1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.hadoop.hbase.security;
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.hadoop.conf.Configuration;
25 import org.apache.hadoop.hbase.AuthUtil;
26 import org.apache.hadoop.hbase.classification.InterfaceAudience;
27
28 import java.io.IOException;
29 import java.util.ArrayList;
30 import java.util.List;
31
32
33
34
35
36 @InterfaceAudience.Private
37 public final class Superusers {
38 private static final Log LOG = LogFactory.getLog(Superusers.class);
39
40
41 public static final String SUPERUSER_CONF_KEY = "hbase.superuser";
42
43 private static List<String> superUsers;
44 private static List<String> superGroups;
45
46 private Superusers(){}
47
48
49
50
51
52
53
54
55 public static void initialize(Configuration conf) throws IOException {
56 superUsers = new ArrayList<String>();
57 superGroups = new ArrayList<String>();
58 User user = User.getCurrent();
59
60 if (user == null) {
61 throw new IllegalStateException("Unable to obtain the current user, "
62 + "authorization checks for internal operations will not work correctly!");
63 }
64
65 if (LOG.isTraceEnabled()) {
66 LOG.trace("Current user name is " + user.getShortName());
67 }
68 String currentUser = user.getShortName();
69 String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
70 for (String name : superUserList) {
71 if (AuthUtil.isGroupPrincipal(name)) {
72 superGroups.add(AuthUtil.getGroupName(name));
73 } else {
74 superUsers.add(name);
75 }
76 }
77 superUsers.add(currentUser);
78 }
79
80
81
82
83
84
85
86
87 public static boolean isSuperUser(User user) {
88 if (superUsers == null) {
89 throw new IllegalStateException("Super users/super groups lists"
90 + " haven't been initialized properly.");
91 }
92 if (superUsers.contains(user.getShortName())) {
93 return true;
94 }
95
96 for (String group : user.getGroupNames()) {
97 if (superGroups.contains(group)) {
98 return true;
99 }
100 }
101 return false;
102 }
103
104
105
106
107
108
109
110
111 @Deprecated
112 public static boolean isSuperUser(String user) {
113 if (superUsers == null) {
114 throw new IllegalStateException("Super users/super groups lists"
115 + " haven't been initialized properly.");
116 }
117 if (superUsers.contains(user)) {
118 return true;
119 }
120 return false;
121 }
122
123 public static List<String> getSuperUsers() {
124 return superUsers;
125 }
126 }