Class AuditedSecurityOperation
- java.lang.Object
-
- org.apache.accumulo.server.security.SecurityOperation
-
- org.apache.accumulo.server.security.AuditedSecurityOperation
-
public class AuditedSecurityOperation extends SecurityOperation
-
-
Field Summary
-
Fields inherited from class org.apache.accumulo.server.security.SecurityOperation
authenticator, authorizor, context, isKerberos, permHandle
-
-
Constructor Summary
Constructors Constructor Description AuditedSecurityOperation(AccumuloServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
authenticate(TCredentials credentials)
boolean
canAlterTable(TCredentials c, String tableId, String namespaceId)
boolean
canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId)
boolean
canChangeAuthorizations(TCredentials c, String user)
boolean
canChangePassword(TCredentials c, String user)
boolean
canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String sourceNamespaceId)
boolean
canCompact(TCredentials c, String tableId, String namespaceId)
boolean
canCreateTable(TCredentials c, String tableName, String namespaceId)
boolean
canCreateUser(TCredentials c, String user)
boolean
canDeleteRange(TCredentials c, String tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, String namespaceId)
boolean
canDeleteTable(TCredentials c, String tableId, String namespaceId)
boolean
canDropUser(TCredentials c, String user)
boolean
canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId)
boolean
canFlush(TCredentials c, String tableId, String namespaceId)
boolean
canGrantSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean
canGrantTable(TCredentials c, String user, String table, String namespaceId)
boolean
canImport(TCredentials credentials, String tableName, String importDir, String namespaceId)
boolean
canMerge(TCredentials c, String tableId, String namespaceId)
boolean
canObtainDelegationToken(TCredentials credentials)
boolean
canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op, String namespaceId)
boolean
canPerformSystemActions(TCredentials credentials)
This is the check to perform any system action.boolean
canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId)
boolean
canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm)
boolean
canRevokeTable(TCredentials c, String user, String table, String namespaceId)
boolean
canScan(TCredentials credentials, String tableId, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean
canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations)
boolean
canSplitTablet(TCredentials credentials, String table, String namespaceId)
void
changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations)
void
changePassword(TCredentials credentials, Credentials newInfo)
void
createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations)
void
dropUser(TCredentials credentials, String user)
static StringBuilder
getAuthString(List<ByteBuffer> authorizations)
static SecurityOperation
getInstance(AccumuloServerContext context)
static SecurityOperation
getInstance(AccumuloServerContext context, boolean initialize)
void
grantSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void
grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId)
boolean
hasSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void
revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission)
void
revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId)
-
Methods inherited from class org.apache.accumulo.server.security.SecurityOperation
_createUser, _hasNamespacePermission, _hasTablePermission, authenticatedUserHasAuthorizations, authenticateUser, canAlterNamespace, canAskAboutUser, canBulkImport, canConditionallyUpdate, canCreateNamespace, canDeleteNamespace, canGrantNamespace, canRenameNamespace, canRevokeNamespace, canScan, canWrite, deleteNamespace, deleteTable, getAuthenticator, getAuthorizor, getPermHandler, getRootUsername, getUserAuthorizations, getUserAuthorizations, grantNamespacePermission, hasNamespacePermission, hasTablePermission, hasTablePermission, initializeSecurity, isSystemUser, listUsers, revokeNamespacePermission
-
-
-
-
Field Detail
-
AUDITLOG
public static final String AUDITLOG
- See Also:
- Constant Field Values
-
audit
public static final org.apache.log4j.Logger audit
-
CAN_SCAN_AUDIT_TEMPLATE
public static final String CAN_SCAN_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_SCAN_BATCH_AUDIT_TEMPLATE
public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CHANGE_PASSWORD_AUDIT_TEMPLATE
public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CREATE_USER_AUDIT_TEMPLATE
public static final String CREATE_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CREATE_TABLE_AUDIT_TEMPLATE
public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DELETE_TABLE_AUDIT_TEMPLATE
public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_RENAME_TABLE_AUDIT_TEMPLATE
public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_SPLIT_TABLE_AUDIT_TEMPLATE
public static final String CAN_SPLIT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE
public static final String CAN_PERFORM_SYSTEM_ACTION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_FLUSH_TABLE_AUDIT_TEMPLATE
public static final String CAN_FLUSH_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_ALTER_TABLE_AUDIT_TEMPLATE
public static final String CAN_ALTER_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CLONE_TABLE_AUDIT_TEMPLATE
public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DELETE_RANGE_AUDIT_TEMPLATE
public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_BULK_IMPORT_AUDIT_TEMPLATE
public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_COMPACT_TABLE_AUDIT_TEMPLATE
public static final String CAN_COMPACT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
public static final String CAN_CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE
public static final String CAN_CHANGE_PASSWORD_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_CREATE_USER_AUDIT_TEMPLATE
public static final String CAN_CREATE_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_DROP_USER_AUDIT_TEMPLATE
public static final String CAN_DROP_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_GRANT_SYSTEM_AUDIT_TEMPLATE
public static final String CAN_GRANT_SYSTEM_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_GRANT_TABLE_AUDIT_TEMPLATE
public static final String CAN_GRANT_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE
public static final String CAN_REVOKE_SYSTEM_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_REVOKE_TABLE_AUDIT_TEMPLATE
public static final String CAN_REVOKE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_IMPORT_AUDIT_TEMPLATE
public static final String CAN_IMPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_EXPORT_AUDIT_TEMPLATE
public static final String CAN_EXPORT_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
DROP_USER_AUDIT_TEMPLATE
public static final String DROP_USER_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE
public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE
public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE
public static final String HAS_SYSTEM_PERMISSION_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE
public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
