1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import java.util.Collection;
22 import java.util.Map;
23
24 import org.apache.hadoop.classification.InterfaceAudience;
25 import org.apache.hadoop.classification.InterfaceStability;
26 import org.apache.hadoop.hbase.KeyValue;
27 import org.apache.hadoop.hbase.security.User;
28 import org.apache.hadoop.hbase.util.Bytes;
29
30
31
32
33
34 @InterfaceAudience.Public
35 @InterfaceStability.Evolving
36 public class AuthResult {
37 private final boolean allowed;
38 private final byte[] table;
39 private final Permission.Action action;
40 private final String request;
41 private final String reason;
42 private final User user;
43
44
45 private final byte[] family;
46 private final byte[] qualifier;
47 private final Map<byte[], ? extends Collection<?>> families;
48
49 public AuthResult(boolean allowed, String request, String reason, User user,
50 Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
51 this.allowed = allowed;
52 this.request = request;
53 this.reason = reason;
54 this.user = user;
55 this.table = table;
56 this.family = family;
57 this.qualifier = qualifier;
58 this.action = action;
59 this.families = null;
60 }
61
62 public AuthResult(boolean allowed, String request, String reason, User user,
63 Permission.Action action, byte[] table,
64 Map<byte[], ? extends Collection<?>> families) {
65 this.allowed = allowed;
66 this.request = request;
67 this.reason = reason;
68 this.user = user;
69 this.table = table;
70 this.family = null;
71 this.qualifier = null;
72 this.action = action;
73 this.families = families;
74 }
75
76 public boolean isAllowed() {
77 return allowed;
78 }
79
80 public User getUser() {
81 return user;
82 }
83
84 public String getReason() {
85 return reason;
86 }
87
88 public byte[] getTable() {
89 return table;
90 }
91
92 public byte[] getFamily() {
93 return family;
94 }
95
96 public byte[] getQualifier() {
97 return qualifier;
98 }
99
100 public Permission.Action getAction() {
101 return action;
102 }
103
104 public String getRequest() {
105 return request;
106 }
107
108 String toFamilyString() {
109 StringBuilder sb = new StringBuilder();
110 if (families != null) {
111 boolean first = true;
112 for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
113 String familyName = Bytes.toString(entry.getKey());
114 if (entry.getValue() != null && !entry.getValue().isEmpty()) {
115 for (Object o : entry.getValue()) {
116 String qualifier;
117 if (o instanceof byte[]) {
118 qualifier = Bytes.toString((byte[])o);
119 } else if (o instanceof KeyValue) {
120 byte[] rawQualifier = ((KeyValue)o).getQualifier();
121 qualifier = Bytes.toString(rawQualifier);
122 } else {
123
124 qualifier = o.toString();
125 }
126 if (!first) {
127 sb.append("|");
128 }
129 first = false;
130 sb.append(familyName).append(":").append(qualifier);
131 }
132 } else {
133 if (!first) {
134 sb.append("|");
135 }
136 first = false;
137 sb.append(familyName);
138 }
139 }
140 } else if (family != null) {
141 sb.append(Bytes.toString(family));
142 if (qualifier != null) {
143 sb.append(":").append(Bytes.toString(qualifier));
144 }
145 }
146 return sb.toString();
147 }
148
149 public String toContextString() {
150 StringBuilder sb = new StringBuilder();
151 sb.append("(user=")
152 .append(user != null ? user.getName() : "UNKNOWN")
153 .append(", ");
154 sb.append("scope=")
155 .append(table == null ? "GLOBAL" : Bytes.toString(table))
156 .append(", ");
157 sb.append("family=")
158 .append(toFamilyString())
159 .append(", ");
160 sb.append("action=")
161 .append(action != null ? action.toString() : "")
162 .append(")");
163 return sb.toString();
164 }
165
166 public String toString() {
167 return "AuthResult" + toContextString();
168 }
169
170 public static AuthResult allow(String request, String reason, User user,
171 Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
172 return new AuthResult(true, request, reason, user, action, table, family, qualifier);
173 }
174
175 public static AuthResult allow(String request, String reason, User user,
176 Permission.Action action, byte[] table,
177 Map<byte[], ? extends Collection<?>> families) {
178 return new AuthResult(true, request, reason, user, action, table, families);
179 }
180
181 public static AuthResult deny(String request, String reason, User user,
182 Permission.Action action, byte[] table, byte[] family, byte[] qualifier) {
183 return new AuthResult(false, request, reason, user, action, table, family, qualifier);
184 }
185
186 public static AuthResult deny(String request, String reason, User user,
187 Permission.Action action, byte[] table,
188 Map<byte[], ? extends Collection<?>> families) {
189 return new AuthResult(false, request, reason, user, action, table, families);
190 }
191 }