1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.visibility;
19
20 import java.util.ArrayList;
21 import java.util.List;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.hadoop.classification.InterfaceAudience;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.security.User;
28
29
30
31
32
33
34 @InterfaceAudience.Private
35 public class DefaultScanLabelGenerator implements ScanLabelGenerator {
36
37 private static final Log LOG = LogFactory.getLog(DefaultScanLabelGenerator.class);
38
39 private Configuration conf;
40
41 private VisibilityLabelsManager labelsManager;
42
43 public DefaultScanLabelGenerator() {
44 this.labelsManager = VisibilityLabelsManager.get();
45 }
46
47 @Override
48 public void setConf(Configuration conf) {
49 this.conf = conf;
50 }
51
52 @Override
53 public Configuration getConf() {
54 return this.conf;
55 }
56
57 @Override
58 public List<String> getLabels(User user, Authorizations authorizations) {
59 if (authorizations != null) {
60 List<String> labels = authorizations.getLabels();
61 String userName = user.getName();
62 List<String> auths = this.labelsManager.getAuths(userName);
63 return dropLabelsNotInUserAuths(labels, auths, userName);
64 }
65 return null;
66 }
67
68 private List<String> dropLabelsNotInUserAuths(List<String> labels, List<String> auths,
69 String userName) {
70 List<String> droppedLabels = new ArrayList<String>();
71 List<String> passedLabels = new ArrayList<String>(labels.size());
72 for (String label : labels) {
73 if (auths.contains(label)) {
74 passedLabels.add(label);
75 } else {
76 droppedLabels.add(label);
77 }
78 }
79 if (!droppedLabels.isEmpty()) {
80 if (LOG.isDebugEnabled()) {
81 LOG.debug("Labels " + droppedLabels + " in Scan/Get visibility attributes dropped as user "
82 + userName + " having no auth set for those.");
83 }
84 }
85 return passedLabels;
86 }
87 }