You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2014/06/26 19:41:44 UTC
[3/7] git commit: ACCUMULO-2767 Move CV term definition to
class-level, add definition to user manual.
ACCUMULO-2767 Move CV term definition to class-level, add definition to user manual.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/91997590
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/91997590
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/91997590
Branch: refs/heads/master
Commit: 919975904c28335b4d65fbf2133e2ce199c5be16
Parents: f8861bf
Author: Josh Elser <el...@apache.org>
Authored: Thu Jun 26 12:56:06 2014 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Thu Jun 26 12:56:06 2014 -0400
----------------------------------------------------------------------
.../core/security/ColumnVisibility.java | 66 ++++++++++----------
.../accumulo_user_manual/chapters/security.tex | 10 ++-
2 files changed, 41 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/91997590/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java b/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
index bd0caba..af44ab5 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
@@ -35,6 +35,38 @@ import org.apache.hadoop.io.WritableComparator;
/**
* Validate the column visibility is a valid expression and set the visibility for a Mutation. See {@link ColumnVisibility#ColumnVisibility(byte[])} for the
* definition of an expression.
+ *
+ * <P>
+ * The expression is a sequence of characters from the set [A-Za-z0-9_-.] along with the
+ * binary operators "&" and "|" indicating that both operands are necessary, or the either
+ * is necessary. The following are valid expressions for visibility:
+ *
+ * <pre>
+ * A
+ * A|B
+ * (A|B)&(C|D)
+ * orange|(red&yellow)
+ * </pre>
+ *
+ * <P>
+ * The following are not valid expressions for visibility:
+ *
+ * <pre>
+ * A|B&C
+ * A=B
+ * A|B|
+ * A&|B
+ * ()
+ * )
+ * dog|!cat
+ * </pre>
+ *
+ * <P>
+ * In addition to the base set of visibilities, any character can be used in the expression if it is quoted. If the quoted term contains '"' or '\', then escape
+ * the character with '\'. The {@link #quote(String)} method can be used to properly quote and escape terms automatically. The following is an example of a quoted term:
+ * <pre>
+ * "A#C"<span />&<span />B
+ * </pre>
*/
public class ColumnVisibility {
@@ -381,39 +413,7 @@ public class ColumnVisibility {
* Set the column visibility for a Mutation.
*
* @param expression
- * An expression of the rights needed to see this mutation. The expression is a sequence of characters from the set [A-Za-z0-9_-] along with the
- * binary operators "&" and "|" indicating that both operands are necessary, or the either is necessary. The following are valid expressions for
- * visibility:
- *
- * <pre>
- * A
- * A|B
- * (A|B)&(C|D)
- * orange|(red&yellow)
- *
- * </pre>
- *
- * <P>
- * The following are not valid expressions for visibility:
- *
- * <pre>
- * A|B&C
- * A=B
- * A|B|
- * A&|B
- * ()
- * )
- * dog|!cat
- * </pre>
- *
- * <P>
- * You can use any character you like in your column visibility expression with quoting. If your quoted term contains '"' or '\' then escape
- * them with '\'. The {@link #quote(String)} method will properly quote and escape terms for you.
- *
- * <pre>
- * "A#C"<span />&<span />B
- * </pre>
- *
+ * An expression of the rights needed to see this mutation. The expression syntax is defined at the class-level documentation
*/
public ColumnVisibility(String expression) {
this(expression.getBytes(Constants.UTF8));
http://git-wip-us.apache.org/repos/asf/accumulo/blob/91997590/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
----------------------------------------------------------------------
diff --git a/docs/src/main/latex/accumulo_user_manual/chapters/security.tex b/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
index a5c4db3..949cbbb 100644
--- a/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
+++ b/docs/src/main/latex/accumulo_user_manual/chapters/security.tex
@@ -48,8 +48,14 @@ mutation.put(colFam, colQual, colVis, timestamp, value);
Security labels consist of a set of user-defined tokens that are required to read the
value the label is associated with. The set of tokens required can be specified using
-syntax that supports logical AND and OR combinations of tokens, as well as nesting
-groups of tokens together.
+syntax that supports logical AND \verb^&^ and OR \verb^|^ combinations of terms, as
+well as nesting groups \verb^()^ of terms together.
+
+Each term is comprised of one to many alpha-numeric characters, hyphens, underscores or
+periods. Optionally, each term may be wrapped in quotation marks
+which removes the restriction on valid characters. In quoted terms, quotation marks
+and backslash characters can be used as characters in the term by escaping them
+with a backslash.
For example, suppose within our organization we want to label our data values with
security labels defined in terms of user roles. We might have tokens such as: