Repository: accumulo Updated Branches: refs/heads/1.5.2-SNAPSHOT f8861bf3e -> 919975904 refs/heads/1.6.1-SNAPSHOT f573a14db -> f506e2c73 refs/heads/master 67670cdda -> f9a0d42ad
ACCUMULO-2767 Move CV term definition to class-level, add definition to user manual. Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/91997590 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/91997590 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/91997590 Branch: refs/heads/1.5.2-SNAPSHOT Commit: 919975904c28335b4d65fbf2133e2ce199c5be16 Parents: f8861bf Author: Josh Elser <els...@apache.org> Authored: Thu Jun 26 12:56:06 2014 -0400 Committer: Josh Elser <els...@apache.org> Committed: Thu Jun 26 12:56:06 2014 -0400 ---------------------------------------------------------------------- .../core/security/ColumnVisibility.java | 66 ++++++++++---------- .../accumulo_user_manual/chapters/security.tex | 10 ++- 2 files changed, 41 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/91997590/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java b/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java index bd0caba..af44ab5 100644 --- a/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java +++ b/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java @@ -35,6 +35,38 @@ import org.apache.hadoop.io.WritableComparator; /** * Validate the column visibility is a valid expression and set the visibility for a Mutation. See {@link ColumnVisibility#ColumnVisibility(byte[])} for the * definition of an expression. + * + * <P> + * The expression is a sequence of characters from the set [A-Za-z0-9_-.] along with the + * binary operators "&" and "|" indicating that both operands are necessary, or the either + * is necessary. The following are valid expressions for visibility: + * + * <pre> + * A + * A|B + * (A|B)&(C|D) + * orange|(red&yellow) + * </pre> + * + * <P> + * The following are not valid expressions for visibility: + * + * <pre> + * A|B&C + * A=B + * A|B| + * A&|B + * () + * ) + * dog|!cat + * </pre> + * + * <P> + * In addition to the base set of visibilities, any character can be used in the expression if it is quoted. If the quoted term contains '"' or '\', then escape + * the character with '\'. The {@link #quote(String)} method can be used to properly quote and escape terms automatically. The following is an example of a quoted term: + * <pre> + * "A#C"<span />&<span />B + * </pre> */ public class ColumnVisibility { @@ -381,39 +413,7 @@ public class ColumnVisibility { * Set the column visibility for a Mutation. * * @param expression - * An expression of the rights needed to see this mutation. The expression is a sequence of characters from the set [A-Za-z0-9_-] along with the - * binary operators "&" and "|" indicating that both operands are necessary, or the either is necessary. The following are valid expressions for - * visibility: - * - * <pre> - * A - * A|B - * (A|B)&(C|D) - * orange|(red&yellow) - * - * </pre> - * - * <P> - * The following are not valid expressions for visibility: - * - * <pre> - * A|B&C - * A=B - * A|B| - * A&|B - * () - * ) - * dog|!cat - * </pre> - * - * <P> - * You can use any character you like in your column visibility expression with quoting. If your quoted term contains '"' or '\' then escape - * them with '\'. The {@link #quote(String)} method will properly quote and escape terms for you. - * - * <pre> - * "A#C"<span />&<span />B - * </pre> - * + * An expression of the rights needed to see this mutation. The expression syntax is defined at the class-level documentation */ public ColumnVisibility(String expression) { this(expression.getBytes(Constants.UTF8)); http://git-wip-us.apache.org/repos/asf/accumulo/blob/91997590/docs/src/main/latex/accumulo_user_manual/chapters/security.tex ---------------------------------------------------------------------- diff --git a/docs/src/main/latex/accumulo_user_manual/chapters/security.tex b/docs/src/main/latex/accumulo_user_manual/chapters/security.tex index a5c4db3..949cbbb 100644 --- a/docs/src/main/latex/accumulo_user_manual/chapters/security.tex +++ b/docs/src/main/latex/accumulo_user_manual/chapters/security.tex @@ -48,8 +48,14 @@ mutation.put(colFam, colQual, colVis, timestamp, value); Security labels consist of a set of user-defined tokens that are required to read the value the label is associated with. The set of tokens required can be specified using -syntax that supports logical AND and OR combinations of tokens, as well as nesting -groups of tokens together. +syntax that supports logical AND \verb^&^ and OR \verb^|^ combinations of terms, as +well as nesting groups \verb^()^ of terms together. + +Each term is comprised of one to many alpha-numeric characters, hyphens, underscores or +periods. Optionally, each term may be wrapped in quotation marks +which removes the restriction on valid characters. In quoted terms, quotation marks +and backslash characters can be used as characters in the term by escaping them +with a backslash. For example, suppose within our organization we want to label our data values with security labels defined in terms of user roles. We might have tokens such as:
