Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
 
 package org.apache.hadoop.hbase.security.visibility;
 
 import java.util.List;
 
The interface which deals with visibility labels and user auths admin service as well as the cell visibility expression storage part and read time evaluation.
 
 public interface VisibilityLabelService extends Configurable {

  
System calls this after opening of regions. Gives a chance for the VisibilityLabelService to so any initialization logic.

Parameters:
e the region coprocessor env
 
   void init(RegionCoprocessorEnvironment ethrows IOException;

  
Adds the set of labels into the system.

Parameters:
labels Labels to add to the system.
Returns:
OperationStatus for each of the label addition
 
   OperationStatus[] addLabels(List<byte[]> labelsthrows IOException;

  
Sets given labels globally authorized for the user.

Parameters:
user The authorizing user
authLabels Labels which are getting authorized for the user
Returns:
OperationStatus for each of the label auth addition
 
   OperationStatus[] setAuths(byte[] userList<byte[]> authLabelsthrows IOException;

  
Removes given labels from user's globally authorized list of labels.

Parameters:
user The user whose authorization to be removed
authLabels Labels which are getting removed from authorization set
Returns:
OperationStatus for each of the label auth removal
 
   OperationStatus[] clearAuths(byte[] userList<byte[]> authLabelsthrows IOException;

  
Retrieve the visibility labels for the user.

Deprecated:
Use getUserAuths(byte[], boolean)
Parameters:
user Name of the user whose authorization to be retrieved
systemCall Whether a system or user originated call.
Returns:
Visibility labels authorized for the given user.
 
   List<StringgetAuths(byte[] userboolean systemCallthrows IOException;

  
Retrieve the visibility labels for the user.

Parameters:
user Name of the user whose authorization to be retrieved
systemCall Whether a system or user originated call.
Returns:
Visibility labels authorized for the given user.
 
   List<StringgetUserAuths(byte[] userboolean systemCallthrows IOException;

  
Retrieve the visibility labels for the groups.

Parameters:
groups Name of the groups whose authorization to be retrieved
systemCall Whether a system or user originated call.
Returns:
Visibility labels authorized for the given group.
  List<StringgetGroupAuths(String[] groupsboolean systemCallthrows IOException;

  
Retrieve the list of visibility labels defined in the system.

Parameters:
regex The regular expression to filter which labels are returned.
Returns:
List of visibility labels
  List<StringlistLabels(String regexthrows IOException;

  
Creates tags corresponding to given visibility expression.
Note: This will be concurrently called from multiple threads and implementation should take care of thread safety.

Parameters:
visExpression The Expression for which corresponding Tags to be created.
withSerializationFormat specifies whether a tag, denoting the serialization version of the tags, to be added in the list. When this is true make sure to add the serialization format Tag also. The format tag value should be byte type.
checkAuths denotes whether to check individual labels in visExpression against user's global auth label.
Returns:
The list of tags corresponds to the visibility expression. These tags will be stored along with the Cells.
  List<TagcreateVisibilityExpTags(String visExpressionboolean withSerializationFormat,
      boolean checkAuthsthrows IOException;

  
Creates VisibilityExpEvaluator corresponding to given Authorizations.
Note: This will be concurrently called from multiple threads and implementation should take care of thread safety.

Parameters:
authorizations Authorizations for the read request
Returns:
The VisibilityExpEvaluator corresponding to the given set of authorization labels.
      throws IOException;

  
System checks for user auth during admin operations. (ie. Label add, set/clear auth). The operation is allowed only for users having system auth. Also during read, if the requesting user has system auth, he can view all the data irrespective of its labels.

Deprecated:
Use havingSystemAuth(User)
Parameters:
user User for whom system auth check to be done.
Returns:
true if the given user is having system/super auth
  boolean havingSystemAuth(byte[] userthrows IOException;

  
System checks for user auth during admin operations. (ie. Label add, set/clear auth). The operation is allowed only for users having system auth. Also during read, if the requesting user has system auth, he can view all the data irrespective of its labels.

Parameters:
user User for whom system auth check to be done.
Returns:
true if the given user is having system/super auth
  boolean havingSystemAuth(User userthrows IOException;

  
System uses this for deciding whether a Cell can be deleted by matching visibility expression in Delete mutation and the cell in consideration. Also system passes the serialization format of visibility tags in Put and Delete.
Note: This will be concurrently called from multiple threads and implementation should take care of thread safety.

Parameters:
putVisTags The visibility tags present in the Put mutation
putVisTagFormat The serialization format for the Put visibility tags. A null value for this format means the tags are written with unsorted label ordinals
deleteVisTags - The visibility tags in the delete mutation (the specified Cell Visibility)
deleteVisTagFormat The serialization format for the Delete visibility tags. A null value for this format means the tags are written with unsorted label ordinals
Returns:
true if matching tags are found
See also:
org.apache.hadoop.hbase.security.visibility.VisibilityConstants.SORTED_ORDINAL_SERIALIZATION_FORMAT
  boolean matchVisibility(List<TagputVisTagsByte putVisTagFormatList<TagdeleteVisTags,
      Byte deleteVisTagFormatthrows IOException;

  
Provides a way to modify the visibility tags of type org.apache.hadoop.hbase.TagType .VISIBILITY_TAG_TYPE, that are part of the cell created from the WALEdits that are prepared for replication while calling org.apache.hadoop.hbase.replication.ReplicationEndpoint .replicate(). VisibilityReplicationEndpoint calls this API to provide an opportunity to modify the visibility tags before replicating.

Parameters:
visTags the visibility tags associated with the cell
serializationFormat the serialization format associated with the tag
Returns:
the modified visibility expression in the form of byte[]
Throws:
java.io.IOException
  byte[] encodeVisibilityForReplication(final List<TagvisTags,
      final Byte serializationFormatthrows IOException;
New to GrepCode? Check out our FAQ X