Class AuditedSecurityOperation
- java.lang.Object
-
- org.apache.accumulo.server.security.SecurityOperation
-
- org.apache.accumulo.server.security.AuditedSecurityOperation
-
public class AuditedSecurityOperation extends SecurityOperation
-
-
Field Summary
-
Fields inherited from class org.apache.accumulo.server.security.SecurityOperation
authenticator, authorizor, context, isKerberos, permHandle
-
-
Constructor Summary
Constructors Constructor Description AuditedSecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
Method Summary
-
Methods inherited from class org.apache.accumulo.server.security.SecurityOperation
_createUser, _hasNamespacePermission, _hasTablePermission, authenticatedUserHasAuthorizations, authenticateUser, canAlterNamespace, canAskAboutUser, canConditionallyUpdate, canCreateNamespace, canDeleteNamespace, canGetSummaries, canGrantNamespace, canRenameNamespace, canRevokeNamespace, canScan, canWrite, deleteNamespace, deleteTable, getAuthenticator, getAuthorizor, getPermHandler, getRootUsername, getUserAuthorizations, getUserAuthorizations, grantNamespacePermission, hasNamespacePermission, hasTablePermission, hasTablePermission, initializeSecurity, isSystemUser, listUsers, revokeNamespacePermission
-
-
-
-
Field Detail
-
AUDITLOG
public static final String AUDITLOG
- See Also:
- Constant Field Values
-
audit
public static final org.slf4j.Logger audit
-
CAN_SCAN_AUDIT_TEMPLATE
public static final String CAN_SCAN_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_SCAN_BATCH_AUDIT_TEMPLATE
public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CHANGE_PASSWORD_AUDIT_TEMPLATE
public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CREATE_USER_AUDIT_TEMPLATE
public static final String CREATE_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CREATE_TABLE_AUDIT_TEMPLATE
public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DELETE_TABLE_AUDIT_TEMPLATE
public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_RENAME_TABLE_AUDIT_TEMPLATE
public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_SPLIT_TABLE_AUDIT_TEMPLATE
public static final String CAN_SPLIT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE
public static final String CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_FLUSH_TABLE_AUDIT_TEMPLATE
public static final String CAN_FLUSH_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_ALTER_TABLE_AUDIT_TEMPLATE
public static final String CAN_ALTER_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CLONE_TABLE_AUDIT_TEMPLATE
public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DELETE_RANGE_AUDIT_TEMPLATE
public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_BULK_IMPORT_AUDIT_TEMPLATE
public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_COMPACT_TABLE_AUDIT_TEMPLATE
public static final String CAN_COMPACT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
public static final String CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE
public static final String CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CREATE_USER_AUDIT_TEMPLATE
public static final String CAN_CREATE_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DROP_USER_AUDIT_TEMPLATE
public static final String CAN_DROP_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_GRANT_SYSTEM_AUDIT_TEMPLATE
public static final String CAN_GRANT_SYSTEM_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_GRANT_TABLE_AUDIT_TEMPLATE
public static final String CAN_GRANT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE
public static final String CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_REVOKE_TABLE_AUDIT_TEMPLATE
public static final String CAN_REVOKE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_IMPORT_AUDIT_TEMPLATE
public static final String CAN_IMPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_EXPORT_AUDIT_TEMPLATE
public static final String CAN_EXPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
DROP_USER_AUDIT_TEMPLATE
public static final String DROP_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE
public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE
public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE
public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_MERGE_TABLE_AUDIT_TEMPLATE
public static final String CAN_MERGE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
AUTHENICATE_AUDIT_TEMPLATE
public static final String AUTHENICATE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
DELEGATION_TOKEN_AUDIT_TEMPLATE
public static final String DELEGATION_TOKEN_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AuditedSecurityOperation
public AuditedSecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
-
Method Detail
-
getInstance
public static SecurityOperation getInstance(ServerContext context)
-
getAuthString
public static StringBuilder getAuthString(List<ByteBuffer> authorizations)
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Overrides:
canScan
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Overrides:
canScan
in classSecurityOperation
- Throws:
ThriftSecurityException
-
changeAuthorizations
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException
- Overrides:
changeAuthorizations
in classSecurityOperation
- Throws:
ThriftSecurityException
-
changePassword
public void changePassword(TCredentials credentials, Credentials newInfo) throws ThriftSecurityException
- Overrides:
changePassword
in classSecurityOperation
- Throws:
ThriftSecurityException
-
createUser
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException
- Overrides:
createUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCreateTable
public boolean canCreateTable(TCredentials c, String tableName, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canCreateTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDeleteTable
public boolean canDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canDeleteTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRenameTable
public boolean canRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canRenameTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canSplitTablet
public boolean canSplitTablet(TCredentials credentials, TableId table, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canSplitTablet
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canPerformSystemActions
public boolean canPerformSystemActions(TCredentials credentials) throws ThriftSecurityException
Description copied from class:SecurityOperation
This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.- Overrides:
canPerformSystemActions
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canFlush
public boolean canFlush(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canFlush
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canAlterTable
public boolean canAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canAlterTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCloneTable
public boolean canCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId sourceNamespaceId) throws ThriftSecurityException
- Overrides:
canCloneTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDeleteRange
public boolean canDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canDeleteRange
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canBulkImport
public boolean canBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canBulkImport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCompact
public boolean canCompact(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canCompact
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canChangeAuthorizations
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canChangeAuthorizations
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canChangePassword
public boolean canChangePassword(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canChangePassword
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCreateUser
public boolean canCreateUser(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canCreateUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDropUser
public boolean canDropUser(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canDropUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canGrantSystem
public boolean canGrantSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Overrides:
canGrantSystem
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canGrantTable
public boolean canGrantTable(TCredentials c, String user, TableId table, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canGrantTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRevokeSystem
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Overrides:
canRevokeSystem
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRevokeTable
public boolean canRevokeTable(TCredentials c, String user, TableId table, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canRevokeTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canImport
public boolean canImport(TCredentials credentials, String tableName, String importDir, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canImport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canExport
public boolean canExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canExport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
dropUser
public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException
- Overrides:
dropUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
grantSystemPermission
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
grantSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
grantTablePermission
public void grantTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
grantTablePermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
revokeSystemPermission
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
revokeSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
revokeTablePermission
public void revokeTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
revokeTablePermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
hasSystemPermission
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
hasSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canOnlineOfflineTable
public boolean canOnlineOfflineTable(TCredentials credentials, TableId tableId, FateOperation op, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canOnlineOfflineTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canMerge
public boolean canMerge(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Overrides:
canMerge
in classSecurityOperation
- Throws:
ThriftSecurityException
-
authenticate
protected void authenticate(TCredentials credentials) throws ThriftSecurityException
- Overrides:
authenticate
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canObtainDelegationToken
public boolean canObtainDelegationToken(TCredentials credentials) throws ThriftSecurityException
- Overrides:
canObtainDelegationToken
in classSecurityOperation
- Throws:
ThriftSecurityException
-
-