Class SecurityOperation
- java.lang.Object
-
- org.apache.accumulo.server.security.SecurityOperation
-
- Direct Known Subclasses:
AuditedSecurityOperation
public class SecurityOperation extends Object
Utility class for performing various security operations with the appropriate checks
-
-
Field Summary
Fields Modifier and Type Field Description protected ServerContext
context
-
Constructor Summary
Constructors Modifier Constructor Description protected
SecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
Method Summary
-
-
-
Field Detail
-
context
protected final ServerContext context
-
-
Constructor Detail
-
SecurityOperation
protected SecurityOperation(ServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm)
-
-
Method Detail
-
getAuthorizor
public static Authorizor getAuthorizor(ServerContext context)
-
getAuthenticator
public static Authenticator getAuthenticator(ServerContext context)
-
getPermHandler
public static PermissionHandler getPermHandler(ServerContext context)
-
initializeSecurity
public void initializeSecurity(TCredentials credentials, String rootPrincipal, byte[] token) throws AccumuloSecurityException
- Throws:
AccumuloSecurityException
-
isSystemUser
public boolean isSystemUser(TCredentials credentials)
-
authenticate
protected void authenticate(TCredentials credentials) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
authenticateUser
public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
getUserAuthorizations
public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
getUserAuthorizations
public Authorizations getUserAuthorizations(TCredentials credentials) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
authenticatedUserHasAuthorizations
public boolean authenticatedUserHasAuthorizations(TCredentials credentials, List<ByteBuffer> list)
Check if an already authenticated user has specified authorizations.
-
hasTablePermission
protected boolean hasTablePermission(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException
Checks if a user has a table permission- Returns:
- true if a user exists and has permission; false otherwise
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canScan
public boolean canScan(TCredentials credentials, TableId table, NamespaceId namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canWrite
public boolean canWrite(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canConditionallyUpdate
public boolean canConditionallyUpdate(TCredentials credentials, TableId tableID, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canSplitTablet
public boolean canSplitTablet(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canPerformSystemActions
public boolean canPerformSystemActions(TCredentials credentials) throws ThriftSecurityException
This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.- Throws:
ThriftSecurityException
-
canFlush
public boolean canFlush(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canAlterTable
public boolean canAlterTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canCreateTable
public boolean canCreateTable(TCredentials c, String tableName, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canRenameTable
public boolean canRenameTable(TCredentials c, TableId tableId, String oldTableName, String newTableName, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canCloneTable
public boolean canCloneTable(TCredentials c, TableId tableId, String tableName, NamespaceId destinationNamespaceId, NamespaceId srcNamespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canDeleteTable
public boolean canDeleteTable(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canOnlineOfflineTable
public boolean canOnlineOfflineTable(TCredentials c, TableId tableId, FateOperation op, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canMerge
public boolean canMerge(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canDeleteRange
public boolean canDeleteRange(TCredentials c, TableId tableId, String tableName, org.apache.hadoop.io.Text startRow, org.apache.hadoop.io.Text endRow, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canBulkImport
public boolean canBulkImport(TCredentials c, TableId tableId, String tableName, String dir, String failDir, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canCompact
public boolean canCompact(TCredentials c, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canChangeAuthorizations
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canChangePassword
public boolean canChangePassword(TCredentials c, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canCreateUser
public boolean canCreateUser(TCredentials c, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canDropUser
public boolean canDropUser(TCredentials c, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canGrantSystem
public boolean canGrantSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canGrantTable
public boolean canGrantTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canGrantNamespace
public boolean canGrantNamespace(TCredentials c, NamespaceId namespace) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canRevokeSystem
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canRevokeTable
public boolean canRevokeTable(TCredentials c, String user, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canRevokeNamespace
public boolean canRevokeNamespace(TCredentials c, NamespaceId namespace) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
changeAuthorizations
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
changePassword
public void changePassword(TCredentials credentials, Credentials toChange) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
createUser
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
dropUser
public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
grantSystemPermission
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
grantTablePermission
public void grantTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
grantNamespacePermission
public void grantNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
revokeSystemPermission
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
revokeTablePermission
public void revokeTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
revokeNamespacePermission
public void revokeNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
hasSystemPermission
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
hasTablePermission
public boolean hasTablePermission(TCredentials credentials, String user, TableId tableId, TablePermission permissionById) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
hasNamespacePermission
public boolean hasNamespacePermission(TCredentials credentials, String user, NamespaceId namespace, NamespacePermission permissionById) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
listUsers
public Set<String> listUsers(TCredentials credentials) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
deleteTable
public void deleteTable(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
deleteNamespace
public void deleteNamespace(TCredentials credentials, NamespaceId namespace) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canExport
public boolean canExport(TCredentials credentials, TableId tableId, String tableName, String exportDir, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canImport
public boolean canImport(TCredentials credentials, String tableName, Set<String> importDir, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canAlterNamespace
public boolean canAlterNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canCreateNamespace
public boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canDeleteNamespace
public boolean canDeleteNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canRenameNamespace
public boolean canRenameNamespace(TCredentials credentials, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canObtainDelegationToken
public boolean canObtainDelegationToken(TCredentials credentials) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
canGetSummaries
public boolean canGetSummaries(TCredentials credentials, TableId tableId, NamespaceId namespaceId) throws ThriftSecurityException
- Throws:
ThriftSecurityException
-
validateStoredUserCreditentials
public boolean validateStoredUserCreditentials()
-
-