You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by kt...@apache.org on 2018/03/29 14:27:47 UTC

[accumulo] branch 1.8 updated: Fixed inefficient auths check (#410)

This is an automated email from the ASF dual-hosted git repository.

kturner pushed a commit to branch 1.8
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/1.8 by this push:
     new 226288b  Fixed inefficient auths check (#410)
226288b is described below

commit 226288b1bd1fe99fbb4d9c078c8b3c6eded57863
Author: Keith Turner <ke...@deenlo.com>
AuthorDate: Thu Mar 29 10:27:44 2018 -0400

    Fixed inefficient auths check (#410)
---
 .../accumulo/server/security/handler/ZKAuthorizor.java | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java
index 2803627..3e6c6b7 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java
@@ -19,7 +19,6 @@ package org.apache.accumulo.server.security.handler;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import java.nio.ByteBuffer;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -35,6 +34,7 @@ import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.TCredentials;
+import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeMissingPolicy;
@@ -163,11 +163,19 @@ public class ZKAuthorizor implements Authorizor {
 
   @Override
   public boolean isValidAuthorizations(String user, List<ByteBuffer> auths) throws AccumuloSecurityException {
-    Collection<ByteBuffer> userauths = getCachedUserAuthorizations(user).getAuthorizationsBB();
-    for (ByteBuffer auth : auths)
-      if (!userauths.contains(auth))
+    if (auths.isEmpty()) {
+      // avoid deserializing auths from ZK cache
+      return true;
+    }
+
+    Authorizations userauths = getCachedUserAuthorizations(user);
+
+    for (ByteBuffer auth : auths) {
+      if (!userauths.contains(ByteBufferUtil.toBytes(auth))) {
         return false;
+      }
+    }
+
     return true;
   }
-
 }

-- 
To stop receiving notification emails like this one, please contact
kturner@apache.org.