Package org.apache.accumulo.core.security

Class VisibilityEvaluator

java.lang.Object
org.apache.accumulo.core.security.VisibilityEvaluator
public class VisibilityEvaluator extends Object
A class which evaluates visibility expressions against a set of authorizations.

  • Constructor Details

    • VisibilityEvaluator

      public VisibilityEvaluator(AuthorizationContainer authsContainer)
      Creates a new evaluator for the authorizations found in the given container.
      Since:
      1.7.0

    • VisibilityEvaluator

      public VisibilityEvaluator(Authorizations authorizations)
      Creates a new evaluator for the given collection of authorizations. Each authorization string is escaped before handling, and the original strings are unchanged.
      Parameters:
      authorizations - authorizations object

  • Method Details

    • escape

      public static byte[] escape(byte[] auth, boolean quote)
      Properly escapes an authorization string. The string can be quoted if desired.
      Parameters:
      auth - authorization string, as UTF-8 encoded bytes
      quote - true to wrap escaped authorization in quotes
      Returns:
      escaped authorization string

    • evaluate

      public boolean evaluate(ColumnVisibility visibility) throws VisibilityParseException
      Evaluates the given column visibility against the authorizations provided to this evaluator. A visibility passes evaluation if all authorizations in it are contained in those known to the evaluator, and all AND and OR subexpressions have at least two children.
      Parameters:
      visibility - column visibility to evaluate
      Returns:
      true if visibility passes evaluation
      Throws:
      VisibilityParseException - if an AND or OR subexpression has less than two children, or a subexpression is of an unknown type