You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ec...@apache.org on 2013/06/04 21:54:22 UTC
svn commit: r1489585 [1/2] - in /accumulo/trunk:
conf/examples/1GB/native-standalone/ conf/examples/1GB/standalone/
conf/examples/2GB/native-standalone/ conf/examples/2GB/standalone/
conf/examples/3GB/native-standalone/ conf/examples/3GB/standalone/ co...
Author: ecn
Date: Tue Jun 4 19:54:19 2013
New Revision: 1489585
URL: http://svn.apache.org/r1489585
Log:
ACCUMULO-1070 committing Rob Tallis' initial auditing changes
Added:
accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml (with props)
accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml (with props)
accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java (with props)
Modified:
accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml
accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml
accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml
accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml
accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml
accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml
accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml
accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml
accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java
accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java
accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java
accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java
accumulo/trunk/core/src/test/resources/shelltest.txt
accumulo/trunk/fate/src/test/resources/log4j.properties
accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java
accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java
accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java
accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
accumulo/trunk/test/src/main/resources/log4j.properties
accumulo/trunk/test/src/test/resources/log4j.properties
Added: accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Added: accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml Tue Jun 4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+ <!-- Write out Audit info to an Audit file -->
+ <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="File" value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+ <param name="MaxBackupIndex" value="10"/>
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+ </layout>
+ </appender>
+ <logger name="Audit" additivity="false">
+ <appender-ref ref="Audit" />
+ <level value="OFF"/>
+ </logger>
+
+
+
+
+
+</log4j:configuration>
Propchange: accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml Tue Jun 4 19:54:19 2013
@@ -61,10 +61,6 @@
<appender-ref ref="ASYNC" />
</logger>
- <logger name="org.apache.accumulo.server.security.Auditor">
- <level value="WARN"/> <!-- change to INFO for authorization events -->
- </logger>
-
<logger name="org.apache.accumulo.core.file.rfile.bcfile">
<level value="INFO"/>
</logger>
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java Tue Jun 4 19:54:19 2013
@@ -197,6 +197,7 @@ public class Constants {
public static String getRootTabletDir(final AccumuloConfiguration conf) {
return getMetadataTableDir(conf) + ZROOT_TABLET;
}
+
/**
* @param conf
@@ -205,4 +206,6 @@ public class Constants {
public static String getWalDirectory(final AccumuloConfiguration conf) {
return getBaseDir(conf) + "/wal";
}
+
+ public static final String AUDITLOG = "Audit";
}
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java Tue Jun 4 19:54:19 2013
@@ -64,6 +64,13 @@ public abstract class Translator<IT,OT>
return input.toThrift();
}
}
+
+ public static class TColumnTranslator extends Translator<TColumn,Column> {
+ @Override
+ public Column translate(TColumn input) {
+ return new Column(input);
+ }
+ }
public static class ColumnTranslator extends Translator<Column,TColumn> {
@Override
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java Tue Jun 4 19:54:19 2013
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.accumulo.core.security;
-
-import org.apache.log4j.Level;
-
-public class AuditLevel extends Level {
-
- private static final long serialVersionUID = 1L;
- public final static Level AUDIT = new AuditLevel();
-
- protected AuditLevel() {
- super(Level.INFO_INT + 100, "AUDIT", Level.INFO_INT + 100);
- }
-
- static public Level toLevel(int val) {
- if (val == Level.INFO_INT + 100)
- return Level.INFO;
- return Level.toLevel(val);
- }
-}
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java Tue Jun 4 19:54:19 2013
@@ -55,7 +55,6 @@ import org.apache.accumulo.core.conf.Pro
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Value;
import org.apache.accumulo.core.data.thrift.TConstraintViolationSummary;
-import org.apache.accumulo.core.security.AuditLevel;
import org.apache.accumulo.core.tabletserver.thrift.ConstraintViolationException;
import org.apache.accumulo.core.trace.DistributedTrace;
