本文整理了Java中org.apache.accumulo.server.security.handler.ZKSecurityTool类的一些代码示例,展示了ZKSecurityTool类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ZKSecurityTool类的具体详情如下:
包路径:org.apache.accumulo.server.security.handler.ZKSecurityTool
类名称:ZKSecurityTool
[英]All the static too methods used for this class, so that we can separate out stuff that isn't using ZooKeeper. That way, we can check the synchronization model more easily, as we only need to check to make sure zooCache is cleared when things are written to ZooKeeper in methods that might use it. These won't, and so don't need to be checked.
[中]这个类使用的所有静态方法,所以我们可以分离出没有使用ZooKeeper的东西。这样,我们可以更容易地检查同步模型,因为我们只需要检查以确保在可能使用ZooKeeper的方法中将内容写入zooCache时,zooCache被清除。这些不会,所以不需要检查。
代码示例来源:origin: apache/accumulo
@Override
public boolean authenticateUser(String principal, AuthenticationToken token)
throws AccumuloSecurityException {
if (!(token instanceof PasswordToken))
throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN);
PasswordToken pt = (PasswordToken) token;
byte[] pass;
String zpath = ZKUserPath + "/" + principal;
pass = zooCache.get(zpath);
boolean result = ZKSecurityTool.checkPass(pt.getPassword(), pass);
if (!result) {
zooCache.clear(zpath);
pass = zooCache.get(zpath);
result = ZKSecurityTool.checkPass(pt.getPassword(), pass);
}
return result;
}代码示例来源:origin: apache/accumulo
@Override
public Authorizations getCachedUserAuthorizations(String user) {
byte[] authsBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserAuths);
if (authsBytes != null)
return ZKSecurityTool.convertAuthorizations(authsBytes);
return Authorizations.EMPTY;
}代码示例来源:origin: apache/accumulo
public static byte[] createPass(byte[] password) throws AccumuloException {
byte[] salt = generateSalt();
try {
return convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
log.error("Count not create hashed password", e);
throw new AccumuloException("Count not create hashed password", e);
}
}代码示例来源:origin: apache/accumulo
@Override
public boolean hasCachedTablePermission(String user, String table, TablePermission permission) {
byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table);
if (serializedPerms != null) {
return ZKSecurityTool.convertTablePermissions(serializedPerms).contains(permission);
}
return false;
}代码示例来源:origin: apache/accumulo
@Override
public boolean hasCachedSystemPermission(String user, SystemPermission permission) {
byte[] perms = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
if (perms == null)
return false;
return ZKSecurityTool.convertSystemPermissions(perms).contains(permission);
}代码示例来源:origin: apache/accumulo
@Override
public void initializeSecurity(String principal, byte[] token) {
try {
// remove old settings from zookeeper first, if any
IZooReaderWriter zoo = context.getZooReaderWriter();
synchronized (zooCache) {
zooCache.clear();
if (zoo.exists(ZKUserPath)) {
zoo.recursiveDelete(ZKUserPath, NodeMissingPolicy.SKIP);
log.info("Removed {}/ from zookeeper", ZKUserPath);
}
// prep parent node of users with root username
zoo.putPersistentData(ZKUserPath, principal.getBytes(UTF_8), NodeExistsPolicy.FAIL);
constructUser(principal, ZKSecurityTool.createPass(token));
}
} catch (KeeperException | AccumuloException | InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
}
}代码示例来源:origin: apache/accumulo
@Override
public void initialize(ServerContext context, boolean initialize) {
zooCache = new ZooCache(context.getZooReaderWriter(), null);
zoo = context.getZooReaderWriter();
String instanceId = context.getInstanceID();
ZKUserPath = ZKSecurityTool.getInstancePath(instanceId) + "/users";
ZKTablePath = ZKSecurityTool.getInstancePath(instanceId) + "/tables";
ZKNamespacePath = ZKSecurityTool.getInstancePath(instanceId) + "/namespaces";
}代码示例来源:origin: apache/accumulo
private static byte[] convertPass(byte[] password, byte[] salt) throws NoSuchAlgorithmException {
byte[] plainSalt = new byte[password.length + SALT_LENGTH];
System.arraycopy(password, 0, plainSalt, 0, password.length);
System.arraycopy(salt, 0, plainSalt, password.length, SALT_LENGTH);
byte[] hashed = hash(plainSalt);
byte[] saltedHash = new byte[SALT_LENGTH + hashed.length];
System.arraycopy(salt, 0, saltedHash, 0, SALT_LENGTH);
System.arraycopy(hashed, 0, saltedHash, SALT_LENGTH, hashed.length);
return saltedHash; // contains salt+hash(password+salt)
}代码示例来源:origin: apache/accumulo
public static boolean checkPass(byte[] password, byte[] zkData) {
if (zkData == null)
return false;
byte[] salt = new byte[SALT_LENGTH];
System.arraycopy(zkData, 0, salt, 0, SALT_LENGTH);
byte[] passwordToCheck;
try {
passwordToCheck = convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
log.error("Count not create hashed password", e);
return false;
}
return MessageDigest.isEqual(passwordToCheck, zkData);
}代码示例来源:origin: apache/accumulo
@Override
public boolean hasCachedNamespacePermission(String user, String namespace,
NamespacePermission permission) {
byte[] serializedPerms = zooCache
.get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
if (serializedPerms != null) {
return ZKSecurityTool.convertNamespacePermissions(serializedPerms).contains(permission);
}
return false;
}代码示例来源:origin: apache/accumulo
/**
* Sets up a new table configuration for the provided user/table. No checking for existence is
* done here, it should be done before calling.
