Package org.apache.accumulo.server.security

Class AuditedSecurityOperation

java.lang.Object

org.apache.accumulo.server.security.SecurityOperation

org.apache.accumulo.server.security.AuditedSecurityOperation

public class AuditedSecurityOperation
extends SecurityOperation

Field Summary

Fields

Modifier and Type	Field	Description
static org.slf4j.Logger	audit
static String	AUDITLOG
static String	AUTHENICATE_AUDIT_TEMPLATE
static String	CAN_ALTER_TABLE_AUDIT_TEMPLATE
static String	CAN_BULK_IMPORT_AUDIT_TEMPLATE
static String	CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
static String	CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE
static String	CAN_CLONE_TABLE_AUDIT_TEMPLATE
static String	CAN_COMPACT_TABLE_AUDIT_TEMPLATE
static String	CAN_CREATE_TABLE_AUDIT_TEMPLATE
static String	CAN_CREATE_USER_AUDIT_TEMPLATE
static String	CAN_DELETE_RANGE_AUDIT_TEMPLATE
static String	CAN_DELETE_TABLE_AUDIT_TEMPLATE
static String	CAN_DROP_USER_AUDIT_TEMPLATE
static String	CAN_EXPORT_AUDIT_TEMPLATE
static String	CAN_FLUSH_TABLE_AUDIT_TEMPLATE
static String	CAN_GRANT_SYSTEM_AUDIT_TEMPLATE
static String	CAN_GRANT_TABLE_AUDIT_TEMPLATE
static String	CAN_IMPORT_AUDIT_TEMPLATE
static String	CAN_MERGE_TABLE_AUDIT_TEMPLATE
static String	CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE
static String	CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE
static String	CAN_RENAME_TABLE_AUDIT_TEMPLATE
static String	CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE
static String	CAN_REVOKE_TABLE_AUDIT_TEMPLATE
static String	CAN_SCAN_AUDIT_TEMPLATE
static String	CAN_SCAN_BATCH_AUDIT_TEMPLATE
static String	CAN_SPLIT_TABLE_AUDIT_TEMPLATE
static String	CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
static String	CHANGE_PASSWORD_AUDIT_TEMPLATE
static String	CREATE_USER_AUDIT_TEMPLATE
static String	DELEGATION_TOKEN_AUDIT_TEMPLATE
static String	DROP_USER_AUDIT_TEMPLATE
static String	GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE
static String	GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE
static String	HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE
static String	REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE
static String	REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE

Fields inherited from class org.apache.accumulo.server.security.SecurityOperation

authenticator, authorizor, context, isKerberos, permHandle

Constructor Summary

Constructors

Constructor	Description
AuditedSecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)

Method Summary

Modifier and Type	Method	Description
protected void	authenticate(TCredentials credentials)
boolean	canAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId)
boolean	canChangeAuthorizations(TCredentials c, String user)
boolean	canChangePassword(TCredentials c, String user)
boolean	canCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId sourceNamespaceId)
boolean	canCompact(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canCreateTable(TCredentials c, String tableName, NamespaceId namespaceId)
boolean	canCreateUser(TCredentials c, String user)
boolean	canDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId)
boolean	canDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canDropUser(TCredentials c, String user)
boolean	canExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId)
boolean	canFlush(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canGrantSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean	canGrantTable(TCredentials c, String user, TableId table, NamespaceId namespaceId)
boolean	canImport(TCredentials credentials, String tableName, String importDir, NamespaceId namespaceId)
boolean	canMerge(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canObtainDelegationToken(TCredentials credentials)
boolean	canOnlineOfflineTable(TCredentials credentials, TableId tableId, FateOperation op, NamespaceId namespaceId)
boolean	canPerformSystemActions(TCredentials credentials)	This is the check to perform any system action.
boolean	canRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId)
boolean	canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean	canRevokeTable(TCredentials c, String user, TableId table, NamespaceId namespaceId)
boolean	canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean	canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean	canSplitTablet(TCredentials credentials, TableId table, NamespaceId namespaceId)
void	changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations)
void	changePassword(TCredentials credentials, Credentials newInfo)
void	createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations)
void	dropUser(TCredentials credentials, String user)
static StringBuilder	getAuthString(List<ByteBuffer> authorizations)
static SecurityOperation	getInstance(ServerContext context)
void	grantSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void	grantTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId)
boolean	hasSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void	revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void	revokeTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId)

