Class BlobStoreAclHandler

java.lang.Object
org.apache.storm.blobstore.BlobStoreAclHandler

public class BlobStoreAclHandler extends Object
Provides common handling of acls for Blobstores. Also contains some static utility functions related to Blobstores.
  • Field Details

  • Constructor Details

    • BlobStoreAclHandler

      public BlobStoreAclHandler(Map<String,Object> conf)
  • Method Details

    • parseAccessControl

      public static AccessControl parseAccessControl(String str)
    • accessControlToString

      public static String accessControlToString(AccessControl ac)
    • validateSettableACLs

      public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException
      Throws:
      AuthorizationException
    • checkForValidUsers

      public boolean checkForValidUsers(Subject who, int mask)
    • validateUserCanReadMeta

      public void validateUserCanReadMeta(List<AccessControl> acl, Subject who, String key) throws AuthorizationException
      The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
      Throws:
      AuthorizationException
    • hasAnyPermissions

      public void hasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
      Validates if the user has any of the permissions mentioned in the mask.
      Parameters:
      acl - ACL for the key.
      mask - mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.
      who - Is the user against whom the permissions are validated for a key using the ACL and the mask.
      key - Key used to identify the blob.
      Throws:
      AuthorizationException
    • hasPermissions

      public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
      Validates if the user has at least the set of permissions mentioned in the mask.
      Parameters:
      acl - ACL for the key.
      mask - mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.
      who - Is the user against whom the permissions are validated for a key using the ACL and the mask.
      key - Key used to identify the blob.
      Throws:
      AuthorizationException
    • normalizeSettableBlobMeta

      public void normalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask)