本文整理汇总了Java中org.apache.accumulo.core.security.VisibilityEvaluator类的典型用法代码示例。如果您正苦于以下问题:Java VisibilityEvaluator类的具体用法?Java VisibilityEvaluator怎么用?Java VisibilityEvaluator使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
VisibilityEvaluator类属于org.apache.accumulo.core.security包,在下文中一共展示了VisibilityEvaluator类的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: canRead
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
@Override
public boolean canRead(Visibility visibility) {
Preconditions.checkNotNull(visibility, "visibility is required");
// this is just a shortcut so that we don't need to construct evaluators and visibility objects to check for an empty string.
if (visibility.getVisibilityString().length() == 0) {
return true;
}
VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new org.apache.accumulo.core.security.Authorizations(this.getAuthorizations()));
ColumnVisibility columnVisibility = new ColumnVisibility(visibility.getVisibilityString());
try {
return visibilityEvaluator.evaluate(columnVisibility);
} catch (VisibilityParseException e) {
throw new VertexiumException("could not evaluate visibility " + visibility.getVisibilityString(), e);
}
}
示例2: doesUserHaveDocumentAccess
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
/**
* Checks if the user's authorizations allows them to have access to the
* provided document based on its document visibility.
* @param authorizations the {@link Authorizations}.
* @param documentVisibility the {@link DocumentVisibility}.
* @param doesEmptyAccessPass {@code true} if an empty authorization pass
* allows access to everything. {@code false} otherwise.
* @return {@code true} if the user has access to the document.
* {@code false} otherwise.
*/
public static boolean doesUserHaveDocumentAccess(final Authorizations authorizations, final DocumentVisibility documentVisibility, final boolean doesEmptyAccessPass) {
final Authorizations userAuths = authorizations != null ? authorizations : MongoDbRdfConstants.ALL_AUTHORIZATIONS;
final VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(userAuths);
boolean accept = false;
if (doesEmptyAccessPass && MongoDbRdfConstants.ALL_AUTHORIZATIONS.equals(userAuths)) {
accept = true;
} else {
try {
accept = visibilityEvaluator.evaluate(documentVisibility);
} catch (final VisibilityParseException e) {
log.error("Could not parse document visibility.");
}
}
return accept;
}
示例3: validateVisibilityExpression
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
/**
* Validate Accumulo-style visibility expression against a set of authorizations.
*
* @param auths Formal authorizations of the user
* @param visibilityExpression Accumulo-style visibility expression
* @return true if validation authorizations against visibility expression, false otherwise
*/
public static boolean validateVisibilityExpression(Set<String> auths, String visibilityExpression) {
if (StringUtils.isBlank(visibilityExpression)) {
return true; // No visibility to check
}
if (auths == null || auths.isEmpty()) {
return false; // Has visibility but no auths
}
final VisibilityEvaluator visEval = new VisibilityEvaluator(
new org.apache.accumulo.core.security.Authorizations(
auths.toArray(new String[] {})));
try {
return visEval.evaluate(new ColumnVisibility(visibilityExpression));
} catch (final VisibilityParseException e) {
return false;
}
}
示例4: AccumuloVisibilityFilter
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
public AccumuloVisibilityFilter(Map<String, Object> params, ESLogger logger) {
this.logger = logger;
if (params.get("expressionField") != null) {
this.securityExpressionField = params.get("expressionField").toString();
}
String auths = params.get("auths").toString().trim();
Authorizations authorizations;
if (auths.isEmpty()) {
authorizations = new Authorizations();
} else {
authorizations = new Authorizations(auths.split(","));
}
this.visibilityEvaluator = new VisibilityEvaluator(authorizations);
}
示例5: testVersion
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
/**
* Test that rfiles created by a specific version of PACE still work correctly.
*
* @param versionConfig
* Configuration for the version with which the rfiles were generated.
*/
private void testVersion(File versionConfig) throws Exception {
String parentDirectory = versionConfig.getParent();
JsonParser parser = new JsonParser();
JsonObject configJson = parser.parse(new FileReader(versionConfig)).getAsJsonObject();
// Get a scanner for the data file.
