org.apache.hadoop.hbase.security.access

Class AccessChecker

java.lang.Object

org.apache.hadoop.hbase.security.access.AccessChecker

@InterfaceAudience.LimitedPrivate(value="Coprocesssor")
 @InterfaceStability.Evolving
public class AccessChecker
extends Object

Constructor Summary

Constructors

Constructor and Description
AccessChecker(org.apache.hadoop.conf.Configuration conf, ZKWatcher zkw) Constructor with existing configuration

Method Summary

Modifier and Type	Method and Description
void	checkLockPermissions(User user, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason)
TableAuthManager	getAuthManager()
static boolean	isAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)
static void	logResult(AuthResult result)
void	requireAccess(User user, String request, TableName tableName, Permission.Action... permissions) Authorizes that the current user has any of the given permissions to access the table.
void	requireGlobalPermission(User user, String request, Permission.Action perm, String namespace) Checks that the user has the given global permission.
void	requireGlobalPermission(User user, String request, Permission.Action perm, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap) Checks that the user has the given global permission.
void	requireNamespacePermission(User user, String request, String namespace, Permission.Action... permissions) Checks that the user has the given global or namespace permission.
void	requireNamespacePermission(User user, String request, String namespace, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, Permission.Action... permissions) Checks that the user has the given global or namespace permission.
void	requirePermission(User user, String request, Permission.Action perm) Authorizes that the current user has global privileges for the given action.
void	requirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions) Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.
void	requireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions) Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.
void	stop() Releases TableAuthManager's reference.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessChecker

public AccessChecker(org.apache.hadoop.conf.Configuration conf,
                     ZKWatcher zkw)
              throws RuntimeException

Constructor with existing configuration

Parameters:

conf - Existing configuration to use

zkw - reference to the ZKWatcher

Throws:

RuntimeException

Method Detail

isAuthorizationSupported

public static boolean isAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)

stop

public void stop()

Releases TableAuthManager's reference.

getAuthManager

public TableAuthManager getAuthManager()

requireAccess

public void requireAccess(User user,
                          String request,
                          TableName tableName,
                          Permission.Action... permissions)
                   throws IOException

Authorizes that the current user has any of the given permissions to access the table.

Parameters:

tableName - Table requested

permissions - Actions being requested

Throws:

IOException - if obtaining the current user fails

AccessDeniedException - if user has no authorization

requirePermission

public void requirePermission(User user,
                              String request,
                              Permission.Action perm)
                       throws IOException

Authorizes that the current user has global privileges for the given action.

Parameters:

perm - The action being requested

Throws:

IOException - if obtaining the current user fails

AccessDeniedException - if authorization is denied

requireGlobalPermission

public void requireGlobalPermission(User user,
                                    String request,
                                    Permission.Action perm,
                                    TableName tableName,
                                    Map<byte[],? extends Collection<byte[]>> familyMap)
                             throws IOException

Checks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.

Parameters:

perm - Action being requested

tableName - Affected table name.

familyMap - Affected column families.

Throws:

IOException

requireGlobalPermission

public void requireGlobalPermission(User user,
                                    String request,
                                    Permission.Action perm,
                                    String namespace)
                             throws IOException

Checks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.

Parameters:

perm - Action being requested

namespace - The given namespace

Throws:

IOException

requireNamespacePermission

public void requireNamespacePermission(User user,
                                       String request,
                                       String namespace,
                                       Permission.Action... permissions)
                                throws IOException

Checks that the user has the given global or namespace permission.

Parameters:

namespace - The given namespace

permissions - Actions being requested

Throws:

IOException

requireNamespacePermission

public void requireNamespacePermission(User user,
                                       String request,
                                       String namespace,
                                       TableName tableName,
                                       Map<byte[],? extends Collection<byte[]>> familyMap,
                                       Permission.Action... permissions)
                                throws IOException

Checks that the user has the given global or namespace permission.

Parameters:

namespace - The given namespace

permissions - Actions being requested

Throws:

IOException

requirePermission

public void requirePermission(User user,
                              String request,
                              TableName tableName,
                              byte[] family,
                              byte[] qualifier,
                              Permission.Action... permissions)
                       throws IOException

Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.

Parameters:

tableName - Table requested

family - Column family requested

qualifier - Column qualifier requested

Throws:

IOException - if obtaining the current user fails

AccessDeniedException - if user has no authorization

requireTablePermission

public void requireTablePermission(User user,
                                   String request,
                                   TableName tableName,
                                   byte[] family,
                                   byte[] qualifier,
                                   Permission.Action... permissions)
                            throws IOException

Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.

Parameters:

tableName - Table requested

family - Column family param

qualifier - Column qualifier param

Throws:

IOException - if obtaining the current user fails

AccessDeniedException - if user has no authorization

checkLockPermissions

public void checkLockPermissions(User user,
                                 String namespace,
                                 TableName tableName,
                                 RegionInfo[] regionInfos,
                                 String reason)
                          throws IOException

Throws:

IOException

logResult

public static void logResult(AuthResult result)