1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.visibility;
19
20 import java.util.ArrayList;
21 import java.util.List;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.hadoop.hbase.classification.InterfaceAudience;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.security.User;
28
29
30
31
32
33
34
35 @InterfaceAudience.Private
36 public class DefinedSetFilterScanLabelGenerator implements ScanLabelGenerator {
37
38 private static final Log LOG = LogFactory.getLog(DefinedSetFilterScanLabelGenerator.class);
39
40 private Configuration conf;
41
42 private VisibilityLabelsCache labelsCache;
43
44 public DefinedSetFilterScanLabelGenerator() {
45 this.labelsCache = VisibilityLabelsCache.get();
46 }
47
48 @Override
49 public void setConf(Configuration conf) {
50 this.conf = conf;
51 }
52
53 @Override
54 public Configuration getConf() {
55 return this.conf;
56 }
57
58 @Override
59 public List<String> getLabels(User user, Authorizations authorizations) {
60 if (authorizations != null) {
61 List<String> labels = authorizations.getLabels();
62 String userName = user.getShortName();
63 List<String> auths = this.labelsCache.getAuths(userName);
64 return dropLabelsNotInUserAuths(labels, auths, userName);
65 }
66 return null;
67 }
68
69 private List<String> dropLabelsNotInUserAuths(List<String> labels, List<String> auths,
70 String userName) {
71 List<String> droppedLabels = new ArrayList<String>();
72 List<String> passedLabels = new ArrayList<String>(labels.size());
73 for (String label : labels) {
74 if (auths.contains(label)) {
75 passedLabels.add(label);
76 } else {
77 droppedLabels.add(label);
78 }
79 }
80 if (!droppedLabels.isEmpty()) {
81 StringBuilder sb = new StringBuilder();
82 sb.append("Dropping invalid authorizations requested by user ");
83 sb.append(userName);
84 sb.append(": [ ");
85 for (String label: droppedLabels) {
86 sb.append(label);
87 sb.append(' ');
88 }
89 sb.append(']');
90 LOG.warn(sb.toString());
91 }
92 return passedLabels;
93 }
94 }