Java源码示例:org.apache.accumulo.core.security.TablePermission
示例1
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createUser(user, pwd.getBytes(), auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
conf = new AccumuloRdfConfiguration();
ryaDAO = new AccumuloRyaDAO();
ryaDAO.setConnector(connector);
conf.setTablePrefix(tablePrefix);
ryaDAO.setConf(conf);
ryaDAO.init();
}
示例2
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createUser(user, pwd.getBytes(), auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
conf = new AccumuloRdfConfiguration();
ryaDAO = new AccumuloRyaDAO();
ryaDAO.setConnector(connector);
conf.setTablePrefix(tablePrefix);
ryaDAO.setConf(conf);
ryaDAO.init();
}
示例3
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, new PasswordToken(pwd.getBytes(StandardCharsets.UTF_8)));
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
final SecurityOperations secOps = connector.securityOperations();
secOps.createLocalUser(user, new PasswordToken(pwd.getBytes(StandardCharsets.UTF_8)));
secOps.changeUserAuthorizations(user, auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
conf = new AccumuloRdfConfiguration();
ryaDAO = new AccumuloRyaDAO();
ryaDAO.setConnector(connector);
conf.setTablePrefix(tablePrefix);
ryaDAO.setConf(conf);
ryaDAO.init();
}
示例4
@Before
public void setUp() throws Exception {
connector = new MockInstance(instance).getConnector(user, new PasswordToken(pwd));
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createLocalUser(user, new PasswordToken(pwd));
secOps.changeUserAuthorizations(user, auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX, TablePermission.WRITE);
}
示例5
@Before
public void setUp() throws Exception {
connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createUser(user, pwd.getBytes(), auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_EVAL_SUFFIX, TablePermission.WRITE);
dao = new AccumuloRyaDAO();
dao.setConnector(connector);
conf.setTablePrefix(tablePrefix);
dao.setConf(conf);
dao.init();
}
示例6
/**
* Creates the child table if it doesn't already exist.
* @param childTableName the name of the child table.
* @throws IOException
*/
public void createTableIfNeeded(final String childTableName) throws IOException {
try {
final Configuration childConfig = MergeToolMapper.getChildConfig(conf);
final AccumuloRdfConfiguration childAccumuloRdfConfiguration = new AccumuloRdfConfiguration(childConfig);
childAccumuloRdfConfiguration.setTablePrefix(childTablePrefix);
final Connector childConnector = AccumuloRyaUtils.setupConnector(childAccumuloRdfConfiguration);
if (!childConnector.tableOperations().exists(childTableName)) {
log.info("Creating table: " + childTableName);
childConnector.tableOperations().create(childTableName);
log.info("Created table: " + childTableName);
log.info("Granting authorizations to table: " + childTableName);
childConnector.securityOperations().grantTablePermission(childUserName, childTableName, TablePermission.WRITE);
log.info("Granted authorizations to table: " + childTableName);
}
} catch (TableExistsException | AccumuloException | AccumuloSecurityException e) {
throw new IOException(e);
}
}
示例7
/**
* Check whether a configuration is fully configured to be used with an Accumulo {@link org.apache.hadoop.mapreduce.InputFormat}.
*
* @param conf
* the Hadoop configuration object
* @throws IOException
* if the configuration is improperly configured
*/
protected static void validateOptions(Configuration conf) throws IOException {
if (!conf.getBoolean(INPUT_INFO_HAS_BEEN_SET, false))
throw new IOException("Input info has not been set.");
if (!conf.getBoolean(INSTANCE_HAS_BEEN_SET, false))
throw new IOException("Instance info has not been set.");
/*
* if (conf.get(RACKSTRATEGY) == null) { throw new IOException("Rack strategy must be set."); }
*/
// validate that we can connect as configured
try {
Connector c = getInstance(conf).getConnector(getUsername(conf), new PasswordToken(getPassword(conf)));
if (!c.securityOperations().authenticateUser(getUsername(conf), new PasswordToken(getPassword(conf))))
throw new IOException("Unable to authenticate user");
if (!c.securityOperations().hasTablePermission(getUsername(conf), getTablename(conf), TablePermission.READ))
throw new IOException("Unable to access table");
if (!usesLocalIterators(conf)) {
// validate that any scan-time iterators can be loaded by the the tablet servers
for (AccumuloIterator iter : getIterators(conf)) {
if (!c.tableOperations().testClassLoad(getTablename(conf), iter.getIteratorClass(), SortedKeyValueIterator.class.getName())
&& !c.instanceOperations().testClassLoad(iter.getIteratorClass(), SortedKeyValueIterator.class.getName()))
throw new AccumuloException("Servers are unable to load " + iter.getIteratorClass() + " as a " + SortedKeyValueIterator.class.getName());
}
}
} catch (AccumuloException | AccumuloSecurityException | TableNotFoundException e) {
throw new IOException(e);
}
}
示例8
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, new PasswordToken(pwd.getBytes()));
connector.tableOperations().create(table);
SecurityOperations secOps = connector.securityOperations();
secOps.createLocalUser(user, new PasswordToken(pwd.getBytes()));
secOps.grantTablePermission(user, table, TablePermission.READ);
secOps.grantTablePermission(user, table, TablePermission.WRITE);
}
示例9
private void setupTestUsers(final Connector accumuloConn, final String ryaInstanceName, final String pcjId) throws AccumuloException, AccumuloSecurityException {
final PasswordToken pass = new PasswordToken("password");
final SecurityOperations secOps = accumuloConn.securityOperations();
// We need the table name so that we can update security for the users.
final String pcjTableName = new PcjTableNameFactory().makeTableName(ryaInstanceName, pcjId);
// Give the 'roor' user authorizations to see everything.
secOps.changeUserAuthorizations("root", new Authorizations("A", "B", "C", "D", "E"));
// Create a user that can see things with A and B.
secOps.createLocalUser("abUser", pass);
secOps.changeUserAuthorizations("abUser", new Authorizations("A", "B"));
secOps.grantTablePermission("abUser", pcjTableName, TablePermission.READ);
// Create a user that can see things with A, B, and C.
secOps.createLocalUser("abcUser", pass);
secOps.changeUserAuthorizations("abcUser", new Authorizations("A", "B", "C"));
secOps.grantTablePermission("abcUser", pcjTableName, TablePermission.READ);
// Create a user that can see things with A, D, and E.
secOps.createLocalUser("adeUser", pass);
secOps.changeUserAuthorizations("adeUser", new Authorizations("A", "D", "E"));
secOps.grantTablePermission("adeUser", pcjTableName, TablePermission.READ);
// Create a user that can't see anything.
secOps.createLocalUser("noAuth", pass);
secOps.changeUserAuthorizations("noAuth", new Authorizations());
secOps.grantTablePermission("noAuth", pcjTableName, TablePermission.READ);
}
示例10
/**
* Creates the temp child table if it doesn't already exist in the parent.
* @param childTableName the name of the child table.
* @throws IOException
*/
public void createTempTableIfNeeded(final String childTableName) throws IOException {
try {
final AccumuloRdfConfiguration accumuloRdfConfiguration = new AccumuloRdfConfiguration(conf);
accumuloRdfConfiguration.setTablePrefix(childTablePrefix);
final Connector connector = AccumuloRyaUtils.setupConnector(accumuloRdfConfiguration);
if (!connector.tableOperations().exists(childTableName)) {
log.info("Creating table: " + childTableName);
connector.tableOperations().create(childTableName);
log.info("Created table: " + childTableName);
log.info("Granting authorizations to table: " + childTableName);
final SecurityOperations secOps = connector.securityOperations();
secOps.grantTablePermission(userName, childTableName, TablePermission.WRITE);
log.info("Granted authorizations to table: " + childTableName);
final Authorizations parentAuths = secOps.getUserAuthorizations(userName);
// Add child authorizations so the temp parent table can be accessed.
