Package org.apache.accumulo.core.clientImpl

Class SecurityOperationsImpl

java.lang.Object

org.apache.accumulo.core.clientImpl.SecurityOperationsImpl

All Implemented Interfaces:

SecurityOperations

public class SecurityOperationsImpl
extends Object
implements SecurityOperations

Constructor Summary

Constructors

Constructor	Description
SecurityOperationsImpl(ClientContext context)

Method Summary

Modifier and Type	Method	Description
boolean	authenticateUser(String principal, AuthenticationToken token)	Verify a username/password combination is valid
void	changeLocalUserPassword(String principal, PasswordToken token)	Set the user's password
void	changeUserAuthorizations(String principal, Authorizations authorizations)	Set the user's record-level authorizations
void	createLocalUser(String principal, PasswordToken password)	Create a user
void	dropLocalUser(String principal)	Delete a user
DelegationToken	getDelegationToken(DelegationTokenConfig cfg)	Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g.
Authorizations	getUserAuthorizations(String principal)	Retrieves the user's authorizations for scanning
void	grantNamespacePermission(String principal, String namespace, NamespacePermission permission)	Grant a user a specific permission for a specific namespace
void	grantSystemPermission(String principal, SystemPermission permission)	Grant a user a system permission
void	grantTablePermission(String principal, String table, TablePermission permission)	Grant a user a specific permission for a specific table
boolean	hasNamespacePermission(String principal, String namespace, NamespacePermission permission)	Verify the user has a particular namespace permission
boolean	hasSystemPermission(String principal, SystemPermission perm)	Verify the user has a particular system permission
boolean	hasTablePermission(String principal, String table, TablePermission perm)	Verify the user has a particular table permission
Set<String>	listLocalUsers()	Return a list of users in accumulo
void	revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)	Revoke a namespace permission for a specific user on a specific namespace
void	revokeSystemPermission(String principal, SystemPermission permission)	Revoke a system permission from a user
void	revokeTablePermission(String principal, String table, TablePermission permission)	Revoke a table permission for a specific user on a specific table

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityOperationsImpl

public SecurityOperationsImpl(ClientContext context)

Method Detail

createLocalUser

public void createLocalUser(String principal,
                            PasswordToken password)
                     throws AccumuloException,
                            AccumuloSecurityException

Description copied from interface: SecurityOperations

Create a user

Specified by:

createLocalUser in interface SecurityOperations

Parameters:

principal - the name of the user to create

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

dropLocalUser

public void dropLocalUser(String principal)
                   throws AccumuloException,
                          AccumuloSecurityException

Description copied from interface: SecurityOperations

Delete a user

Specified by:

dropLocalUser in interface SecurityOperations

Parameters:

principal - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

authenticateUser

public boolean authenticateUser(String principal,
                                AuthenticationToken token)
                         throws AccumuloException,
                                AccumuloSecurityException

Description copied from interface: SecurityOperations

Verify a username/password combination is valid

Specified by:

authenticateUser in interface SecurityOperations

Parameters:

principal - the name of the user to authenticate

token - the SecurityToken for the user

Returns:

true if the user asking is allowed to know and the specified principal/token is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

changeLocalUserPassword

public void changeLocalUserPassword(String principal,
                                    PasswordToken token)
                             throws AccumuloException,
                                    AccumuloSecurityException

Description copied from interface: SecurityOperations

Set the user's password

Specified by:

changeLocalUserPassword in interface SecurityOperations

Parameters:

principal - the name of the user to modify

token - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

changeUserAuthorizations

public void changeUserAuthorizations(String principal,
                                     Authorizations authorizations)
                              throws AccumuloException,
                                     AccumuloSecurityException

Description copied from interface: SecurityOperations

Set the user's record-level authorizations

Specified by:

changeUserAuthorizations in interface SecurityOperations

Parameters:

principal - the name of the user to modify

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

getUserAuthorizations

public Authorizations getUserAuthorizations(String principal)
                                     throws AccumuloException,
                                            AccumuloSecurityException

