|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.oozie.service.AuthorizationService
public class AuthorizationService
The authorization service provides all authorization checks.
Field Summary | |
---|---|
static java.lang.String |
ADMIN_USERS_FILE
File that contains list of admin users for Oozie. |
static java.lang.String |
CONF_PREFIX
|
static java.lang.String |
CONF_SECURITY_ENABLED
Configuration parameter to enable or disable Oozie admin role. |
static java.lang.String |
DEFAULT_GROUP
Default group returned by getDefaultGroup(). |
protected static java.lang.String |
INSTR_FAILED_AUTH_COUNTER
|
protected static java.lang.String |
INSTRUMENTATION_GROUP
|
Constructor Summary | |
---|---|
AuthorizationService()
|
Method Summary | |
---|---|
void |
authorizeForAdmin(java.lang.String user,
boolean write)
Check if the user has admin privileges. |
void |
authorizeForApp(java.lang.String user,
java.lang.String group,
java.lang.String appPath,
org.apache.hadoop.conf.Configuration jobConf)
Check if the user+group is authorized to use the specified application. |
void |
authorizeForApp(java.lang.String user,
java.lang.String group,
java.lang.String appPath,
java.lang.String fileName,
org.apache.hadoop.conf.Configuration conf)
Check if the user+group is authorized to use the specified application. |
void |
authorizeForGroup(java.lang.String user,
java.lang.String group)
Check if the user belongs to the group or not. |
void |
authorizeForJob(java.lang.String user,
java.lang.String jobId,
boolean write)
Check if the user+group is authorized to operate on the specified job. |
void |
destroy()
Destroy the service. |
java.lang.String |
getDefaultGroup(java.lang.String user)
Return the default group to which the user belongs. |
java.lang.Class<? extends Service> |
getInterface()
Return the public interface of the service. |
void |
init(Services services)
Initialize the service. |
protected boolean |
isAdmin(java.lang.String user)
Check if the user has admin privileges. |
boolean |
isSecurityEnabled()
Return if security is enabled or not. |
protected boolean |
isUserInGroup(java.lang.String user,
java.lang.String group)
Check if the user belongs to the group or not. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String CONF_PREFIX
public static final java.lang.String CONF_SECURITY_ENABLED
public static final java.lang.String ADMIN_USERS_FILE
public static final java.lang.String DEFAULT_GROUP
protected static final java.lang.String INSTRUMENTATION_GROUP
protected static final java.lang.String INSTR_FAILED_AUTH_COUNTER
Constructor Detail |
---|
public AuthorizationService()
Method Detail |
---|
public void init(Services services) throws ServiceException
init
in interface Service
services
- services instance.
ServiceException
- thrown if the service could not be initialized.public boolean isSecurityEnabled()
public void destroy()
destroy
in interface Service
public java.lang.Class<? extends Service> getInterface()
getInterface
in interface Service
AuthorizationService
.protected boolean isUserInGroup(java.lang.String user, java.lang.String group) throws AuthorizationException
true
.
user
- user name.group
- group name.
AuthorizationException
- thrown if the authorization query can not be performed.public void authorizeForGroup(java.lang.String user, java.lang.String group) throws AuthorizationException
isUserInGroup(java.lang.String, java.lang.String)
method.
user
- user name.group
- group name.
AuthorizationException
- thrown if the user is not authorized for the group or if the authorization query
can not be performed.public java.lang.String getDefaultGroup(java.lang.String user) throws AuthorizationException
user
- user name.
AuthorizationException
- thrown if the default group con not be retrieved.protected boolean isAdmin(java.lang.String user)
true
. If
admin is enabled it returns true
if the user is in the adminusers.txt
file.
user
- user name.
public void authorizeForAdmin(java.lang.String user, boolean write) throws AuthorizationException
isUserInGroup(java.lang.String, java.lang.String)
method.
user
- user name.write
- indicates if the check is for read or write admin tasks (in this implementation this is ignored)
AuthorizationException
- thrown if user does not have admin priviledges.public void authorizeForApp(java.lang.String user, java.lang.String group, java.lang.String appPath, org.apache.hadoop.conf.Configuration jobConf) throws AuthorizationException
user
- user name.group
- group name.appPath
- application path.
AuthorizationException
- thrown if the user is not authorized for the app.public void authorizeForApp(java.lang.String user, java.lang.String group, java.lang.String appPath, java.lang.String fileName, org.apache.hadoop.conf.Configuration conf) throws AuthorizationException
user
- user name.group
- group name.appPath
- application path.fileName
- workflow or coordinator.xmlconf
-
AuthorizationException
- thrown if the user is not authorized for the app.public void authorizeForJob(java.lang.String user, java.lang.String jobId, boolean write) throws AuthorizationException
user
- user name.jobId
- job id.write
- indicates if the check is for read or write job tasks.
AuthorizationException
- thrown if the user is not authorized for the job.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |