Class SecurityOperation
java.lang.Object
org.apache.accumulo.server.security.SecurityOperation
- Direct Known Subclasses:
AuditedSecurityOperation
Utility class for performing various security operations with the appropriate checks
-
Field Summary
Fields -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedSecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidauthenticate(TCredentials credentials) booleanauthenticatedUserHasAuthorizations(TCredentials credentials, List<ByteBuffer> list) Check if an already authenticated user has specified authorizations.booleanauthenticateUser(TCredentials credentials, TCredentials toAuth) booleancanAlterNamespace(TCredentials credentials, NamespaceId namespaceId) booleancanAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId) booleancanBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId) booleancanChangeAuthorizations(TCredentials c, String user) booleancanChangePassword(TCredentials c, String user) booleancanCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId srcNamespaceId) booleancanCompact(TCredentials c, TableId tableId, NamespaceId namespaceId) booleancanConditionallyUpdate(TCredentials credentials, TableId tableID, NamespaceId namespaceId) booleancanCreateNamespace(TCredentials credentials) booleancanCreateTable(TCredentials c, String tableName, NamespaceId namespaceId) booleancanCreateUser(TCredentials c, String user) booleancanDeleteNamespace(TCredentials credentials, NamespaceId namespaceId) booleancanDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId) booleancanDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId) booleancanDropUser(TCredentials c, String user) booleancanExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId) booleancanFlush(TCredentials c, TableId tableId, NamespaceId namespaceId) booleancanGetSummaries(TCredentials credentials, TableId tableId, NamespaceId namespaceId) booleancanGrantNamespace(TCredentials c, NamespaceId namespace) booleancanGrantSystem(TCredentials c, String user, SystemPermission sysPerm) booleancanGrantTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) booleancanImport(TCredentials credentials, String tableName, Set<String> importDir, NamespaceId namespaceId) booleancanMerge(TCredentials c, TableId tableId, NamespaceId namespaceId) booleancanObtainDelegationToken(TCredentials credentials) booleancanOnlineOfflineTable(TCredentials c, TableId tableId, FateOperation op, NamespaceId namespaceId) booleancanPerformSystemActions(TCredentials credentials) This is the check to perform any system action.booleancanRenameNamespace(TCredentials credentials, NamespaceId namespaceId) booleancanRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId) booleancanRevokeNamespace(TCredentials c, NamespaceId namespace) booleancanRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) booleancanRevokeTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) booleancanScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId) booleancanScan(TCredentials credentials, TableId table, NamespaceId namespaceId, Map<TKeyExtent, List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations) booleancanScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations) booleancanSplitTablet(TCredentials credentials, TableId tableId, NamespaceId namespaceId) booleancanWrite(TCredentials credentials, TableId tableId, NamespaceId namespaceId) voidchangeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) voidchangePassword(TCredentials credentials, Credentials toChange) voidcreateUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) voiddeleteNamespace(TCredentials credentials, NamespaceId namespace) voiddeleteTable(TCredentials credentials, TableId tableId, NamespaceId namespaceId) voiddropUser(TCredentials credentials, String user) static AuthenticatorgetAuthenticator(ServerContext context) static AuthorizorgetAuthorizor(ServerContext context) static PermissionHandlergetPermHandler(ServerContext context) getUserAuthorizations(TCredentials credentials) getUserAuthorizations(TCredentials credentials, String user) voidgrantNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) voidgrantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) voidgrantTablePermission(TCredentials c, String user, TableId tableId, String tableName, TablePermission permission, NamespaceId namespaceId) booleanhasNamespacePermission(TCredentials credentials, String user, NamespaceId namespace, NamespacePermission permissionById) booleanhasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) booleanhasTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permissionById) protected booleanhasTablePermission(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TablePermission permission, boolean useCached) Checks if a user has a table permissionvoidinitializeSecurity(TCredentials credentials, String rootPrincipal, byte[] token) booleanisSystemUser(TCredentials credentials) listUsers(TCredentials credentials) voidrevokeNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) voidrevokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) voidrevokeTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) boolean
-
Field Details
-
context
-
-
Constructor Details
-
SecurityOperation
protected SecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
-
Method Details
-
getAuthorizor
-
getAuthenticator
-
getPermHandler
-
initializeSecurity
public void initializeSecurity(TCredentials credentials, String rootPrincipal, byte[] token) throws AccumuloSecurityException - Throws:
AccumuloSecurityException
-
isSystemUser
-
authenticate
- Throws:
ThriftSecurityException
-
authenticateUser
public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
getUserAuthorizations
public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
getUserAuthorizations