import org.apache.accumulo.core.util.BadArgumentException;
@@ -539,7 +538,7 @@ public class Shell extends ShellOptions
}
public void execCommand(String input, boolean ignoreAuthTimeout, boolean echoPrompt) throws IOException {
- audit.log(AuditLevel.AUDIT, getDefaultPrompt() + input);
+ audit.log(Level.INFO, getDefaultPrompt() + input);
if (echoPrompt) {
reader.print(getDefaultPrompt());
reader.println(input);
Modified: accumulo/trunk/core/src/test/resources/shelltest.txt
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/test/resources/shelltest.txt?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/test/resources/shelltest.txt (original)
+++ accumulo/trunk/core/src/test/resources/shelltest.txt Tue Jun 4 19:54:19 2013
@@ -1,2 +1,16 @@
+# Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
exit
foo
Modified: accumulo/trunk/fate/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/accumulo/trunk/fate/src/test/resources/log4j.properties?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/fate/src/test/resources/log4j.properties (original)
+++ accumulo/trunk/fate/src/test/resources/log4j.properties Tue Jun 4 19:54:19 2013
@@ -21,5 +21,4 @@ log4j.appender.CA.layout.ConversionPatte
log4j.logger.org.apache.zookeeper=ERROR,CA
log4j.logger.org.apache.accumulo.fate.zookeeper.DistributedReadWriteLock=WARN
log4j.logger.org.apache.accumulo.core.client.impl.ServerClient=ERROR
-log4j.logger.org.apache.accumulo.server.security.Auditor=off
Modified: accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java (original)
+++ accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java Tue Jun 4 19:54:19 2013
@@ -49,8 +49,8 @@ import org.apache.zookeeper.server.ZooKe
* @since 1.5.0
*/
public class MiniAccumuloCluster {
-
- private static class LogWriter extends Thread {
+
+ public static class LogWriter extends Thread {
private BufferedReader in;
private BufferedWriter out;
@@ -107,6 +107,11 @@ public class MiniAccumuloCluster {
private File zooCfgFile;
+ public List<LogWriter> getLogWriters() {
+ return logWriters;
+ }
+
+
private List<LogWriter> logWriters = new ArrayList<MiniAccumuloCluster.LogWriter>();
private MiniAccumuloConfig config;
Modified: accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java (original)
+++ accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java Tue Jun 4 19:54:19 2013
@@ -252,7 +252,7 @@ public class MiniAccumuloConfig {
return accumuloDir;
}
- File getLogDir() {
+ public File getLogDir() {
return logDir;
}
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java Tue Jun 4 19:54:19 2013
@@ -107,11 +107,18 @@ public class Accumulo {
}
// Turn off messages about not being able to reach the remote logger... we protect against that.
LogLog.setQuietMode(true);
-
- // Configure logging
+
+ // Configure logging
DOMConfigurator.configureAndWatch(logConfig, 5000);
-
- log.info(application + " starting");
+
+ // Read the auditing config
+ String auditConfig = String.format("%s/conf/auditLog.xml", System.getenv("ACCUMULO_HOME"), application);
+
+ DOMConfigurator.configureAndWatch(auditConfig, 5000);
+
+
+
+ log.info(application + " starting");
log.info("Instance " + config.getInstance().getInstanceID());
int dataVersion = Accumulo.getAccumuloPersistentVersion(fs);
log.info("Data Version " + dataVersion);
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java Tue Jun 4 19:54:19 2013
@@ -822,7 +822,7 @@ public class Master implements LiveTServ
switch (op) {
case CREATE: {
String tableName = ByteBufferUtil.toString(arguments.get(0));
- if (!security.canCreateTable(c))
+ if (!security.canCreateTable(c, tableName))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
checkNotMetadataTable(tableName, TableOperation.CREATE);
checkTableName(tableName, TableOperation.CREATE);
@@ -841,7 +841,7 @@ public class Master implements LiveTServ
checkNotMetadataTable(oldTableName, TableOperation.RENAME);
checkNotMetadataTable(newTableName, TableOperation.RENAME);
checkTableName(newTableName, TableOperation.RENAME);
- if (!security.canRenameTable(c, tableId))
+ if (!security.canRenameTable(c, tableId, oldTableName, newTableName))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
fate.seedTransaction(opid, new TraceRepo<Master>(new RenameTable(tableId, oldTableName, newTableName)), autoCleanup);
@@ -851,10 +851,9 @@ public class Master implements LiveTServ
case CLONE: {
String srcTableId = ByteBufferUtil.toString(arguments.get(0));
String tableName = ByteBufferUtil.toString(arguments.get(1));
-
checkNotMetadataTable(tableName, TableOperation.CLONE);
checkTableName(tableName, TableOperation.CLONE);
- if (!security.canCloneTable(c, srcTableId))
+ if (!security.canCloneTable(c, srcTableId, tableName))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
Map<String,String> propertiesToSet = new HashMap<String,String>();
