You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by ge...@apache.org on 2018/06/19 13:22:05 UTC
oozie git commit: OOZIE-3270 Upgrade Derby to 10.14.1.0 (gezapeti)
Repository: oozie
Updated Branches:
refs/heads/master 442ffd696 -> 6257e2066
OOZIE-3270 Upgrade Derby to 10.14.1.0 (gezapeti)
Change-Id: I5cc8c63f0f29468483336221738e5509bb34ce1b
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/6257e206
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/6257e206
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/6257e206
Branch: refs/heads/master
Commit: 6257e20668ae6ea4a8d0518be2e7ac7fe1bf3651
Parents: 442ffd6
Author: Gezapeti Cseh <ge...@apache.org>
Authored: Tue Jun 19 14:35:09 2018 +0200
Committer: Gezapeti Cseh <ge...@apache.org>
Committed: Tue Jun 19 15:21:39 2018 +0200
----------------------------------------------------------------------
docs/src/site/twiki/DG_Overview.twiki | 4 +
pom.xml | 2 +-
release-log.txt | 1 +
.../oozie/action/hadoop/TestHiveMain.java | 8 +-
sharelib/oozie/pom.xml | 1 -
.../apache/oozie/action/hadoop/LauncherAM.java | 65 +--------------
.../action/hadoop/security/AllowAllPolicy.java | 76 +++++++++++++++++
.../security/LauncherSecurityManager.java | 86 ++++++++++++++++++++
.../oozie/action/hadoop/TestLauncherAM.java | 2 +-
.../hadoop/security/TestAllowAllPolicy.java | 41 ++++++++++
.../oozie/tools/LauncherSecurityManager.java | 73 -----------------
.../org/apache/oozie/tools/TestOozieDBCLI.java | 20 ++---
.../apache/oozie/tools/TestOozieMySqlDBCLI.java | 17 ++--
.../oozie/tools/TestOozieSharelibCLI.java | 18 ++--
.../apache/oozie/tools/diag/TestArgParser.java | 15 ++--
15 files changed, 246 insertions(+), 183 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/docs/src/site/twiki/DG_Overview.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/DG_Overview.twiki b/docs/src/site/twiki/DG_Overview.twiki
index 8f9b06e..3ec94a2 100644
--- a/docs/src/site/twiki/DG_Overview.twiki
+++ b/docs/src/site/twiki/DG_Overview.twiki
@@ -19,6 +19,10 @@ Oozie workflows definitions are written in hPDL (a XML Process Definition Langua
Oozie workflow actions start jobs in remote systems (i.e. Hadoop, Pig). Upon action completion, the remote systems
callback Oozie to notify the action completion, at this point Oozie proceeds to the next action in the workflow.
+Oozie uses a custom SecurityManager inside it's launcher to catch exit() calls from the user code. Make sure to delegate checkExit()
+calls to Oozie's SecurityManager if the user code uses its own SecurityManager. The Launcher also grants java.security.AllPermission
+by default to the user code.
+
Oozie workflows contain control flow nodes and action nodes.
