/** * @return this exception as a thrift exception */ public ThriftSecurityException asThriftException() { return new ThriftSecurityException(user, errorCode); }
/** * Inspects the {@link ThriftSecurityException} and throws a {@link ThriftTableOperationException} * if the {@link SecurityErrorCode} on the {@link ThriftSecurityException} was * {code}TABLE_DOESNT_EXIST{code}. If the {@link ThriftSecurityException} is thrown because a * table doesn't exist anymore, clients will likely see an {@link AccumuloSecurityException} * instead of a {@link TableNotFoundException} as expected. If the {@link ThriftSecurityException} * has a different {@link SecurityErrorCode}, this method does nothing and expects the caller to * properly handle the original exception. * * @param e * A caught ThriftSecurityException * @param tableId * Table ID being operated on, or null * @param tableName * Table name being operated on, or null * @param op * The TableOperation the Master was attempting to perform * @throws ThriftTableOperationException * Thrown if {@code e} was thrown because {@link SecurityErrorCode#TABLE_DOESNT_EXIST} */ private void throwIfTableMissingSecurityException(ThriftSecurityException e, Table.ID tableId, String tableName, TableOperation op) throws ThriftTableOperationException { // ACCUMULO-3135 Table can be deleted after we get table ID but before we can check permission if (e.isSetCode() && e.getCode() == SecurityErrorCode.TABLE_DOESNT_EXIST) { throw new ThriftTableOperationException(tableId.canonicalID(), tableName, op, TableOperationExceptionType.NOTFOUND, "Table no longer exists"); } }
protected void authenticate(TCredentials credentials) throws ThriftSecurityException { if (!credentials.getInstanceId().equals(context.getInstanceID())) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID); throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); log.debug("Provided credentials did not match server's expected" + " credentials. Expected {} but got {}", context.getCredentials(), creds); throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); _createUser(credentials, creds); } catch (ThriftSecurityException e) { if (e.getCode() != SecurityErrorCode.USER_EXISTS) { throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
@Override public synchronized void dropUser(String user) throws AccumuloSecurityException { final String encodedUser = Base64.getEncoder().encodeToString(user.getBytes(UTF_8)); try { zkAuthenticator.dropUser(encodedUser); } catch (AccumuloSecurityException e) { throw new AccumuloSecurityException(user, e.asThriftException().getCode(), e.getCause()); } }
if (!security.canPerformSystemActions(credentials)) { log.warn("Got {} message from user: {}", request, credentials.getPrincipal()); throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); log.warn("Got {} message from unauthenticatable user: {}", request, e.getUser()); if (context.getCredentials().getToken().getClass().getName() .equals(credentials.getTokenClassName())) {
switch (e.getCode()) { case TABLE_DOESNT_EXIST: throw new TableNotFoundException(tableId.canonicalID(), null, e.getMessage(), e); default: log.debug("flush security exception on table id {}", tableId);
@Override public Repo<Master> call(long tid, Master env) throws Exception { // give all table permissions to the creator SecurityOperation security = AuditedSecurityOperation.getInstance(env.getContext()); for (TablePermission permission : TablePermission.values()) { try { security.grantTablePermission(env.getContext().rpcCreds(), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(ImportSetupPermissions.class).error("{}", e.getMessage(), e); throw e; } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error return new ImportPopulateZookeeper(tableInfo); }
@Override public boolean equals(java.lang.Object that) { if (that == null) return false; if (that instanceof ThriftSecurityException) return this.equals((ThriftSecurityException)that); return false; }
@Override public int hashCode() { int hashCode = 1; hashCode = hashCode * 8191 + ((success) ? 131071 : 524287); hashCode = hashCode * 8191 + ((isSetEx()) ? 131071 : 524287); if (isSetEx()) hashCode = hashCode * 8191 + ex.hashCode(); return hashCode; }
throw new AccumuloSecurityException(base.getUser(), base.asThriftException().getCode(), base.getTableInfo(), excep); } else if (excep instanceof AccumuloServerException) {
@Override public int hashCode() { int hashCode = 1; hashCode = hashCode * 8191 + ((isSetUser()) ? 131071 : 524287); if (isSetUser()) hashCode = hashCode * 8191 + user.hashCode(); hashCode = hashCode * 8191 + ((isSetCode()) ? 131071 : 524287); if (isSetCode()) hashCode = hashCode * 8191 + code.getValue(); return hashCode; }
@Override public Repo<Master> call(long tid, Master env) throws Exception { // give all namespace permissions to the creator SecurityOperation security = AuditedSecurityOperation.getInstance(env.getContext()); for (NamespacePermission permission : NamespacePermission.values()) { try { security.grantNamespacePermission(env.getContext().rpcCreds(), namespaceInfo.user, namespaceInfo.namespaceId, permission); } catch (ThriftSecurityException e) { LoggerFactory.getLogger(SetupNamespacePermissions.class).error("{}", e.getMessage(), e); throw e; } } // setup permissions in zookeeper before table info in zookeeper // this way concurrent users will not get a spurious permission denied // error return new PopulateZookeeperWithNamespace(namespaceInfo); } }
public boolean equals(throwsError_result that) { if (that == null) return false; if (this == that) return true; boolean this_present_success = true; boolean that_present_success = true; if (this_present_success || that_present_success) { if (!(this_present_success && that_present_success)) return false; if (this.success != that.success) return false; } boolean this_present_ex = true && this.isSetEx(); boolean that_present_ex = true && that.isSetEx(); if (this_present_ex || that_present_ex) { if (!(this_present_ex && that_present_ex)) return false; if (!this.ex.equals(that.ex)) return false; } return true; }
@Override public int hashCode() { int hashCode = 1; hashCode = hashCode * 8191 + ((isSetSec()) ? 131071 : 524287); if (isSetSec()) hashCode = hashCode * 8191 + sec.hashCode(); hashCode = hashCode * 8191 + ((isSetTnase()) ? 131071 : 524287); if (isSetTnase()) hashCode = hashCode * 8191 + tnase.hashCode(); return hashCode; }
public ThriftSecurityException deepCopy() { return new ThriftSecurityException(this); }
context.getCredentials().getPrincipal(), tse.getCode(), Tables.getPrintableTableInfoFromId(context, tableId), tse); queueException(location, cmidToCm, ase);
/** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ public boolean isSet(_Fields field) { if (field == null) { throw new java.lang.IllegalArgumentException(); } switch (field) { case USER: return isSetUser(); case CODE: return isSetCode(); } throw new java.lang.IllegalStateException(); }