@@ -894,7 +893,7 @@ public class Master implements LiveTServ
final String tableId = checkTableId(tableName, TableOperation.ONLINE);
checkNotMetadataTable(tableName, TableOperation.ONLINE);
- if (!security.canOnlineOfflineTable(c, tableId))
+ if (!security.canOnlineOfflineTable(c, tableId, op))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.ONLINE)), autoCleanup);
@@ -905,7 +904,7 @@ public class Master implements LiveTServ
final String tableId = checkTableId(tableName, TableOperation.OFFLINE);
checkNotMetadataTable(tableName, TableOperation.OFFLINE);
- if (!security.canOnlineOfflineTable(c, tableId))
+ if (!security.canOnlineOfflineTable(c, tableId, op))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.OFFLINE)), autoCleanup);
@@ -940,7 +939,7 @@ public class Master implements LiveTServ
final String tableId = checkTableId(tableName, TableOperation.DELETE_RANGE);
checkNotMetadataTable(tableName, TableOperation.DELETE_RANGE);
- if (!security.canDeleteRange(c, tableId))
+ if (!security.canDeleteRange(c, tableId, tableName, startRow, endRow))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup);
@@ -955,7 +954,7 @@ public class Master implements LiveTServ
final String tableId = checkTableId(tableName, TableOperation.BULK_IMPORT);
checkNotMetadataTable(tableName, TableOperation.BULK_IMPORT);
- if (!security.canBulkImport(c, tableId))
+ if (!security.canBulkImport(c, tableId, tableName, dir, failDir))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup);
@@ -986,7 +985,7 @@ public class Master implements LiveTServ
String tableName = ByteBufferUtil.toString(arguments.get(0));
String exportDir = ByteBufferUtil.toString(arguments.get(1));
- if (!security.canImport(c))
+ if (!security.canImport(c, tableName, exportDir))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
checkNotMetadataTable(tableName, TableOperation.CREATE);
@@ -1001,7 +1000,7 @@ public class Master implements LiveTServ
String tableId = checkTableId(tableName, TableOperation.EXPORT);
- if (!security.canExport(c, tableId))
+ if (!security.canExport(c, tableId, tableName, exportDir))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
checkNotMetadataTable(tableName, TableOperation.EXPORT);
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Tue Jun 4 19:54:19 2013
@@ -16,30 +16,50 @@
*/
package org.apache.accumulo.server.security;
-import java.util.Set;
+import java.nio.ByteBuffer;
+import java.util.List;
+import java.util.Map;
-import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.client.impl.Tables;
+import org.apache.accumulo.core.client.impl.Translator;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.AuditLevel;
+import org.apache.accumulo.core.data.Column;
+import org.apache.accumulo.core.data.KeyExtent;
+import org.apache.accumulo.core.data.Range;
+import org.apache.accumulo.core.data.thrift.IterInfo;
+import org.apache.accumulo.core.data.thrift.TColumn;
+import org.apache.accumulo.core.data.thrift.TKeyExtent;
+import org.apache.accumulo.core.data.thrift.TRange;
+import org.apache.accumulo.core.master.thrift.TableOperation;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.TCredentials;
+import org.apache.accumulo.core.util.ByteBufferUtil;
+import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.security.handler.Authenticator;
import org.apache.accumulo.server.security.handler.Authorizor;
import org.apache.accumulo.server.security.handler.PermissionHandler;
+import org.apache.hadoop.io.Text;
import org.apache.log4j.Logger;
/**
- *
+ *
*/
public class AuditedSecurityOperation extends SecurityOperation {
+ public static final Logger audit = Logger.getLogger(Constants.AUDITLOG);
+
public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
super(author, authent, pm, instanceId);
}
- public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
+ public static synchronized SecurityOperation getInstance() {
+ String instanceId = HdfsZooInstance.getInstance().getInstanceID();
+ return getInstance(instanceId, false);
+ }
public static synchronized SecurityOperation getInstance(String instanceId, boolean initialize) {
if (instance == null) {
@@ -49,201 +69,326 @@ public class AuditedSecurityOperation ex
return instance;
}
+ private static String getTableName(String tableId) {
+ try {
+ return Tables.getTableName(HdfsZooInstance.getInstance(), tableId);
+ } catch (TableNotFoundException e) {
+ return "Unknown Table with ID " + tableId;
+ }
+ }
+
+ public static StringBuilder getAuthString(List<ByteBuffer> authorizations) {
+ StringBuilder auths = new StringBuilder();
+ for (ByteBuffer bb : authorizations) {
+ auths.append(ByteBufferUtil.toString(bb)).append(",");
+ }
+ return auths;
+ }
+
+ private static boolean shouldAudit(TCredentials credentials, String tableId) {
+ return !tableId.equals(Constants.METADATA_TABLE_ID) && shouldAudit(credentials);
+ }
+
+ // Is INFO the right level to check? Do we even need that check?
