You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2014/03/06 20:03:32 UTC
[2/2] git commit: ACCUMULO-2316 a simpler approach for property
security exceptions
ACCUMULO-2316 a simpler approach for property security exceptions
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/68afb1ef
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/68afb1ef
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/68afb1ef
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 68afb1efb85b80068bbe67b30a4b9aba41c502c1
Parents: 5c0ca2c
Author: John Vines <vi...@apache.org>
Authored: Thu Mar 6 14:02:59 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Mar 6 14:02:59 2014 -0500
----------------------------------------------------------------------
.../client/admin/SecurityOperationsImpl.java | 61 +++++++++----
.../org/apache/accumulo/test/NamespacesIT.java | 95 ++++++++++++++++++++
2 files changed, 138 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/68afb1ef/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
index ebd79ad..9d662f4 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
@@ -53,6 +53,8 @@ public class SecurityOperationsImpl implements SecurityOperations {
// recast missing table
if (ttoe.getType() == TableOperationExceptionType.NOTFOUND)
throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST);
+ else if (ttoe.getType() == TableOperationExceptionType.NAMESPACE_NOTFOUND)
+ throw new AccumuloSecurityException(null, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
else
throw new AccumuloException(ttoe);
} catch (ThriftSecurityException e) {
@@ -71,6 +73,8 @@ public class SecurityOperationsImpl implements SecurityOperations {
// recast missing table
if (ttoe.getType() == TableOperationExceptionType.NOTFOUND)
throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST);
+ else if (ttoe.getType() == TableOperationExceptionType.NAMESPACE_NOTFOUND)
+ throw new AccumuloSecurityException(null, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
else
throw new AccumuloException(ttoe);
} catch (ThriftSecurityException e) {
@@ -199,12 +203,19 @@ public class SecurityOperationsImpl implements SecurityOperations {
@Override
public boolean hasTablePermission(final String principal, final String table, final TablePermission perm) throws AccumuloException, AccumuloSecurityException {
ArgumentChecker.notNull(principal, table, perm);
- return execute(new ClientExecReturn<Boolean,ClientService.Client>() {
- @Override
- public Boolean execute(ClientService.Client client) throws Exception {
- return client.hasTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, perm.getId());
- }
- });
+ try {
+ return execute(new ClientExecReturn<Boolean,ClientService.Client>() {
+ @Override
+ public Boolean execute(ClientService.Client client) throws Exception {
+ return client.hasTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, perm.getId());
+ }
+ });
+ } catch (AccumuloSecurityException e) {
+ if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)
+ throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e);
+ else
+ throw e;
+ }
}
@Override
@@ -234,12 +245,19 @@ public class SecurityOperationsImpl implements SecurityOperations {
public void grantTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException,
AccumuloSecurityException {
ArgumentChecker.notNull(principal, table, permission);
- execute(new ClientExec<ClientService.Client>() {
- @Override
- public void execute(ClientService.Client client) throws Exception {
- client.grantTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId());
- }
- });
+ try {
+ execute(new ClientExec<ClientService.Client>() {
+ @Override
+ public void execute(ClientService.Client client) throws Exception {
+ client.grantTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId());
+ }
+ });
+ } catch (AccumuloSecurityException e) {
+ if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)
+ throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e);
+ else
+ throw e;
+ }
}
@Override
@@ -269,12 +287,19 @@ public class SecurityOperationsImpl implements SecurityOperations {
public void revokeTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException,
AccumuloSecurityException {
ArgumentChecker.notNull(principal, table, permission);
- execute(new ClientExec<ClientService.Client>() {
- @Override
- public void execute(ClientService.Client client) throws Exception {
- client.revokeTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId());
- }
- });
+ try {
+ execute(new ClientExec<ClientService.Client>() {
+ @Override
+ public void execute(ClientService.Client client) throws Exception {
+ client.revokeTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId());
+ }
+ });
+ } catch (AccumuloSecurityException e) {
+ if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST)
+ throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e);
+ else
+ throw e;
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/68afb1ef/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
index cd9ec2a..a8d5f7f 100644
--- a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
@@ -70,6 +70,7 @@ import org.apache.accumulo.core.metadata.RootTable;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.NamespacePermission;
import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.util.UtilWaitThread;
import org.apache.accumulo.examples.simple.constraints.NumericValueConstraint;
import org.apache.accumulo.test.functional.SimpleMacIT;
@@ -825,6 +826,100 @@ public class NamespacesIT extends SimpleMacIT {
}
@Test
+ public void testModifyingPermissions() throws Exception {
+ String tableName = namespace + ".modify";
+ c.namespaceOperations().create(namespace);
+ c.tableOperations().create(tableName);
+ assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
+ c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
+ assertFalse(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
+ c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
+ assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
+ c.tableOperations().delete(tableName);
+
+ try {
+ c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
+ c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
+ assertFalse(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
+ c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
+ assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
+
+ c.namespaceOperations().delete(namespace);
+
+ try {
+ c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ try {
+ c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
+ fail();
+ } catch (Exception e) {
+ if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
+ throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
+ }
+
+ }
+
+ @Test
public void verifyTableOperationsExceptions() throws Exception {
String tableName = namespace + ".1";
IteratorSetting setting = new IteratorSetting(200, VersioningIterator.class);