CAN_MERGE_TABLE_AUDIT_TEMPLATE
public static final String CAN_MERGE_TABLE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
AUTHENICATE_AUDIT_TEMPLATE
public static final String AUTHENICATE_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
DELEGATION_TOKEN_AUDIT_TEMPLATE
public static final String DELEGATION_TOKEN_AUDIT_TEMPLATE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AuditedSecurityOperation
public AuditedSecurityOperation(AccumuloServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
-
Method Detail
-
getInstance
public static SecurityOperation getInstance(AccumuloServerContext context)
-
getInstance
public static SecurityOperation getInstance(AccumuloServerContext context, boolean initialize)
-
getAuthString
public static StringBuilder getAuthString(List<ByteBuffer> authorizations)
-
canScan
public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Overrides:
canScan
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, String tableId, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Overrides:
canScan
in classSecurityOperation
- Throws:
ThriftSecurityException
-
changeAuthorizations
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException
- Overrides:
changeAuthorizations
in classSecurityOperation
- Throws:
ThriftSecurityException
-
changePassword
public void changePassword(TCredentials credentials, Credentials newInfo) throws ThriftSecurityException
- Overrides:
changePassword
in classSecurityOperation
- Throws:
ThriftSecurityException
-
createUser
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException
- Overrides:
createUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCreateTable
public boolean canCreateTable(TCredentials c, String tableName, String namespaceId) throws ThriftSecurityException
- Overrides:
canCreateTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDeleteTable
public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
- Overrides:
canDeleteTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRenameTable
public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException
- Overrides:
canRenameTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canSplitTablet
public boolean canSplitTablet(TCredentials credentials, String table, String namespaceId) throws ThriftSecurityException
- Overrides:
canSplitTablet
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canPerformSystemActions
public boolean canPerformSystemActions(TCredentials credentials) throws ThriftSecurityException
Description copied from class:SecurityOperation
This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.- Overrides:
canPerformSystemActions
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canFlush
public boolean canFlush(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
- Overrides:
canFlush
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canAlterTable
public boolean canAlterTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
- Overrides:
canAlterTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCloneTable
public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String sourceNamespaceId) throws ThriftSecurityException
- Overrides:
canCloneTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDeleteRange
public boolean canDeleteRange(TCredentials c, String tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, String namespaceId) throws ThriftSecurityException
- Overrides:
canDeleteRange
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canBulkImport
public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException
- Overrides:
canBulkImport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCompact
public boolean canCompact(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
- Overrides:
canCompact
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canChangeAuthorizations
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canChangeAuthorizations
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canChangePassword
public boolean canChangePassword(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canChangePassword
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canCreateUser
public boolean canCreateUser(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canCreateUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canDropUser
public boolean canDropUser(TCredentials c, String user) throws ThriftSecurityException
- Overrides:
canDropUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canGrantSystem
public boolean canGrantSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Overrides:
canGrantSystem
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canGrantTable
public boolean canGrantTable(TCredentials c, String user, String table, String namespaceId) throws ThriftSecurityException
- Overrides:
canGrantTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRevokeSystem
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Overrides:
canRevokeSystem
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canRevokeTable
public boolean canRevokeTable(TCredentials c, String user, String table, String namespaceId) throws ThriftSecurityException
- Overrides:
canRevokeTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canImport
public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException
- Overrides:
canImport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canExport
public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException
- Overrides:
canExport
in classSecurityOperation
- Throws:
ThriftSecurityException
-
dropUser
public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException
- Overrides:
dropUser
in classSecurityOperation
- Throws:
ThriftSecurityException
-
grantSystemPermission
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
grantSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
grantTablePermission
public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException
- Overrides:
grantTablePermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
revokeSystemPermission
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
revokeSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
revokeTablePermission
public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException
- Overrides:
revokeTablePermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
hasSystemPermission
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Overrides:
hasSystemPermission
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canOnlineOfflineTable
public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException
- Overrides:
canOnlineOfflineTable
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canMerge
public boolean canMerge(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException
- Overrides:
canMerge
in classSecurityOperation
- Throws:
ThriftSecurityException
-
authenticate
protected void authenticate(TCredentials credentials) throws ThriftSecurityException
- Overrides:
authenticate
in classSecurityOperation
- Throws:
ThriftSecurityException
-
canObtainDelegationToken
public boolean canObtainDelegationToken(TCredentials credentials) throws ThriftSecurityException
- Overrides:
canObtainDelegationToken
in classSecurityOperation
- Throws:
ThriftSecurityException
-
-