Package org.apache.accumulo.core.security

Examples of org.apache.accumulo.core.security.Authorizations

1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
      for (TKeyExtent keyExtent : tbatch.keySet()) {
        tables.add(new String(keyExtent.getTable(), Constants.UTF8));
      }
     
      // check if user has permission to the tables
      Authorizations userauths = null;
      for (String table : tables)
        if (!security.canScan(credentials, table))
          throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
      userauths = security.getUserAuthorizations(credentials);
      for (ByteBuffer auth : authorizations)
        if (!userauths.contains(ByteBufferUtil.toBytes(auth)))
          throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
     
      KeyExtent threadPoolExtent = null;
     
      Map<KeyExtent,List<Range>> batch = Translator.translate(tbatch, Translators.TKET, new Translator.ListTranslator<TRange,Range>(Translators.TRT));
     
      for (KeyExtent keyExtent : batch.keySet()) {
        if (threadPoolExtent == null) {
          threadPoolExtent = keyExtent;
        } else if (keyExtent.isRootTablet()) {
          throw new IllegalArgumentException("Cannot batch query root tablet with other tablets " + threadPoolExtent + " " + keyExtent);
        } else if (keyExtent.isMeta() && !threadPoolExtent.isMeta()) {
          throw new IllegalArgumentException("Cannot batch query !METADATA and non !METADATA tablets " + threadPoolExtent + " " + keyExtent);
        }
       
      }
     
      if (waitForWrites)
        writeTracker.waitForWrites(TabletType.type(batch.keySet()));
     
      MultiScanSession mss = new MultiScanSession();
      mss.user = credentials.getPrincipal();
      mss.queries = batch;
      mss.columnSet = new HashSet<Column>(tcolumns.size());
      mss.ssiList = ssiList;
      mss.ssio = ssio;
      mss.auths = new Authorizations(authorizations);
     
      mss.numTablets = batch.size();
      for (List<Range> ranges : batch.values()) {
        mss.numRanges += ranges.size();
      }
View Full Code Here
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
    String tableName = WalkingSecurity.get(state).getTableName();
   
    switch (tp) {
      case READ: {
        boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName);
        Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
        boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
        boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
       
        Scanner scan = null;
        try {
          scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
          int seen = 0;
          Iterator<Entry<Key,Value>> iter = scan.iterator();
          while (iter.hasNext()) {
            Entry<Key,Value> entry = iter.next();
            Key k = entry.getKey();
            seen++;
            if (!auths.contains(k.getColumnVisibilityData()) && !ambiguousAuths)
              throw new AccumuloException("Got data I should not be capable of seeing: " + k + " table " + tableName);
          }
          if (!canRead && !ambiguousZone)
            throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + conn.whoami() + " table " + tableName);
          for (Entry<String,Integer> entry : WalkingSecurity.get(state).getAuthsMap().entrySet()) {
            if (auths.contains(entry.getKey().getBytes(Constants.UTF8)))
              seen = seen - entry.getValue();
          }
          if (seen != 0 && !ambiguousAuths)
            throw new AccumuloException("Got mismatched amounts of data");
        } catch (TableNotFoundException tnfe) {
View Full Code Here
65
66
67
68
69
70
71
72
73
74
75
      bw.addMutation(m);
    }
   
    bw.close();
   
    Scanner scanner = getConnector().createScanner("abc", new Authorizations());
    scanner.setBatchSize(1000);
   
    Iterator<Entry<Key,Value>> iter = scanner.iterator();
   
    verify(iter, 0, 200);
View Full Code Here
57
58
59
60
61
62
63
    @Parameter(names = {"-r", "--read"}, description = "read entries after any creates/deletes")
    boolean readEntries = false;

    public Opts() {
      super(DEFAULT_TABLE_NAME);
      auths = new Authorizations();
    }
View Full Code Here
68
69
70
71
72
73
74
    }
    for (SystemPermission sp : SystemPermission.values()) {
      WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
      WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
    }
    WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
  }
View Full Code Here
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
          throw new AccumuloException(user + " existance out of sync for table perm " + tp + " hasTp/CloudhasTP " + hasTp + " " + accuHasTp);
      }
     
