You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2012/09/28 09:26:00 UTC
svn commit: r1391344 [1/2] - in /accumulo/branches/ACCUMULO-259: ./ core/
server/ server/src/main/java/org/apache/accumulo/server/client/
server/src/main/java/org/apache/accumulo/server/master/
server/src/main/java/org/apache/accumulo/server/master/tab...
Author: vines
Date: Fri Sep 28 07:25:59 2012
New Revision: 1391344
URL: http://svn.apache.org/viewvc?rev=1391344&view=rev
Log:
Reverting to fix the messed up merge
Added:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
- copied unchanged from r1363041, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
- copied unchanged from r1363041, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Modified:
accumulo/branches/ACCUMULO-259/ (props changed)
accumulo/branches/ACCUMULO-259/core/ (props changed)
accumulo/branches/ACCUMULO-259/server/ (props changed)
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
accumulo/branches/ACCUMULO-259/src/ (props changed)
Propchange: accumulo/branches/ACCUMULO-259/
------------------------------------------------------------------------------
Reverse-merged /accumulo/branches/1.4/src:r1363430
Reverse-merged /accumulo/trunk:r1362561-1363473
Propchange: accumulo/branches/ACCUMULO-259/core/
------------------------------------------------------------------------------
Reverse-merged /accumulo/trunk/core:r1362561-1363473
Reverse-merged /accumulo/branches/1.4/src/core:r1363430
Propchange: accumulo/branches/ACCUMULO-259/server/
------------------------------------------------------------------------------
Reverse-merged /accumulo/branches/1.4/src/server:r1363430
Reverse-merged /accumulo/trunk/server:r1362561-1363473
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Fri Sep 28 07:25:59 2012
@@ -44,8 +44,8 @@ import org.apache.accumulo.core.security
import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
import org.apache.accumulo.core.util.ByteBufferUtil;
import org.apache.accumulo.server.conf.ServerConfiguration;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.zookeeper.TransactionWatcher;
import org.apache.accumulo.start.classloader.AccumuloClassLoader;
import org.apache.log4j.Logger;
@@ -54,7 +54,7 @@ import org.apache.thrift.TException;
public class ClientServiceHandler implements ClientService.Iface {
private static final Logger log = Logger.getLogger(ClientServiceHandler.class);
- private static SecurityOperation security = AuditedSecurityOperation.getInstance();
+ private static SecurityOperation security = SecurityOperationImpl.getInstance();
private final TransactionWatcher transactionWatcher;
private final Instance instance;
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java Fri Sep 28 07:25:59 2012
@@ -136,9 +136,9 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.master.tableOps.TraceRepo;
import org.apache.accumulo.server.master.tserverOps.ShutdownTServer;
import org.apache.accumulo.server.monitor.Monitor;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.security.SecurityUtil;
import org.apache.accumulo.server.tabletserver.TabletTime;
import org.apache.accumulo.server.trace.TraceFileSystem;
@@ -499,7 +499,7 @@ public class Master implements LiveTServ
log.info("Version " + Constants.VERSION);
log.info("Instance " + instance.getInstanceID());
ThriftTransportPool.getInstance().setIdleTime(aconf.getTimeInMillis(Property.GENERAL_RPC_TIMEOUT));
- security = AuditedSecurityOperation.getInstance();
+ security = SecurityOperationImpl.getInstance();
tserverSet = new LiveTServerSet(instance, config.getConfiguration(), this);
this.tabletBalancer = createInstanceFromPropertyName(aconf, Property.MASTER_TABLET_BALANCER, TabletBalancer.class, new DefaultLoadBalancer());
this.tabletBalancer.init(serverConfig);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java Fri Sep 28 07:25:59 2012
@@ -31,8 +31,8 @@ import org.apache.accumulo.fate.zookeepe
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.master.Master;
import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.util.MetadataTable;
import org.apache.log4j.Logger;
@@ -183,7 +183,7 @@ class ClonePermissions extends MasterRep
// give all table permissions to the creator
for (TablePermission permission : TablePermission.values()) {
try {
- AuditedSecurityOperation.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
+ SecurityOperationImpl.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
throw e;
@@ -198,7 +198,7 @@ class ClonePermissions extends MasterRep
@Override
public void undo(long tid, Master environment) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
+ SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java Fri Sep 28 07:25:59 2012
@@ -38,9 +38,9 @@ import org.apache.accumulo.server.client
import org.apache.accumulo.server.conf.ServerConfiguration;
import org.apache.accumulo.server.master.Master;
import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.tabletserver.TabletTime;
import org.apache.accumulo.server.trace.TraceFileSystem;
import org.apache.accumulo.server.util.MetadataTable;
@@ -231,7 +231,7 @@ class SetupPermissions extends MasterRep
@Override
public Repo<Master> call(long tid, Master env) throws Exception {
// give all table permissions to the creator
- SecurityOperation security = AuditedSecurityOperation.getInstance();
+ SecurityOperation security = SecurityOperationImpl.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
@@ -249,7 +249,7 @@ class SetupPermissions extends MasterRep
@Override
public void undo(long tid, Master env) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+ SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java Fri Sep 28 07:25:59 2012
@@ -45,8 +45,8 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.master.state.TabletState;
import org.apache.accumulo.server.master.state.tables.TableManager;
import org.apache.accumulo.server.problems.ProblemReports;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.util.MetadataTable;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
@@ -190,7 +190,7 @@ class CleanUp extends MasterRepo {
// remove any permissions associated with this table
try {
- AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
+ SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
} catch (ThriftSecurityException e) {
log.error(e.getMessage(), e);
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Fri Sep 28 07:25:59 2012
@@ -20,40 +20,27 @@ import java.nio.ByteBuffer;
import java.util.Set;
import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException;
import org.apache.accumulo.core.security.AuditLevel;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.server.security.handler.Authenticator;
-import org.apache.accumulo.server.security.handler.Authorizor;
-import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.log4j.Logger;
/**
*
*/
-public class AuditedSecurityOperation extends SecurityOperation {
- /**
- * @param author
- * @param authent
- * @param pm
- * @param instanceId
- */
- public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
- super(author, authent, pm, instanceId);
- }
-
+public class AuditedSecurityOperation implements SecurityOperation {
public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
+ private SecurityOperation impl;
- public static synchronized SecurityOperation getInstance(String instanceId) {
- if (instance == null) {
- instance = new AuditedSecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
- }
- return instance;
+ public AuditedSecurityOperation(SecurityOperation impl) {
+ this.impl = impl;
}
-
+
private void audit(AuthInfo credentials, ThriftSecurityException ex, String template, Object... args) {
log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.user + ": " + String.format(template, args));
}
@@ -62,6 +49,10 @@ public class AuditedSecurityOperation ex
log.log(AuditLevel.AUDIT, "Using credentials " + credentials.user + ": " + String.format(template, args));
}
+ public synchronized String getRootUsername() {
+ return impl.getRootUsername();
+ }
+
/**
* @param credentials
* @param user
@@ -71,7 +62,7 @@ public class AuditedSecurityOperation ex
*/
public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
try {
- boolean result = super.authenticateUser(credentials, user, password);
+ boolean result = impl.authenticateUser(credentials, user, password);
audit(credentials, result ? "authenticated" : "failed authentication");
return result;
} catch (ThriftSecurityException ex) {
@@ -88,7 +79,7 @@ public class AuditedSecurityOperation ex
*/
public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException {
try {
- Authorizations result = super.getUserAuthorizations(credentials, user);
+ Authorizations result = impl.getUserAuthorizations(credentials, user);
audit(credentials, "got authorizations for %s", user);
return result;
} catch (ThriftSecurityException ex) {
@@ -106,6 +97,249 @@ public class AuditedSecurityOperation ex
public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException {
return getUserAuthorizations(credentials, credentials.user);
}
+
+ /**
+ * @param credentials
+ * @param string
+ * @return
+ * @throws ThriftSecurityException
+ * @throws TableNotFoundException
+ */
+ public boolean canScan(AuthInfo credentials, String table) throws ThriftSecurityException {
+ return impl.canScan(credentials, table);
+ }
+
+ /**
+ * @param credentials
+ * @param string
+ * @return
+ * @throws ThriftSecurityException
+ * @throws TableNotFoundException
+ */
+ public boolean canWrite(AuthInfo credentials, String table) throws ThriftSecurityException {
+ return impl.canWrite(credentials, table);
+ }
+
+ /**
+ * @param credentials
+ * @param string
+ * @return
+ * @throws ThriftSecurityException
+ * @throws TableNotFoundException
+ */
+ public boolean canSplitTablet(AuthInfo credentials, String table) throws ThriftSecurityException {
+ return impl.canSplitTablet(credentials, table);
+ }
+
+ /**
+ * @param credentials
+ * @return
+ * @throws ThriftSecurityException
+ *
+ * This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system
+ * properties.
+ */
+ public boolean canPerformSystemActions(AuthInfo credentials) throws ThriftSecurityException {
+ return impl.canPerformSystemActions(credentials);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @throws ThriftSecurityException
+ * @throws ThriftTableOperationException
+ */
+ public boolean canFlush(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canFlush(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @throws ThriftSecurityException
+ * @throws ThriftTableOperationException
+ */
+ public boolean canAlterTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canAlterTable(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @throws ThriftSecurityException
+ */
+ public boolean canCreateTable(AuthInfo c) throws ThriftSecurityException {
+ return impl.canCreateTable(c);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canRenameTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canRenameTable(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canCloneTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canCloneTable(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canDeleteTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canDeleteTable(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canOnlineOfflineTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canOnlineOfflineTable(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canMerge(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canMerge(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canDeleteRange(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canDeleteRange(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canBulkImport(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canBulkImport(c, tableId);
+ }
+
+ /**
+ * @param c
+ * @param tableId
+ * @return
+ * @throws TableNotFoundException
+ * @throws ThriftSecurityException
+ */
+ public boolean canCompact(AuthInfo c, String tableId) throws ThriftSecurityException {
+ return impl.canCompact(c, tableId);
+ }
+
+ /**
+ * @param credentials
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canChangeAuthorizations(AuthInfo c, String user) throws ThriftSecurityException {
+ return impl.canChangeAuthorizations(c, user);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canChangePassword(AuthInfo c, String user) throws ThriftSecurityException {
+ return impl.canChangePassword(c, user);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canCreateUser(AuthInfo c, String user) throws ThriftSecurityException {
+ return impl.canCreateUser(c, user);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canDropUser(AuthInfo c, String user) throws ThriftSecurityException {
+ return impl.canDropUser(c, user);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @param sysPerm
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canGrantSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+ return impl.canGrantSystem(c, user, sysPerm);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @param table
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canGrantTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+ return impl.canGrantTable(c, user, table);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @param sysPerm
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canRevokeSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+ return impl.canRevokeSystem(c, user, sysPerm);
+ }
+
+ /**
+ * @param credentials
+ * @param user
+ * @param table
+ * @return
+ * @throws ThriftSecurityException
+ */
+ public boolean canRevokeTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+ return impl.canRevokeTable(c, user, table);
+ }
/**
* @param credentials
@@ -115,7 +349,7 @@ public class AuditedSecurityOperation ex
*/
public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
try {
- super.changeAuthorizations(credentials, user, authorizations);
+ impl.changeAuthorizations(credentials, user, authorizations);
audit(credentials, "changed authorizations for %s to %s", user, authorizations);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "changing authorizations for %s", user);
@@ -131,7 +365,7 @@ public class AuditedSecurityOperation ex
*/
public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException {
try {
- super.changePassword(credentials, user, pass);
+ impl.changePassword(credentials, user, pass);
audit(credentials, "changed password for %s", user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "changing password for %s", user);
@@ -148,7 +382,7 @@ public class AuditedSecurityOperation ex
*/
public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException {
try {
- super.createUser(credentials, user, pass, authorizations);
+ impl.createUser(credentials, user, pass, authorizations);
audit(credentials, "createUser");
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "createUser %s", user);
@@ -163,7 +397,7 @@ public class AuditedSecurityOperation ex
*/
public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException {
try {
- super.dropUser(credentials, user);
+ impl.dropUser(credentials, user);
audit(credentials, "dropUser");
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "dropUser %s", user);
@@ -179,7 +413,7 @@ public class AuditedSecurityOperation ex
*/
public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- super.grantSystemPermission(credentials, user, permission);
+ impl.grantSystemPermission(credentials, user, permission);
audit(credentials, "granted permission %s for %s", permission, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "granting permission %s for %s", permission, user);
@@ -196,7 +430,7 @@ public class AuditedSecurityOperation ex
*/
public void grantTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- super.grantTablePermission(credentials, user, table, permission);
+ impl.grantTablePermission(credentials, user, table, permission);
audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
@@ -212,7 +446,7 @@ public class AuditedSecurityOperation ex
*/
public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- super.revokeSystemPermission(credentials, user, permission);
+ impl.revokeSystemPermission(credentials, user, permission);
audit(credentials, "revoked permission %s for %s", permission, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "revoking permission %s on %s", permission, user);
@@ -229,7 +463,7 @@ public class AuditedSecurityOperation ex
*/
public void revokeTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- super.revokeTablePermission(credentials, user, table, permission);
+ impl.revokeTablePermission(credentials, user, table, permission);
audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
@@ -246,7 +480,7 @@ public class AuditedSecurityOperation ex
*/
public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- boolean result = super.hasSystemPermission(credentials, user, permission);
+ boolean result = impl.hasSystemPermission(credentials, user, permission);
audit(credentials, "checked permission %s on %s", permission, user);
return result;
} catch (ThriftSecurityException ex) {
@@ -265,7 +499,7 @@ public class AuditedSecurityOperation ex
*/
public boolean hasTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
try {
- boolean result = super.hasTablePermission(credentials, user, table, permission);
+ boolean result = impl.hasTablePermission(credentials, user, table, permission);
audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
return result;
} catch (ThriftSecurityException ex) {
@@ -281,7 +515,7 @@ public class AuditedSecurityOperation ex
*/
public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException {
try {
- Set<String> result = super.listUsers(credentials);
+ Set<String> result = impl.listUsers(credentials);
audit(credentials, "listUsers");
return result;
} catch (ThriftSecurityException ex) {
@@ -297,7 +531,7 @@ public class AuditedSecurityOperation ex
*/
public void deleteTable(AuthInfo credentials, String table) throws ThriftSecurityException {
try {
- super.deleteTable(credentials, table);
+ impl.deleteTable(credentials, table);
audit(credentials, "deleted table %s", table);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, "deleting table %s", table);
@@ -307,7 +541,7 @@ public class AuditedSecurityOperation ex
@Override
public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException {
- super.initializeSecurity(credentials, rootuser, rootpass);
+ impl.initializeSecurity(credentials, rootuser, rootpass);
log.info("Initialized root user with username: " + rootuser + " at the request of user " + credentials.user);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Fri Sep 28 07:25:59 2012
@@ -152,14 +152,6 @@ public interface PermissionHandler {
public void initUser(String user) throws AccumuloSecurityException;
/**
- * Initializes a new user
- *
- * @param user
- * @throws AccumuloSecurityException
- */
- public void initTable(String table) throws AccumuloSecurityException;
-
- /**
* Deletes a user
*
* @param user
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Fri Sep 28 07:25:59 2012
@@ -153,9 +153,9 @@ import org.apache.accumulo.server.master
import org.apache.accumulo.server.metrics.AbstractMetricsImpl;
import org.apache.accumulo.server.problems.ProblemReport;
import org.apache.accumulo.server.problems.ProblemReports;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityConstants;
import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
import org.apache.accumulo.server.security.SecurityUtil;
import org.apache.accumulo.server.tabletserver.Tablet.CommitSession;
import org.apache.accumulo.server.tabletserver.Tablet.KVEntry;
@@ -2981,7 +2981,7 @@ public class TabletServer extends Abstra
public void config(String hostname) {
log.info("Tablet server starting on " + hostname);
- security = AuditedSecurityOperation.getInstance();
+ security = SecurityOperationImpl.getInstance();
clientAddress = new InetSocketAddress(hostname, 0);
logger = new TabletServerLogger(this, getSystemConfiguration().getMemoryInBytes(Property.TSERV_WALOG_MAX_SIZE));
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java Fri Sep 28 07:25:59 2012
@@ -18,7 +18,6 @@ package org.apache.accumulo.server.test.
import java.io.File;
import java.lang.management.ManagementFactory;
-import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.Properties;
@@ -26,7 +25,6 @@ import org.apache.accumulo.core.client.C
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.MultiTableBatchWriter;
import org.apache.accumulo.core.client.ZooKeeperInstance;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.log4j.Logger;
@@ -89,19 +87,13 @@ public class State {
if (connector == null) {
String instance = props.getProperty("INSTANCE");
String zookeepers = props.getProperty("ZOOKEEPERS");
- AuthInfo auth = getAuthInfo();
- connector = new ZooKeeperInstance(instance, zookeepers).getConnector(auth);
+ String username = props.getProperty("USERNAME");
+ String password = props.getProperty("PASSWORD");
+ connector = new ZooKeeperInstance(instance, zookeepers).getConnector(username, password.getBytes());
}
return connector;
}
- public AuthInfo getAuthInfo() {
- String username = props.getProperty("USERNAME");
- String password = props.getProperty("PASSWORD");
- String instance = props.getProperty("INSTANCE");
- return new AuthInfo(username, ByteBuffer.wrap(password.getBytes()), instance);
- }
-
public Instance getInstance() {
if (instance == null) {
instance = HdfsZooInstance.getInstance();
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java Fri Sep 28 07:25:59 2012
@@ -31,12 +31,11 @@ public class AlterSystemPerm extends Tes
@Override
public void visit(State state, Properties props) throws Exception {
Connector conn = state.getConnector();
- WalkingSecurity ws = new WalkingSecurity(state);
String action = props.getProperty("task", "toggle");
String perm = props.getProperty("perm", "random");
- String targetUser = WalkingSecurity.get(state).getSysUserName();
+ String targetUser = SecurityHelper.getSysUserName(state);
SystemPermission sysPerm;
if (perm.equals("random")) {
@@ -46,7 +45,7 @@ public class AlterSystemPerm extends Tes
} else
sysPerm = SystemPermission.valueOf(perm);
- boolean hasPerm = ws.hasSystemPermission(targetUser, sysPerm);
+ boolean hasPerm = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm);
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
@@ -66,7 +65,6 @@ public class AlterSystemPerm extends Tes
case GRANT_INVALID:
if (sysPerm.equals(SystemPermission.GRANT))
return;
- throw new AccumuloException("Got GRANT_INVALID when not dealing with GRANT", ae);
case PERMISSION_DENIED:
throw new AccumuloException("Test user doesn't have root", ae);
case USER_DOESNT_EXIST:
@@ -75,7 +73,7 @@ public class AlterSystemPerm extends Tes
throw new AccumuloException("Got unexpected exception", ae);
}
}
- ws.revokeSystemPermission(targetUser, sysPerm);
+ SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, false);
} else if ("give".equals(action)) {
try {
conn.securityOperations().grantSystemPermission(targetUser, sysPerm);
@@ -92,7 +90,7 @@ public class AlterSystemPerm extends Tes
throw new AccumuloException("Got unexpected exception", ae);
}
}
- ws.grantSystemPermission(targetUser, sysPerm);
+ SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, true);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java Fri Sep 28 07:25:59 2012
@@ -24,6 +24,8 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -32,12 +34,15 @@ public class AlterTable extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getSystemConnector();
+ Connector conn = SecurityHelper.getSystemConnector(state);
- String tableName = WalkingSecurity.get(state).getTableName();
+ String tableName = SecurityHelper.getTableName(state);
- boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysAuthInfo(), tableName);
+ boolean exists = SecurityHelper.getTableExists(state);
+ boolean hasPermission = false;
+ if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_TABLE)
+ || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.ALTER_TABLE))
+ hasPermission = true;
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
System.currentTimeMillis());
@@ -55,7 +60,7 @@ public class AlterTable extends Test {
else
return;
} else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+ if (SecurityHelper.sysUserPassTransient(state))
return;
}
throw new AccumuloException("Got unexpected ae error code", ae);
@@ -65,7 +70,7 @@ public class AlterTable extends Test {
else
return;
}
- WalkingSecurity.get(state).setTableName(newName);
+ SecurityHelper.setTableName(state, newName);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java Fri Sep 28 07:25:59 2012
@@ -24,7 +24,6 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -42,16 +41,16 @@ public class AlterTablePerm extends Test
String perm = props.getProperty("perm", "random");
String sourceUser = props.getProperty("source", "system");
String targetUser = props.getProperty("target", "table");
- boolean tabExists = WalkingSecurity.get(state).getTableExists();
+ boolean tabExists = SecurityHelper.getTableExists(state);
String target;
if ("table".equals(targetUser))
- target = WalkingSecurity.get(state).getTabUserName();
+ target = SecurityHelper.getTabUserName(state);
else
- target = WalkingSecurity.get(state).getSysUserName();
+ target = SecurityHelper.getSysUserName(state);
- boolean exists = WalkingSecurity.get(state).userExists(target);
- boolean tableExists = WalkingSecurity.get(state).getTableExists();
+ boolean exists = SecurityHelper.getTabUserExists(state);
+ boolean tableExists = SecurityHelper.getTableExists(state);
TablePermission tabPerm;
if (perm.equals("random")) {
@@ -60,28 +59,26 @@ public class AlterTablePerm extends Test
tabPerm = TablePermission.values()[i];
} else
tabPerm = TablePermission.valueOf(perm);
- String tableName = WalkingSecurity.get(state).getTableName();
- boolean hasPerm = WalkingSecurity.get(state).hasTablePermission(target, tableName, tabPerm);
+
+ boolean hasPerm = SecurityHelper.getTabPerm(state, target, tabPerm);
boolean canGive;
- AuthInfo source;
if ("system".equals(sourceUser)) {
- conn = WalkingSecurity.get(state).getSystemConnector();
- source = WalkingSecurity.get(state).getSysAuthInfo();
+ conn = SecurityHelper.getSystemConnector(state);
