View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import java.util.Collection;
22  import java.util.Map;
23  
24  import org.apache.hadoop.classification.InterfaceAudience;
25  import org.apache.hadoop.classification.InterfaceStability;
26  import org.apache.hadoop.hbase.KeyValue;
27  import org.apache.hadoop.hbase.security.User;
28  import org.apache.hadoop.hbase.util.Bytes;
29  
30  /**
31   * Represents the result of an authorization check for logging and error
32   * reporting.
33   */
34  @InterfaceAudience.Public
35  @InterfaceStability.Evolving
36  public class AuthResult {
37    private final boolean allowed;
38    private final byte[] table;
39    private final Permission.Action action;
40    private final String request;
41    private final String reason;
42    private final User user;
43  
44    // "family" and "qualifier" should only be used if "families" is null.
45    private final byte[] family;
46    private final byte[] qualifier;
47    private final Map<byte[], ? extends Collection<?>> families;
48  
49    public AuthResult(boolean allowed, String request, String reason, User user,
50        Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
51      this.allowed = allowed;
52      this.request = request;
53      this.reason = reason;
54      this.user = user;
55      this.table = table;
56      this.family = family;
57      this.qualifier = qualifier;
58      this.action = action;
59      this.families = null;
60    }
61  
62    public AuthResult(boolean allowed, String request, String reason, User user,
63          Permission.Action action, byte[] table,
64          Map<byte[], ? extends Collection<?>> families) {
65      this.allowed = allowed;
66      this.request = request;
67      this.reason = reason;
68      this.user = user;
69      this.table = table;
70      this.family = null;
71      this.qualifier = null;
72      this.action = action;
73      this.families = families;
74    }
75  
76    public boolean isAllowed() {
77      return allowed;
78    }
79  
80    public User getUser() {
81      return user;
82    }
83  
84    public String getReason() {
85      return reason;
86    }
87  
88    public byte[] getTable() {
89      return table;
90    }
91  
92    public byte[] getFamily() {
93      return family;
94    }
95  
96    public byte[] getQualifier() {
97      return qualifier;
98    }
99  
100   public Permission.Action getAction() {
101     return action;
102   }
103 
104   public String getRequest() {
105     return request;
106   }
107 
108   String toFamilyString() {
109     StringBuilder sb = new StringBuilder();
110     if (families != null) {
111       boolean first = true;
112       for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
113         String familyName = Bytes.toString(entry.getKey());
114         if (entry.getValue() != null && !entry.getValue().isEmpty()) {
115           for (Object o : entry.getValue()) {
116             String qualifier;
117             if (o instanceof byte[]) {
118               qualifier = Bytes.toString((byte[])o);
119             } else if (o instanceof KeyValue) {
120               byte[] rawQualifier = ((KeyValue)o).getQualifier();
121               qualifier = Bytes.toString(rawQualifier);
122             } else {
123               // Shouldn't really reach this?
124               qualifier = o.toString();
125             }
126             if (!first) {
127               sb.append("|");
128             }
129             first = false;
130             sb.append(familyName).append(":").append(qualifier);
131           }
132         } else {
133           if (!first) {
134             sb.append("|");
135           }
136           first = false;
137           sb.append(familyName);
138         }
139       }
140     } else if (family != null) {
141       sb.append(Bytes.toString(family));
142       if (qualifier != null) {
143         sb.append(":").append(Bytes.toString(qualifier));
144       }
145     }
146     return sb.toString();
147   }
148 
149   public String toContextString() {
150     StringBuilder sb = new StringBuilder();
151     sb.append("(user=")
152         .append(user != null ? user.getName() : "UNKNOWN")
153         .append(", ");
154     sb.append("scope=")
155         .append(table == null ? "GLOBAL" : Bytes.toString(table))
156         .append(", ");
157     sb.append("family=")
158       .append(toFamilyString())
159       .append(", ");
160     sb.append("action=")
161         .append(action != null ? action.toString() : "")
162         .append(")");
163     return sb.toString();
164   }
165 
166   public String toString() {
167     return "AuthResult" + toContextString();
168   }
169 
170   public static AuthResult allow(String request, String reason, User user,
171       Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
172     return new AuthResult(true, request, reason, user, action, table, family, qualifier);
173   }
174 
175   public static AuthResult allow(String request, String reason, User user,
176       Permission.Action action, byte[] table,
177       Map<byte[], ? extends Collection<?>> families) {
178     return new AuthResult(true, request, reason, user, action, table, families);
179   }
180 
181   public static AuthResult deny(String request, String reason, User user,
182       Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
183     return new AuthResult(false, request, reason, user, action, table, family, qualifier);
184   }
185 
186   public static AuthResult deny(String request, String reason, User user,
187         Permission.Action action, byte[] table,
188         Map<byte[], ? extends Collection<?>> families) {
189     return new AuthResult(false, request, reason, user, action, table, families);
190   }
191 }