1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import java.util.Collection;
22 import java.util.Map;
23
24 import org.apache.hadoop.hbase.classification.InterfaceAudience;
25 import org.apache.hadoop.hbase.KeyValue;
26 import org.apache.hadoop.hbase.TableName;
27 import org.apache.hadoop.hbase.security.User;
28 import org.apache.hadoop.hbase.util.Bytes;
29
30
31
32
33
34 @InterfaceAudience.Private
35 public class AuthResult {
36 private boolean allowed;
37 private final String namespace;
38 private final TableName table;
39 private final Permission.Action action;
40 private final String request;
41 private String reason;
42 private final User user;
43
44
45 private final byte[] family;
46 private final byte[] qualifier;
47 private final Map<byte[], ? extends Collection<?>> families;
48
49 public AuthResult(boolean allowed, String request, String reason, User user,
50 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
51 this.allowed = allowed;
52 this.request = request;
53 this.reason = reason;
54 this.user = user;
55 this.table = table;
56 this.family = family;
57 this.qualifier = qualifier;
58 this.action = action;
59 this.families = null;
60 this.namespace = null;
61 }
62
63 public AuthResult(boolean allowed, String request, String reason, User user,
64 Permission.Action action, TableName table,
65 Map<byte[], ? extends Collection<?>> families) {
66 this.allowed = allowed;
67 this.request = request;
68 this.reason = reason;
69 this.user = user;
70 this.table = table;
71 this.family = null;
72 this.qualifier = null;
73 this.action = action;
74 this.families = families;
75 this.namespace = null;
76 }
77
78 public AuthResult(boolean allowed, String request, String reason, User user,
79 Permission.Action action, String namespace) {
80 this.allowed = allowed;
81 this.request = request;
82 this.reason = reason;
83 this.user = user;
84 this.namespace = namespace;
85 this.action = action;
86 this.table = null;
87 this.family = null;
88 this.qualifier = null;
89 this.families = null;
90 }
91
92 public boolean isAllowed() {
93 return allowed;
94 }
95
96 public User getUser() {
97 return user;
98 }
99
100 public String getReason() {
101 return reason;
102 }
103
104 public TableName getTableName() {
105 return table;
106 }
107
108 public byte[] getFamily() {
109 return family;
110 }
111
112 public byte[] getQualifier() {
113 return qualifier;
114 }
115
116 public Permission.Action getAction() {
117 return action;
118 }
119
120 public String getRequest() {
121 return request;
122 }
123
124 public void setAllowed(boolean allowed) {
125 this.allowed = allowed;
126 }
127
128 public void setReason(String reason) {
129 this.reason = reason;
130 }
131
132 String toFamilyString() {
133 StringBuilder sb = new StringBuilder();
134 if (families != null) {
135 boolean first = true;
136 for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
137 String familyName = Bytes.toString(entry.getKey());
138 if (entry.getValue() != null && !entry.getValue().isEmpty()) {
139 for (Object o : entry.getValue()) {
140 String qualifier;
141 if (o instanceof byte[]) {
142 qualifier = Bytes.toString((byte[])o);
143 } else if (o instanceof KeyValue) {
144 byte[] rawQualifier = ((KeyValue)o).getQualifier();
145 qualifier = Bytes.toString(rawQualifier);
146 } else {
147
148 qualifier = o.toString();
149 }
150 if (!first) {
151 sb.append("|");
152 }
153 first = false;
154 sb.append(familyName).append(":").append(qualifier);
155 }
156 } else {
157 if (!first) {
158 sb.append("|");
159 }
160 first = false;
161 sb.append(familyName);
162 }
163 }
164 } else if (family != null) {
165 sb.append(Bytes.toString(family));
166 if (qualifier != null) {
167 sb.append(":").append(Bytes.toString(qualifier));
168 }
169 }
170 return sb.toString();
171 }
172
173 public String toContextString() {
174 StringBuilder sb = new StringBuilder();
175 sb.append("(user=")
176 .append(user != null ? user.getName() : "UNKNOWN")
177 .append(", ");
178 sb.append("scope=")
179 .append(namespace != null ? namespace : table == null ? "GLOBAL" : table)
180 .append(", ");
181 if(namespace == null) {
182 sb.append("family=")
183 .append(toFamilyString())
184 .append(", ");
185 }
186 sb.append("action=")
187 .append(action != null ? action.toString() : "")
188 .append(")");
189 return sb.toString();
190 }
191
192 public String toString() {
193 return "AuthResult" + toContextString();
194 }
195
196 public static AuthResult allow(String request, String reason, User user,
197 Permission.Action action, String namespace) {
198 return new AuthResult(true, request, reason, user, action, namespace);
199 }
200
201 public static AuthResult allow(String request, String reason, User user,
202 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
203 return new AuthResult(true, request, reason, user, action, table, family, qualifier);
204 }
205
206 public static AuthResult allow(String request, String reason, User user,
207 Permission.Action action, TableName table,
208 Map<byte[], ? extends Collection<?>> families) {
209 return new AuthResult(true, request, reason, user, action, table, families);
210 }
211
212 public static AuthResult deny(String request, String reason, User user,
213 Permission.Action action, String namespace) {
214 return new AuthResult(false, request, reason, user, action, namespace);
215 }
216
217 public static AuthResult deny(String request, String reason, User user,
218 Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
219 return new AuthResult(false, request, reason, user, action, table, family, qualifier);
220 }
221
222 public static AuthResult deny(String request, String reason, User user,
223 Permission.Action action, TableName table,
224 Map<byte[], ? extends Collection<?>> families) {
225 return new AuthResult(false, request, reason, user, action, table, families);
226 }
227 }