public class BlobStoreAclHandler extends Object
Provides common handling of acls for Blobstores. Also contains some static utility functions related to Blobstores.
| Modifier and Type | Field and Description |
|---|---|
static int |
ADMIN |
static List<AccessControl> |
DEFAULT |
static org.slf4j.Logger |
LOG |
static int |
READ |
static List<AccessControl> |
WORLD_EVERYTHING |
static int |
WRITE |
| Constructor and Description |
|---|
BlobStoreAclHandler(Map<String,Object> conf) |
| Modifier and Type | Method and Description |
|---|---|
static String |
accessControlToString(AccessControl ac) |
boolean |
checkForValidUsers(Subject who,
int mask) |
void |
hasAnyPermissions(List<AccessControl> acl,
int mask,
Subject who,
String key)
Validates if the user has any of the permissions mentioned in the mask.
|
void |
hasPermissions(List<AccessControl> acl,
int mask,
Subject who,
String key)
Validates if the user has at least the set of permissions mentioned in the mask.
|
void |
normalizeSettableBlobMeta(String key,
SettableBlobMeta meta,
Subject who,
int opMask) |
static AccessControl |
parseAccessControl(String str) |
static void |
validateSettableACLs(String key,
List<AccessControl> acls) |
void |
validateUserCanReadMeta(List<AccessControl> acl,
Subject who,
String key)
The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
|
public static final org.slf4j.Logger LOG
public static final int READ
public static final int WRITE
public static final int ADMIN
public static final List<AccessControl> WORLD_EVERYTHING
public static final List<AccessControl> DEFAULT
public static AccessControl parseAccessControl(String str)
public static String accessControlToString(AccessControl ac)
public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException
AuthorizationExceptionpublic boolean checkForValidUsers(Subject who, int mask)
public void validateUserCanReadMeta(List<AccessControl> acl, Subject who, String key) throws AuthorizationException
The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
AuthorizationExceptionpublic void hasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has any of the permissions mentioned in the mask.
acl - ACL for the key.mask - mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who - Is the user against whom the permissions are validated for a key using the ACL and the mask.key - Key used to identify the blob.AuthorizationExceptionpublic void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has at least the set of permissions mentioned in the mask.
acl - ACL for the key.mask - mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who - Is the user against whom the permissions are validated for a key using the ACL and the mask.key - Key used to identify the blob.AuthorizationExceptionpublic void normalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask)
Copyright © 2019 The Apache Software Foundation. All rights reserved.