Package org.apache.accumulo.server.security

Class SecurityOperation

java.lang.Object

org.apache.accumulo.server.security.SecurityOperation

Direct Known Subclasses:

AuditedSecurityOperation

public class SecurityOperation
extends Object

Utility class for performing various security operations with the appropriate checks

Field Summary

Fields

Modifier and Type	Field	Description
protected Authenticator	authenticator
protected Authorizor	authorizor
protected ServerContext	context
protected boolean	isKerberos
protected PermissionHandler	permHandle

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SecurityOperation(ServerContext context)
	SecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)

Method Summary

Modifier and Type	Method	Description
protected void	_createUser(TCredentials credentials, Credentials newUser)
protected boolean	_hasNamespacePermission(String user, NamespaceId namespace, NamespacePermission permission, boolean useCached)	Checks if a user has a namespace permission This cannot check if a system user has permission.
protected boolean	_hasTablePermission(String user, TableId table, TablePermission permission, boolean useCached)	Checks if a user has a table permission This cannot check if a system user has permission.
protected void	authenticate(TCredentials credentials)
boolean	authenticatedUserHasAuthorizations(TCredentials credentials, List<ByteBuffer> list)	Check if an already authenticated user has specified authorizations.
boolean	authenticateUser(TCredentials credentials, TCredentials toAuth)
boolean	canAlterNamespace(TCredentials credentials, NamespaceId namespaceId)
boolean	canAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canAskAboutUser(TCredentials credentials, String user)
boolean	canBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId)
boolean	canChangeAuthorizations(TCredentials c, String user)
boolean	canChangePassword(TCredentials c, String user)
boolean	canCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId srcNamespaceId)
boolean	canCompact(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canConditionallyUpdate(TCredentials credentials, TableId tableID, NamespaceId namespaceId)
boolean	canCreateNamespace(TCredentials credentials)
boolean	canCreateTable(TCredentials c, String tableName, NamespaceId namespaceId)
boolean	canCreateUser(TCredentials c, String user)
boolean	canDeleteNamespace(TCredentials credentials, NamespaceId namespaceId)
boolean	canDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId)
boolean	canDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canDropUser(TCredentials c, String user)
boolean	canExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId)
boolean	canFlush(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canGetSummaries(TCredentials credentials, TableId tableId, NamespaceId namespaceId)
boolean	canGrantNamespace(TCredentials c, NamespaceId namespace)
boolean	canGrantSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean	canGrantTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId)
boolean	canImport(TCredentials credentials, String tableName, String importDir, NamespaceId namespaceId)
boolean	canMerge(TCredentials c, TableId tableId, NamespaceId namespaceId)
boolean	canObtainDelegationToken(TCredentials credentials)
boolean	canOnlineOfflineTable(TCredentials c, TableId tableId, FateOperation op, NamespaceId namespaceId)
boolean	canPerformSystemActions(TCredentials credentials)	This is the check to perform any system action.
boolean	canRenameNamespace(TCredentials credentials, NamespaceId namespaceId)
boolean	canRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId)
boolean	canRevokeNamespace(TCredentials c, NamespaceId namespace)
boolean	canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean	canRevokeTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId)
boolean	canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId)
boolean	canScan(TCredentials credentials, TableId table, NamespaceId namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean	canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean	canSplitTablet(TCredentials credentials, TableId tableId, NamespaceId namespaceId)
boolean	canWrite(TCredentials credentials, TableId tableId, NamespaceId namespaceId)
void	changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations)
void	changePassword(TCredentials credentials, Credentials toChange)
void	createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations)
void	deleteNamespace(TCredentials credentials, NamespaceId namespace)
void	deleteTable(TCredentials credentials, TableId tableId, NamespaceId namespaceId)
void	dropUser(TCredentials credentials, String user)
protected static Authenticator	getAuthenticator(ServerContext context)
protected static Authorizor	getAuthorizor(ServerContext context)
static SecurityOperation	getInstance(ServerContext context)
protected static PermissionHandler	getPermHandler(ServerContext context)
String	getRootUsername()
Authorizations	getUserAuthorizations(TCredentials credentials)
Authorizations	getUserAuthorizations(TCredentials credentials, String user)
void	grantNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission)
void	grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById)
void	grantTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId)
boolean	hasNamespacePermission(TCredentials credentials, String user, NamespaceId namespace, NamespacePermission permissionById)
boolean	hasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById)
boolean	hasTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permissionById)
protected boolean	hasTablePermission(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TablePermission permission, boolean useCached)	Checks if a user has a table permission
void	initializeSecurity(TCredentials credentials, String rootPrincipal, byte[] token)
boolean	isSystemUser(TCredentials credentials)
Set<String>	listUsers(TCredentials credentials)
void	revokeNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission)
void	revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void	revokeTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authorizor