if (!parentAuths.equals(childAuthorizations)) {
final List<String> childAuthList = findUniqueAuthsFromChild(parentAuths.toString(), childAuthorizations.toString());
tempChildAuths = Joiner.on(",").join(childAuthList);
log.info("Adding the authorization, \"" + tempChildAuths + "\", to the parent user, \"" + userName + "\"");
final Authorizations newAuths = AccumuloRyaUtils.addUserAuths(userName, secOps, new Authorizations(tempChildAuths));
secOps.changeUserAuthorizations(userName, newAuths);
}
}
} catch (TableExistsException | AccumuloException | AccumuloSecurityException e) {
throw new IOException(e);
}
}
示例11
private void createTableIfNeeded() throws IOException {
try {
if (!childConnector.tableOperations().exists(childTableName)) {
log.info("Creating table: " + childTableName);
childConnector.tableOperations().create(childTableName);
log.info("Created table: " + childTableName);
log.info("Granting authorizations to table: " + childTableName);
childConnector.securityOperations().grantTablePermission(childUser, childTableName, TablePermission.WRITE);
log.info("Granted authorizations to table: " + childTableName);
}
} catch (TableExistsException | AccumuloException | AccumuloSecurityException e) {
throw new IOException(e);
}
}
示例12
private void createTableIfNeeded() throws MergerException {
try {
if (!doesMetadataTableExist()) {
log.debug("Creating table: " + mergeParentMetadataTableName);
connector.tableOperations().create(mergeParentMetadataTableName);
log.debug("Created table: " + mergeParentMetadataTableName);
log.debug("Granting authorizations to table: " + mergeParentMetadataTableName);
final String username = accumuloRyaDao.getConf().get(MRUtils.AC_USERNAME_PROP);
connector.securityOperations().grantTablePermission(username, mergeParentMetadataTableName, TablePermission.WRITE);
log.debug("Granted authorizations to table: " + mergeParentMetadataTableName);
}
} catch (final TableExistsException | AccumuloException | AccumuloSecurityException e) {
throw new MergerException("Could not create a new MergeParentMetadata table named: " + mergeParentMetadataTableName, e);
}
}
示例13
/**
* Grants the following Table Permissions for an Accumulo user to an Accumulo table.
* <ul>
* <li>ALTER_TABLE</li>
* <li>BULK_IMPORT</li>
* <li>DROP_TABLE</li>
* <li>GRANT</li>
* <li>READ</li>
* <li>WRITE</li>
* </ul>
*
* @param user - The user who will be granted the permissions. (not null)
* @param table - The Accumulo table the permissions are granted to. (not null)
* @param conn - The connector that is used to access the Accumulo instance
* that hosts the the {@code user} and {@code table}. (not null)
* @throws AccumuloSecurityException If a general error occurs.
* @throws AccumuloException If the user does not have permission to grant a user permissions.
*/
public void grantAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
requireNonNull(user);
requireNonNull(table);
requireNonNull(conn);
final SecurityOperations secOps = conn.securityOperations();
secOps.grantTablePermission(user, table, TablePermission.ALTER_TABLE);
secOps.grantTablePermission(user, table, TablePermission.BULK_IMPORT);
secOps.grantTablePermission(user, table, TablePermission.DROP_TABLE);
secOps.grantTablePermission(user, table, TablePermission.GRANT);
secOps.grantTablePermission(user, table, TablePermission.READ);
secOps.grantTablePermission(user, table, TablePermission.WRITE);
}
示例14
/**
* Revokes the following Table Permissions for an Accumulo user from an Accumulo table.
* <ul>
* <li>ALTER_TABLE</li>
* <li>BULK_IMPORT</li>
* <li>DROP_TABLE</li>
* <li>GRANT</li>
* <li>READ</li>
* <li>WRITE</li>
* </ul>
*
* @param user - The user whose permissions will be revoked. (not null)
* @param table - The Accumulo table the permissions are revoked from. (not null)
* @param conn - The connector that is used to access the Accumulo instance
* that hosts the the {@code user} and {@code table}. (not null)
* @throws AccumuloException If a general error occurs.
* @throws AccumuloSecurityException If the user does not have permission to revoke a user's permissions.
*/
public void revokeAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
requireNonNull(user);
requireNonNull(table);
requireNonNull(conn);
final SecurityOperations secOps = conn.securityOperations();
secOps.revokeTablePermission(user, table, TablePermission.ALTER_TABLE);
secOps.revokeTablePermission(user, table, TablePermission.BULK_IMPORT);
secOps.revokeTablePermission(user, table, TablePermission.DROP_TABLE);
secOps.revokeTablePermission(user, table, TablePermission.GRANT);
secOps.revokeTablePermission(user, table, TablePermission.READ);
secOps.revokeTablePermission(user, table, TablePermission.WRITE);
}