Control flow nodes define the beginning and the end of a workflow ( =start=, =end= and =fail= nodes) and provide a
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7f03e6d..0c39d64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1341,7 +1341,7 @@
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
- <version>10.11.1.1</version>
+ <version>10.14.1.0</version>
<scope>compile</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index aaf0d59..0e3fdfd 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.1.0 release (trunk - unreleased)
+OOZIE-3270 Upgrade Derby to 10.14.1.0 (gezapeti)
OOZIE-3275 [docs] Update AG_Install.twiki with Access Control List documentation (andras.piros)
OOZIE-2339 [fluent-job] Minimum Viable Fluent Job API (daniel.becker, andras.piros via rkanter, gezapeti, pbacsko)
OOZIE-3224 Upgrade Jetty to 9.3 (kmarton via andras.piros)
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/hive/src/test/java/org/apache/oozie/action/hadoop/TestHiveMain.java
----------------------------------------------------------------------
diff --git a/sharelib/hive/src/test/java/org/apache/oozie/action/hadoop/TestHiveMain.java b/sharelib/hive/src/test/java/org/apache/oozie/action/hadoop/TestHiveMain.java
index 4ec0fed..1a4d0b2 100644
--- a/sharelib/hive/src/test/java/org/apache/oozie/action/hadoop/TestHiveMain.java
+++ b/sharelib/hive/src/test/java/org/apache/oozie/action/hadoop/TestHiveMain.java
@@ -33,21 +33,18 @@ import java.util.Set;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.apache.oozie.test.MiniHCatServer;
import org.apache.oozie.util.XConfiguration;
public class TestHiveMain extends MainTestCase {
- private SecurityManager SECURITY_MANAGER;
-
@Override
protected void setUp() throws Exception {
super.setUp();
- SECURITY_MANAGER = System.getSecurityManager();
}
@Override
protected void tearDown() throws Exception {
- System.setSecurityManager(SECURITY_MANAGER);
super.tearDown();
}
@@ -142,7 +139,7 @@ public class TestHiveMain extends MainTestCase {
setSystemProperty("oozie.action.conf.xml", actionXml.getAbsolutePath());
setSystemProperty("oozie.action.externalChildIDs", externalChildIdsFile.getAbsolutePath());
- LauncherAM.LauncherSecurityManager launcherSecurityManager = new LauncherAM.LauncherSecurityManager();
+ LauncherSecurityManager launcherSecurityManager = new LauncherSecurityManager();
launcherSecurityManager.enable();
String user = System.getProperty("user.name");
try {
@@ -168,6 +165,7 @@ public class TestHiveMain extends MainTestCase {
System.setProperty("user.name", user);
hiveSite.delete();
MiniHCatServer.resetHiveConfStaticVariables();
+ launcherSecurityManager.disable();
}
assertTrue(externalChildIdsFile.exists());
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/pom.xml
----------------------------------------------------------------------
diff --git a/sharelib/oozie/pom.xml b/sharelib/oozie/pom.xml
index 6da319e..a791ae8 100644
--- a/sharelib/oozie/pom.xml
+++ b/sharelib/oozie/pom.xml
@@ -38,7 +38,6 @@
</properties>
<dependencies>
-
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/LauncherAM.java
----------------------------------------------------------------------
diff --git a/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/LauncherAM.java b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/LauncherAM.java
index cab1452..4a41941 100644
--- a/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/LauncherAM.java
+++ b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/LauncherAM.java
@@ -23,7 +23,6 @@ import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.Permission;
import java.security.PrivilegedExceptionAction;
import java.text.MessageFormat;
import java.util.Collection;
@@ -37,7 +36,6 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
-import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
@@ -52,6 +50,7 @@ import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
public class LauncherAM {
public static final String OOZIE_ACTION_CONF_XML = "oozie.action.conf.xml";
@@ -151,7 +150,6 @@ public class LauncherAM {
new LauncherSecurityManager(),
System.getenv(ApplicationConstants.Environment.CONTAINER_ID.name()),
launcherConf);
-
launcher.run();
return null;
}
@@ -410,7 +408,6 @@ public class LauncherAM {
// Enable LauncherSecurityManager to catch System.exit calls
launcherSecurityManager.enable();
mainMethod.invoke(null, (Object) mainArgs);
-
System.out.println();
System.out.println("<<< Invocation of Main class completed <<<");
System.out.println();
@@ -581,66 +578,6 @@ public class LauncherAM {
return LauncherAMUtils.getMainArguments(conf);
}
- public static class LauncherSecurityManager extends SecurityManager {
- private boolean exitInvoked;
- private int exitCode;
- private SecurityManager originalSecurityManager;
-
- public LauncherSecurityManager() {
- exitInvoked = false;
- exitCode = 0;
- originalSecurityManager = System.getSecurityManager();
- }
-
- @Override
- public void checkPermission(Permission perm, Object context) {
- if (originalSecurityManager != null) {
- // check everything with the original SecurityManager
- originalSecurityManager.checkPermission(perm, context);
- }
- }
-
- @Override
- public void checkPermission(Permission perm) {
- if (originalSecurityManager != null) {
- // check everything with the original SecurityManager
- originalSecurityManager.checkPermission(perm);
- }
- }
-
- @Override
- public void checkExit(int status) throws SecurityException {
- exitInvoked = true;
- exitCode = status;
- throw new SecurityException("Intercepted System.exit(" + status + ")");
- }
-
- public boolean getExitInvoked() {
- return exitInvoked;
- }
-
- public int getExitCode() {
- return exitCode;
- }
-
- public void enable() {
- if (System.getSecurityManager() != this) {
- System.setSecurityManager(this);
- }
- }
-
- public void disable() {
- if (System.getSecurityManager() == this) {
- System.setSecurityManager(originalSecurityManager);
- }
- }
-
- public void reset() {
- exitInvoked = false;
- exitCode = 0;
- }
- }
-
public enum OozieActionResult {
SUCCEEDED(FinalApplicationStatus.SUCCEEDED),
FAILED(FinalApplicationStatus.FAILED),
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/AllowAllPolicy.java
----------------------------------------------------------------------
diff --git a/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/AllowAllPolicy.java b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/AllowAllPolicy.java
new file mode 100644
index 0000000..0f8036b
--- /dev/null
+++ b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/AllowAllPolicy.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.oozie.action.hadoop.security;
+
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+/**
+ * A security policy that grants AllPermissions.
