneTable(TCredentials c,
String tableId,
String tableName,
String destinationNamespaceId,
String srcNamespaceId) |
boolean |
canCompact(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canConditionallyUpdate(TCredentials credentials,
String tableID,
String namespaceId,
List<ByteBuffer> authorizations) |
boolean |
canCreateNamespace(TCredentials credentials,
String namespace) |
boolean |
canCreateTable(TCredentials c,
String table,
String namespaceId) |
boolean |
canCreateUser(TCredentials c,
String user) |
boolean |
canDeleteNamespace(TCredentials credentials,
String namespaceId) |
boolean |
canDeleteRange(TCredentials c,
String tableId,
String tableName,
org.apache.hadoop.io.Text startRow,
org.apache.hadoop.io.Text endRow,
String namespaceId) |
boolean |
canDeleteTable(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canDropUser(TCredentials c,
String user) |
boolean |
canExport(TCredentials credentials,
String tableId,
String tableName,
String exportDir,
String namespaceId) |
boolean |
canFlush(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canGrantNamespace(TCredentials c,
String user,
String namespace) |
boolean |
canGrantSystem(TCredentials c,
String user,
SystemPermission sysPerm) |
boolean |
canGrantTable(TCredentials c,
String user,
String tableId,
String namespaceId) |
boolean |
canImport(TCredentials credentials,
String tableName,
String importDir,
String namespaceId) |
boolean |
canMerge(TCredentials c,
String tableId,
String namespaceId) |
boolean |
canObtainDelegationToken(TCredentials credentials) |
boolean |
canOnlineOfflineTable(TCredentials c,
String tableId,
FateOperation op,
String namespaceId) |
boolean |
canPerformSystemActions(TCredentials credentials)
This is the check to perform any system action.
|
boolean |
canRenameNamespace(TCredentials credentials,
String namespaceId,
String oldName,
String newName) |
boolean |
canRenameTable(TCredentials c,
String tableId,
String oldTableName,
String newTableName,
String namespaceId) |
boolean |
canRevokeNamespace(TCredentials c,
String user,
String namespace) |
boolean |
canRevokeSystem(TCredentials c,
String user,
SystemPermission sysPerm) |
boolean |
canRevokeTable(TCredentials c,
String user,
String tableId,
String namespaceId) |
boolean |
canScan(TCredentials credentials,
String tableId,
String namespaceId) |
boolean |
canScan(TCredentials credentials,
String table,
String namespaceId,
Map<TKeyExtent,List<TRange>> tbatch,
List<TColumn> tcolumns,
List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio,
List<ByteBuffer> authorizations) |
boolean |
canScan(TCredentials credentials,
String tableId,
String namespaceId,
TRange range,
List<TColumn> columns,
List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio,
List<ByteBuffer> authorizations) |
boolean |
canSplitTablet(TCredentials credentials,
String tableId,
String namespaceId) |
boolean |
canWrite(TCredentials credentials,
String tableId,
String namespaceId) |
void |
changeAuthorizations(TCredentials credentials,
String user,
Authorizations authorizations) |
void |
changePassword(TCredentials credentials,
Credentials toChange) |
void |
createUser(TCredentials credentials,
Credentials newUser,
Authorizations authorizations) |
void |
deleteNamespace(TCredentials credentials,
String namespace) |
void |
deleteTable(TCredentials credentials,
String tableId,
String namespaceId) |
void |
dropUser(TCredentials credentials,
String user) |
protected static Authenticator |
getAuthenticator(String instanceId,
boolean initialize) |
protected static Authorizor |
getAuthorizor(String instanceId,
boolean initialize) |
static SecurityOperation |
getInstance(AccumuloServerContext context,
boolean initialize) |
protected static PermissionHandler |
getPermHandler(String instanceId,
boolean initialize) |
String |
getRootUsername() |
Authorizations |
getUserAuthorizations(TCredentials credentials) |
Authorizations |
getUserAuthorizations(TCredentials credentials,
String user) |
void |
grantNamespacePermission(TCredentials c,
String user,
String namespace,
NamespacePermission permission) |
void |
grantSystemPermission(TCredentials credentials,
String user,
SystemPermission permissionById) |
void |
grantTablePermission(TCredentials c,
String user,
String tableId,
TablePermission permission,
String namespaceId) |
boolean |
hasNamespacePermission(TCredentials credentials,
String user,
String namespace,
NamespacePermission permissionById) |
boolean |
hasSystemPermission(TCredentials credentials,
String user,
SystemPermission permissionById) |
boolean |
hasTablePermission(TCredentials credentials,
String user,
String tableId,
TablePermission permissionById) |
protected boolean |
hasTablePermission(TCredentials credentials,
String tableId,
String namespaceId,
TablePermission permission,
boolean useCached)
Checks if a user has a table permission
|
void |
initializeSecurity(TCredentials credentials,
String rootPrincipal,
byte[] token) |
boolean |
isSystemUser(TCredentials credentials) |
Set<String> |
listUsers(TCredentials credentials) |
void |
revokeNamespacePermission(TCredentials c,
String user,
String namespace,
NamespacePermission permission) |
void |
revokeSystemPermission(TCredentials credentials,
String user,
SystemPermission permission) |
void |
revokeTablePermission(TCredentials c,
String user,
String tableId,
TablePermission permission,
String namespaceId) |
boolean |
userHasAuthorizations(TCredentials credentials,
List<ByteBuffer> list) |
protected Authorizor authorizor
protected Authenticator authenticator
protected PermissionHandler permHandle
protected boolean isKerberos
protected final AccumuloServerContext context
protected SecurityOperation(AccumuloServerContext context)
public SecurityOperation(AccumuloServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
public static SecurityOperation getInstance(AccumuloServerContext context, boolean initialize)
protected static Authorizor getAuthorizor(String instanceId, boolean initialize)
protected static Authenticator getAuthenticator(String instanceId, boolean initialize)
protected static PermissionHandler getPermHandler(String instanceId, boolean initialize)
