You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zh...@apache.org on 2018/01/02 02:01:22 UTC
[28/51] [abbrv] hbase git commit: HBASE-19679 Superusers Logging and
Data Structures (BELUGA BEHR)
HBASE-19679 Superusers Logging and Data Structures (BELUGA BEHR)
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/6708d544
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/6708d544
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/6708d544
Branch: refs/heads/HBASE-19397
Commit: 6708d544782b4e919908ddfdf1a34d02848e9388
Parents: 73ab51e
Author: tedyu <yu...@gmail.com>
Authored: Mon Jan 1 14:18:21 2018 -0800
Committer: tedyu <yu...@gmail.com>
Committed: Mon Jan 1 14:18:21 2018 -0800
----------------------------------------------------------------------
.../hadoop/hbase/security/Superusers.java | 25 ++++++++++----------
.../security/access/TestAccessController.java | 3 ++-
2 files changed, 14 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/6708d544/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java
index c52c764..1089197 100644
--- a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java
+++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java
@@ -20,8 +20,9 @@
package org.apache.hadoop.hbase.security;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
@@ -40,8 +41,8 @@ public final class Superusers {
/** Configuration key for superusers */
public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name
- private static List<String> superUsers;
- private static List<String> superGroups;
+ private static Set<String> superUsers;
+ private static Set<String> superGroups;
private static User systemUser;
private Superusers(){}
@@ -54,8 +55,8 @@ public final class Superusers {
* @throws IllegalStateException if current user is null
*/
public static void initialize(Configuration conf) throws IOException {
- superUsers = new ArrayList<>();
- superGroups = new ArrayList<>();
+ superUsers = new HashSet<>();
+ superGroups = new HashSet<>();
systemUser = User.getCurrent();
if (systemUser == null) {
@@ -63,10 +64,10 @@ public final class Superusers {
+ "authorization checks for internal operations will not work correctly!");
}
- if (LOG.isTraceEnabled()) {
- LOG.trace("Current user name is " + systemUser.getShortName());
- }
String currentUser = systemUser.getShortName();
+ LOG.trace("Current user name is {}", currentUser);
+ superUsers.add(currentUser);
+
String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
for (String name : superUserList) {
if (AuthUtil.isGroupPrincipal(name)) {
@@ -75,7 +76,6 @@ public final class Superusers {
superUsers.add(name);
}
}
- superUsers.add(currentUser);
}
/**
@@ -88,12 +88,11 @@ public final class Superusers {
public static boolean isSuperUser(User user) {
if (superUsers == null) {
throw new IllegalStateException("Super users/super groups lists"
- + " haven't been initialized properly.");
+ + " have not been initialized properly.");
}
if (superUsers.contains(user.getShortName())) {
return true;
}
-
for (String group : user.getGroupNames()) {
if (superGroups.contains(group)) {
return true;
@@ -102,7 +101,7 @@ public final class Superusers {
return false;
}
- public static List<String> getSuperUsers() {
+ public static Collection<String> getSuperUsers() {
return superUsers;
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/6708d544/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index 138a40e..f181747 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -34,6 +34,7 @@ import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.Collections;
import java.util.List;
@@ -1677,7 +1678,7 @@ public class TestAccessController extends SecureTestUtil {
acl.close();
}
- List<String> superUsers = Superusers.getSuperUsers();
+ Collection<String> superUsers = Superusers.getSuperUsers();
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));