+ canGive = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER)
+ || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.GRANT);
} else if ("table".equals(sourceUser)) {
- conn = WalkingSecurity.get(state).getTableConnector();
- source = WalkingSecurity.get(state).getTabAuthInfo();
+ conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
+ canGive = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.GRANT);
} else {
conn = state.getConnector();
- source = state.getAuthInfo();
+ canGive = true;
}
- canGive = WalkingSecurity.get(state).canGrantTable(source, target, WalkingSecurity.get(state).getTableName());
-
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
try {
boolean res;
- if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
+ if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, SecurityHelper.getTableName(state), tabPerm)))
throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
+ " with local vs. accumulo being " + hasPerm + " " + res);
@@ -107,10 +104,9 @@ public class AlterTablePerm extends Test
}
}
- boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
if ("take".equals(action)) {
try {
- conn.securityOperations().revokeTablePermission(target, tableName, tabPerm);
+ conn.securityOperations().revokeTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getErrorCode()) {
case GRANT_INVALID:
@@ -118,7 +114,7 @@ public class AlterTablePerm extends Test
return;
case PERMISSION_DENIED:
if (canGive)
- throw new AccumuloException(conn.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
+ throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (exists)
@@ -129,17 +125,17 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
- if (!trans)
+ if (!SecurityHelper.sysUserPassTransient(state))
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).revokeTablePermission(target, tableName, tabPerm);
+ SecurityHelper.setTabPerm(state, target, tabPerm, false);
} else if ("give".equals(action)) {
try {
- conn.securityOperations().grantTablePermission(target, tableName, tabPerm);
+ conn.securityOperations().grantTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getErrorCode()) {
case GRANT_INVALID:
@@ -148,7 +144,7 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
case PERMISSION_DENIED:
if (canGive)
- throw new AccumuloException(conn.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
+ throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (exists)
@@ -159,14 +155,14 @@ public class AlterTablePerm extends Test
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
- if (!trans)
+ if (!SecurityHelper.sysUserPassTransient(state))
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
+ SecurityHelper.setTabPerm(state, target, tabPerm, true);
}
if (!exists)
@@ -174,7 +170,7 @@ public class AlterTablePerm extends Test
if (!tableExists)
throw new AccumuloException("Table shouldn't have existed, but apparantly does");
if (!canGive)
- throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
+ throw new AccumuloException("Source user shouldn't have been able to grant privilege");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java Fri Sep 28 07:25:59 2012
@@ -22,7 +22,7 @@ import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -30,7 +30,7 @@ public class Authenticate extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getSystemConnector();
+ Connector conn = SecurityHelper.getSystemConnector(state);
authenticate(conn, state, props);
}
@@ -40,20 +40,21 @@ public class Authenticate extends Test {
boolean success = Boolean.parseBoolean(props.getProperty("valid"));
String target;
-
- AuthInfo auth;
+ boolean exists = true;
+ boolean hasPermission = true;
+ byte[] password;
if (targetProp.equals("table")) {
- target = WalkingSecurity.get(state).getTabUserName();
- auth = WalkingSecurity.get(state).getTabAuthInfo();
+ exists = SecurityHelper.getTabUserExists(state);
+ target = SecurityHelper.getTabUserName(state);
+ if (!conn.whoami().equals(state.getConnector().whoami())
+ && !SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.SYSTEM))
+ hasPermission = false;
+ password = Arrays.copyOf(SecurityHelper.getTabUserPass(state), SecurityHelper.getTabUserPass(state).length);
} else {
- target = WalkingSecurity.get(state).getSysUserName();
- auth = WalkingSecurity.get(state).getSysAuthInfo();
+ target = SecurityHelper.getSysUserName(state);
+ password = Arrays.copyOf(SecurityHelper.getSysUserPass(state), SecurityHelper.getSysUserPass(state).length);
}
- boolean exists = WalkingSecurity.get(state).userExists(target);
- // Copy so if failed it doesn't mess with the password stored in state
- byte[] password = Arrays.copyOf(WalkingSecurity.get(state).getUserPassword(target), WalkingSecurity.get(state).getUserPassword(target).length);
- boolean hasPermission = WalkingSecurity.get(state).canAskAboutUser(auth, target);
-
+
if (!success)
for (int i = 0; i < password.length; i++)
password[i]++;
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Fri Sep 28 07:25:59 2012
@@ -23,7 +23,8 @@ import java.util.Random;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -36,25 +37,38 @@ public class ChangePass extends Test {
String target = props.getProperty("target");
String source = props.getProperty("source");
- AuthInfo auth;
+ String sourceUser;
if (source.equals("system")) {
- conn = WalkingSecurity.get(state).getSystemConnector();
- auth = WalkingSecurity.get(state).getSysAuthInfo();
+ conn = SecurityHelper.getSystemConnector(state);
+ sourceUser = SecurityHelper.getSysUserName(state);
} else {
- conn = WalkingSecurity.get(state).getTableConnector();
- auth = WalkingSecurity.get(state).getTabAuthInfo();
+ sourceUser = SecurityHelper.getTabUserName(state);
+ try {
+ conn = state.getInstance().getConnector(sourceUser, (SecurityHelper.getTabUserPass(state)));
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+ if (SecurityHelper.getTabUserExists(state))
+ throw new AccumuloException("Got a security exception when the user should have existed", ae);
+ else
+ return;
+ }
+ throw new AccumuloException("Unexpected exception!", ae);
+ }
}
- boolean hasPerm;