protected Authorizor authorizor

authenticator

protected Authenticator authenticator

permHandle

protected PermissionHandler permHandle

isKerberos

protected boolean isKerberos

context

protected final ServerContext context

Constructor Detail

SecurityOperation

protected SecurityOperation(ServerContext context)

SecurityOperation

public SecurityOperation(ServerContext context,
                         Authorizor author,
                         Authenticator authent,
                         PermissionHandler pm)

Method Detail

getInstance

public static SecurityOperation getInstance(ServerContext context)

getAuthorizor

protected static Authorizor getAuthorizor(ServerContext context)

getAuthenticator

protected static Authenticator getAuthenticator(ServerContext context)

getPermHandler

protected static PermissionHandler getPermHandler(ServerContext context)

initializeSecurity

public void initializeSecurity(TCredentials credentials,
                               String rootPrincipal,
                               byte[] token)
                        throws AccumuloSecurityException

Throws:

AccumuloSecurityException

getRootUsername

public String getRootUsername()

isSystemUser

public boolean isSystemUser(TCredentials credentials)

authenticate

protected void authenticate(TCredentials credentials)
                     throws ThriftSecurityException

Throws:

ThriftSecurityException

canAskAboutUser

public boolean canAskAboutUser(TCredentials credentials,
                               String user)
                        throws ThriftSecurityException

Throws:

ThriftSecurityException

authenticateUser

public boolean authenticateUser(TCredentials credentials,
                                TCredentials toAuth)
                         throws ThriftSecurityException

Throws:

ThriftSecurityException

getUserAuthorizations

public Authorizations getUserAuthorizations(TCredentials credentials,
                                            String user)
                                     throws ThriftSecurityException

Throws:

ThriftSecurityException

getUserAuthorizations

public Authorizations getUserAuthorizations(TCredentials credentials)
                                     throws ThriftSecurityException

Throws:

ThriftSecurityException

authenticatedUserHasAuthorizations

public boolean authenticatedUserHasAuthorizations(TCredentials credentials,
                                                  List<ByteBuffer> list)

Check if an already authenticated user has specified authorizations.

hasTablePermission

protected boolean hasTablePermission(TCredentials credentials,
                                     TableId tableId,
                                     NamespaceId namespaceId,
                                     TablePermission permission,
                                     boolean useCached)
                              throws ThriftSecurityException

Checks if a user has a table permission

Returns:

true if a user exists and has permission; false otherwise

Throws:

ThriftSecurityException

_hasTablePermission

protected boolean _hasTablePermission(String user,
                                      TableId table,
                                      TablePermission permission,
                                      boolean useCached)
                               throws ThriftSecurityException

Checks if a user has a table permission
This cannot check if a system user has permission.

Returns:

true if a user exists and has permission; false otherwise

Throws:

ThriftSecurityException

_hasNamespacePermission

protected boolean _hasNamespacePermission(String user,
                                          NamespaceId namespace,
                                          NamespacePermission permission,
                                          boolean useCached)
                                   throws ThriftSecurityException

Checks if a user has a namespace permission
This cannot check if a system user has permission.

Returns:

true if a user exists and has permission; false otherwise

Throws:

ThriftSecurityException

canScan

public boolean canScan(TCredentials credentials,
                       TableId tableId,
                       NamespaceId namespaceId)
                throws ThriftSecurityException

Throws:

ThriftSecurityException

canScan

public boolean canScan(TCredentials credentials,
                       TableId tableId,
                       NamespaceId namespaceId,
                       TRange range,
                       List<TColumn> columns,
                       List<IterInfo> ssiList,
                       Map<String,Map<String,String>> ssio,
                       List<ByteBuffer> authorizations)
                throws ThriftSecurityException

Throws:

