package com.ngdata.lily.security.hbase.client;
import org.lilyproject.bytes.api.DataInput;
import org.lilyproject.bytes.api.DataOutput;
import org.lilyproject.bytes.impl.DataInputImpl;
import org.lilyproject.bytes.impl.DataOutputImpl;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import java.util.HashSet;
import java.util.Set;
/**
* Information about a user as used within the HBase authorization framework.
*
* <p>This can be seen as the subset of information held by the AuthenticationContext which is needed
* to perform authorization on the HBase level.</p>
*/
public class AuthorizationContext {
private String name;
private String tenant;
private Set<String> roles;
/**
* The attribute on a HBase operation (like Get, Put, Scan, etc) in which the authentication
* information (= the serialization of this object) is stored.
*/
public static final String OPERATION_ATTRIBUTE = "lily.authctx";
/**
* Constructor.
*
* @param name name of this user, optional (nullable), only for informational purposes
* @param tenant unique name/id of the tenant for which the user is current logged in
* @param roles roles of the user for the active tenant, <b>without the tenant component</b>
*/
public AuthorizationContext(@Nullable String name, @Nonnull String tenant, @Nonnull Set<String> roles) {
this.name = name;
this.tenant = tenant;
this.roles = roles;
}
/**
* The name of the user, this is only used for informational/debugging purposes.
*
* @return null if the user is unknown
*/
@Nullable
public String getName() {
return name;
}
public String getTenant() {
return tenant;
}
/**
* The roles of the user.
*/
public Set<String> getRoles() {
return roles;
}
public byte[] serialize() {
DataOutput buffer = new DataOutputImpl();
buffer.writeVUTF(name);
buffer.writeVUTF(tenant);
buffer.writeVInt(roles.size());
for (String role : roles) {
buffer.writeVUTF(role);
}
return buffer.toByteArray();
}
public static AuthorizationContext deserialiaze(byte[] data) {
DataInput input = new DataInputImpl(data);
String name = input.readVUTF();
String tenant = input.readVUTF();
Set<String> roles = new HashSet<String>();
int roleCnt = input.readVInt();
for (int i = 0; i < roleCnt; i++) {
roles.add(input.readVUTF());
}
return new AuthorizationContext(name, tenant, roles);
}
}