Package org.apache.druid.server.security

Class AuthorizationResult

java.lang.Object

org.apache.druid.server.security.AuthorizationResult

public class AuthorizationResult
extends Object

Represents the outcoming of performing authorization check on required resource accesses on a query or http requests. It contains:

• a boolean allow or deny access results for checking permissions on a list of resource actions.
• a failure message if deny access. It's null when access is allowed.
• a map of table name with optional Policy restriction. An empty value means there's no restriction enforced on the table.

Field Summary

Fields

Modifier and Type	Field	Description
static final AuthorizationResult	ALLOW_NO_RESTRICTION	Provides access with no restrictions to all resources.This should be limited to Druid internal systems or superusers, except in cases where granular ACL considerations are not a priority.
static final AuthorizationResult	DENY	Provides a default deny access result.

Method Summary

Modifier and Type	Method	Description
boolean	allowAccessWithNoRestriction()	Returns true if user has all required permission, and the policy restrictions indicates one of the following: no policy found the user has a no-restriction policy
boolean	allowBasicAccess()	Returns true if user has basic access.
static AuthorizationResult	allowWithRestriction(Map<String,Optional<Policy>> policyRestrictions)
static AuthorizationResult	deny(String failureMessage)
boolean	equals(Object o)
String	getErrorMessage()	Returns an error string if the AuthorizationResult doesn't permit all requried access.
Map<String,Optional<Policy>>	getPolicyMap()	Returns a map of table and Policy restriction on the table.
int	hashCode()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

ALLOW_NO_RESTRICTION

public static final AuthorizationResult ALLOW_NO_RESTRICTION

Provides access with no restrictions to all resources.This should be limited to Druid internal systems or superusers, except in cases where granular ACL considerations are not a priority.

DENY

public static final AuthorizationResult DENY

Provides a default deny access result.

Method Details

deny

public static AuthorizationResult deny(@Nonnull
 String failureMessage)

allowWithRestriction

public static AuthorizationResult allowWithRestriction(Map<String,Optional<Policy>> policyRestrictions)

allowBasicAccess

public boolean allowBasicAccess()

Returns true if user has basic access.

allowAccessWithNoRestriction

public boolean allowAccessWithNoRestriction()

Returns true if user has all required permission, and the policy restrictions indicates one of the following:

no policy found

the user has a no-restriction policy

getErrorMessage

public String getErrorMessage()

Returns an error string if the AuthorizationResult doesn't permit all requried access.

getPolicyMap

public Map<String,Optional<Policy>> getPolicyMap()

Returns a map of table and Policy restriction on the table. Empty value means the table doesn't have any restriction.

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object