You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2012/09/24 19:17:25 UTC
svn commit: r1389490 [1/2] - in /accumulo/branches/ACCUMULO-259: ./ core/
server/ server/src/main/java/org/apache/accumulo/server/client/
server/src/main/java/org/apache/accumulo/server/master/
server/src/main/java/org/apache/accumulo/server/master/tab...
Author: vines
Date: Mon Sep 24 17:17:23 2012
New Revision: 1389490
URL: http://svn.apache.org/viewvc?rev=1389490&view=rev
Log:
After meandering this code base through multiple dropboxes, it seems somewhat borked. Trying to archive changes while I merge things back together
Added:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
- copied, changed from r1363473, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Removed:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Modified:
accumulo/branches/ACCUMULO-259/ (props changed)
accumulo/branches/ACCUMULO-259/core/ (props changed)
accumulo/branches/ACCUMULO-259/server/ (props changed)
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
accumulo/branches/ACCUMULO-259/src/ (props changed)
Propchange: accumulo/branches/ACCUMULO-259/
------------------------------------------------------------------------------
Merged /accumulo/branches/1.4/src:r1363430
Merged /accumulo/trunk:r1362561-1363473
Propchange: accumulo/branches/ACCUMULO-259/core/
------------------------------------------------------------------------------
Merged /accumulo/trunk/core:r1362561-1363473
Merged /accumulo/branches/1.4/src/core:r1363430
Propchange: accumulo/branches/ACCUMULO-259/server/
------------------------------------------------------------------------------
Merged /accumulo/branches/1.4/src/server:r1363430
Merged /accumulo/trunk/server:r1362561-1363473
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Mon Sep 24 17:17:23 2012
@@ -44,8 +44,8 @@ import org.apache.accumulo.core.security
import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
import org.apache.accumulo.core.util.ByteBufferUtil;
import org.apache.accumulo.server.conf.ServerConfiguration;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.zookeeper.TransactionWatcher;
import org.apache.accumulo.start.classloader.AccumuloClassLoader;
import org.apache.log4j.Logger;
@@ -54,7 +54,7 @@ import org.apache.thrift.TException;
public class ClientServiceHandler implements ClientService.Iface {
private static final Logger log = Logger.getLogger(ClientServiceHandler.class);
- private static SecurityOperation security = SecurityOperationImpl.getInstance();
+ private static SecurityOperation security = AuditedSecurityOperation.getInstance();
private final TransactionWatcher transactionWatcher;
private final Instance instance;
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java Mon Sep 24 17:17:23 2012
@@ -136,9 +136,9 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.master.tableOps.TraceRepo;
import org.apache.accumulo.server.master.tserverOps.ShutdownTServer;
import org.apache.accumulo.server.monitor.Monitor;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.security.SecurityUtil;
import org.apache.accumulo.server.tabletserver.TabletTime;
import org.apache.accumulo.server.trace.TraceFileSystem;
@@ -499,7 +499,7 @@ public class Master implements LiveTServ
log.info("Version " + Constants.VERSION);
log.info("Instance " + instance.getInstanceID());
ThriftTransportPool.getInstance().setIdleTime(aconf.getTimeInMillis(Property.GENERAL_RPC_TIMEOUT));
- security = SecurityOperationImpl.getInstance();
+ security = AuditedSecurityOperation.getInstance();
tserverSet = new LiveTServerSet(instance, config.getConfiguration(), this);
this.tabletBalancer = createInstanceFromPropertyName(aconf, Property.MASTER_TABLET_BALANCER, TabletBalancer.class, new DefaultLoadBalancer());
this.tabletBalancer.init(serverConfig);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java Mon Sep 24 17:17:23 2012
@@ -31,8 +31,8 @@ import org.apache.accumulo.fate.zookeepe
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.master.Master;
import org.apache.accumulo.server.master.state.tables.TableManager;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.util.MetadataTable;
import org.apache.log4j.Logger;
@@ -183,7 +183,7 @@ class ClonePermissions extends MasterRep
// give all table permissions to the creator
for (TablePermission permission : TablePermission.values()) {
try {
- SecurityOperationImpl.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
+ AuditedSecurityOperation.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
throw e;
@@ -198,7 +198,7 @@ class ClonePermissions extends MasterRep
@Override
public void undo(long tid, Master environment) throws Exception {
- SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java Mon Sep 24 17:17:23 2012
@@ -38,9 +38,9 @@ import org.apache.accumulo.server.client
import org.apache.accumulo.server.conf.ServerConfiguration;
import org.apache.accumulo.server.master.Master;
import org.apache.accumulo.server.master.state.tables.TableManager;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.tabletserver.TabletTime;
import org.apache.accumulo.server.trace.TraceFileSystem;
import org.apache.accumulo.server.util.MetadataTable;
@@ -231,7 +231,7 @@ class SetupPermissions extends MasterRep
@Override
public Repo<Master> call(long tid, Master env) throws Exception {
// give all table permissions to the creator
- SecurityOperation security = SecurityOperationImpl.getInstance();
+ SecurityOperation security = AuditedSecurityOperation.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
@@ -249,7 +249,7 @@ class SetupPermissions extends MasterRep
@Override
public void undo(long tid, Master env) throws Exception {
- SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java Mon Sep 24 17:17:23 2012
@@ -45,8 +45,8 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.master.state.TabletState;
import org.apache.accumulo.server.master.state.tables.TableManager;
import org.apache.accumulo.server.problems.ProblemReports;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.util.MetadataTable;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
@@ -190,7 +190,7 @@ class CleanUp extends MasterRepo {
// remove any permissions associated with this table
try {
- SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
} catch (ThriftSecurityException e) {
log.error(e.getMessage(), e);
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Mon Sep 24 17:17:23 2012
@@ -20,27 +20,40 @@ import java.nio.ByteBuffer;
import java.util.Set;
import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException;
import org.apache.accumulo.core.security.AuditLevel;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.server.security.handler.Authenticator;
+import org.apache.accumulo.server.security.handler.Authorizor;
+import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.log4j.Logger;
/**
*
*/
-public class AuditedSecurityOperation implements SecurityOperation {
+public class AuditedSecurityOperation extends SecurityOperation {
+ /**
+ * @param author
+ * @param authent
+ * @param pm
+ * @param instanceId
+ */
+ public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
+ super(author, authent, pm, instanceId);
+ }
+
public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
- private SecurityOperation impl;
- public AuditedSecurityOperation(SecurityOperation impl) {
- this.impl = impl;
+ public static synchronized SecurityOperation getInstance(String instanceId) {
+ if (instance == null) {
+ instance = new AuditedSecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
+ }
+ return instance;
}
-
+
private void audit(AuthInfo credentials, ThriftSecurityException ex, String template, Object... args) {
log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.user + ": " + String.format(template, args));
}
@@ -49,10 +62,6 @@ public class AuditedSecurityOperation im
log.log(AuditLevel.AUDIT, "Using credentials " + credentials.user + ": " + String.format(template, args));
}
- public synchronized String getRootUsername() {
- return impl.getRootUsername();
- }
-
/**
* @param credentials
* @param user
@@ -62,7 +71,7 @@ public class AuditedSecurityOperation im
*/
public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
try {
- boolean result = impl.authenticateUser(credentials, user, password);
+ boolean result = super.authenticateUser(credentials, user, password);
audit(credentials, result ? "authenticated" : "failed authentication");
return result;
} catch (ThriftSecurityException ex) {
@@ -79,7 +88,7 @@ public class AuditedSecurityOperation im
*/
public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException {
try {
- Authorizations result = impl.getUserAuthorizations(credentials, user);
+ Authorizations result = super.getUserAuthorizations(credentials, user);
audit(credentials, "got authorizations for %s", user);
return result;
} catch (ThriftSecurityException ex) {
@@ -97,249 +106,6 @@ public class AuditedSecurityOperation im
public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException {
return getUserAuthorizations(credentials, credentials.user);
}
-
- /**
- * @param credentials
- * @param string
- * @return
- * @throws ThriftSecurityException
- * @throws TableNotFoundException
- */
- public boolean canScan(AuthInfo credentials, String table) throws ThriftSecurityException {
- return impl.canScan(credentials, table);
- }
-
- /**
- * @param credentials
- * @param string
- * @return
- * @throws ThriftSecurityException
- * @throws TableNotFoundException
- */
- public boolean canWrite(AuthInfo credentials, String table) throws ThriftSecurityException {
- return impl.canWrite(credentials, table);
- }
-
- /**
- * @param credentials
- * @param string
- * @return
- * @throws ThriftSecurityException
- * @throws TableNotFoundException
- */
- public boolean canSplitTablet(AuthInfo credentials, String table) throws ThriftSecurityException {
- return impl.canSplitTablet(credentials, table);
- }
-
- /**
- * @param credentials
- * @return
- * @throws ThriftSecurityException
- *
- * This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system
- * properties.
- */
- public boolean canPerformSystemActions(AuthInfo credentials) throws ThriftSecurityException {
- return impl.canPerformSystemActions(credentials);
- }
-
- /**
- * @param c
- * @param tableId
- * @throws ThriftSecurityException
- * @throws ThriftTableOperationException
- */
- public boolean canFlush(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canFlush(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @throws ThriftSecurityException
- * @throws ThriftTableOperationException
- */
- public boolean canAlterTable(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canAlterTable(c, tableId);
- }
-
- /**
- * @param c
- * @throws ThriftSecurityException
- */
- public boolean canCreateTable(AuthInfo c) throws ThriftSecurityException {
- return impl.canCreateTable(c);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canRenameTable(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canRenameTable(c, tableId);
- }
-
- /**
- * @param c
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canCloneTable(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canCloneTable(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canDeleteTable(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canDeleteTable(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canOnlineOfflineTable(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canOnlineOfflineTable(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canMerge(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canMerge(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canDeleteRange(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canDeleteRange(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canBulkImport(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canBulkImport(c, tableId);
- }
-
- /**
- * @param c
- * @param tableId
- * @return
- * @throws TableNotFoundException
- * @throws ThriftSecurityException
- */
- public boolean canCompact(AuthInfo c, String tableId) throws ThriftSecurityException {
- return impl.canCompact(c, tableId);
- }
-
- /**
- * @param credentials
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canChangeAuthorizations(AuthInfo c, String user) throws ThriftSecurityException {
- return impl.canChangeAuthorizations(c, user);
- }
-
- /**
- * @param credentials
- * @param user
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canChangePassword(AuthInfo c, String user) throws ThriftSecurityException {
- return impl.canChangePassword(c, user);
- }
-
- /**
- * @param credentials
- * @param user
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canCreateUser(AuthInfo c, String user) throws ThriftSecurityException {
- return impl.canCreateUser(c, user);
- }
-
- /**
- * @param credentials
- * @param user
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canDropUser(AuthInfo c, String user) throws ThriftSecurityException {
- return impl.canDropUser(c, user);
- }
-
- /**
- * @param credentials
- * @param user
- * @param sysPerm
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canGrantSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
- return impl.canGrantSystem(c, user, sysPerm);
- }
-
- /**
- * @param credentials
- * @param user
- * @param table
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canGrantTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
- return impl.canGrantTable(c, user, table);
- }
-
- /**
- * @param credentials
- * @param user
- * @param sysPerm
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canRevokeSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
- return impl.canRevokeSystem(c, user, sysPerm);
- }
-
- /**
- * @param credentials
- * @param user
- * @param table
- * @return
- * @throws ThriftSecurityException
- */
- public boolean canRevokeTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
- return impl.canRevokeTable(c, user, table);
- }
/**
* @param credentials
@@ -349,7 +115,7 @@ public class AuditedSecurityOperation im
*/
public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
try {
- impl.changeAuthorizations(credentials, user, authorizations);
+ super.changeAuthorizations(credentials, user, authorizations);
audit(credentials, "changed authorizations for %s to %s", user, authorizations);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "changing authorizations for %s", user);
@@ -365,7 +131,7 @@ public class AuditedSecurityOperation im
*/
public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException {
try {
- impl.changePassword(credentials, user, pass);
+ super.changePassword(credentials, user, pass);
audit(credentials, "changed password for %s", user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "changing password for %s", user);
@@ -382,7 +148,7 @@ public class AuditedSecurityOperation im
*/
public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException {
try {
- impl.createUser(credentials, user, pass, authorizations);
+ super.createUser(credentials, user, pass, authorizations);
audit(credentials, "createUser");
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "createUser %s", user);
@@ -397,7 +163,7 @@ public class AuditedSecurityOperation im
*/
public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException {
try {
- impl.dropUser(credentials, user);
+ super.dropUser(credentials, user);
audit(credentials, "dropUser");
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "dropUser %s", user);
@@ -413,7 +179,7 @@ public class AuditedSecurityOperation im
*/
public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- impl.grantSystemPermission(credentials, user, permission);
+ super.grantSystemPermission(credentials, user, permission);
audit(credentials, "granted permission %s for %s", permission, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "granting permission %s for %s", permission, user);
@@ -430,7 +196,7 @@ public class AuditedSecurityOperation im
*/
public void grantTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- impl.grantTablePermission(credentials, user, table, permission);
+ super.grantTablePermission(credentials, user, table, permission);
audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
@@ -446,7 +212,7 @@ public class AuditedSecurityOperation im
*/
public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- impl.revokeSystemPermission(credentials, user, permission);
+ super.revokeSystemPermission(credentials, user, permission);
audit(credentials, "revoked permission %s for %s", permission, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "revoking permission %s on %s", permission, user);
@@ -463,7 +229,7 @@ public class AuditedSecurityOperation im
*/
public void revokeTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- impl.revokeTablePermission(credentials, user, table, permission);
+ super.revokeTablePermission(credentials, user, table, permission);
audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
@@ -480,7 +246,7 @@ public class AuditedSecurityOperation im
*/
public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- boolean result = impl.hasSystemPermission(credentials, user, permission);
+ boolean result = super.hasSystemPermission(credentials, user, permission);
audit(credentials, "checked permission %s on %s", permission, user);
return result;
} catch (ThriftSecurityException ex) {
@@ -499,7 +265,7 @@ public class AuditedSecurityOperation im
*/
public boolean hasTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- boolean result = impl.hasTablePermission(credentials, user, table, permission);
+ boolean result = super.hasTablePermission(credentials, user, table, permission);
audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
return result;
} catch (ThriftSecurityException ex) {
@@ -515,7 +281,7 @@ public class AuditedSecurityOperation im
*/
public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException {
try {
- Set<String> result = impl.listUsers(credentials);
+ Set<String> result = super.listUsers(credentials);
audit(credentials, "listUsers");
return result;
} catch (ThriftSecurityException ex) {
@@ -531,7 +297,7 @@ public class AuditedSecurityOperation im
*/
public void deleteTable(AuthInfo credentials, String table) throws ThriftSecurityException {
try {
- impl.deleteTable(credentials, table);
+ super.deleteTable(credentials, table);
audit(credentials, "deleted table %s", table);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "deleting table %s", table);
@@ -541,7 +307,7 @@ public class AuditedSecurityOperation im
@Override
public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException {
- impl.initializeSecurity(credentials, rootuser, rootpass);
+ super.initializeSecurity(credentials, rootuser, rootpass);
log.info("Initialized root user with username: " + rootuser + " at the request of user " + credentials.user);
}
}
Copied: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (from r1363473, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java)
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?p2=accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java&p1=accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java&r1=1363473&r2=1389490&rev=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Mon Sep 24 17:17:23 2012
@@ -47,17 +47,17 @@ import org.apache.log4j.Logger;
/**
* Utility class for performing various security operations with the appropriate checks
*/
-public class SecurityOperationImpl implements SecurityOperation {
+public class SecurityOperation {
private static final Logger log = Logger.getLogger(SecurityOperationsImpl.class);
- private static Authorizor authorizor;
- private static Authenticator authenticator;
- private static PermissionHandler permHandle;
+ protected static Authorizor authorizor;
+ protected static Authenticator authenticator;
+ protected static PermissionHandler permHandle;
private static String rootUserName = null;
private final ZooCache zooCache;
private final String ZKUserPath;
- private static SecurityOperation instance;
+ protected static SecurityOperation instance;
public static synchronized SecurityOperation getInstance() {
String instanceId = HdfsZooInstance.getInstance().getInstanceID();
@@ -66,14 +66,13 @@ public class SecurityOperationImpl imple
public static synchronized SecurityOperation getInstance(String instanceId) {
if (instance == null) {
- instance = new AuditedSecurityOperation(new SecurityOperationImpl(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId),
- instanceId));
+ instance = new SecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
}
return instance;
}
@SuppressWarnings("deprecation")
- private static Authorizor getAuthorizor(String instanceId) {
+ protected static Authorizor getAuthorizor(String instanceId) {
Authorizor toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHORIZOR,
Authorizor.class, ZKAuthorizor.getInstance());
toRet.initialize(instanceId);
@@ -81,7 +80,7 @@ public class SecurityOperationImpl imple
}
@SuppressWarnings("deprecation")
- private static Authenticator getAuthenticator(String instanceId) {
+ protected static Authenticator getAuthenticator(String instanceId) {
Authenticator toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHENTICATOR,
Authenticator.class, ZKAuthenticator.getInstance());
toRet.initialize(instanceId);
@@ -89,14 +88,23 @@ public class SecurityOperationImpl imple
}
@SuppressWarnings("deprecation")
- private static PermissionHandler getPermHandler(String instanceId) {
+ protected static PermissionHandler getPermHandler(String instanceId) {
PermissionHandler toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(),
Property.INSTANCE_SECURITY_PERMISSION_HANDLER, PermissionHandler.class, ZKPermHandler.getInstance());
toRet.initialize(instanceId);
return toRet;
}
- public SecurityOperationImpl(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
+ /**
+ *
+ * @Deprecated not for client use
+ */
+ public SecurityOperation(String instanceId) {
+ ZKUserPath = Constants.ZROOT + "/" + instanceId + "/users";
+ zooCache = new ZooCache();
+ }
+
+ public SecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
authorizor = author;
authenticator = authent;
permHandle = pm;
@@ -153,6 +161,13 @@ public class SecurityOperationImpl imple
authenticate(credentials.user, credentials.password, credentials.instanceId);
}
+ public boolean canAskAboutUser(AuthInfo credentials, String user) throws ThriftSecurityException {
+ // Authentication done in canPerformSystemActions
+ if (!(canPerformSystemActions(credentials) || credentials.user.equals(user)))
+ throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+ return true;
+ }
+
/**
* @param credentials
* @param user
@@ -161,10 +176,7 @@ public class SecurityOperationImpl imple
* @throws ThriftSecurityException
*/
public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
- // Authentication done in canPerformSystemActions
- if (!(canPerformSystemActions(credentials) || credentials.user.equals(user)))
- throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
-
+ canAskAboutUser(credentials, user);
return authenticator.authenticateUser(user, password, credentials.instanceId);
}
@@ -281,7 +293,7 @@ public class SecurityOperationImpl imple
authenticate(credentials);
return hasTablePermission(credentials.user, table, TablePermission.READ, true);
}
-
+
/**
* @param credentials
* @param string
@@ -293,7 +305,7 @@ public class SecurityOperationImpl imple
authenticate(credentials);
return hasTablePermission(credentials.user, table, TablePermission.WRITE, true);
}
-
+
/**
* @param credentials
* @param string
@@ -319,7 +331,7 @@ public class SecurityOperationImpl imple
authenticate(credentials);
return hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false);
}
-
+
/**
* @param c
* @param tableId
@@ -460,7 +472,7 @@ public class SecurityOperationImpl imple
throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
return hasSystemPermission(c.user, SystemPermission.ALTER_USER, false);
}
-
+
/**
* @param credentials
* @param user
@@ -486,10 +498,10 @@ public class SecurityOperationImpl imple
// don't allow creating a user with the same name as system user
if (user.equals(SecurityConstants.SYSTEM_USERNAME))
throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
-
+
return hasSystemPermission(c.user, SystemPermission.CREATE_USER, false);
}
-
+
/**
* @param credentials
* @param user
@@ -502,7 +514,7 @@ public class SecurityOperationImpl imple
// can't delete root or system users
if (user.equals(getRootUsername()) || user.equals(SecurityConstants.SYSTEM_USERNAME))
throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
-
+
return hasSystemPermission(c.user, SystemPermission.DROP_USER, false);
}
@@ -523,7 +535,7 @@ public class SecurityOperationImpl imple
// can't grant GRANT
if (sysPerm.equals(SystemPermission.GRANT))
throw new ThriftSecurityException(c.user, SecurityErrorCode.GRANT_INVALID);
-
+
return hasSystemPermission(c.user, SystemPermission.GRANT, false);
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Mon Sep 24 17:17:23 2012
@@ -152,6 +152,14 @@ public interface PermissionHandler {
public void initUser(String user) throws AccumuloSecurityException;
/**
+ * Initializes a new user
+ *
+ * @param user
+ * @throws AccumuloSecurityException
+ */
+ public void initTable(String table) throws AccumuloSecurityException;
+
+ /**
* Deletes a user
*
* @param user
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Mon Sep 24 17:17:23 2012
@@ -153,9 +153,9 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.metrics.AbstractMetricsImpl;
import org.apache.accumulo.server.problems.ProblemReport;
import org.apache.accumulo.server.problems.ProblemReports;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.security.SecurityUtil;
import org.apache.accumulo.server.tabletserver.Tablet.CommitSession;
import org.apache.accumulo.server.tabletserver.Tablet.KVEntry;
@@ -2981,7 +2981,7 @@ public class TabletServer extends Abstra
public void config(String hostname) {
log.info("Tablet server starting on " + hostname);
- security = SecurityOperationImpl.getInstance();
+ security = AuditedSecurityOperation.getInstance();
clientAddress = new InetSocketAddress(hostname, 0);
logger = new TabletServerLogger(this, getSystemConfiguration().getMemoryInBytes(Property.TSERV_WALOG_MAX_SIZE));
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java Mon Sep 24 17:17:23 2012
@@ -18,6 +18,7 @@ package org.apache.accumulo.server.test.
import java.io.File;
import java.lang.management.ManagementFactory;
+import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.Properties;
@@ -25,6 +26,7 @@ import org.apache.accumulo.core.client.C
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.MultiTableBatchWriter;
import org.apache.accumulo.core.client.ZooKeeperInstance;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.log4j.Logger;
@@ -87,13 +89,19 @@ public class State {
if (connector == null) {
String instance = props.getProperty("INSTANCE");
String zookeepers = props.getProperty("ZOOKEEPERS");
- String username = props.getProperty("USERNAME");
- String password = props.getProperty("PASSWORD");
- connector = new ZooKeeperInstance(instance, zookeepers).getConnector(username, password.getBytes());
+ AuthInfo auth = getAuthInfo();
+ connector = new ZooKeeperInstance(instance, zookeepers).getConnector(auth);
}
return connector;
}
+ public AuthInfo getAuthInfo() {
+ String username = props.getProperty("USERNAME");
+ String password = props.getProperty("PASSWORD");
+ String instance = props.getProperty("INSTANCE");
+ return new AuthInfo(username, ByteBuffer.wrap(password.getBytes()), instance);
+ }
+
public Instance getInstance() {
if (instance == null) {
instance = HdfsZooInstance.getInstance();
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java Mon Sep 24 17:17:23 2012
@@ -31,11 +31,12 @@ public class AlterSystemPerm extends Tes
@Override
public void visit(State state, Properties props) throws Exception {
Connector conn = state.getConnector();
+ WalkingSecurity ws = new WalkingSecurity(state);
String action = props.getProperty("task", "toggle");
String perm = props.getProperty("perm", "random");
- String targetUser = SecurityHelper.getSysUserName(state);
+ String targetUser = WalkingSecurity.get(state).getSysUserName();
SystemPermission sysPerm;
if (perm.equals("random")) {
@@ -45,7 +46,7 @@ public class AlterSystemPerm extends Tes
} else
sysPerm = SystemPermission.valueOf(perm);
- boolean hasPerm = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm);
+ boolean hasPerm = ws.hasSystemPermission(targetUser, sysPerm);
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
@@ -65,6 +66,7 @@ public class AlterSystemPerm extends Tes
case GRANT_INVALID:
if (sysPerm.equals(SystemPermission.GRANT))
return;
+ throw new AccumuloException("Got GRANT_INVALID when not dealing with GRANT", ae);
case PERMISSION_DENIED:
throw new AccumuloException("Test user doesn't have root", ae);
case USER_DOESNT_EXIST:
@@ -73,7 +75,7 @@ public class AlterSystemPerm extends Tes
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, false);
+ ws.revokeSystemPermission(targetUser, sysPerm);
} else if ("give".equals(action)) {
try {
conn.securityOperations().grantSystemPermission(targetUser, sysPerm);
@@ -90,7 +92,7 @@ public class AlterSystemPerm extends Tes
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, true);
+ ws.grantSystemPermission(targetUser, sysPerm);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java Mon Sep 24 17:17:23 2012
@@ -24,8 +24,6 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -34,15 +32,12 @@ public class AlterTable extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = SecurityHelper.getSystemConnector(state);
+ Connector conn = WalkingSecurity.get(state).getSystemConnector();
- String tableName = SecurityHelper.getTableName(state);
+ String tableName = WalkingSecurity.get(state).getTableName();
- boolean exists = SecurityHelper.getTableExists(state);
- boolean hasPermission = false;
- if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_TABLE)
- || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.ALTER_TABLE))
- hasPermission = true;
+ boolean exists = WalkingSecurity.get(state).getTableExists();
+ boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysAuthInfo(), tableName);
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
System.currentTimeMillis());
@@ -60,7 +55,7 @@ public class AlterTable extends Test {
else
return;
} else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (SecurityHelper.sysUserPassTransient(state))
+ if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
return;
}
throw new AccumuloException("Got unexpected ae error code", ae);
@@ -70,7 +65,7 @@ public class AlterTable extends Test {
else
return;
}
- SecurityHelper.setTableName(state, newName);
+ WalkingSecurity.get(state).setTableName(newName);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java Mon Sep 24 17:17:23 2012
@@ -24,6 +24,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -41,16 +42,16 @@ public class AlterTablePerm extends Test
String perm = props.getProperty("perm", "random");
String sourceUser = props.getProperty("source", "system");
String targetUser = props.getProperty("target", "table");
- boolean tabExists = SecurityHelper.getTableExists(state);
+ boolean tabExists = WalkingSecurity.get(state).getTableExists();
String target;
if ("table".equals(targetUser))
- target = SecurityHelper.getTabUserName(state);
+ target = WalkingSecurity.get(state).getTabUserName();
else
- target = SecurityHelper.getSysUserName(state);
+ target = WalkingSecurity.get(state).getSysUserName();
- boolean exists = SecurityHelper.getTabUserExists(state);
- boolean tableExists = SecurityHelper.getTableExists(state);
+ boolean exists = WalkingSecurity.get(state).userExists(target);
+ boolean tableExists = WalkingSecurity.get(state).getTableExists();
TablePermission tabPerm;
if (perm.equals("random")) {
@@ -59,26 +60,28 @@ public class AlterTablePerm extends Test
tabPerm = TablePermission.values()[i];
} else
tabPerm = TablePermission.valueOf(perm);
-
- boolean hasPerm = SecurityHelper.getTabPerm(state, target, tabPerm);
+ String tableName = WalkingSecurity.get(state).getTableName();
+ boolean hasPerm = WalkingSecurity.get(state).hasTablePermission(target, tableName, tabPerm);
boolean canGive;
+ AuthInfo source;
if ("system".equals(sourceUser)) {
- conn = SecurityHelper.getSystemConnector(state);
- canGive = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER)
- || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.GRANT);
+ conn = WalkingSecurity.get(state).getSystemConnector();
+ source = WalkingSecurity.get(state).getSysAuthInfo();
} else if ("table".equals(sourceUser)) {
- conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
- canGive = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.GRANT);
+ conn = WalkingSecurity.get(state).getTableConnector();
+ source = WalkingSecurity.get(state).getTabAuthInfo();
} else {
conn = state.getConnector();
- canGive = true;
+ source = state.getAuthInfo();
}
+ canGive = WalkingSecurity.get(state).canGrantTable(source, target, WalkingSecurity.get(state).getTableName());
+
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
try {
boolean res;
- if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, SecurityHelper.getTableName(state), tabPerm)))
+ if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
+ " with local vs. accumulo being " + hasPerm + " " + res);
@@ -104,9 +107,10 @@ public class AlterTablePerm extends Test
}
}
+ boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
if ("take".equals(action)) {
try {
- conn.securityOperations().revokeTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+ conn.securityOperations().revokeTablePermission(target, tableName, tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getErrorCode()) {
case GRANT_INVALID:
@@ -114,7 +118,7 @@ public class AlterTablePerm extends Test
return;
case PERMISSION_DENIED:
if (canGive)
- throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+ throw new AccumuloException(conn.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (exists)
@@ -125,17 +129,17 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
- if (!SecurityHelper.sysUserPassTransient(state))
+ if (!trans)
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setTabPerm(state, target, tabPerm, false);
+ WalkingSecurity.get(state).revokeTablePermission(target, tableName, tabPerm);
} else if ("give".equals(action)) {
try {
- conn.securityOperations().grantTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+ conn.securityOperations().grantTablePermission(target, tableName, tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getErrorCode()) {
case GRANT_INVALID:
@@ -144,7 +148,7 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
case PERMISSION_DENIED:
if (canGive)
- throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+ throw new AccumuloException(conn.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (exists)
@@ -155,14 +159,14 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
- if (!SecurityHelper.sysUserPassTransient(state))
+ if (!trans)
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setTabPerm(state, target, tabPerm, true);
+ WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
}
if (!exists)
@@ -170,7 +174,7 @@ public class AlterTablePerm extends Test
if (!tableExists)
throw new AccumuloException("Table shouldn't have existed, but apparantly does");
if (!canGive)
- throw new AccumuloException("Source user shouldn't have been able to grant privilege");
+ throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,7 @@ import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -30,7 +30,7 @@ public class Authenticate extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = SecurityHelper.getSystemConnector(state);
+ Connector conn = WalkingSecurity.get(state).getSystemConnector();
authenticate(conn, state, props);
}
@@ -40,21 +40,20 @@ public class Authenticate extends Test {
boolean success = Boolean.parseBoolean(props.getProperty("valid"));
String target;
- boolean exists = true;
- boolean hasPermission = true;
- byte[] password;
+
+ AuthInfo auth;
if (targetProp.equals("table")) {
- exists = SecurityHelper.getTabUserExists(state);
- target = SecurityHelper.getTabUserName(state);
- if (!conn.whoami().equals(state.getConnector().whoami())
- && !SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.SYSTEM))
- hasPermission = false;
- password = Arrays.copyOf(SecurityHelper.getTabUserPass(state), SecurityHelper.getTabUserPass(state).length);
+ target = WalkingSecurity.get(state).getTabUserName();
+ auth = WalkingSecurity.get(state).getTabAuthInfo();
} else {
- target = SecurityHelper.getSysUserName(state);
- password = Arrays.copyOf(SecurityHelper.getSysUserPass(state), SecurityHelper.getSysUserPass(state).length);
+ target = WalkingSecurity.get(state).getSysUserName();
+ auth = WalkingSecurity.get(state).getSysAuthInfo();
}
-
+ boolean exists = WalkingSecurity.get(state).userExists(target);
+ // Copy so if failed it doesn't mess with the password stored in state
+ byte[] password = Arrays.copyOf(WalkingSecurity.get(state).getUserPassword(target), WalkingSecurity.get(state).getUserPassword(target).length);
+ boolean hasPermission = WalkingSecurity.get(state).canAskAboutUser(auth, target);
+
if (!success)
for (int i = 0; i < password.length; i++)
password[i]++;
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Mon Sep 24 17:17:23 2012
@@ -23,8 +23,7 @@ import java.util.Random;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -37,38 +36,25 @@ public class ChangePass extends Test {
String target = props.getProperty("target");
String source = props.getProperty("source");
- String sourceUser;
+ AuthInfo auth;
if (source.equals("system")) {
- conn = SecurityHelper.getSystemConnector(state);
- sourceUser = SecurityHelper.getSysUserName(state);
+ conn = WalkingSecurity.get(state).getSystemConnector();
+ auth = WalkingSecurity.get(state).getSysAuthInfo();
} else {
- sourceUser = SecurityHelper.getTabUserName(state);
- try {
- conn = state.getInstance().getConnector(sourceUser, (SecurityHelper.getTabUserPass(state)));
- } catch (AccumuloSecurityException ae) {
- if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (SecurityHelper.getTabUserExists(state))
- throw new AccumuloException("Got a security exception when the user should have existed", ae);
- else
- return;
- }
- throw new AccumuloException("Unexpected exception!", ae);
- }
+ conn = WalkingSecurity.get(state).getTableConnector();
+ auth = WalkingSecurity.get(state).getTabAuthInfo();
}
- boolean hasPerm = true;
- if (!source.equals(target))
- hasPerm = SecurityHelper.getSysPerm(state, sourceUser, SystemPermission.ALTER_USER);
-
- boolean targetExists = true;
- boolean targetSystem = true;
+ boolean hasPerm;
+ boolean targetExists;
if (target.equals("table")) {
- targetSystem = false;
- if (!SecurityHelper.getTabUserExists(state))
- targetExists = false;
- target = SecurityHelper.getTabUserName(state);
+ target = WalkingSecurity.get(state).getTabUserName();
} else
- target = SecurityHelper.getSysUserName(state);
+ target = WalkingSecurity.get(state).getSysUserName();
+
+ targetExists = WalkingSecurity.get(state).userExists(target);
+
+ hasPerm = WalkingSecurity.get(state).canChangePassword(auth, target);
Random r = new Random();
@@ -90,17 +76,14 @@ public class ChangePass extends Test {
throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
return;
case BAD_CREDENTIALS:
- if (!SecurityHelper.sysUserPassTransient(state))
+ if (!WalkingSecurity.get(state).userPassTransient(conn.whoami()))
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- if (targetSystem) {
- SecurityHelper.setSysUserPass(state, newPass);
- } else
- SecurityHelper.setTabUserPass(state, newPass);
+ WalkingSecurity.get(state).changePassword(target, newPass);
if (!hasPerm)
throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
-import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
@@ -32,14 +31,12 @@ public class CreateTable extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = SecurityHelper.getSystemConnector(state);
+ Connector conn = WalkingSecurity.get(state).getSystemConnector();
- String tableName = SecurityHelper.getTableName(state);
+ String tableName = WalkingSecurity.get(state).getTableName();
- boolean exists = SecurityHelper.getTableExists(state);
- boolean hasPermission = false;
- if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_TABLE))
- hasPermission = true;
+ boolean exists = WalkingSecurity.get(state).getTableExists();
+ boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysAuthInfo());
try {
conn.tableOperations().create(tableName);
@@ -52,7 +49,7 @@ public class CreateTable extends Test {
{
try {
state.getConnector().tableOperations().create(tableName);
- SecurityHelper.setTableExists(state, true);
+ WalkingSecurity.get(state).initTable(tableName);
} catch (TableExistsException tee) {
if (exists)
return;
@@ -69,9 +66,9 @@ public class CreateTable extends Test {
else
return;
}
- SecurityHelper.setTableExists(state, true);
+ WalkingSecurity.get(state).initTable(tableName);
for (TablePermission tp : TablePermission.values())
- SecurityHelper.setTabPerm(state, conn.whoami(), tp, true);
+ WalkingSecurity.get(state).grantTablePermission(conn.whoami(), tableName, tp);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -30,14 +29,12 @@ public class CreateUser extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = SecurityHelper.getSystemConnector(state);
+ Connector conn = WalkingSecurity.get(state).getSystemConnector();
- String tableUserName = SecurityHelper.getTabUserName(state);
+ String tableUserName = WalkingSecurity.get(state).getTabUserName();
- boolean exists = SecurityHelper.getTabUserExists(state);
- boolean hasPermission = false;
- if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_USER))
- hasPermission = true;
+ boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+ boolean hasPermission = WalkingSecurity.get(state).canCreateUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
byte[] tabUserPass = "Super Sekret Table User Password".getBytes();
try {
conn.securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
@@ -51,8 +48,7 @@ public class CreateUser extends Test {
{
if (!exists) {
state.getConnector().securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
- SecurityHelper.setTabUserPass(state, tabUserPass);
- SecurityHelper.setTabUserExists(state, true);
+ WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
}
return;
}
@@ -65,8 +61,7 @@ public class CreateUser extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setTabUserPass(state, tabUserPass);
- SecurityHelper.setTabUserExists(state, true);
+ WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java Mon Sep 24 17:17:23 2012
@@ -23,8 +23,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -39,21 +38,19 @@ public class DropTable extends Test {
public static void dropTable(State state, Properties props) throws Exception {
String sourceUser = props.getProperty("source", "system");
Connector conn;
- String username;
+ AuthInfo auth;
if (sourceUser.equals("table")) {
- username = SecurityHelper.getTabUserName(state);
- conn = state.getInstance().getConnector(username, SecurityHelper.getTabUserPass(state));
+ auth = WalkingSecurity.get(state).getTabAuthInfo();
+ conn = WalkingSecurity.get(state).getTableConnector();
} else {
- username = SecurityHelper.getSysUserName(state);
- conn = SecurityHelper.getSystemConnector(state);
+ auth = WalkingSecurity.get(state).getSysAuthInfo();
+ conn = WalkingSecurity.get(state).getSystemConnector();
}
- String tableName = SecurityHelper.getTableName(state);
+ String tableName = WalkingSecurity.get(state).getTableName();
- boolean exists = SecurityHelper.getTableExists(state);
- boolean hasPermission = false;
- if (SecurityHelper.getSysPerm(state, username, SystemPermission.DROP_TABLE) || SecurityHelper.getTabPerm(state, username, TablePermission.DROP_TABLE))
- hasPermission = true;
+ boolean exists = WalkingSecurity.get(state).getTableExists();
+ boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(auth, tableName);
try {
conn.tableOperations().delete(tableName);
@@ -64,14 +61,11 @@ public class DropTable extends Test {
else {
// Drop anyway for sake of state
state.getConnector().tableOperations().delete(tableName);
- SecurityHelper.setTableExists(state, false);
- for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
- for (TablePermission tp : TablePermission.values())
- SecurityHelper.setTabPerm(state, user, tp, false);
+ WalkingSecurity.get(state).cleanTablePermissions(tableName);
return;
}
} else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (SecurityHelper.sysUserPassTransient(state))
+ if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
return;
}
throw new AccumuloException("Got unexpected ae error code", ae);
@@ -81,10 +75,7 @@ public class DropTable extends Test {
else
return;
}
- SecurityHelper.setTableExists(state, false);
- for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
- for (TablePermission tp : TablePermission.values())
- SecurityHelper.setTabPerm(state, user, tp, false);
+ WalkingSecurity.get(state).cleanTablePermissions(tableName);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java Mon Sep 24 17:17:23 2012
@@ -21,8 +21,6 @@ import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -30,14 +28,13 @@ public class DropUser extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = SecurityHelper.getSystemConnector(state);
+ Connector conn = WalkingSecurity.get(state).getSystemConnector();
- String tableUserName = SecurityHelper.getTabUserName(state);
+ String tableUserName = WalkingSecurity.get(state).getTabUserName();
+
+ boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+ boolean hasPermission = WalkingSecurity.get(state).canDropUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
- boolean exists = SecurityHelper.getTabUserExists(state);
- boolean hasPermission = false;
- if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.DROP_USER))
- hasPermission = true;
try {
conn.securityOperations().dropUser(tableUserName);
} catch (AccumuloSecurityException ae) {
@@ -48,11 +45,7 @@ public class DropUser extends Test {
else {
if (exists) {
state.getConnector().securityOperations().dropUser(tableUserName);
- SecurityHelper.setTabUserExists(state, false);
- for (TablePermission tp : TablePermission.values())
- SecurityHelper.setTabPerm(state, tableUserName, tp, false);
- for (SystemPermission sp : SystemPermission.values())
- SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+ WalkingSecurity.get(state).dropUser(tableUserName);
}
return;
}
@@ -66,11 +59,7 @@ public class DropUser extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setTabUserExists(state, false);
- for (TablePermission tp : TablePermission.values())
- SecurityHelper.setTabPerm(state, tableUserName, tp, false);
- for (SystemPermission sp : SystemPermission.values())
- SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+ WalkingSecurity.get(state).dropUser(tableUserName);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Mon Sep 24 17:17:23 2012
@@ -17,7 +17,6 @@
package org.apache.accumulo.server.test.randomwalk.security;
import java.net.InetAddress;
-import java.util.HashMap;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.Instance;
@@ -47,28 +46,22 @@ public class SecurityFixture extends Fix
conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
sysConn = instance.getConnector(systemUserName, sysUserPass);
- SecurityHelper.setSystemConnector(state, sysConn);
- SecurityHelper.setSysUserName(state, systemUserName);
- SecurityHelper.setSysUserPass(state, sysUserPass);
+ WalkingSecurity.get(state).createUser(systemUserName, sysUserPass);
- SecurityHelper.setTableExists(state, false);
- SecurityHelper.setTableExists(state, false);
+ WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
- SecurityHelper.setTabUserPass(state, new byte[0]);
-
- SecurityHelper.setTableName(state, secTableName);
- SecurityHelper.setTabUserName(state, tableUserName);
+ WalkingSecurity.get(state).setTableName(secTableName);
+ WalkingSecurity.get(state).setTabUserName(tableUserName);
for (TablePermission tp : TablePermission.values()) {
- SecurityHelper.setTabPerm(state, systemUserName, tp, false);
- SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+ WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp);
+ WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp);
}
for (SystemPermission sp : SystemPermission.values()) {
- SecurityHelper.setSysPerm(state, systemUserName, sp, false);
- SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+ WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
+ WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
}
- SecurityHelper.setUserAuths(state, tableUserName, new Authorizations());
- SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>());
+ WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
}
@Override
@@ -77,20 +70,20 @@ public class SecurityFixture extends Fix
Validate.validate(state, log);
Connector conn = state.getConnector();
- if (SecurityHelper.getTableExists(state)) {
- String secTableName = SecurityHelper.getTableName(state);
+ if (WalkingSecurity.get(state).getTableExists()) {
+ String secTableName = WalkingSecurity.get(state).getTableName();
log.debug("Dropping tables: " + secTableName);
conn.tableOperations().delete(secTableName);
}
- if (SecurityHelper.getTabUserExists(state)) {
- String tableUserName = SecurityHelper.getTabUserName(state);
+ if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
+ String tableUserName = WalkingSecurity.get(state).getTabUserName();
log.debug("Dropping user: " + tableUserName);
conn.securityOperations().dropUser(tableUserName);
}
- String systemUserName = SecurityHelper.getSysUserName(state);
+ String systemUserName = WalkingSecurity.get(state).getSysUserName();
log.debug("Dropping user: " + systemUserName);
conn.securityOperations().dropUser(systemUserName);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Mon Sep 24 17:17:23 2012
@@ -23,7 +23,6 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -37,22 +36,20 @@ public class SetAuths extends Test {
String targetUser = props.getProperty("system");
String target;
- boolean exists;
- boolean hasPermission;
if ("table".equals(targetUser)) {
- target = SecurityHelper.getTabUserName(state);
- exists = SecurityHelper.getTabUserExists(state);
- conn = SecurityHelper.getSystemConnector(state);
- hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER);
+ target = WalkingSecurity.get(state).getTabUserName();
+ conn = WalkingSecurity.get(state).getSystemConnector();
} else {
- target = SecurityHelper.getSysUserName(state);
- exists = true;
+ target = WalkingSecurity.get(state).getSysUserName();
conn = state.getConnector();
- hasPermission = true;
}
+
+ boolean exists = WalkingSecurity.get(state).userExists(target);
+ boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(WalkingSecurity.get(state).getSysAuthInfo(), target);
+
Authorizations auths;
if (authsString.equals("_random")) {
- String[] possibleAuths = SecurityHelper.getAuthsArray();
+ String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray();
Random r = new Random();
int i = r.nextInt(possibleAuths.length);
@@ -88,7 +85,7 @@ public class SetAuths extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- SecurityHelper.setUserAuths(state, target, auths);
+ WalkingSecurity.get(state).changeAuthorizations(target, auths);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}