You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2013/03/05 20:04:05 UTC
svn commit: r1452947 [3/3] - in /accumulo/trunk: ./ core/
core/src/main/java/org/apache/accumulo/core/security/
proxy/src/main/java/org/apache/accumulo/proxy/
proxy/src/main/java/org/apache/accumulo/proxy/thrift/
proxy/src/main/thrift/ proxy/src/test/j...
Modified: accumulo/trunk/proxy/src/main/thrift/proxy.thrift
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/main/thrift/proxy.thrift?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/main/thrift/proxy.thrift (original)
+++ accumulo/trunk/proxy/src/main/thrift/proxy.thrift Tue Mar 5 19:04:04 2013
@@ -65,11 +65,6 @@ struct ScanColumn {
2:optional binary colQualifier
}
-struct UserPass {
- 1:string username,
- 2:binary password
-}
-
struct IteratorSetting {
1: i32 priority,
2: string name,
@@ -231,8 +226,8 @@ exception TableExistsException {
service AccumuloProxy
{
- // get an identity token
- binary login(1:UserPass login);
+ // get an authentication token
+ binary login(1:string principal, 2:map<string, string> loginProperties) throws (1:AccumuloSecurityException ouch2);
// table operations
i32 addConstraint (1:binary login, 2:string tableName, 3:string constraintClassName) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2, 3:TableNotFoundException ouch3);
@@ -301,17 +296,17 @@ service AccumuloProxy
bool testClassLoad (1:binary login, 2:string className, 3:string asTypeName) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
// security operations
- bool authenticateUser (1:binary login, 2:string user, 3:binary password) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
+ bool authenticateUser (1:binary login, 2:string user, 3:map<string, string> properties) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
void changeUserAuthorizations (1:binary login, 2:string user, 3:set<binary> authorizations) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
- void changeUserPassword (1:binary login, 2:string user, 3:binary password) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
- void createUser (1:binary login, 2:string user, 3:binary password) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
- void dropUser (1:binary login, 2:string user) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
+ void changeLocalUserPassword (1:binary login, 2:string user, 3:binary password) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
+ void createLocalUser (1:binary login, 2:string user, 3:binary password) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
+ void dropLocalUser (1:binary login, 2:string user) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
list<binary> getUserAuthorizations (1:binary login, 2:string user) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
void grantSystemPermission (1:binary login, 2:string user, 3:SystemPermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
void grantTablePermission (1:binary login, 2:string user, 3:string table, 4:TablePermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
bool hasSystemPermission (1:binary login, 2:string user, 3:SystemPermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
bool hasTablePermission (1:binary login, 2:string user, 3:string table, 4:TablePermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
- set<string> listUsers (1:binary login) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
+ set<string> listLocalUsers (1:binary login) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
void revokeSystemPermission (1:binary login, 2:string user, 3:SystemPermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
void revokeTablePermission (1:binary login, 2:string user, 3:string table, 4:TablePermission perm) throws (1:AccumuloException ouch1, 2:AccumuloSecurityException ouch2);
Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java (original)
+++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java Tue Mar 5 19:04:04 2013
@@ -37,6 +37,7 @@ import java.util.Map;
import java.util.Properties;
import java.util.Random;
import java.util.Set;
+import java.util.TreeMap;
import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.conf.DefaultConfiguration;
@@ -67,7 +68,6 @@ import org.apache.accumulo.proxy.thrift.
import org.apache.accumulo.proxy.thrift.SystemPermission;
import org.apache.accumulo.proxy.thrift.TablePermission;
import org.apache.accumulo.proxy.thrift.TimeType;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.accumulo.test.MiniAccumuloCluster;
import org.apache.accumulo.test.functional.SlowIterator;
import org.apache.commons.io.FileUtils;
@@ -98,7 +98,9 @@ public class SimpleTest {
