hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java - hbase - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.hadoop.hbase.security.access;

 import java.util.Collection;
 import java.util.Map;

 import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.hbase.Cell;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;

 import com.google.common.base.Joiner;

 /**
  * Represents the result of an authorization check for logging and error
  * reporting.
  */
 @InterfaceAudience.Private
 public class AuthResult {
   private boolean allowed;
   private final String namespace;
   private final TableName table;
   private final Permission.Action action;
   private final String request;
   private String reason;
   private final User user;
   private AuthResult.Params params;

   // "family" and "qualifier" should only be used if "families" is null.
   private final byte[] family;
   private final byte[] qualifier;
   private final Map<byte[], ? extends Collection<?>> families;

   public AuthResult(boolean allowed, String request, String reason, User user,
       Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
     this.allowed = allowed;
     this.request = request;
     this.reason = reason;
     this.user = user;
     this.table = table;
     this.family = family;
     this.qualifier = qualifier;
     this.action = action;
     this.families = null;
     this.namespace = null;
     this.params = new Params().setTableName(table).setFamily(family).setQualifier(qualifier);
   }

   public AuthResult(boolean allowed, String request, String reason, User user,
         Permission.Action action, TableName table,
         Map<byte[], ? extends Collection<?>> families) {
     this.allowed = allowed;
     this.request = request;
     this.reason = reason;
     this.user = user;
     this.table = table;
     this.family = null;
     this.qualifier = null;
     this.action = action;
     this.families = families;
     this.namespace = null;
     this.params = new Params().setTableName(table).setFamilies(families);
   }

   public AuthResult(boolean allowed, String request, String reason, User user,
         Permission.Action action, String namespace) {
     this.allowed = allowed;
     this.request = request;
     this.reason = reason;
     this.user = user;
     this.namespace = namespace;
     this.action = action;
     this.table = null;
     this.family = null;
     this.qualifier = null;
     this.families = null;
     this.params = new Params().setNamespace(namespace);
   }

   public boolean isAllowed() {
     return allowed;
   }

   public User getUser() {
     return user;
   }

   public String getReason() {
     return reason;
   }

   public TableName getTableName() {
     return table;
   }

   public byte[] getFamily() {
     return family;
   }

   public byte[] getQualifier() {
     return qualifier;
   }

   public Permission.Action getAction() {
     return action;
   }

   public String getRequest() {
     return request;
   }

   public Params getParams() { return this.params;}

   public void setAllowed(boolean allowed) {
     this.allowed = allowed;
   }

   public void setReason(String reason) {
     this.reason = reason;
   }

   private static String toFamiliesString(Map<byte[], ? extends Collection<?>> families,
       byte[] family, byte[] qual) {
     StringBuilder sb = new StringBuilder();
     if (families != null) {
       boolean first = true;
       for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
         String familyName = Bytes.toString(entry.getKey());
         if (entry.getValue() != null && !entry.getValue().isEmpty()) {
           for (Object o : entry.getValue()) {
             String qualifier;
             if (o instanceof byte[]) {
               qualifier = Bytes.toString((byte[])o);
             } else if (o instanceof Cell) {
               Cell c = (Cell) o;
               qualifier = Bytes.toString(c.getQualifierArray(), c.getQualifierOffset(),
                   c.getQualifierLength());
             } else {
               // Shouldn't really reach this?
               qualifier = o.toString();
             }
             if (!first) {
               sb.append("|");
             }
             first = false;
             sb.append(familyName).append(":").append(qualifier);
           }
         } else {
           if (!first) {
             sb.append("|");
           }
           first = false;
           sb.append(familyName);
         }
       }
     } else if (family != null) {
       sb.append(Bytes.toString(family));
       if (qual != null) {
         sb.append(":").append(Bytes.toString(qual));
       }
     }
     return sb.toString();
   }

   public String toContextString() {
     StringBuilder sb = new StringBuilder();
     String familiesString = toFamiliesString(families, family, qualifier);
     sb.append("(user=")
         .append(user != null ? user.getName() : "UNKNOWN")
         .append(", ");
     sb.append("scope=")
         .append(namespace != null ? namespace :
             table == null ? "GLOBAL" : table.getNameWithNamespaceInclAsString())
         .append(", ");
     if(namespace == null && familiesString.length() > 0) {
       sb.append("family=")
         .append(familiesString)
         .append(", ");
     }
     String paramsString = params.toString();
     if(paramsString.length() > 0) {
       sb.append("params=[")
           .append(paramsString)
           .append("],");
     }
     sb.append("action=")
         .append(action != null ? action.toString() : "")
         .append(")");
     return sb.toString();
   }

   public String toString() {
     return "AuthResult" + toContextString();
   }

   public static AuthResult allow(String request, String reason, User user,
       Permission.Action action, String namespace) {
     return new AuthResult(true, request, reason, user, action, namespace);
   }

