You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/05/31 00:29:18 UTC
svn commit: r1344488 - in /hbase/branches/0.92/security/src:
main/java/org/apache/hadoop/hbase/security/access/AccessController.java
test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Author: stack
Date: Wed May 30 22:29:17 2012
New Revision: 1344488
URL: http://svn.apache.org/viewvc?rev=1344488&view=rev
Log:
HBASE-6062 preCheckAndPut/Delete() checks for READ when also a WRITE is performed
Modified:
hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1344488&r1=1344487&r2=1344488&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Wed May 30 22:29:17 2012
@@ -793,8 +793,9 @@ public class AccessController extends Ba
final CompareFilter.CompareOp compareOp,
final WritableByteArrayComparable comparator, final Put put,
final boolean result) throws IOException {
- requirePermission(TablePermission.Action.READ, c.getEnvironment(),
- Arrays.asList(new byte[][]{family}));
+ Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+ requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+ requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
return result;
}
@@ -804,8 +805,9 @@ public class AccessController extends Ba
final CompareFilter.CompareOp compareOp,
final WritableByteArrayComparable comparator, final Delete delete,
final boolean result) throws IOException {
- requirePermission(TablePermission.Action.READ, c.getEnvironment(),
- Arrays.asList( new byte[][] {family}));
+ Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+ requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+ requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
return result;
}
Modified: hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1344488&r1=1344487&r2=1344488&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Wed May 30 22:29:17 2012
@@ -536,6 +536,18 @@ public class TestAccessController {
verifyAllowed(USER_RO, action);
}
+ private void verifyReadWrite(PrivilegedExceptionAction action) throws Exception {
+ // should be denied
+ verifyDenied(USER_NONE, action);
+ verifyDenied(USER_RO, action);
+
+ // should be allowed
+ verifyAllowed(SUPERUSER, action);
+ verifyAllowed(USER_ADMIN, action);
+ verifyAllowed(USER_OWNER, action);
+ verifyAllowed(USER_RW, action);
+ }
+
@Test
public void testRead() throws Exception {
// get action
@@ -613,6 +625,39 @@ public class TestAccessController {
}
@Test
+ public void testReadWrite() throws Exception {
+ // action for checkAndDelete
+ PrivilegedExceptionAction checkAndDeleteAction = new PrivilegedExceptionAction() {
+ public Object run() throws Exception {
+ Delete d = new Delete(Bytes.toBytes("random_row"));
+ d.deleteFamily(TEST_FAMILY);
+
+ HTable t = new HTable(conf, TEST_TABLE);
+ t.checkAndDelete(Bytes.toBytes("random_row"),
+ TEST_FAMILY, Bytes.toBytes("q"),
+ Bytes.toBytes("test_value"), d);
+ return null;
+ }
+ };
+ verifyReadWrite(checkAndDeleteAction);
+
+ // action for checkAndPut()
+ PrivilegedExceptionAction checkAndPut = new PrivilegedExceptionAction() {
+ public Object run() throws Exception {
+ Put p = new Put(Bytes.toBytes("random_row"));
+ p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
+
+ HTable t = new HTable(conf, TEST_TABLE);
+ t.checkAndPut(Bytes.toBytes("random_row"),
+ TEST_FAMILY, Bytes.toBytes("q"),
+ Bytes.toBytes("test_value"), p);
+ return null;
+ }
+ };
+ verifyReadWrite(checkAndPut);
+ }
+
+ @Test
public void testGrantRevoke() throws Exception {
final byte[] tableName = Bytes.toBytes("TempTable");
final byte[] family1 = Bytes.toBytes("f1");