List of usage examples for java.security AccessControlException AccessControlException
public AccessControlException(String s)
From source file:org.apache.hadoop.hive.ql.exec.MoveTask.java
private void moveFile(Path sourcePath, Path targetPath, boolean isDfsDir) throws Exception { FileSystem fs = sourcePath.getFileSystem(conf); if (isDfsDir) { // Just do a rename on the URIs, they belong to the same FS String mesg = "Moving data to: " + targetPath.toString(); String mesg_detail = " from " + sourcePath.toString(); console.printInfo(mesg, mesg_detail); // if source exists, rename. Otherwise, create a empty directory if (fs.exists(sourcePath)) { Path deletePath = null; // If it multiple level of folder are there fs.rename is failing so first // create the targetpath.getParent() if it not exist if (HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_INSERT_INTO_MULTILEVEL_DIRS)) { deletePath = createTargetPath(targetPath, fs); }//from ww w . j a v a 2 s.c om if (!Hive.moveFile(conf, sourcePath, targetPath, fs, true, false)) { try { if (deletePath != null) { fs.delete(deletePath, true); } } catch (IOException e) { LOG.info("Unable to delete the path created for facilitating rename" + deletePath); } throw new HiveException("Unable to rename: " + sourcePath + " to: " + targetPath); } } else if (!fs.mkdirs(targetPath)) { throw new HiveException("Unable to make directory: " + targetPath); } } else { // This is a local file String mesg = "Copying data to local directory " + targetPath.toString(); String mesg_detail = " from " + sourcePath.toString(); console.printInfo(mesg, mesg_detail); // delete the existing dest directory LocalFileSystem dstFs = FileSystem.getLocal(conf); if (dstFs.delete(targetPath, true) || !dstFs.exists(targetPath)) { console.printInfo(mesg, mesg_detail); // if source exists, rename. Otherwise, create a empty directory if (fs.exists(sourcePath)) { fs.copyToLocalFile(sourcePath, targetPath); } else { if (!dstFs.mkdirs(targetPath)) { throw new HiveException("Unable to make local directory: " + targetPath); } } } else { throw new AccessControlException( "Unable to delete the existing destination directory: " + targetPath); } } }
From source file:org.netxilia.api.impl.user.AclServiceImpl.java
@Override public void checkPermission(SheetFullName sheetFullName, Permission permission) throws AccessControlException { if (log.isDebugEnabled()) { log.debug("Check for " + sheetFullName + " " + permission + " isSet:" + AclPrivilegedMode.isSet()); }//from w w w .jav a2s .c o m if (AclPrivilegedMode.isSet()) { return; } ISheet aclSheet = null; boolean wasSet = AclPrivilegedMode.set(); try { aclSheet = getAclSheet(new WorkbookId(sheetFullName.getWorkbookName())); User user = userService.getCurrentUser(); if (user == null) { throw new AccessControlException("No current user"); } if (user.isAdmin()) { return; } // sheet.summary has the same permissions as sheet itself String sheetName = SheetFullName.sheetSimpleName(sheetFullName.getSheetName(), user); // if it's the user's private sheet, all access is allowed if (sheetName.equals(SheetFullName.privateSheetName(sheetFullName, user))) { return; } // check user if (checkPermission(workbookProcessor, aclSheet, AclObjectType.sheet, user.getLogin(), sheetName, permission)) { return; } // TODO: check groups // check all if (checkPermission(workbookProcessor, aclSheet, AclObjectType.sheet, ANY_USER, sheetName, permission)) { return; } if (checkPermission(workbookProcessor, aclSheet, AclObjectType.sheet, user.getLogin(), ANY_SHEET, permission)) { return; } throw new AccessControlException("Operation not permitted"); } catch (NotFoundException e) { // only happens if somebody deleted the sheet right before the filtering throw new AccessControlException("Cannot check permissions. Reason: " + e); } catch (NetxiliaResourceException e) { throw new AccessControlException("Cannot check permissions. Reason: " + e); } catch (NetxiliaBusinessException e) { throw new AccessControlException("Cannot check permissions. Reason: " + e); } finally { if (!wasSet) { AclPrivilegedMode.clear(); } if (log.isDebugEnabled()) { log.debug("<-- done for " + sheetFullName + " " + permission); } } }
From source file:org.apache.falcon.service.ProxyUserService.java
/** * Verifies a proxyuser./*from ww w. ja v a 2s. c o m*/ * * @param proxyUser user name of the proxy user. * @param proxyHost host the proxy user is making the request from. * @param doAsUser user the proxy user is impersonating. * @throws java.io.IOException thrown if an error during the validation has occurred. * @throws java.security.AccessControlException thrown if the user is not allowed to perform the proxyuser request. */ public void validate(String proxyUser, String proxyHost, String doAsUser) throws IOException { validateNotEmpty(proxyUser, "proxyUser", "If you're attempting to use user-impersonation via a proxy user, please make sure that " + "falcon.service.ProxyUserService.proxyuser.#USER#.hosts and " + "falcon.service.ProxyUserService.proxyuser.#USER#.groups are configured correctly"); validateNotEmpty(proxyHost, "proxyHost", "If you're attempting to use user-impersonation via a proxy user, please make sure that " + "falcon.service.ProxyUserService.proxyuser." + proxyUser + ".hosts and " + "falcon.service.ProxyUserService.proxyuser." + proxyUser + ".groups are configured correctly"); validateNotEmpty(doAsUser, "doAsUser", null); LOG.debug("Authorization check proxyuser [{}] host [{}] doAs [{}]", proxyUser, proxyHost, doAsUser); if (proxyUserHosts.containsKey(proxyUser)) { validateRequestorHost(proxyUser, proxyHost, proxyUserHosts.get(proxyUser)); validateGroup(proxyUser, doAsUser, proxyUserGroups.get(proxyUser)); } else { throw new AccessControlException(MessageFormat.format( "User [{0}] not defined as proxyuser. Please add it" + " to runtime properties.", proxyUser)); } }
