Class SecurityOperationsImpl
- java.lang.Object
-
- org.apache.accumulo.core.client.impl.SecurityOperationsImpl
-
- All Implemented Interfaces:
SecurityOperations
public class SecurityOperationsImpl extends Object implements SecurityOperations
-
-
Constructor Summary
Constructors Constructor Description SecurityOperationsImpl(ClientContext context)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description boolean
authenticateUser(String user, byte[] password)
Deprecated.boolean
authenticateUser(String principal, AuthenticationToken token)
Verify a username/password combination is validvoid
changeLocalUserPassword(String principal, PasswordToken token)
Set the user's passwordvoid
changeUserAuthorizations(String principal, Authorizations authorizations)
Set the user's record-level authorizationsvoid
changeUserPassword(String user, byte[] password)
Deprecated.void
createLocalUser(String principal, PasswordToken password)
Create a uservoid
createUser(String user, byte[] password, Authorizations authorizations)
Deprecated.void
dropLocalUser(String principal)
Delete a uservoid
dropUser(String user)
Deprecated.DelegationToken
getDelegationToken(DelegationTokenConfig cfg)
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g.Authorizations
getUserAuthorizations(String principal)
Retrieves the user's authorizations for scanningvoid
grantNamespacePermission(String principal, String namespace, NamespacePermission permission)
Grant a user a specific permission for a specific namespacevoid
grantSystemPermission(String principal, SystemPermission permission)
Grant a user a system permissionvoid
grantTablePermission(String principal, String table, TablePermission permission)
Grant a user a specific permission for a specific tableboolean
hasNamespacePermission(String principal, String namespace, NamespacePermission permission)
Verify the user has a particular namespace permissionboolean
hasSystemPermission(String principal, SystemPermission perm)
Verify the user has a particular system permissionboolean
hasTablePermission(String principal, String table, TablePermission perm)
Verify the user has a particular table permissionSet<String>
listLocalUsers()
Return a list of users in accumuloSet<String>
listUsers()
Deprecated.void
revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)
Revoke a namespace permission for a specific user on a specific namespacevoid
revokeSystemPermission(String principal, SystemPermission permission)
Revoke a system permission from a uservoid
revokeTablePermission(String principal, String table, TablePermission permission)
Revoke a table permission for a specific user on a specific table
-
-
-
Constructor Detail
-
SecurityOperationsImpl
public SecurityOperationsImpl(ClientContext context)
-
-
Method Detail
-
createUser
@Deprecated public void createUser(String user, byte[] password, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException
Deprecated.Description copied from interface:SecurityOperations
Create a user- Specified by:
createUser
in interfaceSecurityOperations
- Parameters:
user
- the name of the user to createpassword
- the plaintext password for the userauthorizations
- the authorizations that the user has for scanning- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to create a user
-
createLocalUser
public void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Create a user- Specified by:
createLocalUser
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to createpassword
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to create a user
-
dropUser
@Deprecated public void dropUser(String user) throws AccumuloException, AccumuloSecurityException
Deprecated.Description copied from interface:SecurityOperations
Delete a user- Specified by:
dropUser
in interfaceSecurityOperations
- Parameters:
user
- the user name to delete- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to delete a user
-
dropLocalUser
public void dropLocalUser(String principal) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Delete a user- Specified by:
dropLocalUser
in interfaceSecurityOperations
- Parameters:
principal
- the user name to delete- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to delete a user
-
authenticateUser
@Deprecated public boolean authenticateUser(String user, byte[] password) throws AccumuloException, AccumuloSecurityException
Deprecated.Description copied from interface:SecurityOperations
Verify a username/password combination is valid- Specified by:
authenticateUser
in interfaceSecurityOperations
- Parameters:
user
- the name of the user to authenticatepassword
- the plaintext password for the user- Returns:
- true if the user asking is allowed to know and the specified user/password is valid, false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to ask
-
authenticateUser
public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify a username/password combination is valid- Specified by:
authenticateUser
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to authenticatetoken
- the SecurityToken for the user- Returns:
- true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to ask
-
changeUserPassword
@Deprecated public void changeUserPassword(String user, byte[] password) throws AccumuloException, AccumuloSecurityException
Deprecated.Description copied from interface:SecurityOperations
Set the user's password- Specified by:
changeUserPassword
in interfaceSecurityOperations
- Parameters:
user
- the name of the user to modifypassword
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
changeLocalUserPassword
public void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Set the user's password- Specified by:
changeLocalUserPassword
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytoken
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
changeUserAuthorizations
public void changeUserAuthorizations(String principal, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Set the user's record-level authorizations- Specified by:
changeUserAuthorizations
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifyauthorizations
- the authorizations that the user has for scanning- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
getUserAuthorizations
public Authorizations getUserAuthorizations(String principal) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Retrieves the user's authorizations for scanning- Specified by:
getUserAuthorizations
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to query- Returns:
- the set of authorizations the user has available for scanning
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasSystemPermission
public boolean hasSystemPermission(String principal, SystemPermission perm) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular system permission- Specified by:
hasSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to queryperm
- the system permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasTablePermission
public boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular table permission- Specified by:
hasTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to querytable
- the name of the table to query aboutperm
- the table permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasNamespacePermission
public boolean hasNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Verify the user has a particular namespace permission- Specified by:
hasNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to querynamespace
- the name of the namespace to query aboutpermission
- the namespace permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
grantSystemPermission
public void grantSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a system permission- Specified by:
grantSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifypermission
- the system permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantTablePermission
public void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a specific permission for a specific table- Specified by:
grantTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantNamespacePermission
public void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Grant a user a specific permission for a specific namespace- Specified by:
grantNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
revokeSystemPermission
public void revokeSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a system permission from a user- Specified by:
revokeSystemPermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifypermission
- the system permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeTablePermission
public void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a table permission for a specific user on a specific table- Specified by:
revokeTablePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeNamespacePermission
public void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Revoke a namespace permission for a specific user on a specific namespace- Specified by:
revokeNamespacePermission
in interfaceSecurityOperations
- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
listUsers
@Deprecated public Set<String> listUsers() throws AccumuloException, AccumuloSecurityException
Deprecated.Description copied from interface:SecurityOperations
Return a list of users in accumulo- Specified by:
listUsers
in interfaceSecurityOperations
- Returns:
- a set of user names
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query users
-
listLocalUsers
public Set<String> listLocalUsers() throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Return a list of users in accumulo- Specified by:
listLocalUsers
in interfaceSecurityOperations
- Returns:
- a set of user names
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query users
-
getDelegationToken
public DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException
Description copied from interface:SecurityOperations
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g. YARN Jobs)- Specified by:
getDelegationToken
in interfaceSecurityOperations
- Throws:
AccumuloException
AccumuloSecurityException
-
-