    }
   
    Authorizations accuAuths;
    Authorizations auths;
    try {
      auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
      accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state).getTabUserName());
    } catch (ThriftSecurityException ae) {
      if (ae.getCode() == org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode.USER_DOESNT_EXIST) {
        if (tableUserExists)
          throw new AccumuloException("Table user didn't exist when they should.", ae);
        else
          return;
      }
      throw new AccumuloException("Unexpected exception!", ae);
    }
    if (!auths.equals(accuAuths))
      throw new AccumuloException("Table User authorizations out of sync");
  }
View Full Code Here
69
70
71
72
73
74
75
76
77
      log.debug("Creating " + tableName);
      c.tableOperations().create(tableName);
      log.debug("Deleting rows from " + tableName);
      c.tableOperations().deleteRows(tableName, null, null);
      log.debug("Verifying no rows were found");
      Scanner scanner = c.createScanner(tableName, new Authorizations());
      assertEquals(0, Iterables.size(scanner));
    }
  }
View Full Code Here
188
189
190
191
192
193
194
195
196
197
198
    Instance instance = new MockInstance("foo");
    Connector connector = instance.getConnector("user", new PasswordToken(new byte[0]));
    TableOperations tableOperations = connector.tableOperations();
    tableOperations.create("a_table");
    tableOperations.importDirectory("a_table", dataAndFiles.importPath.toString(), dataAndFiles.failurePath.toString(), false);
    Scanner scanner = connector.createScanner("a_table", new Authorizations());
    Iterator<Entry<Key,Value>> iterator = scanner.iterator();
    for (int i = 0; i < 5; i++) {
      Assert.assertTrue(iterator.hasNext());
      Entry<Key,Value> kv = iterator.next();
      Pair<Key,Value> expected = dataAndFiles.keyVals.get(i);
View Full Code Here
333
334
335
336
337
338
339
340
341
342
343
  public void testCorrectRangeInputSplits() throws Exception {
    Job job = new Job(new Configuration(), this.getClass().getSimpleName() + "_" + System.currentTimeMillis());

    String username = "user", table = "table", instance = "mapreduce_testCorrectRangeInputSplits";
    PasswordToken password = new PasswordToken("password");
    Authorizations auths = new Authorizations("foo");
    Collection<Pair<Text,Text>> fetchColumns = Collections.singleton(new Pair<Text,Text>(new Text("foo"), new Text("bar")));
    boolean isolated = true, localIters = true;
    Level level = Level.WARN;

    Instance inst = new MockInstance(instance);
View Full Code Here
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
      Map<Entry<String,String>,String> table2Expectations = new HashMap<Entry<String,String>,String>();
      table2Expectations.put(Maps.immutableEntry("foo", "col1"), "val1");
      table2Expectations.put(Maps.immutableEntry("bar", "col1"), "val1");

      Scanner s = connector.createScanner(table1, new Authorizations());
      s.setRange(new Range());
      Map<Entry<String,String>,String> actual = new HashMap<Entry<String,String>,String>();
      for (Entry<Key,Value> entry : s) {
        actual.put(Maps.immutableEntry(entry.getKey().getRow().toString(), entry.getKey().getColumnFamily().toString()), entry.getValue().toString());
      }

      Assert.assertEquals("Differing results for " + table1, table1Expectations, actual);

      s = connector.createScanner(table2, new Authorizations());
      s.setRange(new Range());
      actual = new HashMap<Entry<String,String>,String>();
      for (Entry<Key,Value> entry : s) {
        actual.put(Maps.immutableEntry(entry.getKey().getRow().toString(), entry.getKey().getColumnFamily().toString()), entry.getValue().toString());
      }
View Full Code Here
TOP

Related Classes of org.apache.accumulo.core.security.Authorizations

  • clojure_accumulo.iterators.ClojureCombinerTest
  • clojure_accumulo.iterators.ClojureFilterTest
  • clojure_accumulo.iterators.ClojureMapperTest
  • io.lumify.core.model.user.AccumuloAuthorizationRepository
  • mil.nga.giat.geowave.accumulo.BasicAccumuloOperations
  • org.apache.accumulo.core.client.ClientSideIteratorTest
  • org.apache.accumulo.core.client.impl.ScannerImplTest
  • org.apache.accumulo.core.client.mapred.InputFormatBase
  • org.apache.accumulo.core.client.mapred.InputFormatBase$RecordReaderBase
  • org.apache.accumulo.core.client.mapreduce.AccumuloInputFormat
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.