1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security;
19
20 import org.apache.hadoop.hbase.classification.InterfaceAudience;
21 import org.apache.hadoop.conf.Configuration;
22 import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.AdminService;
23 import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.ClientService;
24 import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
25 import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.RegionServerStatusService;
26 import org.apache.hadoop.security.authorize.PolicyProvider;
27 import org.apache.hadoop.security.authorize.ProxyUsers;
28 import org.apache.hadoop.security.authorize.Service;
29 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
30
31
32
33
34
35 @InterfaceAudience.Private
36 public class HBasePolicyProvider extends PolicyProvider {
37 protected final static Service[] services = {
38 new Service("security.client.protocol.acl", ClientService.BlockingInterface.class),
39 new Service("security.client.protocol.acl", AdminService.BlockingInterface.class),
40 new Service("security.admin.protocol.acl", MasterService.BlockingInterface.class),
41 new Service("security.masterregion.protocol.acl", RegionServerStatusService.BlockingInterface.class)
42 };
43
44 @Override
45 public Service[] getServices() {
46 return services;
47 }
48
49 public static void init(Configuration conf, ServiceAuthorizationManager authManager) {
50
51 System.setProperty("hadoop.policy.file", "hbase-policy.xml");
52 if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
53 authManager.refresh(conf, new HBasePolicyProvider());
54 ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
55 }
56 }
57 }