You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2012/01/19 18:41:20 UTC

svn commit: r1233499 - in /incubator/accumulo/trunk: ./ src/server/ src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java

Author: vines
Date: Thu Jan 19 17:41:19 2012
New Revision: 1233499

URL: http://svn.apache.org/viewvc?rev=1233499&view=rev
Log:
ACCUMULO-328 - merging


Modified:
    incubator/accumulo/trunk/   (props changed)
    incubator/accumulo/trunk/src/server/   (props changed)
    incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java

Propchange: incubator/accumulo/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jan 19 17:41:19 2012
@@ -1,3 +1,3 @@
 /incubator/accumulo/branches/1.3:1190280,1190413,1190420,1190427,1190500,1195622,1195625,1195629,1195635,1196044,1196054,1196057,1196071-1196072,1196106,1197066,1198935,1199383,1203683,1204625,1205547,1205880,1206169,1208031,1209124,1209526,1209532,1209539,1209541,1209587,1209657,1210518,1210571,1210596,1210598,1213424,1214320,1225006,1227215,1227231,1227611,1228195,1230180,1230736,1231043
 /incubator/accumulo/branches/1.3.5rc:1209938
-/incubator/accumulo/branches/1.4:1201902-1233475
+/incubator/accumulo/branches/1.4:1201902-1233497

Propchange: incubator/accumulo/trunk/src/server/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jan 19 17:41:19 2012
@@ -1,3 +1,3 @@
 /incubator/accumulo/branches/1.3/src/server:1190280,1190413,1190420,1190427,1190500,1195622,1195625,1195629,1195635,1196044,1196054,1196057,1196071-1196072,1196106,1197066,1198935,1199383,1203683,1204625,1205547,1205880,1206169,1208031,1209124,1209526,1209532,1209539,1209541,1209587,1209657,1210518,1210571,1210596,1210598,1213424,1214320,1225006,1227215,1227231,1227611
 /incubator/accumulo/branches/1.3.5rc/src/server:1209938
-/incubator/accumulo/branches/1.4/src/server:1201902-1233475
+/incubator/accumulo/branches/1.4/src/server:1201902-1233497

Modified: incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java?rev=1233499&r1=1233498&r2=1233499&view=diff
==============================================================================
--- incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java (original)
+++ incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java Thu Jan 19 17:41:19 2012
@@ -337,12 +337,11 @@ public final class ZKAuthenticator imple
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
       return Constants.NO_AUTHS;
     
-    if (userExists(user))
-      try {
-        return Tool.convertAuthorizations(zooCache.get(ZKUserPath + "/" + user + ZKUserAuths));
-      } catch (IllegalArgumentException iae) {
-        // User was deleted between checking existance and grabbing auths.
-      }
+    if (userExists(user)) {
+      byte[] authsBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserAuths);
+      if (authsBytes != null)
+        return Tool.convertAuthorizations(authsBytes);
+    }
     throw new AccumuloSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
   }
   
@@ -411,11 +410,7 @@ public final class ZKAuthenticator imple
     
     byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table);
     if (serializedPerms != null) {
-      try {
-        return Tool.convertTablePermissions(serializedPerms).contains(permission);
-      } catch (IllegalArgumentException iae) {
-        throw new AccumuloSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
-      }
+      return Tool.convertTablePermissions(serializedPerms).contains(permission);
     }
     return false;
   }
@@ -434,7 +429,12 @@ public final class ZKAuthenticator imple
     
     if (userExists(user)) {
       try {
-        Set<SystemPermission> perms = Tool.convertSystemPermissions(zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms));
+        byte[] permBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
+        if (permBytes == null) {
+          throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
+        }
+
+        Set<SystemPermission> perms = Tool.convertSystemPermissions(permBytes);
         if (perms.add(permission)) {
           synchronized (zooCache) {
             zooCache.clear();
@@ -443,10 +443,6 @@ public final class ZKAuthenticator imple
           }
         }
         log.info("Granted system permission " + permission + " for user " + user + " at the request of user " + credentials.user);
-        return;
-      } catch (IllegalArgumentException iae) {
-        // User was deleted between checking existance and grabbing auths.
-        // Exception at end handles this
       } catch (KeeperException e) {
         log.error(e, e);
         throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
@@ -454,8 +450,8 @@ public final class ZKAuthenticator imple
         log.error(e, e);
         throw new RuntimeException(e);
       }
-    }
-    throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
+    } else
+      throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
   }
 
   @Override
@@ -509,8 +505,13 @@ public final class ZKAuthenticator imple
       throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.GRANT_INVALID);
 
     if (userExists(user)) {
+      byte[] sysPermBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
+      if (sysPermBytes == null)
+        throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST);
+
+      Set<SystemPermission> sysPerms = Tool.convertSystemPermissions(sysPermBytes);
+
       try {
-        Set<SystemPermission> sysPerms = Tool.convertSystemPermissions(zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms));
         if (sysPerms.remove(permission)) {
           synchronized (zooCache) {
             zooCache.clear();
@@ -519,10 +520,6 @@ public final class ZKAuthenticator imple
           }
         }
         log.info("Revoked system permission " + permission + " for user " + user + " at the request of user " + credentials.user);
-      } catch (IllegalArgumentException iae) {
-        // User was deleted between checking and pulling from the zooCache
-        throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST);
-
       } catch (KeeperException e) {
         log.error(e, e);
         throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);