+ * <p>
+ * LauncherAM uses Security Manager to handle exits. With Derby version 10.12.1.1 and above, if a
+ * security manager is configured, embedded Derby requires usederbyinternals permission, and
+ * that is checked directly using AccessController.checkPermission. This class will be used to
+ * setup a security policy to grant AllPermissions to prevent failures related to Derby and other
+ * similar dependencies in the future.
+ * </p>
+ */
+class AllowAllPolicy extends Policy {
+
+ private PermissionCollection perms;
+
+ public AllowAllPolicy() {
+ super();
+ perms = new AllPermissionCollection();
+ perms.add(new AllPermission());
+ }
+
+ @Override
+ public PermissionCollection getPermissions(CodeSource codesource) {
+ return perms;
+ }
+
+ static class AllPermissionCollection extends PermissionCollection {
+
+ List<Permission> perms = new ArrayList<>();
+
+ public void add(Permission p) {
+ perms.add(p);
+ }
+
+ public boolean implies(Permission p) {
+ return true;
+ }
+
+ public Enumeration<Permission> elements() {
+ return Collections.enumeration(perms);
+ }
+
+ public boolean isReadOnly() {
+ return false;
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/LauncherSecurityManager.java
----------------------------------------------------------------------
diff --git a/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/LauncherSecurityManager.java b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/LauncherSecurityManager.java
new file mode 100644
index 0000000..82838aa
--- /dev/null
+++ b/sharelib/oozie/src/main/java/org/apache/oozie/action/hadoop/security/LauncherSecurityManager.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.oozie.action.hadoop.security;
+
+import java.security.Permission;
+import java.security.Policy;
+
+public class LauncherSecurityManager extends SecurityManager {
+ private boolean exitInvoked;
+ private int exitCode;
+ private SecurityManager originalSecurityManager;
+ private Policy originalPolicy;
+
+ public LauncherSecurityManager() {
+ exitInvoked = false;
+ exitCode = 0;
+ originalSecurityManager = System.getSecurityManager();
+ originalPolicy = Policy.getPolicy();
+ }
+
+ @Override
+ public void checkPermission(Permission perm, Object context) {
+ if (originalSecurityManager != null) {
+ // check everything with the original SecurityManager
+ originalSecurityManager.checkPermission(perm, context);
+ }
+ }
+
+ @Override
+ public void checkPermission(Permission perm) {
+ if (originalSecurityManager != null) {
+ // check everything with the original SecurityManager
+ originalSecurityManager.checkPermission(perm);
+ }
+ }
+
+ @Override
+ public void checkExit(int status) throws SecurityException {
+ exitInvoked = true;
+ exitCode = status;
+ throw new SecurityException("Intercepted System.exit(" + status + ")");
+ }
+
+ public boolean getExitInvoked() {
+ return exitInvoked;
+ }
+
+ public int getExitCode() {
+ return exitCode;
+ }
+
+ public void enable() {
+ if (System.getSecurityManager() != this) {
+ Policy.setPolicy(new AllowAllPolicy());
+ System.setSecurityManager(this);
+ }
+ }
+
+ public void disable() {
+ if (System.getSecurityManager() == this) {
+ System.setSecurityManager(originalSecurityManager);
+ Policy.setPolicy(originalPolicy);
+ }
+ }
+
+ public void reset() {
+ exitInvoked = false;
+ exitCode = 0;
+ }
+}
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/TestLauncherAM.java
----------------------------------------------------------------------
diff --git a/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/TestLauncherAM.java b/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/TestLauncherAM.java
index 533d5b2..cad6dac 100644
--- a/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/TestLauncherAM.java
+++ b/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/TestLauncherAM.java
@@ -64,7 +64,7 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.yarn.api.records.FinalApplicationStatus;
import org.apache.hadoop.yarn.client.api.async.AMRMClientAsync;
import org.apache.hadoop.yarn.util.ConverterUtils;
-import org.apache.oozie.action.hadoop.LauncherAM.LauncherSecurityManager;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.apache.oozie.action.hadoop.LauncherAM.OozieActionResult;
import org.junit.Before;
import org.junit.Rule;
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/security/TestAllowAllPolicy.java
----------------------------------------------------------------------
diff --git a/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/security/TestAllowAllPolicy.java b/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/security/TestAllowAllPolicy.java
new file mode 100644
index 0000000..05f5c3e
--- /dev/null
+++ b/sharelib/oozie/src/test/java/org/apache/oozie/action/hadoop/security/TestAllowAllPolicy.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.oozie.action.hadoop.security;
+
+import org.junit.Test;
+
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.util.Enumeration;
+
+import static junit.framework.TestCase.assertTrue;
+
+public class TestAllowAllPolicy {
+
+ @Test
+ public void testAllowAllPolicy() throws Exception {
+ final AllowAllPolicy policy = new AllowAllPolicy();
+ final PermissionCollection collection = policy.getPermissions((CodeSource) null);
+ final Enumeration<Permission> elements = collection.elements();
+ assertTrue("Policy should contain at least one permission", elements.hasMoreElements());
+ assertTrue("The first permission should allow everything.", elements.nextElement() instanceof AllPermission);
+ }
+}
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/tools/src/test/java/org/apache/oozie/tools/LauncherSecurityManager.java
----------------------------------------------------------------------
diff --git a/tools/src/test/java/org/apache/oozie/tools/LauncherSecurityManager.java b/tools/src/test/java/org/apache/oozie/tools/LauncherSecurityManager.java
deleted file mode 100644
index 69fc324..0000000
--- a/tools/src/test/java/org/apache/oozie/tools/LauncherSecurityManager.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-package org.apache.oozie.tools;
-
-import java.security.Permission;
-
-/**
- * class for masquerading System.exit()
- */
-public class LauncherSecurityManager extends SecurityManager {
- private static boolean exitInvoked;
- private static int exitCode;
- private SecurityManager securityManager;
-
- public LauncherSecurityManager() {
- reset();
- securityManager = System.getSecurityManager();
- System.setSecurityManager(this);
- }
-
- @Override
- public void checkPermission(Permission perm, Object context) {
- if (securityManager != null) {
- // check everything with the original SecurityManager
- securityManager.checkPermission(perm, context);
- }
- }
-
- @Override
- public void checkPermission(Permission perm) {
- if (securityManager != null) {
- // check everything with the original SecurityManager
- securityManager.checkPermission(perm);
- }
- }
-
- @Override
- public void checkExit(int status) throws SecurityException {
- exitInvoked = true;
- exitCode = status;
- throw new SecurityException("Intercepted System.exit(" + status + ")");
- }
-
- public static boolean getExitInvoked() {
- return exitInvoked;
- }
-
- public static int getExitCode() {
- return exitCode;
- }
-
- public static void reset() {
- exitInvoked = false;
- exitCode = 0;
- }
-}
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/tools/src/test/java/org/apache/oozie/tools/TestOozieDBCLI.java
----------------------------------------------------------------------
diff --git a/tools/src/test/java/org/apache/oozie/tools/TestOozieDBCLI.java b/tools/src/test/java/org/apache/oozie/tools/TestOozieDBCLI.java
index c0568ca..cf3427f 100644
--- a/tools/src/test/java/org/apache/oozie/tools/TestOozieDBCLI.java
+++ b/tools/src/test/java/org/apache/oozie/tools/TestOozieDBCLI.java
@@ -19,10 +19,10 @@
package org.apache.oozie.tools;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.apache.oozie.service.Services;
import org.apache.hadoop.fs.FileUtil;
import org.apache.oozie.test.XTestCase;
-import org.junit.AfterClass;
import org.junit.Assert;
import java.io.ByteArrayOutputStream;
@@ -46,19 +46,17 @@ import java.util.List;
* Test OozieDBCLI for data base derby
*/
