/** * See {@link #equals(ColumnVisibility)} */ @Override public boolean equals(Object obj) { if (obj instanceof ColumnVisibility) return equals((ColumnVisibility) obj); return false; }
/** * Evaluates the given column visibility against the authorizations provided to this evaluator. * A visibility passes evaluation if all authorizations in it are contained in those known to the evaluator, and * all AND and OR subexpressions have at least two children. * * @param visibility column visibility to evaluate * @return true if visibility passes evaluation * @throws VisibilityParseException if an AND or OR subexpression has less than two children, or a subexpression is of an unknown type */ public boolean evaluate(ColumnVisibility visibility) throws VisibilityParseException { // The VisibilityEvaluator computes a trie from the given Authorizations, that ColumnVisibility expressions can be evaluated against. return evaluate(visibility.getExpression(), visibility.getParseTree()); }
/** * Generates a byte[] that represents a normalized, but logically equivalent, form of this evaluator's expression. * * @return normalized expression in byte[] form */ public byte[] flatten() { Node normRoot = normalize(node, expression); StringBuilder builder = new StringBuilder(expression.length); stringify(normRoot, expression, builder); return builder.toString().getBytes(Constants.UTF8); }
public InMemoryProperty( String name, String key, Object value, FetchHints fetchHints, long timestamp, Visibility visibility ) { this.name = name; this.key = key; this.value = value; this.fetchHints = fetchHints; this.timestamp = timestamp; this.visibility = visibility; this.columnVisibility = new ColumnVisibility(visibility.getVisibilityString()); }
public static Node normalize(Node root, byte[] expression) { return normalize(root, expression, new NodeComparator(expression)); }
public static void stringify(Node root, byte[] expression, StringBuilder out) { if (root.type == NodeType.TERM) { out.append(new String(expression, root.start, root.end - root.start, Constants.UTF8)); } else { String sep = ""; for (Node c : root.children) { out.append(sep); boolean parens = (c.type != NodeType.TERM && root.type != c.type); if (parens) out.append("("); stringify(c, expression, out); if (parens) out.append(")"); sep = root.type == NodeType.AND ? "&" : "|"; } } }
/** * Properly quotes terms in a column visibility expression. If no quoting is needed, then nothing is done. * * * Examples of using quote : * * <pre> * import static org.apache.accumulo.core.security.ColumnVisibility.quote; * . * . * . * ColumnVisibility cv = new ColumnVisibility(quote("A#C") + "&" + quote("FOO")); * </pre> * * @param term term to quote * @return quoted term (unquoted if unnecessary) */ public static String quote(String term) { return new String(quote(term.getBytes(Constants.UTF8)), Constants.UTF8); }
public static boolean canRead(String visibility, String[] authorizations) { if (visibility == null) { throw new RuntimeException("visibility cannot be null"); } VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new Authorizations(authorizations)); ColumnVisibility columnVisibility = new ColumnVisibility(visibility); try { return visibilityEvaluator.evaluate(columnVisibility); } catch (VisibilityParseException ex) { throw new RuntimeException("could not evaluate visibility " + visibility, ex); } } }
public static Node normalize(Node root, byte[] expression) { return normalize(root, expression, new NodeComparator(expression)); }
public static void stringify(Node root, byte[] expression, StringBuilder out) { if (root.type == NodeType.TERM) { out.append(new String(expression, root.start, root.end - root.start, Constants.UTF8)); } else { String sep = ""; for (Node c : root.children) { out.append(sep); boolean parens = (c.type != NodeType.TERM && root.type != c.type); if (parens) out.append("("); stringify(c, expression, out); if (parens) out.append(")"); sep = root.type == NodeType.AND ? "&" : "|"; } } }
/** * Properly quotes terms in a column visibility expression. If no quoting is needed, then nothing is done. * * * Examples of using quote : * * <pre> * import static org.apache.accumulo.core.security.ColumnVisibility.quote; * . * . * . * ColumnVisibility cv = new ColumnVisibility(quote("A#C") + "&" + quote("FOO")); * </pre> * * @param term term to quote * @return quoted term (unquoted if unnecessary) */ public static String quote(String term) { return new String(quote(term.getBytes(Constants.UTF8)), Constants.UTF8); }
