Examples of org.apache.hadoop.hbase.security.AccessDeniedException

Package org.apache.hadoop.hbase.security

Examples of org.apache.hadoop.hbase.security.AccessDeniedException

org.apache.hadoop.hbase.security.AccessDeniedException
Exception thrown by access-related methods.

  private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
    if (RequestContext.isInRequestContext()) {
      String requestUName = RequestContext.getRequestUserName();
      String owner = scannerOwners.get(s);
      if (owner != null && !owner.equals(requestUName)) {
        throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!");
      }
    }
  }

View Full Code Here


  private void performACLCheck() throws IOException {
    // Do ACL check only when the security is enabled.
    if (this.acOn && !isSystemOrSuperUser()) {
      User user = getActiveUser();
      throw new AccessDeniedException("User '" + (user != null ? user.getShortName() : "null")
          + " is not authorized to perform this action.");
    }
  }

View Full Code Here

      List<String> auths = this.visibilityManager.getAuths(user.getShortName());
      if (LOG.isTraceEnabled()) {
        LOG.trace("The list of auths are "+auths);
      }
      if (!auths.contains(SYSTEM_LABEL)) {
        throw new AccessDeniedException("User '" + user.getShortName()
            + "' is not authorized to perform this action.");
      }
    }
  }

View Full Code Here

                                 permission, tableName, family, qualifier);
      }
    }
    logResult(result);
    if (!result.isAllowed()) {
      throw new AccessDeniedException("Insufficient permissions " + result.toContextString());
    }
  }

View Full Code Here

    User user = getActiveUser();
    AuthResult result = permissionGranted(request, user, perm, env, families);
    logResult(result);


    if (!result.isAllowed()) {
      throw new AccessDeniedException("Insufficient permissions (table=" +
        env.getRegion().getTableDesc().getTableName()+
        ((families != null && families.size() > 0) ? ", family: " +
        result.toFamilyString() : "") + ", action=" +
        perm.toString() + ")");
    }

View Full Code Here

    User user = getActiveUser();
    if (authManager.authorize(user, perm)) {
      logResult(AuthResult.allow(request, "Global check allowed", user, perm, tableName, familyMap));
    } else {
      logResult(AuthResult.deny(request, "Global check failed", user, perm, tableName, familyMap));
      throw new AccessDeniedException("Insufficient permissions for user '" +
          (user != null ? user.getShortName() : "null") +"' (global, action=" +
          perm.toString() + ")");
    }
  }

View Full Code Here

    User user = getActiveUser();
    if (authManager.authorize(user, perm)) {
      logResult(AuthResult.allow(request, "Global check allowed", user, perm, namespace));
    } else {
      logResult(AuthResult.deny(request, "Global check failed", user, perm, namespace));
      throw new AccessDeniedException("Insufficient permissions for user '" +
          (user != null ? user.getShortName() : "null") +"' (global, action=" +
          perm.toString() + ")");
    }
  }

View Full Code Here

              if (!authManager.authorize(user, getTableName(e), cell, false, action)) {
                AuthResult authResult = AuthResult.deny(request, "Insufficient permissions",
                  user, action, getTableName(e), CellUtil.cloneFamily(cell),
                  CellUtil.cloneQualifier(cell));
                logResult(authResult);
                throw new AccessDeniedException("Insufficient permissions " +
                  authResult.toContextString());
              }
            }
            cellsChecked++;
          }
        } while (more);
      } catch (AccessDeniedException ex) {
        throw ex;
      } catch (IOException ex) {
        LOG.error("Exception while getting cells to calculate covering permission", ex);
      } finally {
        scanner.close();
      }
    }


    // If there were no cells to check, throw the ADE
    if (cellsChecked < 1) {
      if (LOG.isTraceEnabled()) {
        LOG.trace("No cells found with scan");
      }
      AuthResult authResult = AuthResult.deny(request, "Insufficient permissions",
        user, cellCheckActions.get(0), getTableName(e), familyMap);
      logResult(authResult);
      throw new AccessDeniedException("Insufficient permissions " +
        authResult.toContextString());
    }


    // Log that authentication succeeded. We need to trade off logging maybe
    // thousands of fine grained decisions with providing detail.

View Full Code Here


  @Override
  public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)
      throws IOException {
    if (Bytes.equals(tableName.getName(), AccessControlLists.ACL_GLOBAL_NAME)) {
      throw new AccessDeniedException("Not allowed to disable "
          + AccessControlLists.ACL_TABLE_NAME + " table.");
    }
    requirePermission("disableTable", tableName, null, null, Action.ADMIN, Action.CREATE);
  }

View Full Code Here

      throws AccessDeniedException {
    if (RequestContext.isInRequestContext()) {
      String requestUserName = RequestContext.getRequestUserName();
      String owner = scannerOwners.get(s);
      if (owner != null && !owner.equals(requestUserName)) {
        throw new AccessDeniedException("User '"+ requestUserName +"' is not the scanner owner!");
      }
    }
  }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.hadoop.hbase.security.AccessDeniedException

org.apache.hadoop.hbase.ipc.RpcServer$Connection

org.apache.hadoop.hbase.security.access.AccessController

org.apache.hadoop.hbase.security.token.TokenProvider

org.apache.hadoop.hbase.security.visibility.VisibilityController

org.apache.hadoop.hbase.security.visibility.VisibilityUtils

org.apache.hadoop.hbase.util.FSUtils

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.