server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java - accumulo - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.accumulo.server.security.handler;

 import static java.nio.charset.StandardCharsets.UTF_8;

 import java.util.Base64;

 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.security.NamespacePermission;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.TCredentials;

 /**
  * Kerberos principals might contains identifiers that are not valid ZNodes ('/'). Base64-encodes the principals before interacting with ZooKeeper.
  */
 public class KerberosPermissionHandler implements PermissionHandler {

   private final ZKPermHandler zkPermissionHandler;

   public KerberosPermissionHandler() {
     zkPermissionHandler = new ZKPermHandler();
   }

   @Override
   public void initialize(String instanceId, boolean initialize) {
     zkPermissionHandler.initialize(instanceId, initialize);
   }

   @Override
   public boolean validSecurityHandlers(Authenticator authent, Authorizor author) {
     return authent instanceof KerberosAuthenticator && author instanceof KerberosAuthorizor;
   }

   @Override
   public void initializeSecurity(TCredentials credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException {
     zkPermissionHandler.initializeSecurity(credentials, Base64.getEncoder().encodeToString(rootuser.getBytes(UTF_8)));
   }

   @Override
   public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
     return zkPermissionHandler.hasSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
   }

   @Override
   public boolean hasCachedSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
     return zkPermissionHandler.hasCachedSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
   }

   @Override
   public boolean hasTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
     return zkPermissionHandler.hasTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }

   @Override
   public boolean hasCachedTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
     return zkPermissionHandler.hasCachedTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }

   @Override
   public boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
       NamespaceNotFoundException {
     return zkPermissionHandler.hasNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }

   @Override
   public boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
       NamespaceNotFoundException {
     return zkPermissionHandler.hasCachedNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }

   @Override
   public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
     zkPermissionHandler.grantSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
   }

   @Override
   public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
     zkPermissionHandler.revokeSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
   }

   @Override
   public void grantTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
     zkPermissionHandler.grantTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }

   @Override
   public void revokeTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
     zkPermissionHandler.revokeTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }

   @Override
   public void grantNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
       NamespaceNotFoundException {
     zkPermissionHandler.grantNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }

   @Override
   public void revokeNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
       NamespaceNotFoundException {
     zkPermissionHandler.revokeNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }

   @Override
   public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException {
     zkPermissionHandler.cleanTablePermissions(table);
   }

   @Override
   public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException, NamespaceNotFoundException {
     zkPermissionHandler.cleanNamespacePermissions(namespace);
   }

   @Override
   public void initUser(String user) throws AccumuloSecurityException {
     zkPermissionHandler.initUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)));
   }

   @Override
   public void initTable(String table) throws AccumuloSecurityException {
     zkPermissionHandler.initTable(table);
   }

   @Override
   public void cleanUser(String user) throws AccumuloSecurityException {
     zkPermissionHandler.cleanUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)));
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.accumulo.server.security.handler;

	import static java.nio.charset.StandardCharsets.UTF_8;

	import java.util.Base64;

	import org.apache.accumulo.core.client.AccumuloSecurityException;
	import org.apache.accumulo.core.client.NamespaceNotFoundException;
	import org.apache.accumulo.core.client.TableNotFoundException;
	import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
	import org.apache.accumulo.core.security.NamespacePermission;
	import org.apache.accumulo.core.security.SystemPermission;
	import org.apache.accumulo.core.security.TablePermission;
	import org.apache.accumulo.core.security.thrift.TCredentials;

	/**
	* Kerberos principals might contains identifiers that are not valid ZNodes ('/'). Base64-encodes the principals before interacting with ZooKeeper.
	*/
	public class KerberosPermissionHandler implements PermissionHandler {

	private final ZKPermHandler zkPermissionHandler;

	public KerberosPermissionHandler() {
	zkPermissionHandler = new ZKPermHandler();
	}

	@Override
	public void initialize(String instanceId, boolean initialize) {
	zkPermissionHandler.initialize(instanceId, initialize);
	}

	@Override
	public boolean validSecurityHandlers(Authenticator authent, Authorizor author) {
	return authent instanceof KerberosAuthenticator && author instanceof KerberosAuthorizor;
	}

	@Override
	public void initializeSecurity(TCredentials credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException {
	zkPermissionHandler.initializeSecurity(credentials, Base64.getEncoder().encodeToString(rootuser.getBytes(UTF_8)));
	}

	@Override
	public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
	return zkPermissionHandler.hasSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
	}

	@Override
	public boolean hasCachedSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
	return zkPermissionHandler.hasCachedSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
	}

	@Override
	public boolean hasTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
	return zkPermissionHandler.hasTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
	}

	@Override
	public boolean hasCachedTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
	return zkPermissionHandler.hasCachedTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
	}

	@Override
	public boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
	NamespaceNotFoundException {
	return zkPermissionHandler.hasNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
	}

	@Override
	public boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
	NamespaceNotFoundException {
	return zkPermissionHandler.hasCachedNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
	}

	@Override
	public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
	zkPermissionHandler.grantSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
	}

	@Override
	public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
	zkPermissionHandler.revokeSystemPermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), permission);
	}

	@Override
	public void grantTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
	zkPermissionHandler.grantTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
	}

	@Override
	public void revokeTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
	zkPermissionHandler.revokeTablePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
	}

	@Override
	public void grantNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
	NamespaceNotFoundException {
	zkPermissionHandler.grantNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
	}

	@Override
	public void revokeNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException,
	NamespaceNotFoundException {
	zkPermissionHandler.revokeNamespacePermission(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
	}

	@Override
	public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException {
	zkPermissionHandler.cleanTablePermissions(table);
	}

	@Override
	public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException, NamespaceNotFoundException {
	zkPermissionHandler.cleanNamespacePermissions(namespace);
	}

	@Override
	public void initUser(String user) throws AccumuloSecurityException {
	zkPermissionHandler.initUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)));
	}

	@Override
	public void initTable(String table) throws AccumuloSecurityException {
	zkPermissionHandler.initTable(table);
	}

	@Override
	public void cleanUser(String user) throws AccumuloSecurityException {
	zkPermissionHandler.cleanUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)));
	}

	}