Package org.apache.storm.blobstore
Class BlobStoreAclHandler
- java.lang.Object
-
- org.apache.storm.blobstore.BlobStoreAclHandler
-
public class BlobStoreAclHandler extends Object
Provides common handling of acls for Blobstores. Also contains some static utility functions related to Blobstores.
-
-
Field Summary
Fields Modifier and Type Field Description static intADMINstatic List<AccessControl>DEFAULTstatic org.slf4j.LoggerLOGstatic intREADstatic List<AccessControl>WORLD_EVERYTHINGstatic intWRITE
-
Constructor Summary
Constructors Constructor Description BlobStoreAclHandler(Map<String,Object> conf)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static StringaccessControlToString(AccessControl ac)booleancheckForValidUsers(Subject who, int mask)voidhasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key)Validates if the user has any of the permissions mentioned in the mask.voidhasPermissions(List<AccessControl> acl, int mask, Subject who, String key)Validates if the user has at least the set of permissions mentioned in the mask.voidnormalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask)static AccessControlparseAccessControl(String str)static voidvalidateSettableACLs(String key, List<AccessControl> acls)voidvalidateUserCanReadMeta(List<AccessControl> acl, Subject who, String key)The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
-
-
-
Field Detail
-
LOG
public static final org.slf4j.Logger LOG
-
READ
public static final int READ
- See Also:
- Constant Field Values
-
WRITE
public static final int WRITE
- See Also:
- Constant Field Values
-
ADMIN
public static final int ADMIN
- See Also:
- Constant Field Values
-
WORLD_EVERYTHING
public static final List<AccessControl> WORLD_EVERYTHING
-
DEFAULT
public static final List<AccessControl> DEFAULT
-
-
Method Detail
-
parseAccessControl
public static AccessControl parseAccessControl(String str)
-
accessControlToString
public static String accessControlToString(AccessControl ac)
-
validateSettableACLs
public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException
- Throws:
AuthorizationException
-
checkForValidUsers
public boolean checkForValidUsers(Subject who, int mask)
-
validateUserCanReadMeta
public void validateUserCanReadMeta(List<AccessControl> acl, Subject who, String key) throws AuthorizationException
The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.- Throws:
AuthorizationException
-
hasAnyPermissions
public void hasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has any of the permissions mentioned in the mask.- Parameters:
acl- ACL for the key.mask- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who- Is the user against whom the permissions are validated for a key using the ACL and the mask.key- Key used to identify the blob.- Throws:
AuthorizationException
-
hasPermissions
public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has at least the set of permissions mentioned in the mask.- Parameters:
acl- ACL for the key.mask- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who- Is the user against whom the permissions are validated for a key using the ACL and the mask.key- Key used to identify the blob.- Throws:
AuthorizationException
-
normalizeSettableBlobMeta
public void normalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask)
-
-