org.apache.hadoop.security.authorize

Class AccessControlList

java.lang.Object

org.apache.hadoop.security.authorize.AccessControlList

All Implemented Interfaces:

Writable

@InterfaceAudience.Public
 @InterfaceStability.Evolving
public class AccessControlList
extends Object
implements Writable

Class representing a configured access control list.

Field Summary

Fields

Modifier and Type	Field and Description
static String	WILDCARD_ACL_VALUE

Constructor Summary

Constructors

Constructor and Description
AccessControlList() This constructor exists primarily for AccessControlList to be Writable.
AccessControlList(String aclString) Construct a new ACL from a String representation of the same.
AccessControlList(String users, String groups) Construct a new ACL from String representation of users and groups The arguments are comma separated lists

Method Summary

Modifier and Type	Method and Description
void	addGroup(String group) Add group to the names of groups allowed for this service.
void	addUser(String user) Add user to the names of users allowed for this service.
String	getAclString() Returns the access control list as a String that can be used for building a new instance by sending it to the constructor of AccessControlList.
Collection<String>	getGroups() Get the names of user groups allowed for this service.
Collection<String>	getUsers() Get the names of users allowed for this service.
boolean	isAllAllowed()
boolean	isUserAllowed(org.apache.hadoop.security.UserGroupInformation ugi)
boolean	isUserInList(org.apache.hadoop.security.UserGroupInformation ugi) Checks if a user represented by the provided UserGroupInformation is a member of the Access Control List
void	readFields(DataInput in) Deserializes the AccessControlList object
void	removeGroup(String group) Remove group from the names of groups allowed for this service.
void	removeUser(String user) Remove user from the names of users allowed for this service.
String	toString() Returns descriptive way of users and groups that are part of this ACL.
void	write(DataOutput out) Serializes the AccessControlList object

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

WILDCARD_ACL_VALUE

public static final String WILDCARD_ACL_VALUE

See Also:

Constant Field Values

Constructor Detail

AccessControlList

public AccessControlList()

This constructor exists primarily for AccessControlList to be Writable.

AccessControlList

public AccessControlList(String aclString)

Construct a new ACL from a String representation of the same. The String is a a comma separated list of users and groups. The user list comes first and is separated by a space followed by the group list. For e.g. "user1,user2 group1,group2"

Parameters:

aclString - String representation of the ACL

AccessControlList

public AccessControlList(String users,
                         String groups)

Construct a new ACL from String representation of users and groups The arguments are comma separated lists

Parameters:

users - comma separated list of users

groups - comma separated list of groups

Method Detail

isAllAllowed

public boolean isAllAllowed()

addUser

public void addUser(String user)

Add user to the names of users allowed for this service.

Parameters:

user - The user name

addGroup

public void addGroup(String group)

Add group to the names of groups allowed for this service.

Parameters:

group - The group name

removeUser

public void removeUser(String user)

Remove user from the names of users allowed for this service.

Parameters:

user - The user name

removeGroup

public void removeGroup(String group)

Remove group from the names of groups allowed for this service.

Parameters:

group - The group name

getUsers

public Collection<String> getUsers()

Get the names of users allowed for this service.

Returns:

the set of user names. the set must not be modified.

getGroups

public Collection<String> getGroups()

Get the names of user groups allowed for this service.

Returns:

the set of group names. the set must not be modified.

isUserInList

public final boolean isUserInList(org.apache.hadoop.security.UserGroupInformation ugi)

Checks if a user represented by the provided UserGroupInformation is a member of the Access Control List

Parameters:

ugi - UserGroupInformation to check if contained in the ACL

Returns:

true if ugi is member of the list

isUserAllowed

public boolean isUserAllowed(org.apache.hadoop.security.UserGroupInformation ugi)

toString

public String toString()

Returns descriptive way of users and groups that are part of this ACL. Use getAclString() to get the exact String that can be given to the constructor of AccessControlList to create a new instance.

Overrides:

toString in class Object

getAclString

public String getAclString()

Returns the access control list as a String that can be used for building a new instance by sending it to the constructor of AccessControlList.

write

public void write(DataOutput out)
           throws IOException

Serializes the AccessControlList object

Specified by:

write in interface Writable

Parameters:

out - DataOuput to serialize this object into.

Throws:

IOException

readFields

public void readFields(DataInput in)
                throws IOException

Deserializes the AccessControlList object

Specified by:

readFields in interface Writable

Parameters:

in - DataInput to deseriablize this object from.

Throws:

IOException