1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.visibility;
19
20 import java.util.ArrayList;
21 import java.util.List;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.hadoop.classification.InterfaceAudience;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.security.User;
28
29
30
31
32
33
34 @InterfaceAudience.Private
35 public class DefaultScanLabelGenerator implements ScanLabelGenerator {
36
37 private static final Log LOG = LogFactory.getLog(DefaultScanLabelGenerator.class);
38
39 private Configuration conf;
40
41 private VisibilityLabelsManager labelsManager;
42
43 public DefaultScanLabelGenerator() {
44 this.labelsManager = VisibilityLabelsManager.get();
45 }
46
47 @Override
48 public void setConf(Configuration conf) {
49 this.conf = conf;
50 }
51
52 @Override
53 public Configuration getConf() {
54 return this.conf;
55 }
56
57 @Override
58 public List<String> getLabels(User user, Authorizations authorizations) {
59 if (authorizations != null) {
60 List<String> labels = authorizations.getLabels();
61 String userName = user.getShortName();
62 List<String> auths = this.labelsManager.getAuths(userName);
63 return dropLabelsNotInUserAuths(labels, auths, userName);
64 }
65 return null;
66 }
67
68 private List<String> dropLabelsNotInUserAuths(List<String> labels, List<String> auths,
69 String userName) {
70 List<String> droppedLabels = new ArrayList<String>();
71 List<String> passedLabels = new ArrayList<String>(labels.size());
72 for (String label : labels) {
73 if (auths.contains(label)) {
74 passedLabels.add(label);
75 } else {
76 droppedLabels.add(label);
77 }
78 }
79 if (!droppedLabels.isEmpty()) {
80 StringBuilder sb = new StringBuilder();
81 sb.append("Dropping invalid authorizations requested by user ");
82 sb.append(userName);
83 sb.append(": [ ");
84 for (String label: droppedLabels) {
85 sb.append(label);
86 sb.append(' ');
87 }
88 sb.append(']');
89 LOG.warn(sb.toString());
90 }
91 return passedLabels;
92 }
93 }