List<byte[]> auths = new ArrayList<>();
for (JsonElement authElem : configJson.getAsJsonArray("authorizations")) {
auths.add(VisibilityEvaluator.escape(authElem.getAsString().getBytes(Utils.VISIBILITY_CHARSET), false));
}
Authorizations authorizations = new Authorizations(auths);
LocalFileSystem fs = FileSystem.getLocal(new Configuration());
Scanner dataScanner = RFile.newScanner().from(Paths.get(parentDirectory, configJson.getAsJsonPrimitive("data-table").getAsString()).toString())
.withFileSystem(fs).withAuthorizations(authorizations).build();
// Validate each configuration.
for (JsonElement testElem : configJson.getAsJsonArray("tests")) {
JsonObject test = testElem.getAsJsonObject();
SignatureConfig signatureConfig = new SignatureConfigBuilder().readFromFile(
new FileReader(Paths.get(parentDirectory, test.getAsJsonPrimitive("config").getAsString()).toFile())).build();
SignatureKeyContainer keyContainer = LocalSignatureKeyContainer.read(new FileReader(Paths.get(parentDirectory,
test.getAsJsonPrimitive("keys").getAsString()).toFile()));
EntrySigner verifier = new EntrySigner(signatureConfig, keyContainer);
Scanner signedScanner = RFile.newScanner().from(Paths.get(parentDirectory, test.getAsJsonPrimitive("table").getAsString()).toString()).withFileSystem(fs)
.withAuthorizations(authorizations).build();
runTest(dataScanner, signedScanner, verifier, signatureConfig);
}
}
示例6: testVersion
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
/**
* Test that rfiles created by a specific version of PACE still work correctly.
*
* @param versionConfig
* Configuration for the version with which the rfiles were generated.
*/
private void testVersion(File versionConfig) throws Exception {
String parentDirectory = versionConfig.getParent();
JsonParser parser = new JsonParser();
JsonObject configJson = parser.parse(new FileReader(versionConfig)).getAsJsonObject();
// Get a scanner for the data file.
List<byte[]> auths = new ArrayList<>();
for (JsonElement authElem : configJson.getAsJsonArray("authorizations")) {
auths.add(VisibilityEvaluator.escape(authElem.getAsString().getBytes(Utils.VISIBILITY_CHARSET), false));
}
Authorizations authorizations = new Authorizations(auths);
LocalFileSystem fs = FileSystem.getLocal(new Configuration());
Scanner dataScanner = RFile.newScanner().from(Paths.get(parentDirectory, configJson.getAsJsonPrimitive("data-table").getAsString()).toString())
.withFileSystem(fs).withAuthorizations(authorizations).build();
// Validate each configuration.
for (JsonElement testElem : configJson.getAsJsonArray("tests")) {
JsonObject test = testElem.getAsJsonObject();
EncryptionConfig encryptionConfig = new EncryptionConfigBuilder().readFromFile(
new FileReader(Paths.get(parentDirectory, test.getAsJsonPrimitive("config").getAsString()).toFile())).build();
EncryptionKeyContainer keyContainer = LocalEncryptionKeyContainer.read(new FileReader(Paths.get(parentDirectory,
test.getAsJsonPrimitive("keys").getAsString()).toFile()));
EntryEncryptor decryptor = new EntryEncryptor(encryptionConfig, keyContainer);
Scanner encryptedScanner = RFile.newScanner().from(Paths.get(parentDirectory, test.getAsJsonPrimitive("table").getAsString()).toString())
.withFileSystem(fs).withAuthorizations(authorizations).build();
runTest(dataScanner, encryptedScanner, decryptor);
}
}
示例7: wrapVisibility
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
/**
* Wrap the visibility field.
* <p>
* The resulting field will have the value {@literal colVis = (<originalColVis>)|data}. If the original column visibility value is empty, then the deafult
* visibility value will be used in place of originalColVis.
*
* @param visibility
* The visibility data being wrapped.
* @param data
* data to wrap into visibility.
* @return Wrapped visibility.
*/
private static byte[] wrapVisibility(byte[] visibility, byte[] data) throws IOException {
ByteArrayOutputStream colVisStream = new ByteArrayOutputStream();
DataOutput colVisOut = new DataOutputStream(colVisStream);
colVisOut.writeByte((byte) '(');
colVisOut.write(visibility);
colVisOut.writeByte((byte) ')');
colVisOut.writeByte((byte) '|');
colVisOut.write(VisibilityEvaluator.escape(data, true));
return colVisStream.toByteArray();
}
示例8: VisibilityIterator
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
public VisibilityIterator(final List<T> values, Authorizations authorizations) {
this.values = values;
this.ve = new VisibilityEvaluator(authorizations);
this.expectedItems = values.size();
}
示例9: init
import org.apache.accumulo.core.security.VisibilityEvaluator; //导入依赖的package包/类
@Override public void init(SortedKeyValueIterator<Key,Value> source, Map<String,String> options, IteratorEnvironment env) throws IOException {
super.init(source, options, env);
checker = new VisibilityEvaluator(new Authorizations(options.get(AUTHS).getBytes()));
}