1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import java.util.Collection;
22 import java.util.Map;
23
24 import org.apache.hadoop.hbase.classification.InterfaceAudience;
25 import org.apache.hadoop.hbase.Cell;
26 import org.apache.hadoop.hbase.TableName;
27 import org.apache.hadoop.hbase.security.User;
28 import org.apache.hadoop.hbase.util.Bytes;
29
30
31
32
33
34 @InterfaceAudience.Private
35 public class AuthResult {
36 private boolean allowed;
37 private final String namespace;
38 private final TableName table;
39 private final Permission.Action action;
40 private final String request;
41 private String reason;
42 private final User user;
43
44
45 private final byte[] family;
46 private final byte[] qualifier;
47 private final Map<byte[], ? extends Collection<?>> families;
48
49 public AuthResult(boolean allowed, String request, String reason, User user,
50 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
51 this.allowed = allowed;
52 this.request = request;
53 this.reason = reason;
54 this.user = user;
55 this.table = table;
56 this.family = family;
57 this.qualifier = qualifier;
58 this.action = action;
59 this.families = null;
60 this.namespace = null;
61 }
62
63 public AuthResult(boolean allowed, String request, String reason, User user,
64 Permission.Action action, TableName table,
65 Map<byte[], ? extends Collection<?>> families) {
66 this.allowed = allowed;
67 this.request = request;
68 this.reason = reason;
69 this.user = user;
70 this.table = table;
71 this.family = null;
72 this.qualifier = null;
73 this.action = action;
74 this.families = families;
75 this.namespace = null;
76 }
77
78 public AuthResult(boolean allowed, String request, String reason, User user,
79 Permission.Action action, String namespace) {
80 this.allowed = allowed;
81 this.request = request;
82 this.reason = reason;
83 this.user = user;
84 this.namespace = namespace;
85 this.action = action;
86 this.table = null;
87 this.family = null;
88 this.qualifier = null;
89 this.families = null;
90 }
91
92 public boolean isAllowed() {
93 return allowed;
94 }
95
96 public User getUser() {
97 return user;
98 }
99
100 public String getReason() {
101 return reason;
102 }
103
104 public TableName getTableName() {
105 return table;
106 }
107
108 public byte[] getFamily() {
109 return family;
110 }
111
112 public byte[] getQualifier() {
113 return qualifier;
114 }
115
116 public Permission.Action getAction() {
117 return action;
118 }
119
120 public String getRequest() {
121 return request;
122 }
123
124 public void setAllowed(boolean allowed) {
125 this.allowed = allowed;
126 }
127
128 public void setReason(String reason) {
129 this.reason = reason;
130 }
131
132 String toFamilyString() {
133 StringBuilder sb = new StringBuilder();
134 if (families != null) {
135 boolean first = true;
136 for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
137 String familyName = Bytes.toString(entry.getKey());
138 if (entry.getValue() != null && !entry.getValue().isEmpty()) {
139 for (Object o : entry.getValue()) {
140 String qualifier;
141 if (o instanceof byte[]) {
142 qualifier = Bytes.toString((byte[])o);
143 } else if (o instanceof Cell) {
144 Cell c = (Cell) o;
145 qualifier = Bytes.toString(c.getQualifierArray(), c.getQualifierOffset(),
146 c.getQualifierLength());
147 } else {
148
149 qualifier = o.toString();
150 }
151 if (!first) {
152 sb.append("|");
153 }
154 first = false;
155 sb.append(familyName).append(":").append(qualifier);
156 }
157 } else {
158 if (!first) {
159 sb.append("|");
160 }
161 first = false;
162 sb.append(familyName);
163 }
164 }
165 } else if (family != null) {
166 sb.append(Bytes.toString(family));
167 if (qualifier != null) {
168 sb.append(":").append(Bytes.toString(qualifier));
169 }
170 }
171 return sb.toString();
172 }
173
174 public String toContextString() {
175 StringBuilder sb = new StringBuilder();
176 sb.append("(user=")
177 .append(user != null ? user.getName() : "UNKNOWN")
178 .append(", ");
179 sb.append("scope=")
180 .append(namespace != null ? namespace : table == null ? "GLOBAL" : table)
181 .append(", ");
182 if(namespace == null) {
183 sb.append("family=")
184 .append(toFamilyString())
185 .append(", ");
186 }
187 sb.append("action=")
188 .append(action != null ? action.toString() : "")
189 .append(")");
190 return sb.toString();
191 }
192
193 public String toString() {
194 return "AuthResult" + toContextString();
195 }
196
197 public static AuthResult allow(String request, String reason, User user,
198 Permission.Action action, String namespace) {
199 return new AuthResult(true, request, reason, user, action, namespace);
200 }
201
202 public static AuthResult allow(String request, String reason, User user,
203 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
204 return new AuthResult(true, request, reason, user, action, table, family, qualifier);
205 }
206
207 public static AuthResult allow(String request, String reason, User user,
208 Permission.Action action, TableName table,
209 Map<byte[], ? extends Collection<?>> families) {
210 return new AuthResult(true, request, reason, user, action, table, families);
211 }
212
213 public static AuthResult deny(String request, String reason, User user,
214 Permission.Action action, String namespace) {
215 return new AuthResult(false, request, reason, user, action, namespace);
216 }
217
218 public static AuthResult deny(String request, String reason, User user,
219 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
220 return new AuthResult(false, request, reason, user, action, table, family, qualifier);
221 }
222
223 public static AuthResult deny(String request, String reason, User user,
224 Permission.Action action, TableName table,
225 Map<byte[], ? extends Collection<?>> families) {
226 return new AuthResult(false, request, reason, user, action, table, families);
227 }
228 }