From source file:com.thinkbiganalytics.metadata.modeshape.common.JcrPropertiesEntity.java
@Override public <T> T getProperty(String name, Class<T> type, boolean allowNotFound) { try {/*from w w w . j av a 2s. c o m*/ if ("nt:frozenNode".equalsIgnoreCase(this.node.getPrimaryNodeType().getName())) { T item = super.getProperty(name, type, true); if (item == null) { item = getPropertiesObject().map(obj -> obj.getProperty(name, type, allowNotFound)) .orElse(null); } return item; } else { if (JcrPropertyUtil.hasProperty(this.node.getPrimaryNodeType(), name)) { return super.getProperty(name, type, allowNotFound); } else { return getPropertiesObject().map(obj -> obj.getProperty(name, type, allowNotFound)) .orElse(null); } } } catch (AccessDeniedException e) { log.debug("Unable to access property: \"{}\" from node: {}", name, this.node, e); if (allowNotFound) { return null; } else { throw new AccessControlException( "You do not have the permission to access property \"" + name + "\""); } } catch (RepositoryException e) { throw new MetadataRepositoryException("Unable to get Property " + name); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrUtil.java
public static boolean hasNode(Session session, String absPath) { try {//from w ww. j a va2 s . c om if (absPath.startsWith("/")) { session.getNode(absPath); return true; } else { return session.getRootNode().hasNode(absPath); } } catch (PathNotFoundException e) { return false; } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException( "Failed to check for the existence of the node at path " + absPath, e); } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrPropertyUtil.java
private static boolean getBoolean(Node node, String name, boolean notFoundValue) { try {/*from ww w .j av a2 s. c o m*/ Property prop = node.getProperty(name); if (PropertyType.STRING == prop.getType()) { return BooleanUtils.toBoolean(prop.getString()); } else if (PropertyType.BOOLEAN == prop.getType()) { return prop.getBoolean(); } return notFoundValue; } catch (PathNotFoundException e) { return notFoundValue; } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException("Failed to access property: " + name, e); } }
From source file:org.apache.falcon.service.ProxyUserService.java
private void validateRequestorHost(String proxyUser, String hostname, Set<String> validHosts) throws IOException { if (validHosts != null) { if (!validHosts.contains(hostname) && !validHosts.contains(normalizeHostname(hostname))) { throw new AccessControlException( MessageFormat.format("Unauthorized host [{0}] for proxyuser [{1}]", hostname, proxyUser)); }//from w w w .j a v a2 s . c o m } }
From source file:com.thinkbiganalytics.metadata.modeshape.support.JcrUtil.java
public static boolean hasNode(Node parentNode, String name) { try {// w ww .j a va2s. c o m return parentNode.hasNode(name); } catch (AccessDeniedException e) { log.debug("Access denied", e); throw new AccessControlException(e.getMessage()); } catch (RepositoryException e) { throw new MetadataRepositoryException("Failed to check for the existence of the node named " + name, e); } }
From source file:com.thinkbiganalytics.metadata.modeshape.common.JcrPropertiesEntity.java
/** * Override//from w w w . ja v a 2s .co m * if the incoming name matches that of a primary property on this Node then set it, otherwise add it the mixin bag of properties */ public void setProperty(String name, Object value) { try { if (JcrPropertyUtil.hasProperty(this.node.getPrimaryNodeType(), name)) { super.setProperty(name, value); } else { ensurePropertiesObject().ifPresent(obj -> obj.setProperty(name, value)); } } catch (AccessControlException e) { throw new AccessControlException("You do not have the permission to set property \"" + name + "\""); } catch (AccessDeniedException e) { log.debug("Unable to set property: \"{}\" on node: {}", name, this.node, e); throw new AccessControlException("You do not have the permission to set property \"" + name + "\""); } catch (RepositoryException e) { throw new MetadataRepositoryException("Unable to set Property " + name + ":" + value); } }
From source file:org.apache.falcon.service.ProxyUserService.java
private void validateGroup(String proxyUser, String user, Set<String> validGroups) throws IOException { if (validGroups != null) { List<String> userGroups = Services.get().<GroupsService>getService(GroupsService.SERVICE_NAME) .getGroups(user);/* www . ja v a 2s. c o m*/ for (String g : validGroups) { if (userGroups.contains(g)) { return; } } throw new AccessControlException(MessageFormat.format( "Unauthorized proxyuser [{0}] for user [{1}], not in proxyuser groups", proxyUser, user)); } }