public class TestOozieDBCLI extends XTestCase {
- private SecurityManager SECURITY_MANAGER;
private static String url = "jdbc:derby:target/test-data/oozietests/org.apache.oozie.tools.TestOozieDBCLI/data.db;create=true";
private String oozieConfig;
private static boolean databaseCreated = false;
-
+ private LauncherSecurityManager launcherSecurityManager;
@Override
protected void setUp() throws Exception {
this.oozieConfig = System.getProperty("oozie.test.config.file");
File oozieConfig = new File("src/test/resources/hsqldb-oozie-site.xml");
System.setProperty("oozie.test.config.file", oozieConfig.getAbsolutePath());
- SECURITY_MANAGER = System.getSecurityManager();
- new LauncherSecurityManager();
-
+ launcherSecurityManager = new LauncherSecurityManager();
+ launcherSecurityManager.enable();
if (!databaseCreated) {
// remove an old variant
FileUtil.fullyDelete(new File("target/test-data/oozietests/org.apache.oozie.tools.TestOozieDBCLI/data.db"));
@@ -74,7 +72,7 @@ public class TestOozieDBCLI extends XTestCase {
@Override
protected void tearDown() throws Exception {
- System.setSecurityManager(SECURITY_MANAGER);
+ launcherSecurityManager.disable();
if(oozieConfig!=null){
System.setProperty("oozie.test.config.file", oozieConfig);
}else{
@@ -228,10 +226,10 @@ public class TestOozieDBCLI extends XTestCase {
}
catch (SecurityException ex) {
- if (LauncherSecurityManager.getExitInvoked()) {
- System.out.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- System.err.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- return LauncherSecurityManager.getExitCode();
+ if (launcherSecurityManager.getExitInvoked()) {
+ System.out.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ System.err.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ return launcherSecurityManager.getExitCode();
}
else {
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/tools/src/test/java/org/apache/oozie/tools/TestOozieMySqlDBCLI.java
----------------------------------------------------------------------
diff --git a/tools/src/test/java/org/apache/oozie/tools/TestOozieMySqlDBCLI.java b/tools/src/test/java/org/apache/oozie/tools/TestOozieMySqlDBCLI.java
index 07a00a2..981a075 100644
--- a/tools/src/test/java/org/apache/oozie/tools/TestOozieMySqlDBCLI.java
+++ b/tools/src/test/java/org/apache/oozie/tools/TestOozieMySqlDBCLI.java
@@ -19,6 +19,7 @@
package org.apache.oozie.tools;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.apache.oozie.test.XTestCase;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -31,15 +32,15 @@ import java.sql.DriverManager;
* Test OozieDBCLI for mysql
*/
public class TestOozieMySqlDBCLI extends XTestCase {
- private SecurityManager SECURITY_MANAGER;
private static String url = "jdbc:mysql:fake";
private String oozieConfig;
+ private LauncherSecurityManager launcherSecurityManager;
@BeforeClass
protected void setUp() throws Exception {
- SECURITY_MANAGER = System.getSecurityManager();
DriverManager.registerDriver(new FakeDriver());
- new LauncherSecurityManager();
+ launcherSecurityManager = new LauncherSecurityManager();
+ launcherSecurityManager.enable();
this.oozieConfig = System.getProperty("oozie.test.config.file");
File oozieConfig = new File(getTestCaseConfDir(), "src/test/resources/fake-oozie-site.xml");
@@ -54,7 +55,7 @@ public class TestOozieMySqlDBCLI extends XTestCase {
@AfterClass
protected void tearDown() throws Exception {
- System.setSecurityManager(SECURITY_MANAGER);
+ launcherSecurityManager.disable();
DriverManager.registerDriver(new FakeDriver());
if(oozieConfig!=null){
System.setProperty("oozie.test.config.file", oozieConfig);
@@ -108,10 +109,10 @@ public class TestOozieMySqlDBCLI extends XTestCase {
}
catch (SecurityException ex) {
- if (LauncherSecurityManager.getExitInvoked()) {
- System.out.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- System.err.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- return LauncherSecurityManager.getExitCode();
+ if (launcherSecurityManager.getExitInvoked()) {
+ System.out.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ System.err.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ return launcherSecurityManager.getExitCode();
