1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import java.util.Collection;
22 import java.util.Map;
23
24 import org.apache.hadoop.classification.InterfaceAudience;
25 import org.apache.hadoop.hbase.KeyValue;
26 import org.apache.hadoop.hbase.TableName;
27 import org.apache.hadoop.hbase.security.User;
28 import org.apache.hadoop.hbase.util.Bytes;
29
30
31
32
33
34 @InterfaceAudience.Private
35 public class AuthResult {
36 private final boolean allowed;
37 private final String namespace;
38 private final TableName table;
39 private final Permission.Action action;
40 private final String request;
41 private final String reason;
42 private final User user;
43
44
45 private final byte[] family;
46 private final byte[] qualifier;
47 private final Map<byte[], ? extends Collection<?>> families;
48
49 public AuthResult(boolean allowed, String request, String reason, User user,
50 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
51 this.allowed = allowed;
52 this.request = request;
53 this.reason = reason;
54 this.user = user;
55 this.table = table;
56 this.family = family;
57 this.qualifier = qualifier;
58 this.action = action;
59 this.families = null;
60 this.namespace = null;
61 }
62
63 public AuthResult(boolean allowed, String request, String reason, User user,
64 Permission.Action action, TableName table,
65 Map<byte[], ? extends Collection<?>> families) {
66 this.allowed = allowed;
67 this.request = request;
68 this.reason = reason;
69 this.user = user;
70 this.table = table;
71 this.family = null;
72 this.qualifier = null;
73 this.action = action;
74 this.families = families;
75 this.namespace = null;
76 }
77
78 public AuthResult(boolean allowed, String request, String reason, User user,
79 Permission.Action action, String namespace) {
80 this.allowed = allowed;
81 this.request = request;
82 this.reason = reason;
83 this.user = user;
84 this.namespace = namespace;
85 this.action = action;
86 this.table = null;
87 this.family = null;
88 this.qualifier = null;
89 this.families = null;
90 }
91
92 public boolean isAllowed() {
93 return allowed;
94 }
95
96 public User getUser() {
97 return user;
98 }
99
100 public String getReason() {
101 return reason;
102 }
103
104 public TableName getTableName() {
105 return table;
106 }
107
108 public byte[] getFamily() {
109 return family;
110 }
111
112 public byte[] getQualifier() {
113 return qualifier;
114 }
115
116 public Permission.Action getAction() {
117 return action;
118 }
119
120 public String getRequest() {
121 return request;
122 }
123
124 String toFamilyString() {
125 StringBuilder sb = new StringBuilder();
126 if (families != null) {
127 boolean first = true;
128 for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
129 String familyName = Bytes.toString(entry.getKey());
130 if (entry.getValue() != null && !entry.getValue().isEmpty()) {
131 for (Object o : entry.getValue()) {
132 String qualifier;
133 if (o instanceof byte[]) {
134 qualifier = Bytes.toString((byte[])o);
135 } else if (o instanceof KeyValue) {
136 byte[] rawQualifier = ((KeyValue)o).getQualifier();
137 qualifier = Bytes.toString(rawQualifier);
138 } else {
139
140 qualifier = o.toString();
141 }
142 if (!first) {
143 sb.append("|");
144 }
145 first = false;
146 sb.append(familyName).append(":").append(qualifier);
147 }
148 } else {
149 if (!first) {
150 sb.append("|");
151 }
152 first = false;
153 sb.append(familyName);
154 }
155 }
156 } else if (family != null) {
157 sb.append(Bytes.toString(family));
158 if (qualifier != null) {
159 sb.append(":").append(Bytes.toString(qualifier));
160 }
161 }
162 return sb.toString();
163 }
164
165 public String toContextString() {
166 StringBuilder sb = new StringBuilder();
167 sb.append("(user=")
168 .append(user != null ? user.getName() : "UNKNOWN")
169 .append(", ");
170 sb.append("scope=")
171 .append(namespace != null ? namespace : table == null ? "GLOBAL" : table);
172 if(namespace == null) {
173 sb.append(", ")
174 .append("family=")
175 .append(toFamilyString())
176 .append(", ");
177 }
178 sb.append("action=")
179 .append(action != null ? action.toString() : "")
180 .append(")");
181 return sb.toString();
182 }
183
184 public String toString() {
185 return "AuthResult" + toContextString();
186 }
187
188 public static AuthResult allow(String request, String reason, User user,
189 Permission.Action action, String namespace) {
190 return new AuthResult(true, request, reason, user, action, namespace);
191 }
192
193 public static AuthResult allow(String request, String reason, User user,
194 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
195 return new AuthResult(true, request, reason, user, action, table, family, qualifier);
196 }
197
198 public static AuthResult allow(String request, String reason, User user,
199 Permission.Action action, TableName table,
200 Map<byte[], ? extends Collection<?>> families) {
201 return new AuthResult(true, request, reason, user, action, table, families);
202 }
203
204 public static AuthResult deny(String request, String reason, User user,
205 Permission.Action action, String namespace) {
206 return new AuthResult(false, request, reason, user, action, namespace);
207 }
208
209 public static AuthResult deny(String request, String reason, User user,
210 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
211 return new AuthResult(false, request, reason, user, action, table, family, qualifier);
212 }
213
214 public static AuthResult deny(String request, String reason, User user,
215 Permission.Action action, TableName table,
216 Map<byte[], ? extends Collection<?>> families) {
217 return new AuthResult(false, request, reason, user, action, table, families);
218 }
219 }