Class ImpersonationAuthorizer
- java.lang.Object
-
- org.apache.storm.security.auth.authorizer.ImpersonationAuthorizer
-
- All Implemented Interfaces:
IAuthorizer
public class ImpersonationAuthorizer extends Object implements IAuthorizer
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classImpersonationAuthorizer.ImpersonationACL
-
Field Summary
Fields Modifier and Type Field Description protected IGroupMappingServiceProvidergroupMappingProviderprotected IPrincipalToLocalptolprotected Map<String,ImpersonationAuthorizer.ImpersonationACL>userImpersonationACLprotected static StringWILD_CARD
-
Constructor Summary
Constructors Constructor Description ImpersonationAuthorizer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanpermit(ReqContext context, String operation, Map<String,Object> topoConf)permit() method is invoked for each incoming Thrift request.voidprepare(Map<String,Object> conf)Invoked once immediately after construction.
-
-
-
Field Detail
-
WILD_CARD
protected static final String WILD_CARD
- See Also:
- Constant Field Values
-
userImpersonationACL
protected Map<String,ImpersonationAuthorizer.ImpersonationACL> userImpersonationACL
-
ptol
protected IPrincipalToLocal ptol
-
groupMappingProvider
protected IGroupMappingServiceProvider groupMappingProvider
-
-
Method Detail
-
prepare
public void prepare(Map<String,Object> conf)
Description copied from interface:IAuthorizerInvoked once immediately after construction.- Specified by:
preparein interfaceIAuthorizer- Parameters:
conf- Storm cluster configuration
-
permit
public boolean permit(ReqContext context, String operation, Map<String,Object> topoConf)
Description copied from interface:IAuthorizerpermit() method is invoked for each incoming Thrift request.- Specified by:
permitin interfaceIAuthorizer- Parameters:
context- request context includes info aboutoperation- operation nametopoConf- configuration of targeted topology- Returns:
- true if the request is authorized, false if reject
-
-