}
else {
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/tools/src/test/java/org/apache/oozie/tools/TestOozieSharelibCLI.java
----------------------------------------------------------------------
diff --git a/tools/src/test/java/org/apache/oozie/tools/TestOozieSharelibCLI.java b/tools/src/test/java/org/apache/oozie/tools/TestOozieSharelibCLI.java
index ccad273..f53d987 100644
--- a/tools/src/test/java/org/apache/oozie/tools/TestOozieSharelibCLI.java
+++ b/tools/src/test/java/org/apache/oozie/tools/TestOozieSharelibCLI.java
@@ -31,6 +31,7 @@ import org.apache.commons.io.IOUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.apache.oozie.service.HadoopAccessorService;
import org.apache.oozie.service.ServiceException;
import org.apache.oozie.service.Services;
@@ -43,17 +44,16 @@ import org.junit.rules.TemporaryFolder;
* Test OozieSharelibCLI
*/
public class TestOozieSharelibCLI extends XTestCase {
- private SecurityManager SECURITY_MANAGER;
private final String outPath = "outFolder";
private Services services = null;
private Path dstPath = null;
private FileSystem fs;
private final TemporaryFolder tmpFolder = new TemporaryFolder();
-
+ private LauncherSecurityManager launcherSecurityManager;
@Override
protected void setUp() throws Exception {
- SECURITY_MANAGER = System.getSecurityManager();
- new LauncherSecurityManager();
+ launcherSecurityManager = new LauncherSecurityManager();
+ launcherSecurityManager.enable();
tmpFolder.create();
super.setUp(false);
@@ -61,7 +61,7 @@ public class TestOozieSharelibCLI extends XTestCase {
@Override
protected void tearDown() throws Exception {
- System.setSecurityManager(SECURITY_MANAGER);
+ launcherSecurityManager.disable();
if (services != null) {
services.destroy();
}
@@ -225,10 +225,10 @@ public class TestOozieSharelibCLI extends XTestCase {
OozieSharelibCLI.main(args);
}
catch (SecurityException ex) {
- if (LauncherSecurityManager.getExitInvoked()) {
- System.out.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- System.err.println("Intercepting System.exit(" + LauncherSecurityManager.getExitCode() + ")");
- return LauncherSecurityManager.getExitCode();
+ if (launcherSecurityManager.getExitInvoked()) {
+ System.out.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ System.err.println("Intercepting System.exit(" + launcherSecurityManager.getExitCode() + ")");
+ return launcherSecurityManager.getExitCode();
}
else {
throw ex;
http://git-wip-us.apache.org/repos/asf/oozie/blob/6257e206/tools/src/test/java/org/apache/oozie/tools/diag/TestArgParser.java
----------------------------------------------------------------------
diff --git a/tools/src/test/java/org/apache/oozie/tools/diag/TestArgParser.java b/tools/src/test/java/org/apache/oozie/tools/diag/TestArgParser.java
index ba48dbb..fb9cb55 100644
--- a/tools/src/test/java/org/apache/oozie/tools/diag/TestArgParser.java
+++ b/tools/src/test/java/org/apache/oozie/tools/diag/TestArgParser.java
@@ -19,7 +19,7 @@
package org.apache.oozie.tools.diag;
import org.apache.commons.cli.CommandLine;
-import org.apache.oozie.tools.LauncherSecurityManager;
+import org.apache.oozie.action.hadoop.security.LauncherSecurityManager;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -35,23 +35,18 @@ import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
public class TestArgParser {
- private static SecurityManager SECURITY_MANAGER;
private CommandLine mockCommandLine = mock(CommandLine.class);
private final ArgParser argParser = new ArgParser();
-
+ private static LauncherSecurityManager launcherSecurityManager;
@BeforeClass
public static void setUp() throws Exception {
- SECURITY_MANAGER = System.getSecurityManager();
- interceptSecurityManager();
- }
-
- private static void interceptSecurityManager() {
- new LauncherSecurityManager();
+ launcherSecurityManager = new LauncherSecurityManager();
+ launcherSecurityManager.enable();
}
@AfterClass
public static void tearDown() throws Exception {
- System.setSecurityManager(SECURITY_MANAGER);
+ launcherSecurityManager.disable();
}
@Before