Methods inherited from class org.apache.accumulo.server.security.SecurityOperation

_createUser, _hasNamespacePermission, _hasTablePermission, authenticatedUserHasAuthorizations, authenticateUser, canAlterNamespace, canAskAboutUser, canConditionallyUpdate, canCreateNamespace, canDeleteNamespace, canGetSummaries, canGrantNamespace, canRenameNamespace, canRevokeNamespace, canScan, canWrite, deleteNamespace, deleteTable, getAuthenticator, getAuthorizor, getPermHandler, getRootUsername, getUserAuthorizations, getUserAuthorizations, grantNamespacePermission, hasNamespacePermission, hasTablePermission, hasTablePermission, initializeSecurity, isSystemUser, listUsers, revokeNamespacePermission

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUDITLOG

public static final String AUDITLOG

See Also:

Constant Field Values

audit

public static final org.slf4j.Logger audit

CAN_SCAN_AUDIT_TEMPLATE

public static final String CAN_SCAN_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_SCAN_BATCH_AUDIT_TEMPLATE

public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE

See Also:

Constant Field Values

CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE

public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE

See Also:

Constant Field Values

CHANGE_PASSWORD_AUDIT_TEMPLATE

public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE

See Also:

Constant Field Values

CREATE_USER_AUDIT_TEMPLATE

public static final String CREATE_USER_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_CREATE_TABLE_AUDIT_TEMPLATE

public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_DELETE_TABLE_AUDIT_TEMPLATE

public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_RENAME_TABLE_AUDIT_TEMPLATE

public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_SPLIT_TABLE_AUDIT_TEMPLATE

public static final String CAN_SPLIT_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE

public static final String CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_FLUSH_TABLE_AUDIT_TEMPLATE

public static final String CAN_FLUSH_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_ALTER_TABLE_AUDIT_TEMPLATE

public static final String CAN_ALTER_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_CLONE_TABLE_AUDIT_TEMPLATE

public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_DELETE_RANGE_AUDIT_TEMPLATE

public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_BULK_IMPORT_AUDIT_TEMPLATE

public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_COMPACT_TABLE_AUDIT_TEMPLATE

public static final String CAN_COMPACT_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE

public static final String CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE

public static final String CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_CREATE_USER_AUDIT_TEMPLATE

public static final String CAN_CREATE_USER_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_DROP_USER_AUDIT_TEMPLATE

public static final String CAN_DROP_USER_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_GRANT_SYSTEM_AUDIT_TEMPLATE

public static final String CAN_GRANT_SYSTEM_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_GRANT_TABLE_AUDIT_TEMPLATE

public static final String CAN_GRANT_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE

public static final String CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_REVOKE_TABLE_AUDIT_TEMPLATE

public static final String CAN_REVOKE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_IMPORT_AUDIT_TEMPLATE

public static final String CAN_IMPORT_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_EXPORT_AUDIT_TEMPLATE

public static final String CAN_EXPORT_AUDIT_TEMPLATE

See Also:

Constant Field Values

DROP_USER_AUDIT_TEMPLATE

public static final String DROP_USER_AUDIT_TEMPLATE

See Also:

Constant Field Values

GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE

public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE

See Also:

Constant Field Values

GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE

public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE

See Also:

Constant Field Values

REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE

public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE

See Also:

Constant Field Values

REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE

public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE

See Also:

Constant Field Values

HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE

public static final String HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE

public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

CAN_MERGE_TABLE_AUDIT_TEMPLATE

public static final String CAN_MERGE_TABLE_AUDIT_TEMPLATE

See Also:

Constant Field Values

AUTHENICATE_AUDIT_TEMPLATE

public static final String AUTHENICATE_AUDIT_TEMPLATE

See Also:

Constant Field Values

DELEGATION_TOKEN_AUDIT_TEMPLATE

public static final String DELEGATION_TOKEN_AUDIT_TEMPLATE

See Also:

Constant Field Values

Constructor Detail

AuditedSecurityOperation

public AuditedSecurityOperation(ServerContext context,
                                Authorizor author,
                                Authenticator authent,
                                PermissionHandler pm)

