1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.hadoop.hbase.security;
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.hadoop.conf.Configuration;
25 import org.apache.hadoop.hbase.AuthUtil;
26 import org.apache.hadoop.hbase.classification.InterfaceAudience;
27
28 import java.io.IOException;
29 import java.util.ArrayList;
30 import java.util.List;
31
32
33
34
35
36 @InterfaceAudience.Private
37 public final class Superusers {
38 private static final Log LOG = LogFactory.getLog(Superusers.class);
39
40
41 public static final String SUPERUSER_CONF_KEY = "hbase.superuser";
42
43 private static List<String> superUsers;
44 private static List<String> superGroups;
45
46 private Superusers(){}
47
48
49
50
51
52
53
54
55 public static void initialize(Configuration conf) throws IOException {
56 superUsers = new ArrayList<>();
57 superGroups = new ArrayList<>();
58 User user = User.getCurrent();
59
60 if (user == null) {
61 throw new IllegalStateException("Unable to obtain the current user, "
62 + "authorization checks for internal operations will not work correctly!");
63 }
64
65 if (LOG.isTraceEnabled()) {
66 LOG.trace("Current user name is " + user.getShortName());
67 }
68 String currentUser = user.getShortName();
69 String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
70 for (String name : superUserList) {
71 if (AuthUtil.isGroupPrincipal(name)) {
72 superGroups.add(AuthUtil.getGroupName(name));
73 } else {
74 superUsers.add(name);
75 }
76 }
77 superUsers.add(currentUser);
78 }
79
80
81
82
83
84
85
86
87 public static boolean isSuperUser(User user) {
88 if (superUsers == null) {
89 throw new IllegalStateException("Super users/super groups lists"
90 + " haven't been initialized properly.");
91 }
92 if (superUsers.contains(user.getShortName())) {
93 return true;
94 }
95
96 for (String group : user.getGroupNames()) {
97 if (superGroups.contains(group)) {
98 return true;
99 }
100 }
101 return false;
102 }
103
104
105
106
107
108
109
110
111
112 @Deprecated
113 public static boolean isSuperUser(String user) {
114 if (superUsers == null) {
115 throw new IllegalStateException("Super users/super groups lists"
116 + " haven't been initialized properly.");
117 }
118 if (superUsers.contains(user)) {
119 return true;
120 } else {
121 return false;
122 }
123 }
124 }