Package org.apache.storm.blobstore
Class BlobStoreAclHandler
java.lang.Object
org.apache.storm.blobstore.BlobStoreAclHandler
Provides common handling of acls for Blobstores. Also contains some static utility functions related to Blobstores.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
static final List<AccessControl>
static final org.slf4j.Logger
static final int
static final List<AccessControl>
static final int
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
boolean
checkForValidUsers
(Subject who, int mask) void
hasAnyPermissions
(List<AccessControl> acl, int mask, Subject who, String key) Validates if the user has any of the permissions mentioned in the mask.void
hasPermissions
(List<AccessControl> acl, int mask, Subject who, String key) Validates if the user has at least the set of permissions mentioned in the mask.void
normalizeSettableBlobMeta
(String key, SettableBlobMeta meta, Subject who, int opMask) static AccessControl
parseAccessControl
(String str) static void
validateSettableACLs
(String key, List<AccessControl> acls) void
validateUserCanReadMeta
(List<AccessControl> acl, Subject who, String key) The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
-
Field Details
-
LOG
public static final org.slf4j.Logger LOG -
READ
public static final int READ- See Also:
-
WRITE
public static final int WRITE- See Also:
-
ADMIN
public static final int ADMIN- See Also:
-
WORLD_EVERYTHING
-
DEFAULT
-
-
Constructor Details
-
BlobStoreAclHandler
-
-
Method Details
-
parseAccessControl
-
accessControlToString
-
validateSettableACLs
public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException - Throws:
AuthorizationException
-
checkForValidUsers
-
validateUserCanReadMeta
public void validateUserCanReadMeta(List<AccessControl> acl, Subject who, String key) throws AuthorizationException The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.- Throws:
AuthorizationException
-
hasAnyPermissions
public void hasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException Validates if the user has any of the permissions mentioned in the mask.- Parameters:
acl
- ACL for the key.mask
- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who
- Is the user against whom the permissions are validated for a key using the ACL and the mask.key
- Key used to identify the blob.- Throws:
AuthorizationException
-
hasPermissions
public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException Validates if the user has at least the set of permissions mentioned in the mask.- Parameters:
acl
- ACL for the key.mask
- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who
- Is the user against whom the permissions are validated for a key using the ACL and the mask.key
- Key used to identify the blob.- Throws:
AuthorizationException
-
normalizeSettableBlobMeta
-