From 9924f8c7a6c3023ef370fad09fdd6317bad98f83 Mon Sep 17 00:00:00 2001
From: mbertozzi <mbertozzi@unknown>
Date: Tue, 8 Jan 2013 23:34:10 +0000
Subject: [PATCH] HBASE-7518 Move AuthResult out of AccessController

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1430631 13f79535-47bb-0310-9956-ffa450edef68
---
 .../security/access/AccessController.java     |  71 +----------
 .../hbase/security/access/AuthResult.java     | 116 ++++++++++++++++++
 2 files changed, 119 insertions(+), 68 deletions(-)
 create mode 100644 hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index ee079884849..0c542673d1d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -106,71 +106,6 @@ import static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Acc
 public class AccessController extends BaseRegionObserver
     implements MasterObserver, RegionServerObserver,
       AccessControlService.Interface, CoprocessorService {
-  /**
-   * Represents the result of an authorization check for logging and error
-   * reporting.
-   */
-  private static class AuthResult {
-    private final boolean allowed;
-    private final byte[] table;
-    private final byte[] family;
-    private final byte[] qualifier;
-    private final Permission.Action action;
-    private final String request;
-    private final String reason;
-    private final User user;
-
-    public AuthResult(boolean allowed, String request, String reason,  User user,
-        Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
-      this.allowed = allowed;
-      this.request = request;
-      this.reason = reason;
-      this.user = user;
-      this.table = table;
-      this.family = family;
-      this.qualifier = qualifier;
-      this.action = action;
-    }
-
-    public boolean isAllowed() { return allowed; }
-
-    public User getUser() { return user; }
-
-    public String getReason() { return reason; }
-
-    public String getRequest() { return request; }
-
-    public String toContextString() {
-      return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
-          "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
-          "family=" + (family != null ? Bytes.toString(family) : "") + ", " +
-          "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
-          "action=" + (action != null ? action.toString() : "") + ")";
-    }
-
-    public String toString() {
-      return "AuthResult" + toContextString();
-    }
-
-    public static AuthResult allow(String request, String reason, User user, Permission.Action action,
-        byte[] table, byte[] family, byte[] qualifier) {
-      return new AuthResult(true, request, reason, user, action, table, family, qualifier);
-    }
-
-    public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
-      return new AuthResult(true, request, reason, user, action, table, null, null);
-    }
-
-    public static AuthResult deny(String request, String reason, User user,
-        Permission.Action action, byte[] table) {
-      return new AuthResult(false, request, reason, user, action, table, null, null);
-    }
-
-    public static AuthResult deny(String request, String reason, User user,
-        Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
-      return new AuthResult(false, request, reason, user, action, table, family, qualifier);
-    }
-  }
 
   public static final Log LOG = LogFactory.getLog(AccessController.class);
 
@@ -341,8 +276,8 @@ public class AccessController extends BaseRegionObserver
 
   private void logResult(AuthResult result) {
     if (AUDITLOG.isTraceEnabled()) {
-      InetAddress remoteAddr = null;
       RequestContext ctx = RequestContext.get();
+      InetAddress remoteAddr = null;
       if (ctx != null) {
         remoteAddr = ctx.getRemoteAddress();
       }
@@ -880,7 +815,7 @@ public class AccessController extends BaseRegionObserver
           get.setFilter(filter);
         }
         logResult(AuthResult.allow("get", "Access allowed with filter", requestUser,
-            Permission.Action.READ, authResult.table));
+            Permission.Action.READ, authResult.getTable()));
       } else {
         logResult(authResult);
         throw new AccessDeniedException("Insufficient permissions (table=" +
@@ -1010,7 +945,7 @@ public class AccessController extends BaseRegionObserver
           scan.setFilter(filter);
         }
         logResult(AuthResult.allow("scannerOpen", "Access allowed with filter", user,
-            Permission.Action.READ, authResult.table));
+            Permission.Action.READ, authResult.getTable()));
       } else {
         // no table/family level perms and no qualifier level perms, reject
         logResult(authResult);
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java
new file mode 100644
index 00000000000..ba1cb31f8d7
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.security.access;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.util.Bytes;
+
+/**
+ * Represents the result of an authorization check for logging and error
+ * reporting.
+ */
+@InterfaceAudience.Public
+@InterfaceStability.Evolving
+public class AuthResult {
+  private final boolean allowed;
+  private final byte[] table;
+  private final byte[] family;
+  private final byte[] qualifier;
+  private final Permission.Action action;
+  private final String request;
+  private final String reason;
+  private final User user;
+
+  public AuthResult(boolean allowed, String request, String reason,  User user,
+      Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
+    this.allowed = allowed;
+    this.request = request;
+    this.reason = reason;
+    this.user = user;
+    this.table = table;
+    this.family = family;
+    this.qualifier = qualifier;
+    this.action = action;
+  }
+
+  public boolean isAllowed() {
+    return allowed;
+  }
+
+  public User getUser() {
+    return user;
+  }
+
+  public String getReason() {
+    return reason;
+  }
+
+  public byte[] getTable() {
+    return table;
+  }
+
+  public byte[] getFamily() {
+    return family;
+  }
+
+  public byte[] getQualifier() {
+    return qualifier;
+  }
+
+  public Permission.Action getAction() {
+    return action;
+  }
+
+  public String getRequest() {
+    return request;
+  }
+
+  public String toContextString() {
+    return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
+        "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
+        "family=" + (family != null ? Bytes.toString(family) : "") + ", " +
+        "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
+        "action=" + (action != null ? action.toString() : "") + ")";
+  }
+
+  public String toString() {
+    return "AuthResult" + toContextString();
+  }
+
+  public static AuthResult allow(String request, String reason, User user, Permission.Action action,
+      byte[] table, byte[] family, byte[] qualifier) {
+    return new AuthResult(true, request, reason, user, action, table, family, qualifier);
+  }
+
+  public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
+    return new AuthResult(true, request, reason, user, action, table, null, null);
+  }
+
+  public static AuthResult deny(String request, String reason, User user,
+      Permission.Action action, byte[] table) {
+    return new AuthResult(false, request, reason, user, action, table, null, null);
+  }
+
+  public static AuthResult deny(String request, String reason, User user,
+      Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
+    return new AuthResult(false, request, reason, user, action, table, family, qualifier);
+  }
+}
\ No newline at end of file