1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.hadoop.hbase.security;
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.hadoop.conf.Configuration;
25 import org.apache.hadoop.hbase.AuthUtil;
26 import org.apache.hadoop.hbase.classification.InterfaceAudience;
27
28 import java.io.IOException;
29 import java.util.ArrayList;
30 import java.util.List;
31
32
33
34
35
36 @InterfaceAudience.Private
37 public final class Superusers {
38 private static final Log LOG = LogFactory.getLog(Superusers.class);
39
40
41 public static final String SUPERUSER_CONF_KEY = "hbase.superuser";
42
43 private static List<String> superUsers;
44 private static List<String> superGroups;
45 private static User systemUser;
46
47 private Superusers(){}
48
49
50
51
52
53
54
55
56 public static void initialize(Configuration conf) throws IOException {
57 superUsers = new ArrayList<>();
58 superGroups = new ArrayList<>();
59 systemUser = User.getCurrent();
60
61 if (systemUser == null) {
62 throw new IllegalStateException("Unable to obtain the current user, "
63 + "authorization checks for internal operations will not work correctly!");
64 }
65
66 if (LOG.isTraceEnabled()) {
67 LOG.trace("Current user name is " + systemUser.getShortName());
68 }
69 String currentUser = systemUser.getShortName();
70 String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
71 for (String name : superUserList) {
72 if (AuthUtil.isGroupPrincipal(name)) {
73 superGroups.add(AuthUtil.getGroupName(name));
74 } else {
75 superUsers.add(name);
76 }
77 }
78 superUsers.add(currentUser);
79 }
80
81
82
83
84
85
86
87
88 public static boolean isSuperUser(User user) {
89 if (superUsers == null) {
90 throw new IllegalStateException("Super users/super groups lists"
91 + " haven't been initialized properly.");
92 }
93 if (superUsers.contains(user.getShortName())) {
94 return true;
95 }
96
97 for (String group : user.getGroupNames()) {
98 if (superGroups.contains(group)) {
99 return true;
100 }
101 }
102 return false;
103 }
104
105
106
107
108
109
110
111
112
113 @Deprecated
114 public static boolean isSuperUser(String user) {
115 if (superUsers == null) {
116 throw new IllegalStateException("Super users/super groups lists"
117 + " haven't been initialized properly.");
118 }
119 if (superUsers.contains(user)) {
120 return true;
121 } else {
122 return false;
123 }
124 }
125
126 public static User getSystemUser() {
127 return systemUser;
128 }
129 }