public void initializeSecurity(TCredentials credentials, String rootPrincipal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException
public String getRootUsername()
public boolean isSystemUser(TCredentials credentials)
protected void authenticate(TCredentials credentials) throws ThriftSecurityException
ThriftSecurityException
public boolean canAskAboutUser(TCredentials credentials, String user) throws ThriftSecurityException
ThriftSecurityException
public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException
ThriftSecurityException
public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException
ThriftSecurityException
public Authorizations getUserAuthorizations(TCredentials credentials) throws ThriftSecurityException
ThriftSecurityException
public boolean userHasAuthorizations(TCredentials credentials, List<ByteBuffer> list) throws ThriftSecurityException
ThriftSecurityException
protected boolean hasTablePermission(TCredentials credentials, String tableId, String namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException
ThriftSecurityException
protected boolean _hasTablePermission(String user, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException
ThriftSecurityException
protected boolean _hasNamespacePermission(String user, String namespace, NamespacePermission permission, boolean useCached) throws ThriftSecurityException
ThriftSecurityException
public boolean canScan(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
ThriftSecurityException
public boolean canScan(TCredentials credentials, String table, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
ThriftSecurityException
public boolean canWrite(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canConditionallyUpdate(TCredentials credentials, String tableID, String namespaceId, List<ByteBuffer> authorizations) throws ThriftSecurityException
ThriftSecurityException
public boolean canSplitTablet(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canPerformSystemActions(TCredentials credentials) throws ThriftSecurityException
ThriftSecurityException
public boolean canFlush(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canAlterTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canCreateTable(TCredentials c, String table, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String srcNamespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canMerge(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canDeleteRange(TCredentials c, String tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canBulkImport(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canCompact(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException
ThriftSecurityException
public boolean canChangePassword(TCredentials c, String user) throws ThriftSecurityException
ThriftSecurityException
public boolean canCreateUser(TCredentials c, String user) throws ThriftSecurityException
ThriftSecurityException
public boolean canDropUser(TCredentials c, String user) throws ThriftSecurityException
ThriftSecurityException
public boolean canGrantSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
ThriftSecurityException
public boolean canGrantTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canGrantNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException
ThriftSecurityException
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
ThriftSecurityException
public boolean canRevokeTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canRevokeNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException
ThriftSecurityException
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException
ThriftSecurityException
public void changePassword(TCredentials credentials, Credentials toChange) throws ThriftSecurityException
ThriftSecurityException
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException
ThriftSecurityException
protected void _createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException
ThriftSecurityException
public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException
ThriftSecurityException
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException
ThriftSecurityException
public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public void grantNamespacePermission(TCredentials c, String user, String namespace, NamespacePermission permission) throws ThriftSecurityException
ThriftSecurityException
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
ThriftSecurityException
public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public void revokeNamespacePermission(TCredentials c, String user, String namespace, NamespacePermission permission) throws ThriftSecurityException
ThriftSecurityException
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException
ThriftSecurityException
public boolean hasTablePermission(TCredentials credentials, String user, String tableId, TablePermission permissionById) throws ThriftSecurityException
ThriftSecurityException
public boolean hasNamespacePermission(TCredentials credentials, String user, String namespace, NamespacePermission permissionById) throws ThriftSecurityException
ThriftSecurityException
public Set<String> listUsers(TCredentials credentials) throws ThriftSecurityException
ThriftSecurityException
public void deleteTable(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public void deleteNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException
ThriftSecurityException
public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canAlterNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canCreateNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException
ThriftSecurityException
public boolean canDeleteNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException
ThriftSecurityException
public boolean canRenameNamespace(TCredentials credentials, String namespaceId, String oldName, String newName) throws ThriftSecurityException
ThriftSecurityException
public boolean canObtainDelegationToken(TCredentials credentials) throws ThriftSecurityException
ThriftSecurityException
Copyright © 2011–2018 The Apache Software Foundation. All rights reserved.