/** * @return this exception as a thrift exception */ public ThriftSecurityException asThriftException() { return new ThriftSecurityException(user, errorCode); }
protected void principalMismatch(String expected, String actual) throws ThriftSecurityException { final String msg = "Principal in credentials object should match kerberos principal. Expected '" + expected + "' but was '" + actual + "'"; log.warn(msg); throw new ThriftSecurityException(msg, SecurityErrorCode.BAD_CREDENTIALS); }
/** * Performs a deep copy on <i>other</i>. */ public throwsError_result(throwsError_result other) { __isset_bitfield = other.__isset_bitfield; this.success = other.success; if (other.isSetEx()) { this.ex = new ThriftSecurityException(other.ex); } }
private void targetUserExists(String user) throws ThriftSecurityException { if (user.equals(getRootUsername())) return; if (!authenticator.userExists(user)) throw new ThriftSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); }
protected void authenticate(TCredentials credentials) throws ThriftSecurityException { // this is a bit redundant, the credentials of the caller (the first arg) will throw an // exception if it fails to authenticate // before the second arg is checked (which would return true or false) if (!master.security.authenticateUser(credentials, credentials)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); }
private Namespace.ID getNamespaceId(TCredentials credentials, Table.ID tableId) throws ThriftSecurityException { try { return Tables.getNamespaceId(context, tableId); } catch (TableNotFoundException e1) { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST); } }
public boolean canAskAboutUser(TCredentials credentials, String user) throws ThriftSecurityException { // Authentication done in canPerformSystemActions if (!(canPerformSystemActions(credentials) || credentials.getPrincipal().equals(user))) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return true; }
/** * Performs a deep copy on <i>other</i>. */ public shutdownTabletServer_result(shutdownTabletServer_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
/** * Performs a deep copy on <i>other</i>. */ public finishFateOperation_result(finishFateOperation_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
/** * Performs a deep copy on <i>other</i>. */ public getStatus_result(getStatus_result other) { if (other.isSetSuccess()) { this.success = new GCStatus(other.success); } if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } }
/** * Performs a deep copy on <i>other</i>. */ public setSystemProperty_result(setSystemProperty_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException { if (!canAskAboutOtherUsers(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return _hasSystemPermission(user, permissionById, false); }
/** * Performs a deep copy on <i>other</i>. */ public shutdown_result(shutdown_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
public boolean canDropUser(TCredentials c, String user) throws ThriftSecurityException { authenticate(c); if (user.equals(getRootUsername())) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return hasSystemPermission(c, SystemPermission.DROP_USER, false); }
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException { authenticate(c); // can't modify root user if (user.equals(getRootUsername())) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return hasSystemPermission(c, SystemPermission.GRANT, false); }
public boolean hasTablePermission(TCredentials credentials, String user, Table.ID tableId, TablePermission permissionById) throws ThriftSecurityException { if (!canAskAboutOtherUsers(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return _hasTablePermission(user, tableId, permissionById, false); }
/** * Performs a deep copy on <i>other</i>. */ public setMasterGoalState_result(setMasterGoalState_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
public boolean hasNamespacePermission(TCredentials credentials, String user, Namespace.ID namespace, NamespacePermission permissionById) throws ThriftSecurityException { if (!canAskAboutOtherUsers(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return _hasNamespacePermission(user, namespace, permissionById, false); }
/** * Performs a deep copy on <i>other</i>. */ public removeSystemProperty_result(removeSystemProperty_result other) { if (other.isSetSec()) { this.sec = new org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException(other.sec); } if (other.isSetTnase()) { this.tnase = new org.apache.accumulo.core.clientImpl.thrift.ThriftNotActiveServiceException(other.tnase); } }
public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException { authenticate(credentials); targetUserExists(user); if (!credentials.getPrincipal().equals(user) && !hasSystemPermission(credentials, SystemPermission.SYSTEM, false) && !hasSystemPermission(credentials, SystemPermission.ALTER_USER, false)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); return authorizor.getCachedUserAuthorizations(user); }