protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
private boolean isSystemOrSuperUser() throws IOException { return Superusers.isSuperUser(VisibilityUtils.getActiveUser()); }
@Override public RegionScanner postScannerOpen(final ObserverContext<RegionCoprocessorEnvironment> c, final Scan scan, final RegionScanner s) throws IOException { User user = VisibilityUtils.getActiveUser(); if (user != null && user.getShortName() != null) { scannerOwners.put(s, user.getShortName()); } return s; }
private static void checkAuths(Set<Integer> auths, int labelOrdinal, String identifier, boolean checkAuths) throws IOException { if (checkAuths) { if (auths == null || (!auths.contains(labelOrdinal))) { throw new AccessDeniedException("Visibility label " + identifier + " not authorized for the user " + VisibilityUtils.getActiveUser().getShortName()); } } } }
private void logResult(boolean isAllowed, String request, String reason, byte[] user, List<byte[]> labelAuths, String regex) { if (AUDITLOG.isTraceEnabled()) { // This is more duplicated code! List<String> labelAuthsStr = new ArrayList<>(); if (labelAuths != null) { int labelAuthsSize = labelAuths.size(); labelAuthsStr = new ArrayList<>(labelAuthsSize); for (int i = 0; i < labelAuthsSize; i++) { labelAuthsStr.add(Bytes.toString(labelAuths.get(i))); } } User requestingUser = null; try { requestingUser = VisibilityUtils.getActiveUser(); } catch (IOException e) { LOG.warn("Failed to get active system user."); LOG.debug("Details on failure to get active system user.", e); } AUDITLOG.trace("Access " + (isAllowed ? "allowed" : "denied") + " for user " + (requestingUser != null ? requestingUser.getShortName() : "UNKNOWN") + "; reason: " + reason + "; remote address: " + RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("") + "; request: " + request + "; user: " + (user != null ? Bytes.toShort(user) : "null") + "; labels: " + labelAuthsStr + "; regex: " + regex); } }
@Override public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException { Set<Integer> auths = new HashSet<>(); if (checkAuths) { User user = VisibilityUtils.getActiveUser(); auths.addAll(this.labelsCache.getUserAuthsAsOrdinals(user.getShortName())); auths.addAll(this.labelsCache.getGroupAuthsAsOrdinals(user.getGroupNames())); } return VisibilityUtils.createVisibilityExpTags(visExpression, withSerializationFormat, checkAuths, auths, labelsCache); }
private void checkCallingUserAuth() throws IOException { if (!authorizationEnabled) { // Redundant, but just in case return; } if (!accessControllerAvailable) { User user = VisibilityUtils.getActiveUser(); if (user == null) { throw new IOException("Unable to retrieve calling user"); } if (!(this.visibilityLabelService.havingSystemAuth(user))) { throw new AccessDeniedException("User '" + user.getShortName() + "' is not authorized to perform this action."); } } }
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
try { authLabels = scanLabelGenerator.getLabels(VisibilityUtils.getActiveUser(), authorizations); authLabels = (authLabels == null) ? new ArrayList<>() : authLabels; authorizations = new Authorizations(authLabels);
try { authLabels = scanLabelGenerator.getLabels(VisibilityUtils.getActiveUser(), authorizations); authLabels = (authLabels == null) ? new ArrayList<>() : authLabels; authorizations = new Authorizations(authLabels);
User user = VisibilityUtils.getActiveUser(); throw new AccessDeniedException("User '" + (user != null ? user.getShortName() : "null") + " is not authorized to perform this action.");
User requestingUser = VisibilityUtils.getActiveUser(); throw new AccessDeniedException("User '" + (requestingUser != null ? requestingUser.getShortName() : "null")
User requestingUser = VisibilityUtils.getActiveUser(); throw new AccessDeniedException("User '" + (requestingUser != null ? requestingUser.getShortName() : "null")
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
private boolean isSystemOrSuperUser() throws IOException { return Superusers.isSuperUser(VisibilityUtils.getActiveUser()); }
private static void checkAuths(Set<Integer> auths, int labelOrdinal, String identifier, boolean checkAuths) throws IOException { if (checkAuths) { if (auths == null || (!auths.contains(labelOrdinal))) { throw new AccessDeniedException("Visibility label " + identifier + " not authorized for the user " + VisibilityUtils.getActiveUser().getShortName()); } } } }
@Override public RegionScanner postScannerOpen(final ObserverContext<RegionCoprocessorEnvironment> c, final Scan scan, final RegionScanner s) throws IOException { User user = VisibilityUtils.getActiveUser(); if (user != null && user.getShortName() != null) { scannerOwners.put(s, user.getShortName()); } return s; }
@Override public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException { Set<Integer> auths = new HashSet<Integer>(); if (checkAuths) { User user = VisibilityUtils.getActiveUser(); auths.addAll(this.labelsCache.getUserAuthsAsOrdinals(user.getShortName())); auths.addAll(this.labelsCache.getGroupAuthsAsOrdinals(user.getGroupNames())); } return VisibilityUtils.createVisibilityExpTags(visExpression, withSerializationFormat, checkAuths, auths, labelsCache); }
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
private void checkCallingUserAuth() throws IOException { if (!authorizationEnabled) { // Redundant, but just in case return; } if (!accessControllerAvailable) { User user = VisibilityUtils.getActiveUser(); if (user == null) { throw new IOException("Unable to retrieve calling user"); } boolean havingSystemAuth = false; try { this.visibilityLabelService.getClass().getDeclaredMethod("havingSystemAuth", new Class[] { User.class }); havingSystemAuth = this.visibilityLabelService.havingSystemAuth(user); } catch (SecurityException e) { // Just consider this as AccessDeniedException } catch (NoSuchMethodException e) { // VLS not having havingSystemAuth(User) method. Go with deprecated havingSystemAuth(byte[]) // method invoke havingSystemAuth = this.visibilityLabelService.havingSystemAuth(Bytes.toBytes(user .getShortName())); } if (!havingSystemAuth) { throw new AccessDeniedException("User '" + user.getShortName() + "' is not authorized to perform this action."); } } }