You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/05/31 00:29:18 UTC
svn commit: r1344488 - in /hbase/branches/0.92/security/src: main/java/org/apache/hadoop/hbase/security/access/AccessController.java test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Author: stack
Date: Wed May 30 22:29:17 2012
New Revision: 1344488

URL: http://svn.apache.org/viewvc?rev=1344488&view=rev
Log:
HBASE-6062 preCheckAndPut/Delete() checks for READ when also a WRITE is performed

Modified:
    hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
    hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1344488&r1=1344487&r2=1344488&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Wed May 30 22:29:17 2012
@@ -793,8 +793,9 @@ public class AccessController extends Ba
       final CompareFilter.CompareOp compareOp,
       final WritableByteArrayComparable comparator, final Put put,
       final boolean result) throws IOException {
-    requirePermission(TablePermission.Action.READ, c.getEnvironment(),
-        Arrays.asList(new byte[][]{family}));
+    Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+    requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+    requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
     return result;
   }
 
@@ -804,8 +805,9 @@ public class AccessController extends Ba
       final CompareFilter.CompareOp compareOp,
       final WritableByteArrayComparable comparator, final Delete delete,
       final boolean result) throws IOException {
-    requirePermission(TablePermission.Action.READ, c.getEnvironment(),
-        Arrays.asList( new byte[][] {family}));
+    Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+    requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+    requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
     return result;
   }
 

Modified: hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1344488&r1=1344487&r2=1344488&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Wed May 30 22:29:17 2012
@@ -536,6 +536,18 @@ public class TestAccessController {
     verifyAllowed(USER_RO, action);
   }
 
+  private void verifyReadWrite(PrivilegedExceptionAction action) throws Exception {
+    // should be denied
+    verifyDenied(USER_NONE, action);
+    verifyDenied(USER_RO, action);
+
+    // should be allowed
+    verifyAllowed(SUPERUSER, action);
+    verifyAllowed(USER_ADMIN, action);
+    verifyAllowed(USER_OWNER, action);
+    verifyAllowed(USER_RW, action);
+  }
+
   @Test
   public void testRead() throws Exception {
     // get action
@@ -613,6 +625,39 @@ public class TestAccessController {
   }
 
   @Test
+  public void testReadWrite() throws Exception {
+    // action for checkAndDelete
+    PrivilegedExceptionAction checkAndDeleteAction = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        Delete d = new Delete(Bytes.toBytes("random_row"));
+        d.deleteFamily(TEST_FAMILY);
+
+        HTable t = new HTable(conf, TEST_TABLE);
+        t.checkAndDelete(Bytes.toBytes("random_row"), 
+                         TEST_FAMILY, Bytes.toBytes("q"),
+                         Bytes.toBytes("test_value"), d);
+        return null;
+      }
+    };
+    verifyReadWrite(checkAndDeleteAction);
+
+    // action for checkAndPut()
+    PrivilegedExceptionAction checkAndPut = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        Put p = new Put(Bytes.toBytes("random_row"));
+        p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
+
+        HTable t = new HTable(conf, TEST_TABLE);
+        t.checkAndPut(Bytes.toBytes("random_row"), 
+                      TEST_FAMILY, Bytes.toBytes("q"),
+                      Bytes.toBytes("test_value"), p);
+        return null;
+      }
+    };
+    verifyReadWrite(checkAndPut);
+  }
+
+  @Test
   public void testGrantRevoke() throws Exception {
     final byte[] tableName = Bytes.toBytes("TempTable");
     final byte[] family1 = Bytes.toBytes("f1");