Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-7518 Move AuthResult out of AccessController 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1430631 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
mbertozzi 2013-01-08 23:34:10 +00:00
parent 087f1df0e2
commit 9924f8c7a6
2 changed files with 119 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -106,71 +106,6 @@ import static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Acc
public class AccessController extends BaseRegionObserver
implements MasterObserver, RegionServerObserver,
AccessControlService.Interface, CoprocessorService {
/**
* Represents the result of an authorization check for logging and error
* reporting.
*/
private static class AuthResult {
private final boolean allowed;
private final byte[] table;
private final byte[] family;
private final byte[] qualifier;
private final Permission.Action action;
private final String request;
private final String reason;
private final User user;
public AuthResult(boolean allowed, String request, String reason, User user,
Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
this.allowed = allowed;
this.request = request;
this.reason = reason;
this.user = user;
this.table = table;
this.family = family;
this.qualifier = qualifier;
this.action = action;
}
public boolean isAllowed() { return allowed; }
public User getUser() { return user; }
public String getReason() { return reason; }
public String getRequest() { return request; }
public String toContextString() {
return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
"scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
"family=" + (family != null ? Bytes.toString(family) : "") + ", " +
"qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
"action=" + (action != null ? action.toString() : "") + ")";
}
public String toString() {
return "AuthResult" + toContextString();
}
public static AuthResult allow(String request, String reason, User user, Permission.Action action,
byte[] table, byte[] family, byte[] qualifier) {
return new AuthResult(true, request, reason, user, action, table, family, qualifier);
}
public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
return new AuthResult(true, request, reason, user, action, table, null, null);
}
public static AuthResult deny(String request, String reason, User user,
Permission.Action action, byte[] table) {
return new AuthResult(false, request, reason, user, action, table, null, null);
}
public static AuthResult deny(String request, String reason, User user,
Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
return new AuthResult(false, request, reason, user, action, table, family, qualifier);
}
}
public static final Log LOG = LogFactory.getLog(AccessController.class);
@ -341,8 +276,8 @@ public class AccessController extends BaseRegionObserver
private void logResult(AuthResult result) {
if (AUDITLOG.isTraceEnabled()) {
InetAddress remoteAddr = null;
RequestContext ctx = RequestContext.get();
InetAddress remoteAddr = null;
if (ctx != null) {
remoteAddr = ctx.getRemoteAddress();
}
@ -880,7 +815,7 @@ public class AccessController extends BaseRegionObserver
get.setFilter(filter);
}
logResult(AuthResult.allow("get", "Access allowed with filter", requestUser,
Permission.Action.READ, authResult.table));
Permission.Action.READ, authResult.getTable()));
} else {
logResult(authResult);
throw new AccessDeniedException("Insufficient permissions (table=" +
@ -1010,7 +945,7 @@ public class AccessController extends BaseRegionObserver
scan.setFilter(filter);
}
logResult(AuthResult.allow("scannerOpen", "Access allowed with filter", user,
Permission.Action.READ, authResult.table));
Permission.Action.READ, authResult.getTable()));
} else {
// no table/family level perms and no qualifier level perms, reject
logResult(authResult);

116
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java Normal file
View File

@ -0,0 +1,116 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hbase.security.access;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Bytes;
/**
* Represents the result of an authorization check for logging and error
* reporting.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving
public class AuthResult {
private final boolean allowed;
private final byte[] table;
private final byte[] family;
private final byte[] qualifier;
private final Permission.Action action;
private final String request;
private final String reason;
private final User user;
public AuthResult(boolean allowed, String request, String reason, User user,
Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
this.allowed = allowed;
this.request = request;
this.reason = reason;
this.user = user;
this.table = table;
this.family = family;
this.qualifier = qualifier;
this.action = action;
}
public boolean isAllowed() {
return allowed;
}
public User getUser() {
return user;
}
public String getReason() {
return reason;
}
public byte[] getTable() {
return table;
}
public byte[] getFamily() {
return family;
}
public byte[] getQualifier() {
return qualifier;
}
public Permission.Action getAction() {
return action;
}
public String getRequest() {
return request;
}
public String toContextString() {
return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
"scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
"family=" + (family != null ? Bytes.toString(family) : "") + ", " +
"qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
"action=" + (action != null ? action.toString() : "") + ")";
}
public String toString() {
return "AuthResult" + toContextString();
}
public static AuthResult allow(String request, String reason, User user, Permission.Action action,
byte[] table, byte[] family, byte[] qualifier) {
return new AuthResult(true, request, reason, user, action, table, family, qualifier);
}
public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
return new AuthResult(true, request, reason, user, action, table, null, null);
}
public static AuthResult deny(String request, String reason, User user,
Permission.Action action, byte[] table) {
return new AuthResult(false, request, reason, user, action, table, null, null);
}
public static AuthResult deny(String request, String reason, User user,
Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
return new AuthResult(false, request, reason, user, action, table, family, qualifier);
}
}