View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import java.util.Collection;
22  import java.util.Map;
23  
24  import org.apache.hadoop.classification.InterfaceAudience;
25  import org.apache.hadoop.classification.InterfaceStability;
26  import org.apache.hadoop.hbase.TableName;
27  import org.apache.hadoop.hbase.KeyValue;
28  import org.apache.hadoop.hbase.security.User;
29  import org.apache.hadoop.hbase.util.Bytes;
30  
31  /**
32   * Represents the result of an authorization check for logging and error
33   * reporting.
34   */
35  @InterfaceAudience.Public
36  @InterfaceStability.Evolving
37  public class AuthResult {
38    private final boolean allowed;
39    private final String namespace;
40    private final TableName table;
41    private final Permission.Action action;
42    private final String request;
43    private final String reason;
44    private final User user;
45  
46    // "family" and "qualifier" should only be used if "families" is null.
47    private final byte[] family;
48    private final byte[] qualifier;
49    private final Map<byte[], ? extends Collection<?>> families;
50  
51    public AuthResult(boolean allowed, String request, String reason, User user,
52        Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
53      this.allowed = allowed;
54      this.request = request;
55      this.reason = reason;
56      this.user = user;
57      this.table = table;
58      this.family = family;
59      this.qualifier = qualifier;
60      this.action = action;
61      this.families = null;
62      this.namespace = null;
63    }
64  
65    public AuthResult(boolean allowed, String request, String reason, User user,
66          Permission.Action action, TableName table,
67          Map<byte[], ? extends Collection<?>> families) {
68      this.allowed = allowed;
69      this.request = request;
70      this.reason = reason;
71      this.user = user;
72      this.table = table;
73      this.family = null;
74      this.qualifier = null;
75      this.action = action;
76      this.families = families;
77      this.namespace = null;
78    }
79  
80    public AuthResult(boolean allowed, String request, String reason, User user,
81          Permission.Action action, String namespace) {
82      this.allowed = allowed;
83      this.request = request;
84      this.reason = reason;
85      this.user = user;
86      this.namespace = namespace;
87      this.action = action;
88      this.table = null;
89      this.family = null;
90      this.qualifier = null;
91      this.families = null;
92    }
93  
94    public boolean isAllowed() {
95      return allowed;
96    }
97  
98    public User getUser() {
99      return user;
100   }
101 
102   public String getReason() {
103     return reason;
104   }
105 
106   public TableName getTableName() {
107     return table;
108   }
109 
110   public byte[] getFamily() {
111     return family;
112   }
113 
114   public byte[] getQualifier() {
115     return qualifier;
116   }
117 
118   public Permission.Action getAction() {
119     return action;
120   }
121 
122   public String getRequest() {
123     return request;
124   }
125 
126   String toFamilyString() {
127     StringBuilder sb = new StringBuilder();
128     if (families != null) {
129       boolean first = true;
130       for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
131         String familyName = Bytes.toString(entry.getKey());
132         if (entry.getValue() != null && !entry.getValue().isEmpty()) {
133           for (Object o : entry.getValue()) {
134             String qualifier;
135             if (o instanceof byte[]) {
136               qualifier = Bytes.toString((byte[])o);
137             } else if (o instanceof KeyValue) {
138               byte[] rawQualifier = ((KeyValue)o).getQualifier();
139               qualifier = Bytes.toString(rawQualifier);
140             } else {
141               // Shouldn't really reach this?
142               qualifier = o.toString();
143             }
144             if (!first) {
145               sb.append("|");
146             }
147             first = false;
148             sb.append(familyName).append(":").append(qualifier);
149           }
150         } else {
151           if (!first) {
152             sb.append("|");
153           }
154           first = false;
155           sb.append(familyName);
156         }
157       }
158     } else if (family != null) {
159       sb.append(Bytes.toString(family));
160       if (qualifier != null) {
161         sb.append(":").append(Bytes.toString(qualifier));
162       }
163     }
164     return sb.toString();
165   }
166 
167   public String toContextString() {
168     StringBuilder sb = new StringBuilder();
169     sb.append("(user=")
170         .append(user != null ? user.getName() : "UNKNOWN")
171         .append(", ");
172     sb.append("scope=")
173         .append(namespace != null ? namespace : table == null ? "GLOBAL" : table);
174     if(namespace == null) {
175       sb.append(", ")
176         .append("family=")
177         .append(toFamilyString())
178         .append(", ");
179     }
180     sb.append("action=")
181         .append(action != null ? action.toString() : "")
182         .append(")");
183     return sb.toString();
184   }
185 
186   public String toString() {
187     return "AuthResult" + toContextString();
188   }
189 
190   public static AuthResult allow(String request, String reason, User user,
191       Permission.Action action, String namespace) {
192     return new AuthResult(true, request, reason, user, action, namespace);
193   }
194 
195   public static AuthResult allow(String request, String reason, User user,
196       Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
197     return new AuthResult(true, request, reason, user, action, table, family, qualifier);
198   }
199 
200   public static AuthResult allow(String request, String reason, User user,
201       Permission.Action action, TableName table,
202       Map<byte[], ? extends Collection<?>> families) {
203     return new AuthResult(true, request, reason, user, action, table, families);
204   }
205 
206   public static AuthResult deny(String request, String reason, User user,
207       Permission.Action action, String namespace) {
208     return new AuthResult(false, request, reason, user, action, namespace);
209   }
210 
211   public static AuthResult deny(String request, String reason, User user,
212       Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
213     return new AuthResult(false, request, reason, user, action, table, family, qualifier);
214   }
215 
216   public static AuthResult deny(String request, String reason, User user,
217         Permission.Action action, TableName table,
218         Map<byte[], ? extends Collection<?>> families) {
219     return new AuthResult(false, request, reason, user, action, table, families);
220   }
221 }