AccessChecker (Apache HBase 2.0.6 API)

java.lang.Object
- org.apache.hadoop.hbase.security.access.AccessChecker

@InterfaceAudience.Private
public final class AccessChecker
extends Object

Field Summary

Fields
Modifier and Type	Field and Description
`private static org.slf4j.Logger`	`AUDITLOG`
`private TableAuthManager`	`authManager`
`private boolean`	`authorizationEnabled` if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration.see HBASE-19483.

Constructor Summary

Constructors
Constructor and Description

AccessChecker(org.apache.hadoop.conf.Configuration conf, ZKWatcher zkw)
Constructor with existing configuration

Constructors
Constructor and Description
`AccessChecker(org.apache.hadoop.conf.Configuration conf, ZKWatcher zkw)` Constructor with existing configuration

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`checkLockPermissions(User user, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason)`
`TableAuthManager`	`getAuthManager()`
`static boolean`	`isAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)`
`static void`	`logResult(AuthResult result)`
`void`	`requireAccess(User user, String request, TableName tableName, Permission.Action... permissions)` Authorizes that the current user has any of the given permissions to access the table.
`void`	`requireGlobalPermission(User user, String request, Permission.Action perm, String namespace)` Checks that the user has the given global permission.
`void`	`requireGlobalPermission(User user, String request, Permission.Action perm, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap)` Checks that the user has the given global permission.
`void`	`requireNamespacePermission(User user, String request, String namespace, Permission.Action... permissions)` Checks that the user has the given global or namespace permission.
`void`	`requireNamespacePermission(User user, String request, String namespace, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, Permission.Action... permissions)` Checks that the user has the given global or namespace permission.
`void`	`requirePermission(User user, String request, Permission.Action perm)` Authorizes that the current user has global privileges for the given action.
`void`	`requirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)` Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.
`void`	`requireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)` Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.
`void`	`stop()` Releases `TableAuthManager`'s reference.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- AUDITLOG
```
private static final org.slf4j.Logger AUDITLOG
```
- authManager
```
private TableAuthManager authManager
```
- authorizationEnabled
```
private boolean authorizationEnabled
```
  if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration.see HBASE-19483.

Constructor Detail
- AccessChecker
```
public AccessChecker(org.apache.hadoop.conf.Configuration conf,
                     ZKWatcher zkw)
              throws RuntimeException
```
  Constructor with existing configuration
  
  Parameters:
  
  conf - Existing configuration to use
  
  zkw - reference to the ZKWatcher
  
  Throws:
  
  RuntimeException

Method Detail

isAuthorizationSupported

public static boolean isAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)

stop
```
public void stop()
```
Releases TableAuthManager's reference.

getAuthManager

public TableAuthManager getAuthManager()

requireAccess

public void requireAccess(User user,
                          String request,
                          TableName tableName,
                          Permission.Action... permissions)
                   throws IOException

Authorizes that the current user has any of the given permissions to access the table.

Parameters:: tableName - Table requested; permissions - Actions being requested
Throws:: IOException - if obtaining the current user fails; AccessDeniedException - if user has no authorization

requirePermission

public void requirePermission(User user,
                              String request,
                              Permission.Action perm)
                       throws IOException

Authorizes that the current user has global privileges for the given action.

Parameters:: perm - The action being requested
Throws:: IOException - if obtaining the current user fails; AccessDeniedException - if authorization is denied

requireGlobalPermission

public void requireGlobalPermission(User user,
                                    String request,
                                    Permission.Action perm,
                                    TableName tableName,
                                    Map<byte[],? extends Collection<byte[]>> familyMap)
                             throws IOException

Checks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.

Parameters:: perm - Action being requested; tableName - Affected table name.; familyMap - Affected column families.
Throws:: IOException

requireGlobalPermission

public void requireGlobalPermission(User user,
                                    String request,
                                    Permission.Action perm,
                                    String namespace)
                             throws IOException

Checks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.

Parameters:: perm - Action being requested; namespace - The given namespace
Throws:: IOException

requireNamespacePermission

public void requireNamespacePermission(User user,
                                       String request,
                                       String namespace,
                                       Permission.Action... permissions)
                                throws IOException

Checks that the user has the given global or namespace permission.

Parameters:: namespace - The given namespace; permissions - Actions being requested
Throws:: IOException

requireNamespacePermission

public void requireNamespacePermission(User user,
                                       String request,
                                       String namespace,
                                       TableName tableName,
                                       Map<byte[],? extends Collection<byte[]>> familyMap,
                                       Permission.Action... permissions)
                                throws IOException

Checks that the user has the given global or namespace permission.

Parameters:: namespace - The given namespace; permissions - Actions being requested
Throws:: IOException

requirePermission

public void requirePermission(User user,
                              String request,
                              TableName tableName,
                              byte[] family,
                              byte[] qualifier,
                              Permission.Action... permissions)
                       throws IOException

Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.

Parameters:: tableName - Table requested; family - Column family requested; qualifier - Column qualifier requested
Throws:: IOException - if obtaining the current user fails; AccessDeniedException - if user has no authorization

requireTablePermission

public void requireTablePermission(User user,
                                   String request,
                                   TableName tableName,
                                   byte[] family,
                                   byte[] qualifier,
                                   Permission.Action... permissions)
                            throws IOException

Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.

Parameters:: tableName - Table requested; family - Column family param; qualifier - Column qualifier param
Throws:: IOException - if obtaining the current user fails; AccessDeniedException - if user has no authorization

checkLockPermissions

public void checkLockPermissions(User user,
                                 String namespace,
                                 TableName tableName,
                                 RegionInfo[] regionInfos,
                                 String reason)
                          throws IOException

Throws:: IOException

logResult

public static void logResult(AuthResult result)

Class AccessChecker

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

AUDITLOG

authManager

authorizationEnabled

Constructor Detail

AccessChecker

Method Detail

isAuthorizationSupported

stop

getAuthManager

requireAccess

requirePermission

requireGlobalPermission

requireGlobalPermission

requireNamespacePermission

requireNamespacePermission

requirePermission

requireTablePermission

checkLockPermissions

logResult