Class ZKPermHandler
- java.lang.Object
-
- org.apache.accumulo.server.security.handler.ZKPermHandler
-
- All Implemented Interfaces:
PermissionHandler
public class ZKPermHandler extends Object implements PermissionHandler
-
-
Constructor Summary
Constructors Constructor Description ZKPermHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
cleanNamespacePermissions(String namespace)
Cleans up the permissions for a namespace.void
cleanTablePermissions(String table)
Cleans up the permissions for a table.void
cleanUser(String user)
Deletes a uservoid
grantNamespacePermission(String user, String namespace, NamespacePermission permission)
Gives the user the given namespace permissionvoid
grantSystemPermission(String user, SystemPermission permission)
Gives the user the given system permissionvoid
grantTablePermission(String user, String table, TablePermission permission)
Gives the user the given table permissionboolean
hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission)
Used to get the namespace permission of a user for a namespace, with caching.boolean
hasCachedSystemPermission(String user, SystemPermission permission)
Used to get the system permission for the user, with caching due to high frequency operation.boolean
hasCachedTablePermission(String user, String table, TablePermission permission)
Used to get the table permission of a user for a table, with caching.boolean
hasNamespacePermission(String user, String namespace, NamespacePermission permission)
Used to get the namespace permission of a user for a namespaceboolean
hasSystemPermission(String user, SystemPermission permission)
Used to get the system permission for the userboolean
hasTablePermission(String user, String table, TablePermission permission)
Used to get the table permission of a user for a tablevoid
initialize(ServerContext context)
Sets up the permission handler for a new instance of Accumulovoid
initializeSecurity(TCredentials itw, String rootuser)
Used to initialize security for the root uservoid
initUser(String user)
Initializes a new uservoid
revokeNamespacePermission(String user, String namespace, NamespacePermission permission)
Denies the user the given namespace permission.void
revokeSystemPermission(String user, SystemPermission permission)
Denies the user the given system permissionvoid
revokeTablePermission(String user, String table, TablePermission permission)
Denies the user the given table permission.boolean
validSecurityHandlers(Authenticator authent, Authorizor author)
Used to validate that the Authorizor, Authenticator, and permission handler can coexist
-
-
-
Method Detail
-
initialize
public void initialize(ServerContext context)
Description copied from interface:PermissionHandler
Sets up the permission handler for a new instance of Accumulo- Specified by:
initialize
in interfacePermissionHandler
-
hasTablePermission
public boolean hasTablePermission(String user, String table, TablePermission permission) throws TableNotFoundException
Description copied from interface:PermissionHandler
Used to get the table permission of a user for a table- Specified by:
hasTablePermission
in interfacePermissionHandler
- Throws:
TableNotFoundException
-
hasCachedTablePermission
public boolean hasCachedTablePermission(String user, String table, TablePermission permission)
Description copied from interface:PermissionHandler
Used to get the table permission of a user for a table, with caching. This method is for high frequency operations- Specified by:
hasCachedTablePermission
in interfacePermissionHandler
-
hasNamespacePermission
public boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) throws NamespaceNotFoundException
Description copied from interface:PermissionHandler
Used to get the namespace permission of a user for a namespace- Specified by:
hasNamespacePermission
in interfacePermissionHandler
- Throws:
NamespaceNotFoundException
-
hasCachedNamespacePermission
public boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission)
Description copied from interface:PermissionHandler
Used to get the namespace permission of a user for a namespace, with caching. This method is for high frequency operations- Specified by:
hasCachedNamespacePermission
in interfacePermissionHandler
-
grantSystemPermission
public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Gives the user the given system permission- Specified by:
grantSystemPermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
grantTablePermission
public void grantTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Gives the user the given table permission- Specified by:
grantTablePermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
grantNamespacePermission
public void grantNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Gives the user the given namespace permission- Specified by:
grantNamespacePermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
revokeSystemPermission
public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Denies the user the given system permission- Specified by:
revokeSystemPermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
revokeTablePermission
public void revokeTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Denies the user the given table permission.- Specified by:
revokeTablePermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
revokeNamespacePermission
public void revokeNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Denies the user the given namespace permission.- Specified by:
revokeNamespacePermission
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
cleanTablePermissions
public void cleanTablePermissions(String table) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Cleans up the permissions for a table. Used when a table gets deleted.- Specified by:
cleanTablePermissions
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
cleanNamespacePermissions
public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Cleans up the permissions for a namespace. Used when a namespace gets deleted.- Specified by:
cleanNamespacePermissions
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
initializeSecurity
public void initializeSecurity(TCredentials itw, String rootuser) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Used to initialize security for the root user- Specified by:
initializeSecurity
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
initUser
public void initUser(String user) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Initializes a new user- Specified by:
initUser
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
cleanUser
public void cleanUser(String user) throws AccumuloSecurityException
Description copied from interface:PermissionHandler
Deletes a user- Specified by:
cleanUser
in interfacePermissionHandler
- Throws:
AccumuloSecurityException
-
hasSystemPermission
public boolean hasSystemPermission(String user, SystemPermission permission)
Description copied from interface:PermissionHandler
Used to get the system permission for the user- Specified by:
hasSystemPermission
in interfacePermissionHandler
-
hasCachedSystemPermission
public boolean hasCachedSystemPermission(String user, SystemPermission permission)
Description copied from interface:PermissionHandler
Used to get the system permission for the user, with caching due to high frequency operation. NOTE: At this time, this method is unused but is included just in case we need it in the future.- Specified by:
hasCachedSystemPermission
in interfacePermissionHandler
-
validSecurityHandlers
public boolean validSecurityHandlers(Authenticator authent, Authorizor author)
Description copied from interface:PermissionHandler
Used to validate that the Authorizor, Authenticator, and permission handler can coexist- Specified by:
validSecurityHandlers
in interfacePermissionHandler
-
-