예제 #1
0
  /**
   * Returns a new {@code PermissionCache} initialized with permission assignments from the {@code
   * hbase.superuser} configuration key.
   */
  private PermissionCache<Permission> initGlobal(Configuration conf) throws IOException {
    UserProvider userProvider = UserProvider.instantiate(conf);
    User user = userProvider.getCurrent();
    if (user == null) {
      throw new IOException(
          "Unable to obtain the current user, "
              + "authorization checks for internal operations will not work correctly!");
    }
    PermissionCache<Permission> newCache = new PermissionCache<Permission>();
    String currentUser = user.getShortName();

    // the system user is always included
    List<String> superusers =
        Lists.asList(
            currentUser, conf.getStrings(AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
    if (superusers != null) {
      for (String name : superusers) {
        if (AccessControlLists.isGroupPrincipal(name)) {
          newCache.putGroup(
              AccessControlLists.getGroupName(name), new Permission(Permission.Action.values()));
        } else {
          newCache.putUser(name, new Permission(Permission.Action.values()));
        }
      }
    }
    return newCache;
  }
예제 #2
0
  /**
   * Updates the internal permissions cache for a single table, splitting the permissions listed
   * into separate caches for users and groups to optimize group lookups.
   *
   * @param table
   * @param tablePerms
   */
  private void updateTableCache(byte[] table, ListMultimap<String, TablePermission> tablePerms) {
    PermissionCache<TablePermission> newTablePerms = new PermissionCache<TablePermission>();

    for (Map.Entry<String, TablePermission> entry : tablePerms.entries()) {
      if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
        newTablePerms.putGroup(AccessControlLists.getGroupName(entry.getKey()), entry.getValue());
      } else {
        newTablePerms.putUser(entry.getKey(), entry.getValue());
      }
    }

    tableCache.put(table, newTablePerms);
  }
예제 #3
0
 /**
  * Updates the internal global permissions cache
  *
  * @param userPerms
  */
 private void updateGlobalCache(ListMultimap<String, TablePermission> userPerms) {
   PermissionCache<Permission> newCache = null;
   try {
     newCache = initGlobal(conf);
     for (Map.Entry<String, TablePermission> entry : userPerms.entries()) {
       if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
         newCache.putGroup(
             AccessControlLists.getGroupName(entry.getKey()),
             new Permission(entry.getValue().getActions()));
       } else {
         newCache.putUser(entry.getKey(), new Permission(entry.getValue().getActions()));
       }
     }
     globalCache = newCache;
   } catch (IOException e) {
     // Never happens
     LOG.error("Error occured while updating the global cache", e);
   }
 }