You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by ap...@apache.org on 2012/07/06 05:02:05 UTC

svn commit: r1358030 - in /hbase/branches/0.94/security/src: main/java/org/apache/hadoop/hbase/security/access/AccessController.java test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Author: apurtell
Date: Fri Jul  6 03:02:05 2012
New Revision: 1358030

URL: http://svn.apache.org/viewvc?rev=1358030&view=rev
Log:
HBASE-6253. Do not allow user to disable or drop ACL table (Gopinathan)

Modified:
    hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
    hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1358030&r1=1358029&r2=1358030&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Fri Jul  6 03:02:05 2012
@@ -616,6 +616,10 @@ public class AccessController extends Ba
   @Override
   public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c, byte[] tableName)
       throws IOException {
+    if (Bytes.equals(tableName, AccessControlLists.ACL_GLOBAL_NAME)) {
+      throw new AccessDeniedException("Not allowed to disable "
+          + AccessControlLists.ACL_TABLE_NAME_STR + " table.");
+    }
     requirePermission(tableName, null, null, Action.ADMIN, Action.CREATE);
   }
 

Modified: hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1358030&r1=1358029&r2=1358030&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Fri Jul  6 03:02:05 2012
@@ -306,8 +306,19 @@ public class TestAccessController {
       }
     };
 
+    PrivilegedExceptionAction disableAclTable = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null),
+            AccessControlLists.ACL_TABLE_NAME);
+        return null;
+      }
+    };
+
     verifyAllowed(disableTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER);
     verifyDenied(disableTable, USER_RW, USER_RO, USER_NONE);
+    
+    // No user should be allowed to disable _acl_ table
+    verifyDenied(disableAclTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_RW, USER_RO);
   }
 
   @Test