View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import org.apache.hadoop.conf.Configuration;
21  import org.apache.hadoop.hbase.ipc.HMasterInterface;
22  import org.apache.hadoop.hbase.ipc.HMasterRegionInterface;
23  import org.apache.hadoop.hbase.ipc.HRegionInterface;
24  import org.apache.hadoop.security.authorize.PolicyProvider;
25  import org.apache.hadoop.security.authorize.Service;
26  import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
27  
28  /**
29   * Implementation of secure Hadoop policy provider for mapping
30   * protocol interfaces to hbase-policy.xml entries.
31   */
32  public class HBasePolicyProvider extends PolicyProvider {
33    protected static Service[] services = {
34        new Service("security.client.protocol.acl", HRegionInterface.class),
35        new Service("security.admin.protocol.acl", HMasterInterface.class),
36        new Service("security.masterregion.protocol.acl", HMasterRegionInterface.class)
37    };
38  
39    @Override
40    public Service[] getServices() {
41      return services;
42    }
43  
44    public static void init(Configuration conf,
45        ServiceAuthorizationManager authManager) {
46      // set service-level authorization security policy
47      System.setProperty("hadoop.policy.file", "hbase-policy.xml");
48      if (conf.getBoolean(
49            ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
50        authManager.refresh(conf, new HBasePolicyProvider());
51      }
52    }
53  }