/// <summary>Check if access should be allowed.</summary>
/// <remarks>
/// Check if access should be allowed. userID is not checked if null. This
/// method doesn't check if token password is correct. It should be used only
/// when token password has already been verified (e.g., in the RPC layer).
/// </remarks>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
public virtual void CheckAccess(BlockTokenIdentifier id, string userId, ExtendedBlock
block, BlockTokenSecretManager.AccessMode mode)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Checking access for user="******", block=" + block + ", access mode="
+ mode + " using " + id.ToString());
}
if (userId != null && !userId.Equals(id.GetUserId()))
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't belong to user "
+ userId);
}
if (!id.GetBlockPoolId().Equals(block.GetBlockPoolId()))
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't apply to block "
+ block);
}
if (id.GetBlockId() != block.GetBlockId())
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't apply to block "
+ block);
}
if (IsExpired(id.GetExpiryDate()))
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " is expired."
);
}
if (!id.GetAccessModes().Contains(mode))
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't have "
+ mode + " permission");
}
}
/// <summary>
/// See
/// <see cref="BlockTokenSecretManager.CheckAccess(Org.Apache.Hadoop.Security.Token.Token{T}, string, Org.Apache.Hadoop.Hdfs.Protocol.ExtendedBlock, AccessMode)
/// "/>
/// </summary>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
public virtual void CheckAccess(Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier
> token, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode
mode)
{
Get(block.GetBlockPoolId()).CheckAccess(token, userId, block, mode);
}
/// <summary>
/// See
/// <see cref="BlockTokenSecretManager.CheckAccess(BlockTokenIdentifier, string, Org.Apache.Hadoop.Hdfs.Protocol.ExtendedBlock, AccessMode)
/// "/>
/// </summary>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
public virtual void CheckAccess(BlockTokenIdentifier id, string userId, ExtendedBlock
block, BlockTokenSecretManager.AccessMode mode)
{
Get(block.GetBlockPoolId()).CheckAccess(id, userId, block, mode);
}
/// <summary>Check if access should be allowed.</summary>
/// <remarks>Check if access should be allowed. userID is not checked if null</remarks>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
public virtual void CheckAccess(Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier
> token, string userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode
mode)
{
BlockTokenIdentifier id = new BlockTokenIdentifier();
try
{
id.ReadFields(new DataInputStream(new ByteArrayInputStream(token.GetIdentifier())
));
}
catch (IOException)
{
throw new SecretManager.InvalidToken("Unable to de-serialize block token identifier for user="******", block=" + block + ", access mode=" + mode);
}
CheckAccess(id, userId, block, mode);
if (!Arrays.Equals(RetrievePassword(id), token.GetPassword()))
{
throw new SecretManager.InvalidToken("Block token with " + id.ToString() + " doesn't have the correct token password"
);
}
}