Package org.apache.hadoop.security.authorize

Class ServiceAuthorizationManager

java.lang.Object

org.apache.hadoop.security.authorize.ServiceAuthorizationManager

@LimitedPrivate({"HDFS","MapReduce"})
@Evolving
public class ServiceAuthorizationManager
extends Object

An authorization manager which handles service-level authorization for incoming service requests.

Field Summary

Fields

Modifier and Type	Field	Description
static final org.slf4j.Logger	AUDITLOG
static final String	SERVICE_AUTHORIZATION_CONFIG	Deprecated. Use CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION instead.

Constructor Summary

Constructors

Constructor	Description
ServiceAuthorizationManager()

Method Summary

Modifier and Type	Method	Description
void	authorize(UserGroupInformation user, Class<?> protocol, Configuration conf, InetAddress addr)	Authorize the user to access the protocol being used.
AccessControlList	getProtocolsAcls(Class<?> className)
AccessControlList	getProtocolsBlockedAcls(Class<?> className)
MachineList	getProtocolsBlockedMachineList(Class<?> className)
MachineList	getProtocolsMachineList(Class<?> className)
Set<Class<?>>	getProtocolsWithAcls()
Set<Class<?>>	getProtocolsWithMachineLists()
void	refresh(Configuration conf, PolicyProvider provider)
void	refreshWithLoadedConfiguration(Configuration conf, PolicyProvider provider)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SERVICE_AUTHORIZATION_CONFIG

@Deprecated
public static final String SERVICE_AUTHORIZATION_CONFIG

Deprecated.

Use CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION instead.

Configuration key for controlling service-level authorization for Hadoop.

See Also:

• Constant Field Values

AUDITLOG

public static final org.slf4j.Logger AUDITLOG

Constructor Details

ServiceAuthorizationManager

public ServiceAuthorizationManager()

Method Details

authorize

public void authorize(UserGroupInformation user,
 Class<?> protocol,
 Configuration conf,
 InetAddress addr)
               throws AuthorizationException

Authorize the user to access the protocol being used.

Parameters:

user - user accessing the service

protocol - service being accessed

conf - configuration to use

addr - InetAddress of the client

Throws:

AuthorizationException - on authorization failure

refresh

public void refresh(Configuration conf,
 PolicyProvider provider)

refreshWithLoadedConfiguration

@Private
public void refreshWithLoadedConfiguration(Configuration conf,
 PolicyProvider provider)

getProtocolsWithAcls

@VisibleForTesting
public Set<Class<?>> getProtocolsWithAcls()

getProtocolsAcls

@VisibleForTesting
public AccessControlList getProtocolsAcls(Class<?> className)

getProtocolsBlockedAcls

@VisibleForTesting
public AccessControlList getProtocolsBlockedAcls(Class<?> className)

getProtocolsWithMachineLists

@VisibleForTesting
public Set<Class<?>> getProtocolsWithMachineLists()

getProtocolsMachineList

@VisibleForTesting
public MachineList getProtocolsMachineList(Class<?> className)

getProtocolsBlockedMachineList

@VisibleForTesting
public MachineList getProtocolsBlockedMachineList(Class<?> className)