View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import org.apache.hadoop.conf.Configuration;
21  import org.apache.hadoop.hbase.client.AdminProtocol;
22  import org.apache.hadoop.hbase.client.ClientProtocol;
23  import org.apache.hadoop.hbase.MasterMonitorProtocol;
24  import org.apache.hadoop.hbase.MasterAdminProtocol;
25  import org.apache.hadoop.hbase.RegionServerStatusProtocol;
26  import org.apache.hadoop.security.authorize.PolicyProvider;
27  import org.apache.hadoop.security.authorize.Service;
28  import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
29  
30  /**
31   * Implementation of secure Hadoop policy provider for mapping
32   * protocol interfaces to hbase-policy.xml entries.
33   */
34  public class HBasePolicyProvider extends PolicyProvider {
35    protected final static Service[] services = {
36        new Service("security.client.protocol.acl", ClientProtocol.class),
37        new Service("security.client.protocol.acl", AdminProtocol.class),
38        new Service("security.admin.protocol.acl", MasterMonitorProtocol.class),
39        new Service("security.admin.protocol.acl", MasterAdminProtocol.class),
40        new Service("security.masterregion.protocol.acl", RegionServerStatusProtocol.class)
41    };
42  
43    @Override
44    public Service[] getServices() {
45      return services;
46    }
47  
48    public static void init(Configuration conf,
49        ServiceAuthorizationManager authManager) {
50      // set service-level authorization security policy
51      System.setProperty("hadoop.policy.file", "hbase-policy.xml");
52      if (conf.getBoolean(
53            ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
54        authManager.refresh(conf, new HBasePolicyProvider());
55      }
56    }
57  }