ThriftSecurityException

canScan

public boolean canScan(TCredentials credentials,
                       TableId table,
                       NamespaceId namespaceId,
                       Map<TKeyExtent,List<TRange>> tbatch,
                       List<TColumn> tcolumns,
                       List<IterInfo> ssiList,
                       Map<String,Map<String,String>> ssio,
                       List<ByteBuffer> authorizations)
                throws ThriftSecurityException

Throws:

ThriftSecurityException

canWrite

public boolean canWrite(TCredentials credentials,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Throws:

ThriftSecurityException

canConditionallyUpdate

public boolean canConditionallyUpdate(TCredentials credentials,
                                      TableId tableID,
                                      NamespaceId namespaceId)
                               throws ThriftSecurityException

Throws:

ThriftSecurityException

canSplitTablet

public boolean canSplitTablet(TCredentials credentials,
                              TableId tableId,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canPerformSystemActions

public boolean canPerformSystemActions(TCredentials credentials)
                                throws ThriftSecurityException

This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.

Throws:

ThriftSecurityException

canFlush

public boolean canFlush(TCredentials c,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Throws:

ThriftSecurityException

canAlterTable

public boolean canAlterTable(TCredentials c,
                             TableId tableId,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

canCreateTable

public boolean canCreateTable(TCredentials c,
                              String tableName,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canRenameTable

public boolean canRenameTable(TCredentials c,
                              TableId tableId,
                              String oldTableName,
                              String newTableName,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canCloneTable

public boolean canCloneTable(TCredentials c,
                             TableId tableId,
                             String tableName,
                             NamespaceId destinationNamespaceId,
                             NamespaceId srcNamespaceId)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

canDeleteTable

public boolean canDeleteTable(TCredentials c,
                              TableId tableId,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canOnlineOfflineTable

public boolean canOnlineOfflineTable(TCredentials c,
                                     TableId tableId,
                                     FateOperation op,
                                     NamespaceId namespaceId)
                              throws ThriftSecurityException

Throws:

ThriftSecurityException

canMerge

public boolean canMerge(TCredentials c,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Throws:

ThriftSecurityException

canDeleteRange

public boolean canDeleteRange(TCredentials c,
                              TableId tableId,
                              String tableName,
                              org.apache.hadoop.io.Text startRow,
                              org.apache.hadoop.io.Text endRow,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canBulkImport

public boolean canBulkImport(TCredentials c,
                             TableId tableId,
                             String tableName,
                             String dir,
                             String failDir,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

canCompact

public boolean canCompact(TCredentials c,
                          TableId tableId,
                          NamespaceId namespaceId)
                   throws ThriftSecurityException

Throws:

ThriftSecurityException

canChangeAuthorizations

public boolean canChangeAuthorizations(TCredentials c,
                                       String user)
                                throws ThriftSecurityException

Throws:

ThriftSecurityException

canChangePassword

public boolean canChangePassword(TCredentials c,
                                 String user)
                          throws ThriftSecurityException

Throws:

ThriftSecurityException

canCreateUser

public boolean canCreateUser(TCredentials c,
                             String user)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

canDropUser

public boolean canDropUser(TCredentials c,
                           String user)
                    throws ThriftSecurityException

Throws:

ThriftSecurityException

canGrantSystem

public boolean canGrantSystem(TCredentials c,
                              String user,
                              SystemPermission sysPerm)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canGrantTable

public boolean canGrantTable(TCredentials c,
                             String user,
                             TableId tableId,
                             NamespaceId namespaceId)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

canGrantNamespace

public boolean canGrantNamespace(TCredentials c,
                                 NamespaceId namespace)
                          throws ThriftSecurityException

Throws:

ThriftSecurityException

canRevokeSystem

public boolean canRevokeSystem(TCredentials c,
                               String user,
                               SystemPermission sysPerm)
                        throws ThriftSecurityException

Throws:

ThriftSecurityException

canRevokeTable

public boolean canRevokeTable(TCredentials c,
                              String user,
                              TableId tableId,
                              NamespaceId namespaceId)
                       throws ThriftSecurityException

Throws:

ThriftSecurityException

canRevokeNamespace

public boolean canRevokeNamespace(TCredentials c,
                                  NamespaceId namespace)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

changeAuthorizations

public void changeAuthorizations(TCredentials credentials,
                                 String user,
                                 Authorizations authorizations)
                          throws ThriftSecurityException

Throws:

ThriftSecurityException

changePassword

public void changePassword(TCredentials credentials,
                           Credentials toChange)
                    throws ThriftSecurityException

Throws:

ThriftSecurityException

createUser

public void createUser(TCredentials credentials,
                       Credentials newUser,
                       Authorizations authorizations)
                throws ThriftSecurityException

Throws:

ThriftSecurityException

_createUser

protected void _createUser(TCredentials credentials,
                           Credentials newUser)
                    throws ThriftSecurityException

Throws:

ThriftSecurityException

dropUser

public void dropUser(TCredentials credentials,
                     String user)
              throws ThriftSecurityException

Throws:

ThriftSecurityException

grantSystemPermission

public void grantSystemPermission(TCredentials credentials,
                                  String user,
                                  SystemPermission permissionById)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

grantTablePermission

public void grantTablePermission(TCredentials c,
                                 String user,
                                 TableId tableId,
                                 TablePermission permission,
                                 NamespaceId namespaceId)
                          throws ThriftSecurityException

Throws:

ThriftSecurityException

grantNamespacePermission

public void grantNamespacePermission(TCredentials c,
                                     String user,
                                     NamespaceId namespace,
                                     NamespacePermission permission)
                              throws ThriftSecurityException

Throws:

ThriftSecurityException

revokeSystemPermission

public void revokeSystemPermission(TCredentials credentials,
                                   String user,
                                   SystemPermission permission)
                            throws ThriftSecurityException

Throws:

ThriftSecurityException

revokeTablePermission

public void revokeTablePermission(TCredentials c,
                                  String user,
                                  TableId tableId,
                                  TablePermission permission,
                                  NamespaceId namespaceId)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

revokeNamespacePermission

public void revokeNamespacePermission(TCredentials c,
                                      String user,
                                      NamespaceId namespace,
                                      NamespacePermission permission)
                               throws ThriftSecurityException

Throws:

ThriftSecurityException

hasSystemPermission

public boolean hasSystemPermission(TCredentials credentials,
                                   String user,
                                   SystemPermission permissionById)
                            throws ThriftSecurityException

Throws:

ThriftSecurityException

hasTablePermission

public boolean hasTablePermission(TCredentials credentials,
                                  String user,
                                  TableId tableId,
                                  TablePermission permissionById)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

hasNamespacePermission

public boolean hasNamespacePermission(TCredentials credentials,
                                      String user,
                                      NamespaceId namespace,
                                      NamespacePermission permissionById)
                               throws ThriftSecurityException

Throws:

ThriftSecurityException

listUsers

public Set<String> listUsers(TCredentials credentials)
                      throws ThriftSecurityException

Throws:

ThriftSecurityException

deleteTable

public void deleteTable(TCredentials credentials,
                        TableId tableId,
                        NamespaceId namespaceId)
                 throws ThriftSecurityException

Throws:

ThriftSecurityException

deleteNamespace

public void deleteNamespace(TCredentials credentials,
                            NamespaceId namespace)
                     throws ThriftSecurityException

Throws:

ThriftSecurityException

canExport

public boolean canExport(TCredentials credentials,
                         TableId tableId,
                         String tableName,
                         String exportDir,
                         NamespaceId namespaceId)
                  throws ThriftSecurityException

Throws:

ThriftSecurityException

canImport

public boolean canImport(TCredentials credentials,
                         String tableName,
                         String importDir,
                         NamespaceId namespaceId)
                  throws ThriftSecurityException

Throws:

ThriftSecurityException

canAlterNamespace

public boolean canAlterNamespace(TCredentials credentials,
                                 NamespaceId namespaceId)
                          throws ThriftSecurityException

Throws:

ThriftSecurityException

canCreateNamespace

public boolean canCreateNamespace(TCredentials credentials)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

canDeleteNamespace

public boolean canDeleteNamespace(TCredentials credentials,
                                  NamespaceId namespaceId)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

canRenameNamespace

public boolean canRenameNamespace(TCredentials credentials,
                                  NamespaceId namespaceId)
                           throws ThriftSecurityException

Throws:

ThriftSecurityException

canObtainDelegationToken

public boolean canObtainDelegationToken(TCredentials credentials)
                                 throws ThriftSecurityException

Throws:

ThriftSecurityException

canGetSummaries

public boolean canGetSummaries(TCredentials credentials,
                               TableId tableId,
                               NamespaceId namespaceId)
                        throws ThriftSecurityException

Throws:

ThriftSecurityException