- boolean targetExists;
+ boolean hasPerm = true;
+ if (!source.equals(target))
+ hasPerm = SecurityHelper.getSysPerm(state, sourceUser, SystemPermission.ALTER_USER);
+
+ boolean targetExists = true;
+ boolean targetSystem = true;
if (target.equals("table")) {
- target = WalkingSecurity.get(state).getTabUserName();
+ targetSystem = false;
+ if (!SecurityHelper.getTabUserExists(state))
+ targetExists = false;
+ target = SecurityHelper.getTabUserName(state);
} else
- target = WalkingSecurity.get(state).getSysUserName();
-
- targetExists = WalkingSecurity.get(state).userExists(target);
-
- hasPerm = WalkingSecurity.get(state).canChangePassword(auth, target);
+ target = SecurityHelper.getSysUserName(state);
Random r = new Random();
@@ -76,14 +90,17 @@ public class ChangePass extends Test {
throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
return;
case BAD_CREDENTIALS:
- if (!WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+ if (!SecurityHelper.sysUserPassTransient(state))
throw new AccumuloException("Bad credentials for user " + conn.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).changePassword(target, newPass);
+ if (targetSystem) {
+ SecurityHelper.setSysUserPass(state, newPass);
+ } else
+ SecurityHelper.setTabUserPass(state, newPass);
if (!hasPerm)
throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java Fri Sep 28 07:25:59 2012
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
@@ -31,12 +32,14 @@ public class CreateTable extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getSystemConnector();
+ Connector conn = SecurityHelper.getSystemConnector(state);
- String tableName = WalkingSecurity.get(state).getTableName();
+ String tableName = SecurityHelper.getTableName(state);
- boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysAuthInfo());
+ boolean exists = SecurityHelper.getTableExists(state);
+ boolean hasPermission = false;
+ if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_TABLE))
+ hasPermission = true;
try {
conn.tableOperations().create(tableName);
@@ -49,7 +52,7 @@ public class CreateTable extends Test {
{
try {
state.getConnector().tableOperations().create(tableName);
- WalkingSecurity.get(state).initTable(tableName);
+ SecurityHelper.setTableExists(state, true);
} catch (TableExistsException tee) {
if (exists)
return;
@@ -66,9 +69,9 @@ public class CreateTable extends Test {
else
return;
}
- WalkingSecurity.get(state).initTable(tableName);
+ SecurityHelper.setTableExists(state, true);
for (TablePermission tp : TablePermission.values())
- WalkingSecurity.get(state).grantTablePermission(conn.whoami(), tableName, tp);
+ SecurityHelper.setTabPerm(state, conn.whoami(), tp, true);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java Fri Sep 28 07:25:59 2012
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -29,12 +30,14 @@ public class CreateUser extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getSystemConnector();
+ Connector conn = SecurityHelper.getSystemConnector(state);
- String tableUserName = WalkingSecurity.get(state).getTabUserName();
+ String tableUserName = SecurityHelper.getTabUserName(state);
- boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state).canCreateUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
+ boolean exists = SecurityHelper.getTabUserExists(state);
+ boolean hasPermission = false;
+ if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_USER))
+ hasPermission = true;
byte[] tabUserPass = "Super Sekret Table User Password".getBytes();
try {
conn.securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
@@ -48,7 +51,8 @@ public class CreateUser extends Test {
{
if (!exists) {
state.getConnector().securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
- WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
+ SecurityHelper.setTabUserPass(state, tabUserPass);
+ SecurityHelper.setTabUserExists(state, true);
}
return;
}
@@ -61,7 +65,8 @@ public class CreateUser extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
+ SecurityHelper.setTabUserPass(state, tabUserPass);
+ SecurityHelper.setTabUserExists(state, true);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java Fri Sep 28 07:25:59 2012
@@ -23,7 +23,8 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -38,19 +39,21 @@ public class DropTable extends Test {
public static void dropTable(State state, Properties props) throws Exception {
String sourceUser = props.getProperty("source", "system");
Connector conn;
- AuthInfo auth;
+ String username;
if (sourceUser.equals("table")) {
- auth = WalkingSecurity.get(state).getTabAuthInfo();
- conn = WalkingSecurity.get(state).getTableConnector();
+ username = SecurityHelper.getTabUserName(state);
+ conn = state.getInstance().getConnector(username, SecurityHelper.getTabUserPass(state));
} else {
- auth = WalkingSecurity.get(state).getSysAuthInfo();
- conn = WalkingSecurity.get(state).getSystemConnector();
+ username = SecurityHelper.getSysUserName(state);
+ conn = SecurityHelper.getSystemConnector(state);
}
- String tableName = WalkingSecurity.get(state).getTableName();
+ String tableName = SecurityHelper.getTableName(state);
- boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(auth, tableName);
+ boolean exists = SecurityHelper.getTableExists(state);
+ boolean hasPermission = false;
+ if (SecurityHelper.getSysPerm(state, username, SystemPermission.DROP_TABLE) || SecurityHelper.getTabPerm(state, username, TablePermission.DROP_TABLE))
+ hasPermission = true;
try {
conn.tableOperations().delete(tableName);
@@ -61,11 +64,14 @@ public class DropTable extends Test {
else {
// Drop anyway for sake of state
state.getConnector().tableOperations().delete(tableName);
- WalkingSecurity.get(state).cleanTablePermissions(tableName);
+ SecurityHelper.setTableExists(state, false);
+ for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
+ for (TablePermission tp : TablePermission.values())
+ SecurityHelper.setTabPerm(state, user, tp, false);
return;
}
} else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+ if (SecurityHelper.sysUserPassTransient(state))
return;