+ private static boolean shouldAudit(TCredentials credentials) {
+ return !credentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL);
+ }
+
+ /*
+ * Three auditing methods try to capture the 4 states we might have here. audit is in response to a thrown exception, the operation failed (perhaps due to
+ * insufficient privs, or some other reason) audit(credentials, template, args) is a successful operation audit(credentials, permitted, template, args) is a
+ * privileges check that is either permitted or denied. We don't know if the operation went on to be successful or not at this point, we would have to go
+ * digging through loads of other code to find it.
+ */
private void audit(TCredentials credentials, ThriftSecurityException ex, String template, Object... args) {
- log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.getPrincipal() + ": " + String.format(template, args));
+ audit.warn("operation: failed; user: " + credentials.getPrincipal() + "; " + String.format(template, args) + "; exception: " + ex.toString());
}
private void audit(TCredentials credentials, String template, Object... args) {
- log.log(AuditLevel.AUDIT, "Using credentials " + credentials.getPrincipal() + ": " + String.format(template, args));
+ if (shouldAudit(credentials)) {
+ audit.info("operation: success; user: " + credentials.getPrincipal() + ": " + String.format(template, args));
+ }
}
+ private void audit(TCredentials credentials, boolean permitted, String template, Object... args) {
+ if (shouldAudit(credentials)) {
+ String prefix = permitted ? "permitted" : "denied";
+ audit.info("operation: " + prefix + "; user: " + credentials.getPrincipal() + "; " + String.format(template, args));
+ }
+ }
+
+ public static final String CAN_SCAN_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
+
+ @Override
+ public boolean canScan(TCredentials credentials, String tableId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+ Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ if (shouldAudit(credentials, tableId)) {
+ Range convertedRange = new Range(range);
+ List<Column> convertedColumns = Translator.translate(columns, new Translator.TColumnTranslator());
+ String tableName = getTableName(tableId);
+
+ try {
+ boolean canScan = super.canScan(credentials, tableId);
+ audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
+
+ return canScan;
+ } catch (ThriftSecurityException ex) {
+ audit(credentials, ex, CAN_SCAN_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedRange, convertedColumns, ssiList, ssio);
+ throw ex;
+ }
+ } else {
+ return super.canScan(credentials, tableId);
+ }
+ }
+ public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
+
@Override
- public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException {
+ public boolean canScan(TCredentials credentials, String tableId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+ Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ if (shouldAudit(credentials, tableId)) {
+ @SuppressWarnings({"unchecked", "rawtypes"})
+ Map<KeyExtent,List<Range>> convertedBatch = Translator.translate(tbatch, new Translator.TKeyExtentTranslator(), new Translator.ListTranslator(
+ new Translator.TRangeTranslator()));
+ List<Column> convertedColumns = Translator.translate(tcolumns, new Translator.TColumnTranslator());
+ String tableName = getTableName(tableId);
+
+ try {
+ boolean canScan = super.canScan(credentials, tableId);
+ audit(credentials, canScan, CAN_SCAN_BATCH_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedBatch, convertedColumns, ssiList, ssio);
+
+ return canScan;
+ } catch (ThriftSecurityException ex) {
+ audit(credentials, ex, CAN_SCAN_BATCH_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedBatch, convertedColumns, ssiList, ssio);
+ throw ex;
+ }
+ } else {
+ return super.canScan(credentials, tableId);
+ }
+ }
+ public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE = "action: changeAuthorizations; targetUser: %s; authorizations: %s";
+
+ @Override
+ public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
try {
- boolean result = super.authenticateUser(credentials, toAuth);
- audit(credentials, result ? "authenticated" : "failed authentication");
- return result;
+ super.changeAuthorizations(credentials, user, authorizations);
+ audit(credentials, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, user, authorizations);
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "authenticateUser");
- log.debug(ex);
+ audit(credentials, ex, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, user, authorizations);
throw ex;
}
}
-
+ public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE = "action: changePassword; targetUser: %s;";
+
@Override
- public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException {
+ public void changePassword(TCredentials credentials, TCredentials newInfo) throws ThriftSecurityException {
try {
- Authorizations result = super.getUserAuthorizations(credentials, user);
- audit(credentials, "got authorizations for %s", user);
- return result;
+ super.changePassword(credentials, newInfo);
+ audit(credentials, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal());
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "getting authorizations for %s", user);
- log.debug(ex);
