1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.visibility;
19
20 import java.util.ArrayList;
21 import java.util.HashSet;
22 import java.util.List;
23 import java.util.Set;
24
25 import org.apache.commons.logging.Log;
26 import org.apache.commons.logging.LogFactory;
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28 import org.apache.hadoop.conf.Configuration;
29 import org.apache.hadoop.hbase.security.User;
30
31
32
33
34
35
36
37 @InterfaceAudience.Private
38 public class EnforcingScanLabelGenerator implements ScanLabelGenerator {
39
40 private static final Log LOG = LogFactory.getLog(EnforcingScanLabelGenerator.class);
41
42 private Configuration conf;
43 private VisibilityLabelsCache labelsCache;
44
45 public EnforcingScanLabelGenerator() {
46 this.labelsCache = VisibilityLabelsCache.get();
47 }
48
49 @Override
50 public void setConf(Configuration conf) {
51 this.conf = conf;
52 }
53
54 @Override
55 public Configuration getConf() {
56 return this.conf;
57 }
58
59 @Override
60 public List<String> getLabels(User user, Authorizations authorizations) {
61 String userName = user.getShortName();
62 if (authorizations != null) {
63 LOG.warn("Dropping authorizations requested by user " + userName + ": " + authorizations);
64 }
65 Set<String> auths = new HashSet<String>();
66 auths.addAll(this.labelsCache.getUserAuths(userName));
67 auths.addAll(this.labelsCache.getGroupAuths(user.getGroupNames()));
68 return new ArrayList<String>(auths);
69 }
70
71 }