Description copied from interface: SecurityOperations

Retrieves the user's authorizations for scanning

Specified by:

getUserAuthorizations in interface SecurityOperations

Parameters:

principal - the name of the user to query

Returns:

the set of authorizations the user has available for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasSystemPermission

public boolean hasSystemPermission(String principal,
                                   SystemPermission perm)
                            throws AccumuloException,
                                   AccumuloSecurityException

Description copied from interface: SecurityOperations

Verify the user has a particular system permission

Specified by:

hasSystemPermission in interface SecurityOperations

Parameters:

principal - the name of the user to query

perm - the system permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasTablePermission

public boolean hasTablePermission(String principal,
                                  String table,
                                  TablePermission perm)
                           throws AccumuloException,
                                  AccumuloSecurityException

Description copied from interface: SecurityOperations

Verify the user has a particular table permission

Specified by:

hasTablePermission in interface SecurityOperations

Parameters:

principal - the name of the user to query

table - the name of the table to query about

perm - the table permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasNamespacePermission

public boolean hasNamespacePermission(String principal,
                                      String namespace,
                                      NamespacePermission permission)
                               throws AccumuloException,
                                      AccumuloSecurityException

Description copied from interface: SecurityOperations

Verify the user has a particular namespace permission

Specified by:

hasNamespacePermission in interface SecurityOperations

Parameters:

principal - the name of the user to query

namespace - the name of the namespace to query about

permission - the namespace permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

grantSystemPermission

public void grantSystemPermission(String principal,
                                  SystemPermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException

Description copied from interface: SecurityOperations

Grant a user a system permission

Specified by:

grantSystemPermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

permission - the system permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantTablePermission

public void grantTablePermission(String principal,
                                 String table,
                                 TablePermission permission)
                          throws AccumuloException,
                                 AccumuloSecurityException

Description copied from interface: SecurityOperations

Grant a user a specific permission for a specific table

Specified by:

grantTablePermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantNamespacePermission

public void grantNamespacePermission(String principal,
                                     String namespace,
                                     NamespacePermission permission)
                              throws AccumuloException,
                                     AccumuloSecurityException

Description copied from interface: SecurityOperations

Grant a user a specific permission for a specific namespace

Specified by:

grantNamespacePermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

revokeSystemPermission

public void revokeSystemPermission(String principal,
                                   SystemPermission permission)
                            throws AccumuloException,
                                   AccumuloSecurityException

Description copied from interface: SecurityOperations

Revoke a system permission from a user

Specified by:

revokeSystemPermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

permission - the system permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeTablePermission

public void revokeTablePermission(String principal,
                                  String table,
                                  TablePermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException

Description copied from interface: SecurityOperations

Revoke a table permission for a specific user on a specific table

Specified by:

revokeTablePermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeNamespacePermission

public void revokeNamespacePermission(String principal,
                                      String namespace,
                                      NamespacePermission permission)
                               throws AccumuloException,
                                      AccumuloSecurityException

Description copied from interface: SecurityOperations

Revoke a namespace permission for a specific user on a specific namespace

Specified by:

revokeNamespacePermission in interface SecurityOperations

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

listLocalUsers

public Set<String> listLocalUsers()
                           throws AccumuloException,
                                  AccumuloSecurityException

Description copied from interface: SecurityOperations

Return a list of users in accumulo

Specified by:

listLocalUsers in interface SecurityOperations

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users

getDelegationToken

public DelegationToken getDelegationToken(DelegationTokenConfig cfg)
                                   throws AccumuloException,
                                          AccumuloSecurityException

Description copied from interface: SecurityOperations

Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g. YARN Jobs)

Specified by:

getDelegationToken in interface SecurityOperations

Throws:

AccumuloException

AccumuloSecurityException