1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security;
19
20 import org.apache.hadoop.conf.Configuration;
21 import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.AdminService;
22 import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.ClientService;
23 import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
24 import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.RegionServerStatusService;
25 import org.apache.hadoop.security.authorize.PolicyProvider;
26 import org.apache.hadoop.security.authorize.ProxyUsers;
27 import org.apache.hadoop.security.authorize.Service;
28 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
29
30
31
32
33
34 public class HBasePolicyProvider extends PolicyProvider {
35 protected final static Service[] services = {
36 new Service("security.client.protocol.acl", ClientService.BlockingInterface.class),
37 new Service("security.client.protocol.acl", AdminService.BlockingInterface.class),
38 new Service("security.admin.protocol.acl", MasterService.BlockingInterface.class),
39 new Service("security.masterregion.protocol.acl", RegionServerStatusService.BlockingInterface.class)
40 };
41
42 @Override
43 public Service[] getServices() {
44 return services;
45 }
46
47 public static void init(Configuration conf, ServiceAuthorizationManager authManager) {
48
49 System.setProperty("hadoop.policy.file", "hbase-policy.xml");
50 if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
51 authManager.refresh(conf, new HBasePolicyProvider());
52 ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
53 }
54 }
55 }