}
throw new AccumuloException("Got unexpected ae error code", ae);
@@ -75,7 +81,10 @@ public class DropTable extends Test {
else
return;
}
- WalkingSecurity.get(state).cleanTablePermissions(tableName);
+ SecurityHelper.setTableExists(state, false);
+ for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
+ for (TablePermission tp : TablePermission.values())
+ SecurityHelper.setTabPerm(state, user, tp, false);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java Fri Sep 28 07:25:59 2012
@@ -21,6 +21,8 @@ import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -28,13 +30,14 @@ public class DropUser extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getSystemConnector();
+ Connector conn = SecurityHelper.getSystemConnector(state);
- String tableUserName = WalkingSecurity.get(state).getTabUserName();
-
- boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state).canDropUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
+ String tableUserName = SecurityHelper.getTabUserName(state);
+ boolean exists = SecurityHelper.getTabUserExists(state);
+ boolean hasPermission = false;
+ if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.DROP_USER))
+ hasPermission = true;
try {
conn.securityOperations().dropUser(tableUserName);
} catch (AccumuloSecurityException ae) {
@@ -45,7 +48,11 @@ public class DropUser extends Test {
else {
if (exists) {
state.getConnector().securityOperations().dropUser(tableUserName);
- WalkingSecurity.get(state).dropUser(tableUserName);
+ SecurityHelper.setTabUserExists(state, false);
+ for (TablePermission tp : TablePermission.values())
+ SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+ for (SystemPermission sp : SystemPermission.values())
+ SecurityHelper.setSysPerm(state, tableUserName, sp, false);
}
return;
}
@@ -59,7 +66,11 @@ public class DropUser extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).dropUser(tableUserName);
+ SecurityHelper.setTabUserExists(state, false);
+ for (TablePermission tp : TablePermission.values())
+ SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+ for (SystemPermission sp : SystemPermission.values())
+ SecurityHelper.setSysPerm(state, tableUserName, sp, false);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Fri Sep 28 07:25:59 2012
@@ -17,6 +17,7 @@
package org.apache.accumulo.server.test.randomwalk.security;
import java.net.InetAddress;
+import java.util.HashMap;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.Instance;
@@ -46,22 +47,28 @@ public class SecurityFixture extends Fix
conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
sysConn = instance.getConnector(systemUserName, sysUserPass);
- WalkingSecurity.get(state).createUser(systemUserName, sysUserPass);
+ SecurityHelper.setSystemConnector(state, sysConn);
+ SecurityHelper.setSysUserName(state, systemUserName);
+ SecurityHelper.setSysUserPass(state, sysUserPass);
- WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
+ SecurityHelper.setTableExists(state, false);
+ SecurityHelper.setTableExists(state, false);
- WalkingSecurity.get(state).setTableName(secTableName);
- WalkingSecurity.get(state).setTabUserName(tableUserName);
+ SecurityHelper.setTabUserPass(state, new byte[0]);
+
+ SecurityHelper.setTableName(state, secTableName);
+ SecurityHelper.setTabUserName(state, tableUserName);
for (TablePermission tp : TablePermission.values()) {
- WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp);
- WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp);
+ SecurityHelper.setTabPerm(state, systemUserName, tp, false);
+ SecurityHelper.setTabPerm(state, tableUserName, tp, false);
}
for (SystemPermission sp : SystemPermission.values()) {
- WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
- WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
+ SecurityHelper.setSysPerm(state, systemUserName, sp, false);
+ SecurityHelper.setSysPerm(state, tableUserName, sp, false);
}
- WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
+ SecurityHelper.setUserAuths(state, tableUserName, new Authorizations());
+ SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>());
}
@Override
@@ -70,20 +77,20 @@ public class SecurityFixture extends Fix
Validate.validate(state, log);
Connector conn = state.getConnector();
- if (WalkingSecurity.get(state).getTableExists()) {
- String secTableName = WalkingSecurity.get(state).getTableName();
+ if (SecurityHelper.getTableExists(state)) {
+ String secTableName = SecurityHelper.getTableName(state);
log.debug("Dropping tables: " + secTableName);
conn.tableOperations().delete(secTableName);
}
- if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
- String tableUserName = WalkingSecurity.get(state).getTabUserName();
+ if (SecurityHelper.getTabUserExists(state)) {
+ String tableUserName = SecurityHelper.getTabUserName(state);
log.debug("Dropping user: " + tableUserName);
conn.securityOperations().dropUser(tableUserName);
}
- String systemUserName = WalkingSecurity.get(state).getSysUserName();
+ String systemUserName = SecurityHelper.getSysUserName(state);
log.debug("Dropping user: " + systemUserName);
conn.securityOperations().dropUser(systemUserName);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Fri Sep 28 07:25:59 2012
@@ -23,6 +23,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.server.test.randomwalk.State;
import org.apache.accumulo.server.test.randomwalk.Test;
@@ -36,20 +37,22 @@ public class SetAuths extends Test {
String targetUser = props.getProperty("system");
String target;
+ boolean exists;
+ boolean hasPermission;
if ("table".equals(targetUser)) {
- target = WalkingSecurity.get(state).getTabUserName();
- conn = WalkingSecurity.get(state).getSystemConnector();
+ target = SecurityHelper.getTabUserName(state);
+ exists = SecurityHelper.getTabUserExists(state);
+ conn = SecurityHelper.getSystemConnector(state);
+ hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER);
} else {
- target = WalkingSecurity.get(state).getSysUserName();
+ target = SecurityHelper.getSysUserName(state);
+ exists = true;
conn = state.getConnector();
+ hasPermission = true;
}
-