private static Thread thread;
private static int proxyPort;
private static org.apache.accumulo.proxy.thrift.AccumuloProxy.Client client;
- private static UserPass userpass = new UserPass("root", ByteBuffer.wrap(secret.getBytes()));
+ private static String principal = "root";
+ @SuppressWarnings("serial")
+ private static Map<String, String> properties = new TreeMap<String, String>() {{ put("password",secret);}};
private static ByteBuffer creds = null;
private static Class<? extends TProtocolFactory> protocolClass;
@@ -140,7 +142,7 @@ public class SimpleTest {
while (!proxyServer.isServing())
UtilWaitThread.sleep(100);
client = new TestProxyClient("localhost", proxyPort, protocolClass.newInstance()).proxy();
- creds = client.login(userpass);
+ creds = client.login(principal, properties);
}
@Test(timeout = 10000)
@@ -260,13 +262,13 @@ public class SimpleTest {
@Test
public void testSecurityOperations() throws Exception {
// check password
- assertTrue(client.authenticateUser(creds, "root", s2bb(secret)));
- assertFalse(client.authenticateUser(creds, "root", s2bb("")));
+ assertTrue(client.authenticateUser(creds, "root", s2pp(secret)));
+ assertFalse(client.authenticateUser(creds, "root", s2pp("")));
// create a user
- client.createUser(creds, "stooge", s2bb("password"));
+ client.createLocalUser(creds, "stooge", s2bb("password"));
// change auths
- Set<String> users = client.listUsers(creds);
+ Set<String> users = client.listLocalUsers(creds);
assertEquals(new HashSet<String>(Arrays.asList("root", "stooge")), users);
HashSet<ByteBuffer> auths = new HashSet<ByteBuffer>(Arrays.asList(s2bb("A"),s2bb("B")));
client.changeUserAuthorizations(creds, "stooge", auths);
@@ -274,11 +276,12 @@ public class SimpleTest {
assertEquals(auths, new HashSet<ByteBuffer>(update));
// change password
- client.changeUserPassword(creds, "stooge", s2bb(""));
- assertTrue(client.authenticateUser(creds, "stooge", s2bb("")));
+ client.changeLocalUserPassword(creds, "stooge", s2bb(""));
+ assertTrue(client.authenticateUser(creds, "stooge", s2pp("")));
// check permission failure
- ByteBuffer stooge = client.login(new UserPass("stooge", s2bb("")));
+ @SuppressWarnings("serial")
+ ByteBuffer stooge = client.login("stooge", new TreeMap<String,String>() {{put("password",""); }});
try {
client.createTable(stooge, "fail", true, TimeType.MILLIS);
@@ -329,8 +332,8 @@ public class SimpleTest {
}
// delete user
- client.dropUser(creds, "stooge");
- users = client.listUsers(creds);
+ client.dropLocalUser(creds, "stooge");
+ users = client.listLocalUsers(creds);
assertEquals(1, users.size());
}
@@ -508,6 +511,12 @@ public class SimpleTest {
return ByteBuffer.wrap(cf.getBytes());
}
+ private Map<String, String> s2pp(String cf) {
+ Map<String, String> toRet = new TreeMap<String, String>();
+ toRet.put("password", cf);
+ return toRet;
+ }
+
@AfterClass
public static void tearDownMiniCluster() throws Exception {
accumulo.stop();
Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyInstanceOperations.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyInstanceOperations.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyInstanceOperations.java (original)
+++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyInstanceOperations.java Tue Mar 5 19:04:04 2013
@@ -22,8 +22,8 @@ import static org.junit.Assert.assertTru
import java.nio.ByteBuffer;
import java.util.Properties;
+import java.util.TreeMap;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.server.TServer;
@@ -38,6 +38,7 @@ public class TestProxyInstanceOperations
protected static ByteBuffer userpass;
protected static final int port = 10197;
+ @SuppressWarnings("serial")
@BeforeClass
public static void setup() throws Exception {
Properties prop = new Properties();
@@ -53,7 +54,7 @@ public class TestProxyInstanceOperations
};
thread.start();
tpc = new TestProxyClient("localhost", port);
- userpass = tpc.proxy.login(new UserPass("root", ByteBuffer.wrap("".getBytes())));
+ userpass = tpc.proxy.login("root", new TreeMap<String, String>() {{ put("password",""); }});
}
@AfterClass
Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyReadWrite.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyReadWrite.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyReadWrite.java (original)
+++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyReadWrite.java Tue Mar 5 19:04:04 2013
@@ -26,6 +26,7 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.TreeMap;
import org.apache.accumulo.core.iterators.user.RegExFilter;
import org.apache.accumulo.proxy.thrift.BatchScanOptions;
@@ -37,7 +38,6 @@ import org.apache.accumulo.proxy.thrift.
