private void verifyServiceACLsRefresh(
ServiceAuthorizationManager manager, Class<?> protocol, String aclString) {
for (Class<?> protocolClass : manager.getProtocolsWithAcls()) {
AccessControlList accessList = manager.getProtocolsAcls(protocolClass);
if (protocolClass == protocol) {
Assert.assertEquals(accessList.getAclString(), aclString);
} else {
Assert.assertEquals(accessList.getAclString(), "*");
}
}
}
public static void init(Configuration conf, ServiceAuthorizationManager authManager) {
// set service-level authorization security policy
System.setProperty("hadoop.policy.file", "hbase-policy.xml");
if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
authManager.refresh(conf, new HBasePolicyProvider());
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
}
}
@Override
public void authorize(Subject user, ConnectionHeader connection) throws AuthorizationException {
if (authorize) {
Class<?> protocol = null;
try {
protocol = getProtocolClass(connection.getProtocol(), getConf());
} catch (ClassNotFoundException cfne) {
throw new AuthorizationException("Unknown protocol: " + connection.getProtocol());
}
ServiceAuthorizationManager.authorize(user, protocol);
}
}
