/// <summary>Check if access should be allowed.</summary> /// <remarks> /// Check if access should be allowed. userID is not checked if null. This /// method doesn't check if token password is correct. It should be used only /// when token password has already been verified (e.g., in the RPC layer). /// </remarks> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public virtual void CheckAccess(BlockTokenIdentifier id, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) { if (Log.IsDebugEnabled()) { Log.Debug("Checking access for user="******", block=" + block + ", access mode=" + mode + " using " + id.ToString()); } if (userId != null && !userId.Equals(id.GetUserId())) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't belong to user " + userId); } if (!id.GetBlockPoolId().Equals(block.GetBlockPoolId())) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't apply to block " + block); } if (id.GetBlockId() != block.GetBlockId()) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't apply to block " + block); } if (IsExpired(id.GetExpiryDate())) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " is expired." ); } if (!id.GetAccessModes().Contains(mode)) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't have " + mode + " permission"); } }
/// <summary> /// See /// <see cref="BlockTokenSecretManager.CheckAccess(Org.Apache.Hadoop.Security.Token.Token{T}, string, Org.Apache.Hadoop.Hdfs.Protocol.ExtendedBlock, AccessMode) /// "/> /// </summary> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public virtual void CheckAccess(Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier > token, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) { Get(block.GetBlockPoolId()).CheckAccess(token, userId, block, mode); }
/// <summary> /// See /// <see cref="BlockTokenSecretManager.CheckAccess(BlockTokenIdentifier, string, Org.Apache.Hadoop.Hdfs.Protocol.ExtendedBlock, AccessMode) /// "/> /// </summary> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public virtual void CheckAccess(BlockTokenIdentifier id, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) { Get(block.GetBlockPoolId()).CheckAccess(id, userId, block, mode); }
/// <summary>Check if access should be allowed.</summary> /// <remarks>Check if access should be allowed. userID is not checked if null</remarks> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public virtual void CheckAccess(Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier > token, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) { BlockTokenIdentifier id = new BlockTokenIdentifier(); try { id.ReadFields(new DataInputStream(new ByteArrayInputStream(token.GetIdentifier()) )); } catch (IOException) { throw new SecretManager.InvalidToken("Unable to de-serialize block token identifier for user="******", block=" + block + ", access mode=" + mode); } CheckAccess(id, userId, block, mode); if (!Arrays.Equals(RetrievePassword(id), token.GetPassword())) { throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't have the correct token password" ); } }