import org.apache.accumulo.proxy.thrift.ScanOptions;
import org.apache.accumulo.proxy.thrift.ScanResult;
import org.apache.accumulo.proxy.thrift.TimeType;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.server.TServer;
import org.junit.After;
@@ -54,6 +54,7 @@ public class TestProxyReadWrite {
protected static final int port = 10194;
protected static final String testtable = "testtable";
+ @SuppressWarnings("serial")
@BeforeClass
public static void setup() throws Exception {
Properties prop = new Properties();
@@ -69,7 +70,7 @@ public class TestProxyReadWrite {
};
thread.start();
tpc = new TestProxyClient("localhost", port);
- userpass = tpc.proxy().login(new UserPass("root", ByteBuffer.wrap("".getBytes())));
+ userpass = tpc.proxy().login("root", new TreeMap<String, String>() {{put("password",""); }});
}
@AfterClass
Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxySecurityOperations.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxySecurityOperations.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxySecurityOperations.java (original)
+++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxySecurityOperations.java Tue Mar 5 19:04:04 2013
@@ -23,12 +23,14 @@ import static org.junit.Assert.assertTru
import java.nio.ByteBuffer;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
+import java.util.TreeMap;
+import org.apache.accumulo.core.util.ByteBufferUtil;
import org.apache.accumulo.proxy.thrift.SystemPermission;
import org.apache.accumulo.proxy.thrift.TablePermission;
import org.apache.accumulo.proxy.thrift.TimeType;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.server.TServer;
@@ -48,6 +50,7 @@ public class TestProxySecurityOperations
protected static final String testuser = "VonJines";
protected static final ByteBuffer testpw = ByteBuffer.wrap("fiveones".getBytes());
+ @SuppressWarnings("serial")
@BeforeClass
public static void setup() throws Exception {
Properties prop = new Properties();
@@ -64,7 +67,7 @@ public class TestProxySecurityOperations
thread.start();
tpc = new TestProxyClient("localhost", port);
- userpass = tpc.proxy().login(new UserPass("root", ByteBuffer.wrap("".getBytes())));
+ userpass = tpc.proxy().login("root", new TreeMap<String, String>() {{put("password",""); }});
}
@AfterClass
@@ -76,31 +79,31 @@ public class TestProxySecurityOperations
@Before
public void makeTestTableAndUser() throws Exception {
tpc.proxy().createTable(userpass, testtable, true, TimeType.MILLIS);
- tpc.proxy().createUser(userpass, testuser, testpw);
+ tpc.proxy().createLocalUser(userpass, testuser, testpw);
}
@After
public void deleteTestTable() throws Exception {
tpc.proxy().deleteTable(userpass, testtable);
- tpc.proxy().dropUser(userpass, testuser);
+ tpc.proxy().dropLocalUser(userpass, testuser);
}
@Test
public void create() throws TException {
- tpc.proxy().createUser(userpass, testuser + "2", testpw);
- assertTrue(tpc.proxy().listUsers(userpass).contains(testuser + "2"));
- tpc.proxy().dropUser(userpass, testuser + "2");
- assertTrue(!tpc.proxy().listUsers(userpass).contains(testuser + "2"));
+ tpc.proxy().createLocalUser(userpass, testuser + "2", testpw);
+ assertTrue(tpc.proxy().listLocalUsers(userpass).contains(testuser + "2"));
+ tpc.proxy().dropLocalUser(userpass, testuser + "2");
+ assertTrue(!tpc.proxy().listLocalUsers(userpass).contains(testuser + "2"));
}
@Test
public void authenticate() throws TException {
- assertTrue(tpc.proxy().authenticateUser(userpass, testuser, testpw));
- assertFalse(tpc.proxy().authenticateUser(userpass, "EvilUser", testpw));
+ assertTrue(tpc.proxy().authenticateUser(userpass, testuser, bb2pp(testpw)));
+ assertFalse(tpc.proxy().authenticateUser(userpass, "EvilUser", bb2pp(testpw)));
- tpc.proxy().changeUserPassword(userpass, testuser, ByteBuffer.wrap("newpass".getBytes()));
- assertFalse(tpc.proxy().authenticateUser(userpass, testuser, testpw));
- assertTrue(tpc.proxy().authenticateUser(userpass, testuser, ByteBuffer.wrap("newpass".getBytes())));
+ tpc.proxy().changeLocalUserPassword(userpass, testuser, ByteBuffer.wrap("newpass".getBytes()));
+ assertFalse(tpc.proxy().authenticateUser(userpass, testuser, bb2pp(testpw)));
+ assertTrue(tpc.proxy().authenticateUser(userpass, testuser, bb2pp(ByteBuffer.wrap("newpass".getBytes()))));
}
@@ -138,4 +141,10 @@ public class TestProxySecurityOperations
}
}
+ private Map<String, String> bb2pp(ByteBuffer cf) {
+ Map<String, String> toRet = new TreeMap<String, String>();
+ toRet.put("password", ByteBufferUtil.toString(cf));
+ return toRet;
+ }
+
}
Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyTableOperations.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyTableOperations.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyTableOperations.java (original)
+++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyTableOperations.java Tue Mar 5 19:04:04 2013
@@ -29,10 +29,10 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.TreeMap;
import org.apache.accumulo.proxy.thrift.ColumnUpdate;
import org.apache.accumulo.proxy.thrift.TimeType;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.server.TServer;
@@ -51,6 +51,7 @@ public class TestProxyTableOperations {
protected static final int port = 10195;
protected static final String testtable = "testtable";
+ @SuppressWarnings("serial")
@BeforeClass
public static void setup() throws Exception {
Properties prop = new Properties();
@@ -66,7 +67,7 @@ public class TestProxyTableOperations {
};
thread.start();
tpc = new TestProxyClient("localhost", port);
- userpass = tpc.proxy().login(new UserPass("root", ByteBuffer.wrap("".getBytes())));
+ userpass = tpc.proxy().login("root", new TreeMap<String, String>() {{put("password",""); }});
}
@AfterClass