diff --git hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java index ac1ee78..fdb8c50 100644 --- hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java +++ hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java @@ -20,9 +20,11 @@ package org.apache.hadoop.hbase.security.visibility; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.regex.Matcher; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.hbase.HConstants; /** * This class contains visibility labels associated with a Scan/Get deciding which all labeled data @@ -33,15 +35,26 @@ import org.apache.hadoop.classification.InterfaceStability; public class Authorizations { private List labels; - public Authorizations(String... labels) { this.labels = new ArrayList(labels.length); for (String label : labels) { + validateLabel(label); this.labels.add(label); } } + private void validateLabel(String label) { + Matcher matcher = HConstants.pattern.matcher(label); + if (!matcher.matches()) { + throw new IllegalArgumentException("Authorizations cannot contain '(', ')' ,'&' ,'|', '!'" + + " and cannot be empty"); + } + } + public Authorizations(List labels) { + for (String label : labels) { + validateLabel(label); + } this.labels = labels; } diff --git hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java index 9565764..19f04b9 100644 --- hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java +++ hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java @@ -19,6 +19,8 @@ package org.apache.hadoop.hbase.client; +import static org.junit.Assert.fail; + import java.io.IOException; import java.util.Arrays; import java.util.Set; @@ -26,6 +28,7 @@ import java.util.Set; import org.apache.hadoop.hbase.SmallTests; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.ClientProtos; +import org.apache.hadoop.hbase.security.visibility.Authorizations; import org.apache.hadoop.hbase.util.Bytes; import org.junit.Assert; import org.junit.Test; @@ -107,5 +110,61 @@ public class TestScan { Set qualifiers = scan.getFamilyMap().get(family); Assert.assertEquals(1, qualifiers.size()); } + + @Test + public void testSetAuthorizations() { + Scan scan = new Scan(); + scan.setAuthorizations(new Authorizations("A", "B", "0123", "A0", "1A1", "_a")); + try { + scan.setAuthorizations(new Authorizations("A|B")); + fail("Should have failed for A|B."); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations("A&B")); + fail("Should have failed for A&B."); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations("!B")); + fail("Should have failed for !B."); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations("A", "(A)")); + fail("Should have failed for (A)."); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations("A", "{A")); + fail("Should have failed for {A."); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations(" ")); + fail("Should have failed for empty"); + } catch (IllegalArgumentException e) { + } + try { + scan.setAuthorizations(new Authorizations(":B")); + } catch (IllegalArgumentException e) { + fail("Should have failed for :B"); + } + try { + scan.setAuthorizations(new Authorizations("-B")); + } catch (IllegalArgumentException e) { + fail("Should have failed for -B"); + } + try { + scan.setAuthorizations(new Authorizations(".B")); + } catch (IllegalArgumentException e) { + fail("Should have failed for .B"); + } + try { + scan.setAuthorizations(new Authorizations("/B")); + } catch (IllegalArgumentException e) { + fail("Should have failed for /B"); + } + } } diff --git hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java index 664ec6f..460b600 100644 --- hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java +++ hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java @@ -979,6 +979,8 @@ public final class HConstants { /** Configuration key for setting replication codec class name */ public static final String REPLICATION_CODEC_CONF_KEY = "hbase.replication.rpc.codec"; + public static final String regex = "[A-Za-z_\\-\\:\\/\\.0-9]+"; + public static final Pattern pattern = Pattern.compile(regex); private HConstants() { // Can't be instantiated with this ctor. }