- boolean exists = WalkingSecurity.get(state).userExists(target);
- boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(WalkingSecurity.get(state).getSysAuthInfo(), target);
-
Authorizations auths;
if (authsString.equals("_random")) {
- String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray();
+ String[] possibleAuths = SecurityHelper.getAuthsArray();
Random r = new Random();
int i = r.nextInt(possibleAuths.length);
@@ -85,7 +88,7 @@ public class SetAuths extends Test {
throw new AccumuloException("Got unexpected exception", ae);
}
}
- WalkingSecurity.get(state).changeAuthorizations(target, auths);
+ SecurityHelper.setUserAuths(state, target, auths);
if (!hasPermission)
throw new AccumuloException("Didn't get Security Exception when we should have");
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java Fri Sep 28 07:25:59 2012
@@ -52,8 +52,19 @@ public class TableOp extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
- Connector conn = WalkingSecurity.get(state).getTableConnector();
-
+ boolean userExists = SecurityHelper.getTabUserExists(state);
+ Connector conn;
+ try {
+ conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+ if (userExists)
+ throw new AccumuloException("User didn't exist when they should (or worse- password mismatch)", ae);
+ else
+ return;
+ }
+ throw new AccumuloException("Unexpected exception!", ae);
+ }
String action = props.getProperty("action", "_random");
TablePermission tp;
if ("_random".equalsIgnoreCase(action)) {
@@ -63,17 +74,19 @@ public class TableOp extends Test {
tp = TablePermission.valueOf(action);
}
- boolean tableExists = WalkingSecurity.get(state).getTableExists();
- String tableName = WalkingSecurity.get(state).getTableName();
+ boolean tableExists = SecurityHelper.getTableExists(state);
+ boolean hasPerm = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), tp);
+
+ String tableName = state.getString("secTableName");
+ boolean ambiguousZone;
switch (tp) {
- case READ: {
- boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
- Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
- boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
-
+ case READ:
+ Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state));
+ boolean canRead = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.READ);
+ ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp);
try {
- Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
+ Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state)));
int seen = 0;
Iterator<Entry<Key,Value>> iter = scan.iterator();
while (iter.hasNext()) {
@@ -85,7 +98,7 @@ public class TableOp extends Test {
}
if (!canRead && !ambiguousZone)
throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + conn.whoami() + " table " + tableName);
- for (Entry<String,Integer> entry : WalkingSecurity.get(state).getAuthsMap().entrySet()) {
+ for (Entry<String,Integer> entry : SecurityHelper.getAuthsMap(state).entrySet()) {
if (auths.contains(entry.getKey().getBytes()))
seen = seen - entry.getValue();
}
@@ -115,14 +128,13 @@ public class TableOp extends Test {
}
break;
- }
case WRITE:
- // boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
- boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
+ // boolean canWrite = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.WRITE);
+ ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp);
- String key = WalkingSecurity.get(state).getLastKey() + "1";
+ String key = SecurityHelper.getLastKey(state) + "1";
Mutation m = new Mutation(new Text(key));
- for (String s : WalkingSecurity.get(state).getAuthsArray()) {
+ for (String s : SecurityHelper.getAuthsArray()) {
m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes()));
}
BatchWriter writer;
@@ -144,7 +156,6 @@ public class TableOp extends Test {
if (ambiguousZone) {
Thread.sleep(1000);
try {
- writer = conn.createBatchWriter(tableName, 9000l, 0l, 1);
writer.addMutation(m);
writer.close();
} catch (MutationsRejectedException mre2) {
@@ -153,19 +164,19 @@ public class TableOp extends Test {
}
}
if (works)
- for (String s : WalkingSecurity.get(state).getAuthsArray())
- WalkingSecurity.get(state).increaseAuthMap(s, 1);
+ for (String s : SecurityHelper.getAuthsArray())
+ SecurityHelper.increaseAuthMap(state, s, 1);
break;
case BULK_IMPORT:
- key = WalkingSecurity.get(state).getLastKey() + "1";
+ key = SecurityHelper.getLastKey(state) + "1";
SortedSet<Key> keys = new TreeSet<Key>();
- for (String s : WalkingSecurity.get(state).getAuthsArray()) {
+ for (String s : SecurityHelper.getAuthsArray()) {
Key k = new Key(key, "", "", s);
keys.add(k);
}
Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString());
Path fail = new Path(dir.toString() + "_fail");
- FileSystem fs = WalkingSecurity.get(state).getFs();
+ FileSystem fs = SecurityHelper.getFs(state);
FileSKVWriter f = FileOperations.getInstance().openWriter(dir + "/securityBulk." + RFile.EXTENSION, fs, fs.getConf(),
AccumuloConfiguration.getDefaultConfiguration());
f.startDefaultLocalityGroup();
@@ -181,26 +192,25 @@ public class TableOp extends Test {
return;
} catch (AccumuloSecurityException ae) {
if (ae.getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
+ if (hasPerm)
throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
return;
} else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+ if (SecurityHelper.sysUserPassTransient(state))
return;
}
throw new AccumuloException("Unexpected exception!", ae);
}
- for (String s : WalkingSecurity.get(state).getAuthsArray())
- WalkingSecurity.get(state).increaseAuthMap(s, 1);
+ for (String s : SecurityHelper.getAuthsArray())
+ SecurityHelper.increaseAuthMap(state, s, 1);
fs.delete(dir, true);
fs.delete(fail, true);
- if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
+ if (!hasPerm)
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
- AlterTable.renameTable(conn, state, tableName, tableName + "plus",
- WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabAuthInfo(), tableName), tableExists);
+ AlterTable.renameTable(conn, state, tableName, tableName + "plus", hasPerm, tableExists);
break;
case GRANT: