Java Code Examples for org.apache.hadoop.hbase.client.Put.getAttribute()

The following are Jave code examples for showing how to use getAttribute() of the org.apache.hadoop.hbase.client.Put class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
Example 1
Project: ditb   File: AccessController.java   Source Code and License Vote up 6 votes
@Override
public boolean preCheckAndPutAfterRowLock(final ObserverContext<RegionCoprocessorEnvironment> c,
    final byte[] row, final byte[] family, final byte[] qualifier,
    final CompareFilter.CompareOp compareOp, final ByteArrayComparable comparator, final Put put,
    final boolean result) throws IOException {
  if (put.getAttribute(CHECK_COVERING_PERM) != null) {
    // We had failure with table, cf and q perm checks and now giving a chance for cell
    // perm check
    TableName table = c.getEnvironment().getRegion().getRegionInfo().getTable();
    Map<byte[], ? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
    AuthResult authResult = null;
    if (checkCoveringPermission(OpType.CHECK_AND_PUT, c.getEnvironment(), row, families,
        HConstants.LATEST_TIMESTAMP, Action.READ)) {
      authResult = AuthResult.allow(OpType.CHECK_AND_PUT.toString(), "Covering cell set",
          getActiveUser(), Action.READ, table, families);
    } else {
      authResult = AuthResult.deny(OpType.CHECK_AND_PUT.toString(), "Covering cell set",
          getActiveUser(), Action.READ, table, families);
    }
    logResult(authResult);
    if (authorizationEnabled && !authResult.isAllowed()) {
      throw new AccessDeniedException("Insufficient permissions " + authResult.toContextString());
    }
  }
  return result;
}
 
Example 2
Project: ditb   File: AccessController.java   Source Code and License Vote up 5 votes
@Override
public void prePut(final ObserverContext<RegionCoprocessorEnvironment> c,
    final Put put, final WALEdit edit, final Durability durability)
    throws IOException {
  User user = getActiveUser();
  checkForReservedTagPresence(user, put);

  // Require WRITE permission to the table, CF, or top visible value, if any.
  // NOTE: We don't need to check the permissions for any earlier Puts
  // because we treat the ACLs in each Put as timestamped like any other
  // HBase value. A new ACL in a new Put applies to that Put. It doesn't
  // change the ACL of any previous Put. This allows simple evolution of
  // security policy over time without requiring expensive updates.
  RegionCoprocessorEnvironment env = c.getEnvironment();
  Map<byte[],? extends Collection<Cell>> families = put.getFamilyCellMap();
  AuthResult authResult = permissionGranted(OpType.PUT, user, env, families, Action.WRITE);
  logResult(authResult);
  if (!authResult.isAllowed()) {
    if (cellFeaturesEnabled && !compatibleEarlyTermination) {
      put.setAttribute(CHECK_COVERING_PERM, TRUE);
    } else if (authorizationEnabled) {
      throw new AccessDeniedException("Insufficient permissions " + authResult.toContextString());
    }
  }

  // Add cell ACLs from the operation to the cells themselves
  byte[] bytes = put.getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL);
  if (bytes != null) {
    if (cellFeaturesEnabled) {
      addCellPermissions(bytes, put.getFamilyCellMap());
    } else {
      throw new DoNotRetryIOException("Cell ACLs cannot be persisted");
    }
  }
}
 
Example 3
Project: ditb   File: AccessController.java   Source Code and License Vote up 5 votes
@Override
public boolean preCheckAndPut(final ObserverContext<RegionCoprocessorEnvironment> c,
    final byte [] row, final byte [] family, final byte [] qualifier,
    final CompareFilter.CompareOp compareOp,
    final ByteArrayComparable comparator, final Put put,
    final boolean result) throws IOException {
  User user = getActiveUser();
  checkForReservedTagPresence(user, put);

  // Require READ and WRITE permissions on the table, CF, and KV to update
  RegionCoprocessorEnvironment env = c.getEnvironment();
  Map<byte[],? extends Collection<byte[]>> families = makeFamilyMap(family, qualifier);
  AuthResult authResult = permissionGranted(OpType.CHECK_AND_PUT, user, env, families,
    Action.READ, Action.WRITE);
  logResult(authResult);
  if (!authResult.isAllowed()) {
    if (cellFeaturesEnabled && !compatibleEarlyTermination) {
      put.setAttribute(CHECK_COVERING_PERM, TRUE);
    } else if (authorizationEnabled) {
      throw new AccessDeniedException("Insufficient permissions " +
        authResult.toContextString());
    }
  }

  byte[] bytes = put.getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL);
  if (bytes != null) {
    if (cellFeaturesEnabled) {
      addCellPermissions(bytes, put.getFamilyCellMap());
    } else {
      throw new DoNotRetryIOException("Cell ACLs cannot be persisted");
    }
  }
  return result;
}
 
Example 4
Project: ditb   File: TestReplicationWithTags.java   Source Code and License Vote up 5 votes
@Override
public void prePut(final ObserverContext<RegionCoprocessorEnvironment> e, final Put put,
    final WALEdit edit, final Durability durability) throws IOException {
  byte[] attribute = put.getAttribute("visibility");
  byte[] cf = null;
  List<Cell> updatedCells = new ArrayList<Cell>();
  if (attribute != null) {
    for (List<? extends Cell> edits : put.getFamilyCellMap().values()) {
      for (Cell cell : edits) {
        KeyValue kv = KeyValueUtil.ensureKeyValue(cell);
        if (cf == null) {
          cf = kv.getFamily();
        }
        Tag tag = new Tag(TAG_TYPE, attribute);
        List<Tag> tagList = new ArrayList<Tag>();
        tagList.add(tag);

        KeyValue newKV = new KeyValue(kv.getRow(), 0, kv.getRowLength(), kv.getFamily(), 0,
            kv.getFamilyLength(), kv.getQualifier(), 0, kv.getQualifierLength(),
            kv.getTimestamp(), KeyValue.Type.codeToType(kv.getType()), kv.getValue(), 0,
            kv.getValueLength(), tagList);
        ((List<Cell>) updatedCells).add(newKV);
      }
    }
    put.getFamilyCellMap().remove(cf);
    // Update the family map
    put.getFamilyCellMap().put(cf, updatedCells);
  }
}
 
Example 5
Project: ditb   File: TestVisibilityLabelsReplication.java   Source Code and License Vote up 5 votes
@Override
public void prePut(ObserverContext<RegionCoprocessorEnvironment> e, Put m, WALEdit edit,
    Durability durability) throws IOException {
  byte[] attribute = m.getAttribute(NON_VISIBILITY);
  byte[] cf = null;
  List<Cell> updatedCells = new ArrayList<Cell>();
  if (attribute != null) {
    for (List<? extends Cell> edits : m.getFamilyCellMap().values()) {
      for (Cell cell : edits) {
        KeyValue kv = KeyValueUtil.ensureKeyValue(cell);
        if (cf == null) {
          cf = kv.getFamily();
        }
        Tag tag = new Tag((byte) NON_VIS_TAG_TYPE, attribute);
        List<Tag> tagList = new ArrayList<Tag>();
        tagList.add(tag);
        tagList.addAll(kv.getTags());
        byte[] fromList = Tag.fromList(tagList);
        TagRewriteCell newcell = new TagRewriteCell(kv, fromList);
        KeyValue newKV = new KeyValue(kv.getRow(), 0, kv.getRowLength(), kv.getFamily(), 0,
            kv.getFamilyLength(), kv.getQualifier(), 0, kv.getQualifierLength(),
            kv.getTimestamp(), KeyValue.Type.codeToType(kv.getType()), kv.getValue(), 0,
            kv.getValueLength(), tagList);
        ((List<Cell>) updatedCells).add(newcell);
      }
    }
    m.getFamilyCellMap().remove(cf);
    // Update the family map
    m.getFamilyCellMap().put(cf, updatedCells);
  }
}
 
Example 6
Project: ditb   File: TestImportTSVWithOperationAttributes.java   Source Code and License Vote up 5 votes
@Override
public void prePut(ObserverContext<RegionCoprocessorEnvironment> e, Put put, WALEdit edit,
    Durability durability) throws IOException {
  Region region = e.getEnvironment().getRegion();
  if (!region.getRegionInfo().isMetaTable()
      && !region.getRegionInfo().getTable().isSystemTable()) {
    if (put.getAttribute(TEST_ATR_KEY) != null) {
      LOG.debug("allow any put to happen " + region.getRegionInfo().getRegionNameAsString());
    } else {
      e.bypass();
    }
  }
}