accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: Catching Bad Authorizations
Date Tue, 20 May 2014 16:50:45 GMT
Hi Jeff,

If you try to scan with Authorizations which the current user does not 
have, you will get an AccumuloSecurityException with the error code 
SecurityErrorCode.BAD_AUTHORIZATIONS wrapped in a RuntimeException. This 
will likely be thrown when you try to call hasNext() on the Scanner's 
iterator(). This is also the case with the BatchScanner.

I would imagine this stems from using the Java Iterator interface which 
doesn't allow us to throw general Exceptions from its methods. We have 
to performance this security check for each batch returned, so it's also 
not feasible to just check when the (Batch)Scanner is created.

That being said, there may be something better that we can do. Please 
feel free to look into this and open a ticket if you find something 
better we can be doing here.

On 5/20/14, 12:19 PM, Jeff N wrote:
> Was curious to know if there is a specific Exception class I can catch when
> creating an scanner for a particular user? The 1.5 API for
> connector.createScanner says that bad authorizations throws an exception but
> the API entry says that the method throws a TableNotFoundException and the
> name seemed misleading. The authorization exception, to me, seems to pertain
> to a user and not a table.
> On a side note I'm wanting to detect when a user tries to access rows that
> the users authorizations don't allow in a more sophisticated manor then
> seeing if the scan doesn't return anything. Is that possible? It seems
> wishy-washy to give an error claiming that either there aren't any rows or
> you just don't have permission.
> -----
> --
> View this message in context:
> Sent from the Developers mailing list archive at

View raw message