+ audit(credentials, ex, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal());
throw ex;
}
-
}
-
+ public static final String CREATE_USER_AUDIT_TEMPLATE = "action: createUser; targetUser: %s; Authorizations: %s;";
+
@Override
- public Authorizations getUserAuthorizations(TCredentials credentials) throws ThriftSecurityException {
+ public void createUser(TCredentials credentials, TCredentials newUser, Authorizations authorizations) throws ThriftSecurityException {
try {
- return getUserAuthorizations(credentials, credentials.getPrincipal());
+ super.createUser(credentials, newUser, authorizations);
+ audit(credentials, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations);
} catch (ThriftSecurityException ex) {
- log.debug(ex);
+ audit(credentials, ex, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations);
throw ex;
}
}
-
+ public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE = "action: createTable; targetTable: %s;";
+
@Override
- public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
+ public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
try {
- super.changeAuthorizations(credentials, user, authorizations);
- audit(credentials, "changed authorizations for %s to %s", user, authorizations);
+ boolean result = super.canCreateTable(c);
+ audit(c, result, CAN_CREATE_TABLE_AUDIT_TEMPLATE, tableName);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "changing authorizations for %s", user);
- log.debug(ex);
+ audit(c, ex, CAN_CREATE_TABLE_AUDIT_TEMPLATE, tableName);
throw ex;
}
}
-
+ public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
+
@Override
- public void changePassword(TCredentials credentials, TCredentials newInfo) throws ThriftSecurityException {
+ public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ String tableName = getTableName(tableId);
try {
- super.changePassword(credentials, newInfo);
- audit(credentials, "changed password for %s", newInfo.getPrincipal());
+ boolean result = super.canDeleteTable(c, tableId);
+ audit(c, result, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "changing password for %s", newInfo.getPrincipal());
- log.debug(ex);
+ audit(c, ex, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
throw ex;
}
}
-
+ public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
+
@Override
- public void createUser(TCredentials credentials, TCredentials newUser, Authorizations authorizations) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
try {
- super.createUser(credentials, newUser, authorizations);
- audit(credentials, "createUser");
+ boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName);
+ audit(c, result, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "createUser %s", newUser.getPrincipal());
- log.debug(ex);
+ audit(c, ex, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
throw ex;
}
}
-
+ public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
+
@Override
- public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+ String oldTableName = getTableName(tableId);
try {
- super.dropUser(credentials, user);
- audit(credentials, "dropUser");
+ boolean result = super.canCloneTable(c, tableId, tableName);
+ audit(c, result, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "dropUser %s", user);
- log.debug(ex);
+ audit(c, ex, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
throw ex;
}
}
-
+ public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
+
@Override
- public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
try {
- super.grantSystemPermission(credentials, user, permission);
- audit(credentials, "granted permission %s for %s", permission, user);
+ boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow);
+ audit(c, result, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "granting permission %s for %s", permission, user);
- log.debug(ex);
+ audit(c, ex, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
throw ex;
}
}
-
+ public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
+
@Override
- public void grantTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
try {
- super.grantTablePermission(credentials, user, table, permission);
- audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
+ boolean result = super.canBulkImport(c, tableId);
+ audit(c, result, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
- log.debug(ex);
+ audit(c, ex, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
throw ex;
}
}
-
+ public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
+
@Override
- public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+
try {
- super.revokeSystemPermission(credentials, user, permission);
- audit(credentials, "revoked permission %s for %s", permission, user);
+ boolean result = super.canImport(credentials, tableName, importDir);
+ audit(credentials, result, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "revoking permission %s on %s", permission, user);
- log.debug(ex);
+ audit(credentials, ex, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
throw ex;
}
}
-
+ public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
+
@Override
- public void revokeTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+
try {
- super.revokeTablePermission(credentials, user, table, permission);
- audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
+ boolean result = super.canExport(credentials, tableId, tableName, exportDir);
+ audit(credentials, result, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
+ return result;
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
- log.debug(ex);
+ audit(credentials, ex, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
throw ex;
}
}
-
+ public static final String DROP_USER_AUDIT_TEMPLATE = "action: dropUser; targetUser: %s;";
+
@Override
- public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+ public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException {
try {
- boolean result = super.hasSystemPermission(credentials, user, permission);
- audit(credentials, "checked permission %s on %s", permission, user);
- return result;
+ super.dropUser(credentials, user);
+ audit(credentials, DROP_USER_AUDIT_TEMPLATE, user);
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "checking permission %s on %s", permission, user);
- log.debug(ex);
+ audit(credentials, ex, DROP_USER_AUDIT_TEMPLATE, user);
throw ex;
}
}
-
+ public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: grantSystemPermission; permission: %s; targetUser: %s;";
+
@Override
- public boolean hasTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+ public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
try {
- boolean result = super.hasTablePermission(credentials, user, table, permission);
- audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
- return result;
+ super.grantSystemPermission(credentials, user, permission);
+ audit(credentials, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "checking permission %s on %s", permission, user);
- log.debug(ex);
+ audit(credentials, ex, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
throw ex;
}
}
-
+ public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
+
@Override
- public Set<String> listUsers(TCredentials credentials) throws ThriftSecurityException {
+ public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ String tableName = getTableName(tableId);
try {
- Set<String> result = super.listUsers(credentials);
- audit(credentials, "listUsers");
- return result;
+ super.grantTablePermission(credentials, user, tableId, permission);
+ audit(credentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "listUsers");
- log.debug(ex);
+ audit(credentials, ex, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
throw ex;
}
}
-
+ public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: revokeSystemPermission; permission: %s; targetUser: %s;";
+
@Override
- public void deleteTable(TCredentials credentials, String table) throws ThriftSecurityException {
+ public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+
try {
- super.deleteTable(credentials, table);
- audit(credentials, "deleted table %s", table);
+ super.revokeSystemPermission(credentials, user, permission);
+ audit(credentials, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
} catch (ThriftSecurityException ex) {
- audit(credentials, ex, "deleting table %s", table);
- log.debug(ex);
+ audit(credentials, ex, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
throw ex;
}
}
-
+ public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
+
@Override
- public void initializeSecurity(TCredentials credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
- super.initializeSecurity(credentials, principal, token);
- log.info("Initialized root user with username: " + principal + " at the request of user " + credentials.getPrincipal());
+ public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ String tableName = getTableName(tableId);
+ try {
+ super.revokeTablePermission(credentials, user, tableId, permission);
+ audit(credentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
+ } catch (ThriftSecurityException ex) {
+ audit(credentials, ex, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
+ throw ex;
+ }
+ }
+ public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
+
+ @Override
+ public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, TableOperation op) throws ThriftSecurityException {
+ String tableName = getTableName(tableId);
+ String operation = null;
+ if (op == TableOperation.ONLINE)
+ operation = "onlineTable";
+ if (op == TableOperation.OFFLINE)
+ operation = "offlineTable";
+ try {
+ boolean result = super.canOnlineOfflineTable(credentials, tableId, op);
+ audit(credentials, result, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
+ return result;
+ } catch (ThriftSecurityException ex) {
+ audit(credentials, ex, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
+ throw ex;
+ }
}
}
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Tue Jun 4 19:54:19 2013
@@ -16,6 +16,9 @@
*/
package org.apache.accumulo.server.security;
+import java.nio.ByteBuffer;
+import java.util.List;
+import java.util.Map;
import java.util.Set;
import org.apache.accumulo.core.Constants;
@@ -26,6 +29,11 @@ import org.apache.accumulo.core.client.i
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.conf.Property;
+import org.apache.accumulo.core.data.thrift.IterInfo;
+import org.apache.accumulo.core.data.thrift.TColumn;
+import org.apache.accumulo.core.data.thrift.TKeyExtent;
+import org.apache.accumulo.core.data.thrift.TRange;
+import org.apache.accumulo.core.master.thrift.TableOperation;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.CredentialHelper;
import org.apache.accumulo.core.security.SystemPermission;
@@ -41,6 +49,7 @@ import org.apache.accumulo.server.securi
import org.apache.accumulo.server.security.handler.ZKAuthorizor;
import org.apache.accumulo.server.security.handler.ZKPermHandler;
import org.apache.accumulo.server.zookeeper.ZooCache;
+import org.apache.hadoop.io.Text;
import org.apache.log4j.Logger;
/**
@@ -238,7 +247,7 @@ public class SecurityOperation {
*
* @return true if a user exists and has permission; false otherwise
*/
- private boolean hasTablePermission(String user, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
+ protected boolean hasTablePermission(String user, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
if (user.equals(SecurityConstants.SYSTEM_PRINCIPAL))
return true;
@@ -284,6 +293,14 @@ public class SecurityOperation {
return hasTablePermission(credentials.getPrincipal(), table, TablePermission.READ, true);
}
+ public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ return canScan(credentials, table);
+ }
+
+ public boolean canScan(TCredentials credentials, String table, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ return canScan(credentials, table);
+ }
+
public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
authenticate(credentials);
return hasTablePermission(credentials.getPrincipal(), table, TablePermission.WRITE, true);
@@ -316,18 +333,22 @@ public class SecurityOperation {
|| hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false);
}
+ public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
+ return canCreateTable(c);
+ }
+
public boolean canCreateTable(TCredentials c) throws ThriftSecurityException {
authenticate(c);
return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false);
}
- public boolean canRenameTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
authenticate(c);
return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
|| hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
}
- public boolean canCloneTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
authenticate(c);
return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false)
&& hasTablePermission(c.getPrincipal(), tableId, TablePermission.READ, false);
@@ -339,7 +360,7 @@ public class SecurityOperation {
|| hasTablePermission(c.getPrincipal(), tableId, TablePermission.DROP_TABLE, false);
}
- public boolean canOnlineOfflineTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canOnlineOfflineTable(TCredentials c, String tableId, TableOperation op) throws ThriftSecurityException {
authenticate(c);
return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
|| hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
@@ -351,11 +372,15 @@ public class SecurityOperation {
|| hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
}
- public boolean canDeleteRange(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
authenticate(c);
return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
}
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
+ return canBulkImport(c, tableId);
+ }
+
public boolean canBulkImport(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
return hasTablePermission(c.getPrincipal(), tableId, TablePermission.BULK_IMPORT, false);
@@ -603,12 +628,12 @@ public class SecurityOperation {
}
}
- public boolean canExport(TCredentials credentials, String tableId) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
authenticate(credentials);
return hasTablePermission(credentials.getPrincipal(), tableId, TablePermission.READ, false);
}
- public boolean canImport(TCredentials credentials) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
authenticate(credentials);
return hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
}
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Tue Jun 4 19:54:19 2013
@@ -1102,7 +1102,7 @@ public class TabletServer extends Abstra
throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
Authorizations userauths = null;
- if (!security.canScan(credentials, new String(textent.getTable())))
+ if (!security.canScan(credentials, new String(textent.getTable()), range, columns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
userauths = security.getUserAuthorizations(credentials);
@@ -1259,7 +1259,7 @@ public class TabletServer extends Abstra
// check if user has permission to the tables
Authorizations userauths = null;
for (String table : tables)
- if (!security.canScan(credentials, table))
+ if (!security.canScan(credentials, table, tbatch, tcolumns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
userauths = security.getUserAuthorizations(credentials);
Modified: accumulo/trunk/test/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/resources/log4j.properties?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/test/src/main/resources/log4j.properties (original)
+++ accumulo/trunk/test/src/main/resources/log4j.properties Tue Jun 4 19:54:19 2013
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-log4j.rootLogger=DEBUG,A1
-log4j.logger.org.apache.accumulo.core.util.shell.Shell.audit=WARN,A1
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout.ConversionPattern=%d{ISO8601} [%-8c{2}] %-5p: %m%n
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-