   public static AuthResult allow(String request, String reason, User user,
       Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
     return new AuthResult(true, request, reason, user, action, table, family, qualifier);
   }

   public static AuthResult allow(String request, String reason, User user,
       Permission.Action action, TableName table,
       Map<byte[], ? extends Collection<?>> families) {
     return new AuthResult(true, request, reason, user, action, table, families);
   }

   public static AuthResult deny(String request, String reason, User user,
       Permission.Action action, String namespace) {
     return new AuthResult(false, request, reason, user, action, namespace);
   }

   public static AuthResult deny(String request, String reason, User user,
       Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
     return new AuthResult(false, request, reason, user, action, table, family, qualifier);
   }

   public static AuthResult deny(String request, String reason, User user,
         Permission.Action action, TableName table,
         Map<byte[], ? extends Collection<?>> families) {
     return new AuthResult(false, request, reason, user, action, table, families);
   }

   public String toFamilyString() {
     return toFamiliesString(families, family, qualifier);
   }

   public static class Params {
     private String namespace = null;
     private TableName tableName = null;
     private Map<byte[], ? extends Collection<?>> families = null;
     byte[] family = null;
     byte[] qualifier = null;

     public Params setNamespace(String namespace) {
       this.namespace = namespace;
       return this;
     }

     public Params setTableName(TableName table) {
       this.tableName = table;
       return this;
     }

     public Params setFamilies(Map<byte[], ? extends Collection<?>> families) {
       this.families = families;
       return this;
     }

     public Params setFamily(byte[] family) {
       this.family = family;
       return this;
     }

     public Params setQualifier(byte[] qualifier) {
       this.qualifier = qualifier;
       return this;
     }

     public String toString() {
       String familiesString = toFamiliesString(families, family, qualifier);
       String[] params = new String[] {
           namespace != null ? "namespace=" + namespace : null,
           tableName != null ? "table=" + tableName.getNameWithNamespaceInclAsString() : null,
           familiesString.length() > 0 ? "family=" + familiesString : null
       };
       return Joiner.on(",").skipNulls().join(params);
     }

   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.hadoop.hbase.security.access;

	import java.util.Collection;
	import java.util.Map;

	import org.apache.hadoop.hbase.classification.InterfaceAudience;
	import org.apache.hadoop.hbase.Cell;
	import org.apache.hadoop.hbase.TableName;
	import org.apache.hadoop.hbase.security.User;
	import org.apache.hadoop.hbase.util.Bytes;

	import com.google.common.base.Joiner;

	/**
	* Represents the result of an authorization check for logging and error
	* reporting.
	*/
	@InterfaceAudience.Private
	public class AuthResult {
	private boolean allowed;
	private final String namespace;
	private final TableName table;
	private final Permission.Action action;
	private final String request;
	private String reason;
	private final User user;
	private AuthResult.Params params;

	// "family" and "qualifier" should only be used if "families" is null.
	private final byte[] family;
	private final byte[] qualifier;
	private final Map<byte[], ? extends Collection<?>> families;

	public AuthResult(boolean allowed, String request, String reason, User user,
	Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
	this.allowed = allowed;
	this.request = request;
	this.reason = reason;
	this.user = user;
	this.table = table;
	this.family = family;
	this.qualifier = qualifier;
	this.action = action;
	this.families = null;
	this.namespace = null;
	this.params = new Params().setTableName(table).setFamily(family).setQualifier(qualifier);
	}

	public AuthResult(boolean allowed, String request, String reason, User user,
	Permission.Action action, TableName table,
	Map<byte[], ? extends Collection<?>> families) {
	this.allowed = allowed;
	this.request = request;
	this.reason = reason;
	this.user = user;
	this.table = table;
	this.family = null;
	this.qualifier = null;
	this.action = action;
	this.families = families;
	this.namespace = null;
	this.params = new Params().setTableName(table).setFamilies(families);
	}

	public AuthResult(boolean allowed, String request, String reason, User user,
	Permission.Action action, String namespace) {
	this.allowed = allowed;
	this.request = request;
	this.reason = reason;
	this.user = user;
	this.namespace = namespace;
	this.action = action;
	this.table = null;
	this.family = null;
	this.qualifier = null;
	this.families = null;
	this.params = new Params().setNamespace(namespace);
	}

	public boolean isAllowed() {
	return allowed;
	}

	public User getUser() {
	return user;
	}

	public String getReason() {
	return reason;
	}

	public TableName getTableName() {
	return table;
	}

	public byte[] getFamily() {
	return family;
	}

	public byte[] getQualifier() {
	return qualifier;
	}

	public Permission.Action getAction() {
	return action;
	}

	public String getRequest() {
	return request;
	}

	public Params getParams() { return this.params;}

	public void setAllowed(boolean allowed) {
	this.allowed = allowed;
	}

	public void setReason(String reason) {
	this.reason = reason;
	}

	private static String toFamiliesString(Map<byte[], ? extends Collection<?>> families,
	byte[] family, byte[] qual) {
	StringBuilder sb = new StringBuilder();
	if (families != null) {
	boolean first = true;
	for (Map.Entry<byte[], ? extends Collection<?>> entry : families.entrySet()) {
	String familyName = Bytes.toString(entry.getKey());
	if (entry.getValue() != null && !entry.getValue().isEmpty()) {
	for (Object o : entry.getValue()) {
	String qualifier;
	if (o instanceof byte[]) {
	qualifier = Bytes.toString((byte[])o);
	} else if (o instanceof Cell) {
	Cell c = (Cell) o;
	qualifier = Bytes.toString(c.getQualifierArray(), c.getQualifierOffset(),
	c.getQualifierLength());
	} else {
	// Shouldn't really reach this?
	qualifier = o.toString();
	}
	if (!first) {
	sb.append("\|");
	}
	first = false;
	sb.append(familyName).append(":").append(qualifier);
	}
	} else {
	if (!first) {
	sb.append("\|");
	}
	first = false;
	sb.append(familyName);
	}
	}
	} else if (family != null) {
	sb.append(Bytes.toString(family));
	if (qual != null) {
	sb.append(":").append(Bytes.toString(qual));
	}
	}
	return sb.toString();
	}

	public String toContextString() {
	StringBuilder sb = new StringBuilder();
	String familiesString = toFamiliesString(families, family, qualifier);
	sb.append("(user=")
	.append(user != null ? user.getName() : "UNKNOWN")
	.append(", ");
	sb.append("scope=")
	.append(namespace != null ? namespace :
	table == null ? "GLOBAL" : table.getNameWithNamespaceInclAsString())
	.append(", ");
	if(namespace == null && familiesString.length() > 0) {
	sb.append("family=")
	.append(familiesString)
	.append(", ");
	}
	String paramsString = params.toString();
	if(paramsString.length() > 0) {
	sb.append("params=[")
	.append(paramsString)
	.append("],");
	}
	sb.append("action=")
	.append(action != null ? action.toString() : "")
	.append(")");
	return sb.toString();
	}

	public String toString() {
	return "AuthResult" + toContextString();
	}

	public static AuthResult allow(String request, String reason, User user,
	Permission.Action action, String namespace) {
	return new AuthResult(true, request, reason, user, action, namespace);
	}

	public static AuthResult allow(String request, String reason, User user,
	Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
	return new AuthResult(true, request, reason, user, action, table, family, qualifier);
	}

	public static AuthResult allow(String request, String reason, User user,
	Permission.Action action, TableName table,
	Map<byte[], ? extends Collection<?>> families) {
	return new AuthResult(true, request, reason, user, action, table, families);
	}

	public static AuthResult deny(String request, String reason, User user,
	Permission.Action action, String namespace) {
	return new AuthResult(false, request, reason, user, action, namespace);
	}

	public static AuthResult deny(String request, String reason, User user,
	Permission.Action action, TableName table, byte[] family, byte[] qualifier) {
	return new AuthResult(false, request, reason, user, action, table, family, qualifier);
	}

	public static AuthResult deny(String request, String reason, User user,
	Permission.Action action, TableName table,
	Map<byte[], ? extends Collection<?>> families) {
	return new AuthResult(false, request, reason, user, action, table, families);
	}

	public String toFamilyString() {
	return toFamiliesString(families, family, qualifier);
	}

	public static class Params {
	private String namespace = null;
	private TableName tableName = null;
	private Map<byte[], ? extends Collection<?>> families = null;
	byte[] family = null;
	byte[] qualifier = null;

	public Params setNamespace(String namespace) {
	this.namespace = namespace;
	return this;
	}

	public Params setTableName(TableName table) {
	this.tableName = table;
	return this;
	}

	public Params setFamilies(Map<byte[], ? extends Collection<?>> families) {
	this.families = families;
	return this;
	}

	public Params setFamily(byte[] family) {
	this.family = family;
	return this;
	}

	public Params setQualifier(byte[] qualifier) {
	this.qualifier = qualifier;
	return this;
	}

	public String toString() {
	String familiesString = toFamiliesString(families, family, qualifier);
	String[] params = new String[] {
	namespace != null ? "namespace=" + namespace : null,
	tableName != null ? "table=" + tableName.getNameWithNamespaceInclAsString() : null,
	familiesString.length() > 0 ? "family=" + familiesString : null
	};
	return Joiner.on(",").skipNulls().join(params);
	}

	}
	}