import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
@Override
public boolean canRead(Visibility visibility) {
    Preconditions.checkNotNull(visibility, "visibility is required");

    // this is just a shortcut so that we don't need to construct evaluators and visibility objects to check for an empty string.
    if (visibility.getVisibilityString().length() == 0) {
        return true;
    }

    VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(new org.apache.accumulo.core.security.Authorizations(this.getAuthorizations()));
    ColumnVisibility columnVisibility = new ColumnVisibility(visibility.getVisibilityString());
    try {
        return visibilityEvaluator.evaluate(columnVisibility);
    } catch (VisibilityParseException e) {
        throw new VertexiumException("could not evaluate visibility " + visibility.getVisibilityString(), e);
    }
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
/**
 * Checks if the user's authorizations allows them to have access to the
 * provided document based on its document visibility.
 * @param authorizations the {@link Authorizations}.
 * @param documentVisibility the {@link DocumentVisibility}.
 * @param doesEmptyAccessPass {@code true} if an empty authorization pass
 * allows access to everything. {@code false} otherwise.
 * @return {@code true} if the user has access to the document.
 * {@code false} otherwise.
 */
public static boolean doesUserHaveDocumentAccess(final Authorizations authorizations, final DocumentVisibility documentVisibility, final boolean doesEmptyAccessPass) {
    final Authorizations userAuths = authorizations != null ? authorizations : MongoDbRdfConstants.ALL_AUTHORIZATIONS;
    final VisibilityEvaluator visibilityEvaluator = new VisibilityEvaluator(userAuths);
    boolean accept = false;
    if (doesEmptyAccessPass && MongoDbRdfConstants.ALL_AUTHORIZATIONS.equals(userAuths)) {
        accept = true;
    } else {
        try {
            accept = visibilityEvaluator.evaluate(documentVisibility);
        } catch (final VisibilityParseException e) {
            log.error("Could not parse document visibility.");
        }
    }

    return accept;
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
/**
 * Validate Accumulo-style visibility expression against a set of authorizations.
 *
 * @param auths Formal authorizations of the user
 * @param visibilityExpression Accumulo-style visibility expression
 * @return true if validation authorizations against visibility expression, false otherwise
 */
public static boolean validateVisibilityExpression(Set<String> auths, String visibilityExpression) {
    if (StringUtils.isBlank(visibilityExpression)) {
        return true; // No visibility to check
    }

    if (auths == null || auths.isEmpty()) {
        return false; // Has visibility but no auths
    }

    final VisibilityEvaluator visEval = new VisibilityEvaluator(
            new org.apache.accumulo.core.security.Authorizations(
                    auths.toArray(new String[] {})));

    try {
        return visEval.evaluate(new ColumnVisibility(visibilityExpression));
    } catch (final VisibilityParseException e) {
        return false;
    }
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
private String validateVisibility(HttpServletRequest request, HttpServletResponse response) {
    String formalVisibility = request.getParameter("formalVisibility");
    String result;

    try {
        logger.info("validateVisibility: formalVisibility: {}", formalVisibility);
        MongoDatasetClient.getInstance().validateVisibility(formalVisibility);
        result = String.format("Successfully validated formal visibility '%s'", formalVisibility);
        logger.info(result);
    } catch (VisibilityParseException e) {
        result =
                String.format("Error when validating formal visibility '%s': %s", formalVisibility, e.getMessage());

        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }

    return result;
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
public boolean hasNext() {
	if (cursor != this.values.size()) {
		for (int i = cursor; i < this.values.size(); i++) {
			try {
				if (ve.evaluate(this.values.get(i).getColumnVisibility())) {
					return true;
				}
			} catch (VisibilityParseException e) {
				throw new RuntimeException(e);
			}
		}
		return false;
	} else {
		return false;
	}
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
@Override
public Object run() {
    ScriptDocValues docValues = (ScriptDocValues) doc().get(securityExpressionField);

    if (docValues == null) {
        logger.warn("Document didn't contain '" + securityExpressionField + "' for security label check!");
        return false;
    }

    List values = docValues.getValues();
    if (values == null || values.isEmpty()) {
        logger.warn("Document contained no values in '" + securityExpressionField + "'!");
        return false;
    }

    String visibilityExpression = values.get(0).toString();

    Boolean result = (Boolean) cache.get(visibilityExpression);
    if (result != null) {
        return result;
    }

    try {
        result = visibilityEvaluator.evaluate(new ColumnVisibility(visibilityExpression));
        cache.put(visibilityExpression, result);
        return result;
    } catch (VisibilityParseException e) {
        logger.error("Document contained unparseable '" + securityExpressionField + "' <" + visibilityExpression + ">!");
        return false;
    }
}
 

import org.apache.accumulo.core.security.VisibilityParseException; //导入依赖的package包/类
public void validateVisibility(String formalVisibility) throws VisibilityParseException {
    VisibilityUtils.generateVisibilityList(formalVisibility);
}