public Authorizations getUserAuthorizations(TCredentials credentials) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
authenticatedUserHasAuthorizations
Check if an already authenticated user has specified authorizations. -
hasTablePermission
protected boolean hasTablePermission(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException Checks if a user has a table permission- Returns:
- true if a user exists and has permission; false otherwise
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String, Map<String, throws ThriftSecurityExceptionString>> ssio, List<ByteBuffer> authorizations) - Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId table, NamespaceId namespaceId, Map<TKeyExtent, List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String, throws ThriftSecurityExceptionMap<String, String>> ssio, List<ByteBuffer> authorizations) - Throws:
ThriftSecurityException
-
canWrite
public boolean canWrite(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canConditionallyUpdate
public boolean canConditionallyUpdate(TCredentials credentials, TableId tableID, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canSplitTablet
public boolean canSplitTablet(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canPerformSystemActions
This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.- Throws:
ThriftSecurityException
-
canFlush
public boolean canFlush(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canAlterTable
public boolean canAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canCreateTable
public boolean canCreateTable(TCredentials c, String tableName, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canRenameTable
public boolean canRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canCloneTable
public boolean canCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId srcNamespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canDeleteTable
public boolean canDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canOnlineOfflineTable
public boolean canOnlineOfflineTable(TCredentials c, TableId tableId, FateOperation op, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canMerge
public boolean canMerge(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canDeleteRange
public boolean canDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canBulkImport
public boolean canBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canCompact
public boolean canCompact(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canChangeAuthorizations
- Throws:
ThriftSecurityException
-
canChangePassword
- Throws:
ThriftSecurityException
-
canCreateUser
- Throws:
ThriftSecurityException
-
canDropUser
- Throws:
ThriftSecurityException
-
canGrantSystem
public boolean canGrantSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canGrantTable
public boolean canGrantTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canGrantNamespace
public boolean canGrantNamespace(TCredentials c, NamespaceId namespace) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canRevokeSystem
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canRevokeTable
public boolean canRevokeTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canRevokeNamespace
public boolean canRevokeNamespace(TCredentials c, NamespaceId namespace) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
changeAuthorizations
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
changePassword
public void changePassword(TCredentials credentials, Credentials toChange) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
createUser
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
dropUser
- Throws:
ThriftSecurityException
-
grantSystemPermission
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
grantTablePermission
public void grantTablePermission(TCredentials c, String user, TableId tableId, String tableName, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException, TableNotFoundException -
grantNamespacePermission
public void grantNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
revokeSystemPermission
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
revokeTablePermission
public void revokeTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
revokeNamespacePermission
public void revokeNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
hasSystemPermission
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
hasTablePermission
public boolean hasTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permissionById) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
hasNamespacePermission
public boolean hasNamespacePermission(TCredentials credentials, String user, NamespaceId namespace, NamespacePermission permissionById) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
listUsers
- Throws:
ThriftSecurityException
-
deleteTable
public void deleteTable(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
deleteNamespace
public void deleteNamespace(TCredentials credentials, NamespaceId namespace) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canExport
public boolean canExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canImport
public boolean canImport(TCredentials credentials, String tableName, Set<String> importDir, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canAlterNamespace
public boolean canAlterNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canCreateNamespace
- Throws:
ThriftSecurityException
-
canDeleteNamespace
public boolean canDeleteNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canRenameNamespace
public boolean canRenameNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
canObtainDelegationToken
- Throws:
ThriftSecurityException
-
canGetSummaries
public boolean canGetSummaries(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException - Throws:
ThriftSecurityException
-
validateStoredUserCreditentials
public boolean validateStoredUserCreditentials()
-