/// <summary> /// First Check if user is in ACL for the KMS operation, if yes, then /// return true if user is not present in any configured blacklist for /// the operation /// </summary> /// <param name="type">KMS Operation</param> /// <param name="ugi">UserGroupInformation of user</param> /// <returns>true is user has access</returns> public virtual bool HasAccess(KMSACLs.Type type, UserGroupInformation ugi) { bool access = acls[type].IsUserAllowed(ugi); if (access) { AccessControlList blacklist = blacklistedAcls[type]; access = (blacklist == null) || !blacklist.IsUserInList(ugi); } return(access); }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> public virtual void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp operation, string key) { if (!KMSWebApp.GetACLs().HasAccess(aclType, ugi)) { KMSWebApp.GetUnauthorizedCallsMeter().Mark(); KMSWebApp.GetKMSAudit().Unauthorized(ugi, operation, key); throw new AuthorizationException(string.Format((key != null) ? UnauthorizedMsgWithKey : UnauthorizedMsgWithoutKey, ugi.GetShortUserName(), operation, key)); } }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> private void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp operation, string key) { KMSWebApp.GetACLs().AssertAccess(aclType, ugi, operation, key); }