@Override public void refreshAuthManager(PolicyProvider pp) { // Ignore warnings that this should be accessed in a static way instead of via an instance; // it'll break if you go via static route. synchronized (authManager) { authManager.refresh(this.conf, pp); } }
/** {@inheritDoc} */ @Override public AccessControlList getQueueAdmins(String queueName) throws IOException { return new AccessControlList("*"); }
/** * Construct a new ACL from String representation of users and groups * * The arguments are comma separated lists * * @param users comma separated list of users * @param groups comma separated list of groups */ public AccessControlList(String users, String groups) { buildACL(new String[] {users, groups}); }
/** * Authorize the superuser which is doing doAs * * @param user ugi of the effective or proxy user which contains a real user * @param remoteAddress the ip address of client * @throws AuthorizationException */ public static void authorize(UserGroupInformation user, String remoteAddress) throws AuthorizationException { if (sip==null) { // In a race situation, It is possible for multiple threads to satisfy this condition. // The last assignment will prevail. refreshSuperUserGroupsConfiguration(); } sip.authorize(user, remoteAddress); }
public static void init(Configuration conf, ServiceAuthorizationManager authManager) { // set service-level authorization security policy System.setProperty("hadoop.policy.file", "hbase-policy.xml"); if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) { authManager.refresh(conf, new HBasePolicyProvider()); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); } } }
/** * Refreshes configuration using the default Proxy user prefix for properties. * @param conf configuration */ public static void refreshSuperUserGroupsConfiguration(Configuration conf) { refreshSuperUserGroupsConfiguration(conf, CONF_HADOOP_PROXYUSER); }
/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
/** * Refreshes configuration using the specified Proxy user prefix for * properties. * * @param conf configuration * @param proxyUserPrefix proxy user configuration prefix */ public static void refreshSuperUserGroupsConfiguration(Configuration conf, String proxyUserPrefix) { Preconditions.checkArgument(proxyUserPrefix != null && !proxyUserPrefix.isEmpty(), "prefix cannot be NULL or empty"); // sip is volatile. Any assignment to it as well as the object's state // will be visible to all the other threads. ImpersonationProvider ip = getInstance(conf); ip.init(proxyUserPrefix); sip = ip; ProxyServers.refresh(conf); }
@Override public Service[] getServices() { return new Service [] { new Service("security.client.protocol.acl", AuthenticationProtos.AuthenticationService.BlockingInterface.class)}; } });
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller, RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; } }
public boolean isUserAllowed(UserGroupInformation ugi) { return isUserInList(ugi); }
/** * Returns comma-separated concatenated single String of the set 'users' * * @return comma separated list of users */ private String getUsersString() { return getString(users); }
public static boolean isProxyServer(String remoteAddr) { if (proxyServers == null) { refresh(); } return proxyServers.contains(remoteAddr); } }
/** * Refresh the service authorization ACL for the service handled by this server * using the specified Configuration. */ @Private public void refreshServiceAclWithLoadedConfiguration(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refreshWithLoadedConfiguration(conf, provider); } /**
@Override public void printStackTrace() { printStackTrace(System.err); }
@Override public Writable newInstance() { return new AccessControlList(); } });
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
/** * Construct a new ACL from a String representation of the same. * * The String is a a comma separated list of users and groups. * The user list comes first and is separated by a space followed * by the group list. For e.g. "user1,user2 group1,group2" * * @param aclString String representation of the ACL */ public AccessControlList(String aclString) { buildACL(aclString.split(" ", 2)); }
/** * Returns comma-separated concatenated single String of the set 'groups' * * @return comma separated list of groups */ private String getGroupsString() { return getString(groups); }
public Builder setAdmins(String admins) { if (admins != null) { setContextAttribute(ADMINS_ACL, new AccessControlList(admins)); } return this; }