Package org.apache.hadoop.security.authorize

Class AccessControlList

java.lang.Object
org.apache.hadoop.security.authorize.AccessControlList
All Implemented Interfaces:
Writable
@Public @Evolving public class AccessControlList extends Object implements Writable
Class representing a configured access control list.

  • Field Details

  • Constructor Details

    • AccessControlList

      public AccessControlList()
      This constructor exists primarily for AccessControlList to be Writable.

    • AccessControlList

      public AccessControlList(String aclString)
      Construct a new ACL from a String representation of the same. The String is a a comma separated list of users and groups. The user list comes first and is separated by a space followed by the group list. For e.g. "user1,user2 group1,group2"
      Parameters:
      aclString - String representation of the ACL

    • AccessControlList

      public AccessControlList(String users, String groups)
      Construct a new ACL from String representation of users and groups The arguments are comma separated lists
      Parameters:
      users - comma separated list of users
      groups - comma separated list of groups

  • Method Details

    • isAllAllowed

      public boolean isAllAllowed()

    • addUser

      public void addUser(String user)
      Add user to the names of users allowed for this service.
      Parameters:
      user - The user name

    • addGroup

      public void addGroup(String group)
      Add group to the names of groups allowed for this service.
      Parameters:
      group - The group name

    • removeUser

      public void removeUser(String user)
      Remove user from the names of users allowed for this service.
      Parameters:
      user - The user name

    • removeGroup

      public void removeGroup(String group)
      Remove group from the names of groups allowed for this service.
      Parameters:
      group - The group name

    • getUsers

      public Collection<String> getUsers()
      Get the names of users allowed for this service.
      Returns:
      the set of user names. the set must not be modified.

    • getGroups

      public Collection<String> getGroups()
      Get the names of user groups allowed for this service.
      Returns:
      the set of group names. the set must not be modified.

    • isUserInList

      public final boolean isUserInList(UserGroupInformation ugi)
      Checks if a user represented by the provided UserGroupInformation is a member of the Access Control List. If user was proxied and USE_REAL_ACLS + the real user name is in the control list, then treat this case as if user were in the ACL list.
      Parameters:
      ugi - UserGroupInformation to check if contained in the ACL
      Returns:
      true if ugi is member of the list or if USE_REAL_ACLS + real user is in the list

    • isUserAllowed

      public boolean isUserAllowed(UserGroupInformation ugi)

    • toString

      public String toString()
      Returns descriptive way of users and groups that are part of this ACL. Use getAclString() to get the exact String that can be given to the constructor of AccessControlList to create a new instance.
      Overrides:
      toString in class Object

    • getAclString

      public String getAclString()
      Returns the access control list as a String that can be used for building a new instance by sending it to the constructor of AccessControlList.
      Returns:
      acl string.

    • write

      public void write(DataOutput out) throws IOException
      Serializes the AccessControlList object
      Specified by:
      write in interface Writable
      Parameters:
      out - DataOuput to serialize this object into.
      Throws:
      IOException - any other problem for write.

    • readFields

      public void readFields(DataInput in) throws IOException
      Deserializes the AccessControlList object
      Specified by:
      readFields in interface Writable
      Parameters:
      in - DataInput to deseriablize this object from.
      Throws:
      IOException - any other problem for readFields.