You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by mb...@apache.org on 2013/01/09 00:34:11 UTC
svn commit: r1430631 - in
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access:
AccessController.java AuthResult.java
Author: mbertozzi
Date: Tue Jan 8 23:34:10 2013
New Revision: 1430631
URL: http://svn.apache.org/viewvc?rev=1430631&view=rev
Log:
HBASE-7518 Move AuthResult out of AccessController
Added:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1430631&r1=1430630&r2=1430631&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Tue Jan 8 23:34:10 2013
@@ -106,71 +106,6 @@ import static org.apache.hadoop.hbase.pr
public class AccessController extends BaseRegionObserver
implements MasterObserver, RegionServerObserver,
AccessControlService.Interface, CoprocessorService {
- /**
- * Represents the result of an authorization check for logging and error
- * reporting.
- */
- private static class AuthResult {
- private final boolean allowed;
- private final byte[] table;
- private final byte[] family;
- private final byte[] qualifier;
- private final Permission.Action action;
- private final String request;
- private final String reason;
- private final User user;
-
- public AuthResult(boolean allowed, String request, String reason, User user,
- Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
- this.allowed = allowed;
- this.request = request;
- this.reason = reason;
- this.user = user;
- this.table = table;
- this.family = family;
- this.qualifier = qualifier;
- this.action = action;
- }
-
- public boolean isAllowed() { return allowed; }
-
- public User getUser() { return user; }
-
- public String getReason() { return reason; }
-
- public String getRequest() { return request; }
-
- public String toContextString() {
- return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
- "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
- "family=" + (family != null ? Bytes.toString(family) : "") + ", " +
- "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
- "action=" + (action != null ? action.toString() : "") + ")";
- }
-
- public String toString() {
- return "AuthResult" + toContextString();
- }
-
- public static AuthResult allow(String request, String reason, User user, Permission.Action action,
- byte[] table, byte[] family, byte[] qualifier) {
- return new AuthResult(true, request, reason, user, action, table, family, qualifier);
- }
-
- public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
- return new AuthResult(true, request, reason, user, action, table, null, null);
- }
-
- public static AuthResult deny(String request, String reason, User user,
- Permission.Action action, byte[] table) {
- return new AuthResult(false, request, reason, user, action, table, null, null);
- }
-
- public static AuthResult deny(String request, String reason, User user,
- Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
- return new AuthResult(false, request, reason, user, action, table, family, qualifier);
- }
- }
public static final Log LOG = LogFactory.getLog(AccessController.class);
@@ -341,8 +276,8 @@ public class AccessController extends Ba
private void logResult(AuthResult result) {
if (AUDITLOG.isTraceEnabled()) {
- InetAddress remoteAddr = null;
RequestContext ctx = RequestContext.get();
+ InetAddress remoteAddr = null;
if (ctx != null) {
remoteAddr = ctx.getRemoteAddress();
}
@@ -880,7 +815,7 @@ public class AccessController extends Ba
get.setFilter(filter);
}
logResult(AuthResult.allow("get", "Access allowed with filter", requestUser,
- Permission.Action.READ, authResult.table));
+ Permission.Action.READ, authResult.getTable()));
} else {
logResult(authResult);
throw new AccessDeniedException("Insufficient permissions (table=" +
@@ -1010,7 +945,7 @@ public class AccessController extends Ba
scan.setFilter(filter);
}
logResult(AuthResult.allow("scannerOpen", "Access allowed with filter", user,
- Permission.Action.READ, authResult.table));
+ Permission.Action.READ, authResult.getTable()));
} else {
// no table/family level perms and no qualifier level perms, reject
logResult(authResult);
Added: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java?rev=1430631&view=auto
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java (added)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java Tue Jan 8 23:34:10 2013
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.security.access;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.util.Bytes;
+
+/**
+ * Represents the result of an authorization check for logging and error
+ * reporting.
+ */
+@InterfaceAudience.Public
+@InterfaceStability.Evolving
+public class AuthResult {
+ private final boolean allowed;
+ private final byte[] table;
+ private final byte[] family;
+ private final byte[] qualifier;
+ private final Permission.Action action;
+ private final String request;
+ private final String reason;
+ private final User user;
+
+ public AuthResult(boolean allowed, String request, String reason, User user,
+ Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
+ this.allowed = allowed;
+ this.request = request;
+ this.reason = reason;
+ this.user = user;
+ this.table = table;
+ this.family = family;
+ this.qualifier = qualifier;
+ this.action = action;
+ }
+
+ public boolean isAllowed() {
+ return allowed;
+ }
+
+ public User getUser() {
+ return user;
+ }
+
+ public String getReason() {
+ return reason;
+ }
+
+ public byte[] getTable() {
+ return table;
+ }
+
+ public byte[] getFamily() {
+ return family;
+ }
+
+ public byte[] getQualifier() {
+ return qualifier;
+ }
+
+ public Permission.Action getAction() {
+ return action;
+ }
+
+ public String getRequest() {
+ return request;
+ }
+
+ public String toContextString() {
+ return "(user=" + (user != null ? user.getName() : "UNKNOWN") + ", " +
+ "scope=" + (table == null ? "GLOBAL" : Bytes.toString(table)) + ", " +
+ "family=" + (family != null ? Bytes.toString(family) : "") + ", " +
+ "qualifer=" + (qualifier != null ? Bytes.toString(qualifier) : "") + ", " +
+ "action=" + (action != null ? action.toString() : "") + ")";
+ }
+
+ public String toString() {
+ return "AuthResult" + toContextString();
+ }
+
+ public static AuthResult allow(String request, String reason, User user, Permission.Action action,
+ byte[] table, byte[] family, byte[] qualifier) {
+ return new AuthResult(true, request, reason, user, action, table, family, qualifier);
+ }
+
+ public static AuthResult allow(String request, String reason, User user, Permission.Action action, byte[] table) {
+ return new AuthResult(true, request, reason, user, action, table, null, null);
+ }
+
+ public static AuthResult deny(String request, String reason, User user,
+ Permission.Action action, byte[] table) {
+ return new AuthResult(false, request, reason, user, action, table, null, null);
+ }
+
+ public static AuthResult deny(String request, String reason, User user,
+ Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
+ return new AuthResult(false, request, reason, user, action, table, family, qualifier);
+ }
+}
\ No newline at end of file