public static boolean canRead(String visibility, String[] authorizations) { if (visibility == null) { throw new RuntimeException("visibility cannot be null"); } VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new Authorizations(authorizations)); ColumnVisibility columnVisibility = new ColumnVisibility(visibility); try { return visibilityEvaluator.evaluate(columnVisibility); } catch (VisibilityParseException ex) { throw new RuntimeException("could not evaluate visibility " + visibility, ex); } } }
/** * Generates a byte[] that represents a normalized, but logically equivalent, form of this evaluator's expression. * * @return normalized expression in byte[] form */ public byte[] flatten() { Node normRoot = normalize(node, expression); StringBuilder builder = new StringBuilder(expression.length); stringify(normRoot, expression, builder); return builder.toString().getBytes(Constants.UTF8); }
/** * Evaluates the given column visibility against the authorizations provided to this evaluator. * A visibility passes evaluation if all authorizations in it are contained in those known to the evaluator, and * all AND and OR subexpressions have at least two children. * * @param visibility column visibility to evaluate * @return true if visibility passes evaluation * @throws VisibilityParseException if an AND or OR subexpression has less than two children, or a subexpression is of an unknown type */ public boolean evaluate(ColumnVisibility visibility) throws VisibilityParseException { // The VisibilityEvaluator computes a trie from the given Authorizations, that ColumnVisibility expressions can be evaluated against. return evaluate(visibility.getExpression(), visibility.getParseTree()); }
public static Node normalize(Node root, byte[] expression, NodeComparator comparator) { if (root.type != NodeType.TERM) { TreeSet<Node> rolledUp = new TreeSet<Node>(comparator); java.util.Iterator<Node> itr = root.children.iterator(); while (itr.hasNext()) { Node c = normalize(itr.next(), expression, comparator); if (c.type == root.type) { rolledUp.addAll(c.children); itr.remove(); } } rolledUp.addAll(root.children); root.children.clear(); root.children.addAll(rolledUp); // need to promote a child if it's an only child if (root.children.size() == 1) { return root.children.get(0); } } return root; }
/** * See {@link #equals(ColumnVisibility)} */ @Override public boolean equals(Object obj) { if (obj instanceof ColumnVisibility) return equals((ColumnVisibility) obj); return false; }
@Override protected boolean isIncluded(Row item) { try { return visibilityEvaluator.evaluate(new ColumnVisibility(item.visibility.getVisibilityString())); } catch (VisibilityParseException e) { throw new VertexiumException("Could not parse visibility: " + item.visibility); } }
public static Node normalize(Node root, byte[] expression, NodeComparator comparator) { if (root.type != NodeType.TERM) { TreeSet<Node> rolledUp = new TreeSet<Node>(comparator); java.util.Iterator<Node> itr = root.children.iterator(); while (itr.hasNext()) { Node c = normalize(itr.next(), expression, comparator); if (c.type == root.type) { rolledUp.addAll(c.children); itr.remove(); } } rolledUp.addAll(root.children); root.children.clear(); root.children.addAll(rolledUp); // need to promote a child if it's an only child if (root.children.size() == 1) { return root.children.get(0); } } return root; }
public static boolean canRead(String visibility, String[] authorizations) { VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new Authorizations(authorizations)); ColumnVisibility columnVisibility = new ColumnVisibility(visibility); try { return visibilityEvaluator.evaluate(columnVisibility); } catch (VisibilityParseException ex) { throw new RuntimeException("could not evaluate visibility " + visibility, ex); } } }
@Override public boolean canRead(Visibility visibility) { Preconditions.checkNotNull(visibility, "visibility is required"); // this is just a shortcut so that we don't need to construct evaluators and visibility objects to check for an empty string. if (visibility.getVisibilityString().length() == 0) { return true; } VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new Authorizations(this.getAuthorizations())); ColumnVisibility columnVisibility = new ColumnVisibility(visibility.getVisibilityString()); try { return visibilityEvaluator.evaluate(columnVisibility); } catch (VisibilityParseException e) { throw new VertexiumException("could not evaluate visibility " + visibility.getVisibilityString(), e); } }