From 9924f8c7a6c3023ef370fad09fdd6317bad98f83 Mon Sep 17 00:00:00 2001 From: mbertozzi Date: Tue, 8 Jan 2013 23:34:10 +0000 Subject: [PATCH] HBASE-7518 Move AuthResult out of AccessController git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1430631 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/access/AccessController.java | 71 +---------- .../hbase/security/access/AuthResult.java | 116 ++++++++++++++++++ 2 files changed, 119 insertions(+), 68 deletions(-) create mode 100644 hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index ee079884849..0c542673d1d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -106,71 +106,6 @@ import static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Acc public class AccessController extends BaseRegionObserver implements MasterObserver, RegionServerObserver, AccessControlService.Interface, CoprocessorService { - /** - * Represents the result of an authorization check for logging and error - * reporting. - */ - private static class AuthResult { - private final boolean allowed; - private final byte[] table; - private final byte[] family; - private final byte[] qualifier; - private final Permission.Action action; - private final String request; - private final String reason; - private final User user; - - public AuthResult(boolean allowed, String request, String reason, User user, - Permission.Action action, byte[] table, byte[] family, byte[] qualifier) { - this.allowed = allowed; - this.request = request; - this.reason = reason; - this.user = user; - this.table = table; - this.family = family; - this.qualifier = qualifier; - this.action = action; - } - - public boolean isAllowed() { return allowed; } - - public User getUser() { return user; } - - public String getReason() { return reason; } - - public String getRequest() { return request; } - - public String toContextString() { - return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " + - "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " + - "family=" + (family != null ? Bytes.toString(family) : "") + ", " + - "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " + - "action=" + (action != null ? action.toString() : "") + ")"; - } - - public String toString() { - return "AuthResult" + toContextString(); - } - - public static AuthResult allow(String request, String reason, User user, Permission.Action action, - byte[] table, byte[] family, byte[] qualifier) { - return new AuthResult(true, request, reason, user, action, table, family, qualifier); - } - - public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) { - return new AuthResult(true, request, reason, user, action, table, null, null); - } - - public static AuthResult deny(String request, String reason, User user, - Permission.Action action, byte[] table) { - return new AuthResult(false, request, reason, user, action, table, null, null); - } - - public static AuthResult deny(String request, String reason, User user, - Permission.Action action, byte[] table, byte[] family, byte[] qualifier) { - return new AuthResult(false, request, reason, user, action, table, family, qualifier); - } - } public static final Log LOG = LogFactory.getLog(AccessController.class); @@ -341,8 +276,8 @@ public class AccessController extends BaseRegionObserver private void logResult(AuthResult result) { if (AUDITLOG.isTraceEnabled()) { - InetAddress remoteAddr = null; RequestContext ctx = RequestContext.get(); + InetAddress remoteAddr = null; if (ctx != null) { remoteAddr = ctx.getRemoteAddress(); } @@ -880,7 +815,7 @@ public class AccessController extends BaseRegionObserver get.setFilter(filter); } logResult(AuthResult.allow("get", "Access allowed with filter", requestUser, - Permission.Action.READ, authResult.table)); + Permission.Action.READ, authResult.getTable())); } else { logResult(authResult); throw new AccessDeniedException("Insufficient permissions (table=" + @@ -1010,7 +945,7 @@ public class AccessController extends BaseRegionObserver scan.setFilter(filter); } logResult(AuthResult.allow("scannerOpen", "Access allowed with filter", user, - Permission.Action.READ, authResult.table)); + Permission.Action.READ, authResult.getTable())); } else { // no table/family level perms and no qualifier level perms, reject logResult(authResult); diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java new file mode 100644 index 00000000000..ba1cb31f8d7 --- /dev/null +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hbase.security.access; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.hbase.security.User; +import org.apache.hadoop.hbase.util.Bytes; + +/** + * Represents the result of an authorization check for logging and error + * reporting. + */ +@InterfaceAudience.Public +@InterfaceStability.Evolving +public class AuthResult { + private final boolean allowed; + private final byte[] table; + private final byte[] family; + private final byte[] qualifier; + private final Permission.Action action; + private final String request; + private final String reason; + private final User user; + + public AuthResult(boolean allowed, String request, String reason, User user, + Permission.Action action, byte[] table, byte[] family, byte[] qualifier) { + this.allowed = allowed; + this.request = request; + this.reason = reason; + this.user = user; + this.table = table; + this.family = family; + this.qualifier = qualifier; + this.action = action; + } + + public boolean isAllowed() { + return allowed; + } + + public User getUser() { + return user; + } + + public String getReason() { + return reason; + } + + public byte[] getTable() { + return table; + } + + public byte[] getFamily() { + return family; + } + + public byte[] getQualifier() { + return qualifier; + } + + public Permission.Action getAction() { + return action; + } + + public String getRequest() { + return request; + } + + public String toContextString() { + return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " + + "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " + + "family=" + (family != null ? Bytes.toString(family) : "") + ", " + + "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " + + "action=" + (action != null ? action.toString() : "") + ")"; + } + + public String toString() { + return "AuthResult" + toContextString(); + } + + public static AuthResult allow(String request, String reason, User user, Permission.Action action, + byte[] table, byte[] family, byte[] qualifier) { + return new AuthResult(true, request, reason, user, action, table, family, qualifier); + } + + public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) { + return new AuthResult(true, request, reason, user, action, table, null, null); + } + + public static AuthResult deny(String request, String reason, User user, + Permission.Action action, byte[] table) { + return new AuthResult(false, request, reason, user, action, table, null, null); + } + + public static AuthResult deny(String request, String reason, User user, + Permission.Action action, byte[] table, byte[] family, byte[] qualifier) { + return new AuthResult(false, request, reason, user, action, table, family, qualifier); + } +} \ No newline at end of file