*/
private void createTablePerm(String user, Table.ID table, Set<TablePermission> perms)
throws KeeperException, InterruptedException {
synchronized (zooCache) {
zooCache.clear();
zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table,
ZKSecurityTool.convertTablePermissions(perms), NodeExistsPolicy.FAIL);
}
}代码示例来源:origin: apache/accumulo
@Override
public void revokeSystemPermission(String user, SystemPermission permission)
throws AccumuloSecurityException {
byte[] sysPermBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
// User had no system permission, nothing to revoke.
if (sysPermBytes == null)
return;
Set<SystemPermission> sysPerms = ZKSecurityTool.convertSystemPermissions(sysPermBytes);
try {
if (sysPerms.remove(permission)) {
synchronized (zooCache) {
zooCache.clear();
zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserSysPerms,
ZKSecurityTool.convertSystemPermissions(sysPerms), NodeExistsPolicy.OVERWRITE);
}
}
} catch (KeeperException e) {
log.error("{}", e.getMessage(), e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
} catch (InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
}
}代码示例来源:origin: apache/accumulo
@Override
public void createUser(String principal, AuthenticationToken token)
throws AccumuloSecurityException {
try {
if (!(token instanceof PasswordToken))
throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN);
PasswordToken pt = (PasswordToken) token;
constructUser(principal, ZKSecurityTool.createPass(pt.getPassword()));
} catch (KeeperException e) {
if (e.code().equals(KeeperException.Code.NODEEXISTS))
throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_EXISTS, e);
throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e);
} catch (InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
} catch (AccumuloException e) {
log.error("{}", e.getMessage(), e);
throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
}
}代码示例来源:origin: apache/accumulo
@Override
public void initialize(ServerContext context, boolean initialize) {
this.context = context;
zooCache = new ZooCache(context.getZooReaderWriter(), null);
ZKUserPath = ZKSecurityTool.getInstancePath(context.getInstanceID()) + "/users";
}代码示例来源:origin: org.apache.accumulo/accumulo-server-base
private static byte[] convertPass(byte[] password, byte[] salt) throws NoSuchAlgorithmException {
byte[] plainSalt = new byte[password.length + SALT_LENGTH];
System.arraycopy(password, 0, plainSalt, 0, password.length);
System.arraycopy(salt, 0, plainSalt, password.length, SALT_LENGTH);
byte[] hashed = hash(plainSalt);
byte[] saltedHash = new byte[SALT_LENGTH + hashed.length];
System.arraycopy(salt, 0, saltedHash, 0, SALT_LENGTH);
System.arraycopy(hashed, 0, saltedHash, SALT_LENGTH, hashed.length);
return saltedHash; // contains salt+hash(password+salt)
}代码示例来源:origin: org.apache.accumulo/accumulo-server-base
public static boolean checkPass(byte[] password, byte[] zkData) {
if (zkData == null)
return false;
byte[] salt = new byte[SALT_LENGTH];
System.arraycopy(zkData, 0, salt, 0, SALT_LENGTH);
byte[] passwordToCheck;
try {
passwordToCheck = convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
log.error("Count not create hashed password", e);
return false;
}
return java.util.Arrays.equals(passwordToCheck, zkData);
}代码示例来源:origin: apache/accumulo
/**
* Sets up a new namespace configuration for the provided user/table. No checking for existence is
* done here, it should be done before calling.
*/
private void createNamespacePerm(String user, Namespace.ID namespace,
Set<NamespacePermission> perms) throws KeeperException, InterruptedException {
synchronized (zooCache) {
zooCache.clear();
zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace,
ZKSecurityTool.convertNamespacePermissions(perms), NodeExistsPolicy.FAIL);
}
}代码示例来源:origin: apache/accumulo
@Override
public void grantTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException {
Set<TablePermission> tablePerms;
byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table);
if (serializedPerms != null)
tablePerms = ZKSecurityTool.convertTablePermissions(serializedPerms);
else
tablePerms = new TreeSet<>();
try {
if (tablePerms.add(permission)) {
synchronized (zooCache) {
zooCache.clear(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table);
zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table,
ZKSecurityTool.convertTablePermissions(tablePerms), NodeExistsPolicy.OVERWRITE);
}
}
} catch (KeeperException e) {
log.error("{}", e.getMessage(), e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
} catch (InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
}
}代码示例来源:origin: apache/accumulo
@Override
public boolean hasSystemPermission(String user, SystemPermission permission) {
byte[] perms;
try {
String path = ZKUserPath + "/" + user + ZKUserSysPerms;
zoo.sync(path);
perms = zoo.getData(path, null);
} catch (KeeperException e) {
if (e.code() == Code.NONODE) {
return false;
}
log.warn("Unhandled KeeperException, failing closed for table permission check", e);
return false;
} catch (InterruptedException e) {
log.warn("Unhandled InterruptedException, failing closed for table permission check", e);
return false;
}
if (perms == null)
return false;
return ZKSecurityTool.convertSystemPermissions(perms).contains(permission);
}代码示例来源:origin: org.apache.accumulo/accumulo-server-base
public static byte[] createPass(byte[] password) throws AccumuloException {
byte[] salt = generateSalt();
try {
return convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
log.error("Count not create hashed password", e);
throw new AccumuloException("Count not create hashed password", e);
}
}内容来源于网络,如有侵权,请联系作者删除!