Method Detail

getInstance

public static SecurityOperation getInstance(ServerContext context)

getAuthString

public static StringBuilder getAuthString(List<ByteBuffer> authorizations)

canScan

public boolean canScan(TCredentials credentials,
                       TableId tableId,
                       NamespaceId namespaceId,
                       TRange range,
                       List<TColumn> columns,
                       List<IterInfo> ssiList,
                       Map<String,Map<String,String>> ssio,
                       List<ByteBuffer> authorizations)
                throws ThriftSecurityException

Overrides:

canScan in class SecurityOperation

Throws:

ThriftSecurityException

canScan

public boolean canScan(TCredentials credentials,
                       TableId tableId,
                       NamespaceId namespaceId,
                       Map<TKeyExtent,List<TRange>> tbatch,
                       List<TColumn> tcolumns,
                       List<IterInfo> ssiList,
                       Map<String,Map<String,String>> ssio,
                       List<ByteBuffer> authorizations)
                throws ThriftSecurityException

Overrides:

canScan in class SecurityOperation

Throws:

ThriftSecurityException

changeAuthorizations

public void changeAuthorizations(TCredentials credentials,
                                 String user,
                                 Authorizations authorizations)
                          throws ThriftSecurityException

Overrides:

changeAuthorizations in class SecurityOperation

Throws:

ThriftSecurityException

changePassword

public void changePassword(TCredentials credentials,
                           Credentials newInfo)
                    throws ThriftSecurityException

Overrides:

changePassword in class SecurityOperation

Throws:

ThriftSecurityException

createUser

public void createUser(TCredentials credentials,
                       Credentials newUser,
                       Authorizations authorizations)
                throws ThriftSecurityException

Overrides:

createUser in class SecurityOperation

Throws:

ThriftSecurityException

canCreateTable

public boolean canCreateTable(TCredentials c,
                              String tableName,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canCreateTable in class SecurityOperation

Throws:

ThriftSecurityException

canDeleteTable

public boolean canDeleteTable(TCredentials c,
                              TableId tableId,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canDeleteTable in class SecurityOperation

Throws:

ThriftSecurityException

canRenameTable

public boolean canRenameTable(TCredentials c,
                              TableId tableId,
                              String oldTableName,
                              String newTableName,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canRenameTable in class SecurityOperation

Throws:

ThriftSecurityException

canSplitTablet

public boolean canSplitTablet(TCredentials credentials,
                              TableId table,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canSplitTablet in class SecurityOperation

Throws:

ThriftSecurityException

canPerformSystemActions

public boolean canPerformSystemActions(TCredentials credentials)
                                throws ThriftSecurityException

Description copied from class: SecurityOperation

This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.

Overrides:

canPerformSystemActions in class SecurityOperation

Throws:

ThriftSecurityException

canFlush

public boolean canFlush(TCredentials c,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Overrides:

canFlush in class SecurityOperation

Throws:

ThriftSecurityException

canAlterTable

public boolean canAlterTable(TCredentials c,
                             TableId tableId,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Overrides:

canAlterTable in class SecurityOperation

Throws:

ThriftSecurityException

canCloneTable

public boolean canCloneTable(TCredentials c,
                             TableId tableId,
                             String tableName,
                             NamespaceId destinationNamespaceId,
                             NamespaceId sourceNamespaceId)
                      throws ThriftSecurityException

Overrides:

canCloneTable in class SecurityOperation

Throws:

ThriftSecurityException

canDeleteRange

public boolean canDeleteRange(TCredentials c,
                              TableId tableId,
                              String tableName,
                              org.apache.hadoop.io.Text startRow,
                              org.apache.hadoop.io.Text endRow,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canDeleteRange in class SecurityOperation

Throws:

ThriftSecurityException

canBulkImport

public boolean canBulkImport(TCredentials c,
                             TableId tableId,
                             String tableName,
                             String dir,
                             String failDir,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Overrides:

canBulkImport in class SecurityOperation

Throws:

ThriftSecurityException

canCompact

public boolean canCompact(TCredentials c,
                          TableId tableId,
                          NamespaceId namespaceId)
                   throws ThriftSecurityException

Overrides:

canCompact in class SecurityOperation

Throws:

ThriftSecurityException

canChangeAuthorizations

public boolean canChangeAuthorizations(TCredentials c,
                                       String user)
                                throws ThriftSecurityException

Overrides:

canChangeAuthorizations in class SecurityOperation

Throws:

ThriftSecurityException

canChangePassword

public boolean canChangePassword(TCredentials c,
                                 String user)
                          throws ThriftSecurityException

Overrides:

canChangePassword in class SecurityOperation

Throws:

ThriftSecurityException

canCreateUser

public boolean canCreateUser(TCredentials c,
                             String user)
                      throws ThriftSecurityException

Overrides:

canCreateUser in class SecurityOperation

Throws:

ThriftSecurityException

canDropUser

public boolean canDropUser(TCredentials c,
                           String user)
                    throws ThriftSecurityException

Overrides:

canDropUser in class SecurityOperation

Throws:

ThriftSecurityException

canGrantSystem

public boolean canGrantSystem(TCredentials c,
                              String user,
                              SystemPermission sysPerm)
                       throws ThriftSecurityException

Overrides:

canGrantSystem in class SecurityOperation

Throws:

ThriftSecurityException

canGrantTable

public boolean canGrantTable(TCredentials c,
                             String user,
                             TableId table,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Overrides:

canGrantTable in class SecurityOperation

Throws:

ThriftSecurityException

canRevokeSystem

public boolean canRevokeSystem(TCredentials c,
                               String user,
                               SystemPermission sysPerm)
                        throws ThriftSecurityException

Overrides:

canRevokeSystem in class SecurityOperation

Throws:

ThriftSecurityException

canRevokeTable

public boolean canRevokeTable(TCredentials c,
                              String user,
                              TableId table,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Overrides:

canRevokeTable in class SecurityOperation

Throws:

ThriftSecurityException

canImport

public boolean canImport(TCredentials credentials,
                         String tableName,
                         String importDir,
                         NamespaceId namespaceId)
                  throws ThriftSecurityException

Overrides:

canImport in class SecurityOperation

Throws:

ThriftSecurityException

canExport

public boolean canExport(TCredentials credentials,
                         TableId tableId,
                         String tableName,
                         String exportDir,
                         NamespaceId namespaceId)
                  throws ThriftSecurityException

Overrides:

canExport in class SecurityOperation

Throws:

ThriftSecurityException

dropUser

public void dropUser(TCredentials credentials,
                     String user)
              throws ThriftSecurityException

Overrides:

dropUser in class SecurityOperation

Throws:

ThriftSecurityException

grantSystemPermission

public void grantSystemPermission(TCredentials credentials,
                                  String user,
                                  SystemPermission permission)
                           throws ThriftSecurityException

Overrides:

grantSystemPermission in class SecurityOperation

Throws:

ThriftSecurityException

grantTablePermission

public void grantTablePermission(TCredentials credentials,
                                 String user,
                                 TableId tableId,
                                 TablePermission permission,
                                 NamespaceId namespaceId)
                          throws ThriftSecurityException

Overrides:

grantTablePermission in class SecurityOperation

Throws:

ThriftSecurityException

revokeSystemPermission

public void revokeSystemPermission(TCredentials credentials,
                                   String user,
                                   SystemPermission permission)
                            throws ThriftSecurityException

Overrides:

revokeSystemPermission in class SecurityOperation

Throws:

ThriftSecurityException

revokeTablePermission

public void revokeTablePermission(TCredentials credentials,
                                  String user,
                                  TableId tableId,
                                  TablePermission permission,
                                  NamespaceId namespaceId)
                           throws ThriftSecurityException

Overrides:

revokeTablePermission in class SecurityOperation

Throws:

ThriftSecurityException

hasSystemPermission

public boolean hasSystemPermission(TCredentials credentials,
                                   String user,
                                   SystemPermission permission)
                            throws ThriftSecurityException

Overrides:

hasSystemPermission in class SecurityOperation

Throws:

ThriftSecurityException

canOnlineOfflineTable

public boolean canOnlineOfflineTable(TCredentials credentials,
                                     TableId tableId,
                                     FateOperation op,
                                     NamespaceId namespaceId)
                              throws ThriftSecurityException

Overrides:

canOnlineOfflineTable in class SecurityOperation

Throws:

ThriftSecurityException

canMerge

public boolean canMerge(TCredentials c,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Overrides:

canMerge in class SecurityOperation

Throws:

ThriftSecurityException

authenticate

protected void authenticate(TCredentials credentials)
                     throws ThriftSecurityException

Overrides:

authenticate in class SecurityOperation

Throws:

ThriftSecurityException

canObtainDelegationToken

public boolean canObtainDelegationToken(TCredentials credentials)
                                 throws ThriftSecurityException

Overrides:

canObtainDelegationToken in class SecurityOperation

Throws:

ThriftSecurityException