1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import java.util.Collection;
22 import java.util.Map;
23
24 import org.apache.hadoop.classification.InterfaceAudience;
25 import org.apache.hadoop.classification.InterfaceStability;
26 import org.apache.hadoop.hbase.TableName;
27 import org.apache.hadoop.hbase.KeyValue;
28 import org.apache.hadoop.hbase.security.User;
29 import org.apache.hadoop.hbase.util.Bytes;
30
31
32
33
34
35 @InterfaceAudience.Public
36 @InterfaceStability.Evolving
37 public class AuthResult {
38 private final boolean allowed;
39 private final String namespace;
40 private final TableName table;
41 private final Permission.Action action;
42 private final String request;
43 private final String reason;
44 private final User user;
45
46
47 private final byte[] family;
48 private final byte[] qualifier;
49 private final Map<byte[], ? extends Collection<?>> families;
50
51 public AuthResult(boolean allowed, String request, String reason, User user,
52 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
53 this.allowed = allowed;
54 this.request = request;
55 this.reason = reason;
56 this.user = user;
57 this.table = table;
58 this.family = family;
59 this.qualifier = qualifier;
60 this.action = action;
61 this.families = null;
62 this.namespace = null;
63 }
64
65 public AuthResult(boolean allowed, String request, String reason, User user,
66 Permission.Action action, TableName table,
67 Map<byte[], ? extends Collection<?>> families) {
68 this.allowed = allowed;
69 this.request = request;
70 this.reason = reason;
71 this.user = user;
72 this.table = table;
73 this.family = null;
74 this.qualifier = null;
75 this.action = action;
76 this.families = families;
77 this.namespace = null;
78 }
79
80 public AuthResult(boolean allowed, String request, String reason, User user,
81 Permission.Action action, String namespace) {
82 this.allowed = allowed;
83 this.request = request;
84 this.reason = reason;
85 this.user = user;
86 this.namespace = namespace;
87 this.action = action;
88 this.table = null;
89 this.family = null;
90 this.qualifier = null;
91 this.families = null;
92 }
93
94 public boolean isAllowed() {
95 return allowed;
96 }
97
98 public User getUser() {
99 return user;
100 }
101
102 public String getReason() {
103 return reason;
104 }
105
106 public TableName getTableName() {
107 return table;
108 }
109
110 public byte[] getFamily() {
111 return family;
112 }
113
114 public byte[] getQualifier() {
115 return qualifier;
116 }
117
118 public Permission.Action getAction() {
119 return action;
120 }
121
122 public String getRequest() {
123 return request;
124 }
125
126 String toFamilyString() {
127 StringBuilder sb = new StringBuilder();
128 if (families != null) {
129 boolean first = true;
130 for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
131 String familyName = Bytes.toString(entry.getKey());
132 if (entry.getValue() != null && !entry.getValue().isEmpty()) {
133 for (Object o : entry.getValue()) {
134 String qualifier;
135 if (o instanceof byte[]) {
136 qualifier = Bytes.toString((byte[])o);
137 } else if (o instanceof KeyValue) {
138 byte[] rawQualifier = ((KeyValue)o).getQualifier();
139 qualifier = Bytes.toString(rawQualifier);
140 } else {
141
142 qualifier = o.toString();
143 }
144 if (!first) {
145 sb.append("|");
146 }
147 first = false;
148 sb.append(familyName).append(":").append(qualifier);
149 }
150 } else {
151 if (!first) {
152 sb.append("|");
153 }
154 first = false;
155 sb.append(familyName);
156 }
157 }
158 } else if (family != null) {
159 sb.append(Bytes.toString(family));
160 if (qualifier != null) {
161 sb.append(":").append(Bytes.toString(qualifier));
162 }
163 }
164 return sb.toString();
165 }
166
167 public String toContextString() {
168 StringBuilder sb = new StringBuilder();
169 sb.append("(user=")
170 .append(user != null ? user.getName() : "UNKNOWN")
171 .append(", ");
172 sb.append("scope=")
173 .append(namespace != null ? namespace : table == null ? "GLOBAL" : table);
174 if(namespace == null) {
175 sb.append(", ")
176 .append("family=")
177 .append(toFamilyString())
178 .append(", ");
179 }
180 sb.append("action=")
181 .append(action != null ? action.toString() : "")
182 .append(")");
183 return sb.toString();
184 }
185
186 public String toString() {
187 return "AuthResult" + toContextString();
188 }
189
190 public static AuthResult allow(String request, String reason, User user,
191 Permission.Action action, String namespace) {
192 return new AuthResult(true, request, reason, user, action, namespace);
193 }
194
195 public static AuthResult allow(String request, String reason, User user,
196 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
197 return new AuthResult(true, request, reason, user, action, table, family, qualifier);
198 }
199
200 public static AuthResult allow(String request, String reason, User user,
201 Permission.Action action, TableName table,
202 Map<byte[], ? extends Collection<?>> families) {
203 return new AuthResult(true, request, reason, user, action, table, families);
204 }
205
206 public static AuthResult deny(String request, String reason, User user,
207 Permission.Action action, String namespace) {
208 return new AuthResult(false, request, reason, user, action, namespace);
209 }
210
211 public static AuthResult deny(String request, String reason, User user,
212 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
213 return new AuthResult(false, request, reason, user, action, table, family, qualifier);
214 }
215
216 public static AuthResult deny(String request, String reason, User user,
217 Permission.Action action, TableName table,
218 Map<byte[], ? extends Collection<?>> families) {
219 return new AuthResult(false, request, reason, user, action, table, families);
220 }
221 }