You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2013/03/05 20:04:05 UTC
svn commit: r1452947 [1/3] - in /accumulo/trunk: ./ core/
core/src/main/java/org/apache/accumulo/core/security/
proxy/src/main/java/org/apache/accumulo/proxy/
proxy/src/main/java/org/apache/accumulo/proxy/thrift/
proxy/src/main/thrift/ proxy/src/test/j...
Author: vines
Date: Tue Mar 5 19:04:04 2013
New Revision: 1452947
URL: http://svn.apache.org/r1452947
Log:
ACCUMULO-966 - Switching proxy to use a properties map
ACCUMULO-1024 - Switched proxy to specify Local user operations
Removed:
accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/thrift/UserPass.java
Modified:
accumulo/trunk/ (props changed)
accumulo/trunk/core/ (props changed)
accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/TestProxyClient.java
accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/thrift/AccumuloProxy.java
accumulo/trunk/proxy/src/main/thrift/proxy.thrift
accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java
accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyInstanceOperations.java
accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyReadWrite.java
accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxySecurityOperations.java
accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/TestProxyTableOperations.java
Propchange: accumulo/trunk/
------------------------------------------------------------------------------
Merged /accumulo/branches/1.5:r1452602-1452839,1452841-1452946
Propchange: accumulo/trunk/core/
------------------------------------------------------------------------------
Merged /accumulo/branches/1.5/core:r1452341-1452487,1452489-1452490,1452492-1452495,1452497-1452501,1452503-1452504,1452506-1452555,1452557-1452600,1452602-1452839,1452841-1452946
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java Tue Mar 5 19:04:04 2013
@@ -61,11 +61,13 @@ public class CredentialHelper {
return fromByteArray(Base64.decodeBase64(string.getBytes(Charset.forName("UTF-8"))));
}
- private static TCredentials fromByteArray(byte[] decodeBase64) throws AccumuloSecurityException {
+ public static TCredentials fromByteArray(byte[] serializedCredential) throws AccumuloSecurityException {
+ if (serializedCredential == null)
+ return null;
TDeserializer td = new TDeserializer();
try {
TCredentials toRet = new TCredentials();
- td.deserialize(toRet, decodeBase64);
+ td.deserialize(toRet, serializedCredential);
return toRet;
} catch (TException e) {
// This really shouldn't happen
Modified: accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java (original)
+++ accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java Tue Mar 5 19:04:04 2013
@@ -27,7 +27,6 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
-import java.util.Random;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -52,6 +51,7 @@ import org.apache.accumulo.core.client.a
import org.apache.accumulo.core.client.admin.ActiveScan;
import org.apache.accumulo.core.client.admin.TimeType;
import org.apache.accumulo.core.client.mock.MockInstance;
+import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.data.Column;
import org.apache.accumulo.core.data.Key;
@@ -84,11 +84,11 @@ import org.apache.accumulo.proxy.thrift.
import org.apache.accumulo.proxy.thrift.ScanType;
import org.apache.accumulo.proxy.thrift.UnknownScanner;
import org.apache.accumulo.proxy.thrift.UnknownWriter;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.accumulo.proxy.thrift.WriterOptions;
import org.apache.hadoop.io.Text;
import org.apache.log4j.Logger;
import org.apache.thrift.TException;
+import org.mortbay.log.Log;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
@@ -133,8 +133,6 @@ public class ProxyServer implements Accu
protected Cache<UUID,ScannerPlusIterator> scannerCache;
protected Cache<UUID,BatchWriter> writerCache;
- protected Cache<ByteBuffer,TCredentials> tokenCache;
- private Random random = new Random();
public ProxyServer(Properties props) {
String useMock = props.getProperty("org.apache.accumulo.proxy.ProxyServer.useMockInstance");
@@ -147,11 +145,10 @@ public class ProxyServer implements Accu
scannerCache = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).maximumSize(1000).removalListener(new CloseScanner()).build();
writerCache = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).maximumSize(1000).removalListener(new CloseWriter()).build();
- tokenCache = CacheBuilder.newBuilder().expireAfterAccess(10, TimeUnit.MINUTES).maximumSize(1000).build();
}
protected Connector getConnector(ByteBuffer login) throws Exception {
- TCredentials user = tokenCache.getIfPresent(login);
+ TCredentials user = CredentialHelper.fromByteArray(ByteBufferUtil.toBytes(login));
if (user == null)
throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException("unknown user");
Connector connector = instance.getConnector(user.getPrincipal(), CredentialHelper.extractToken(user));
@@ -162,12 +159,16 @@ public class ProxyServer implements Accu
try {
throw ex;
} catch (AccumuloException e) {
+ logger.debug(e,e);
return new org.apache.accumulo.proxy.thrift.AccumuloException(e.toString());
} catch (AccumuloSecurityException e) {
+ logger.debug(e,e);
return new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(e.toString());
} catch (TableNotFoundException e) {
+ logger.debug(e,e);
return new org.apache.accumulo.proxy.thrift.TableNotFoundException(e.toString());
} catch (TableExistsException e) {
+ logger.debug(e,e);
return new org.apache.accumulo.proxy.thrift.TableExistsException(e.toString());
} catch (RuntimeException e) {
if (e.getCause() != null) {
@@ -318,8 +319,7 @@ public class ProxyServer implements Accu
if (auths != null) {
auth = getAuthorizations(auths);
} else {
- TCredentials token = tokenCache.getIfPresent(login);
- auth = connector.securityOperations().getUserAuthorizations(token.getPrincipal());
+ auth = connector.securityOperations().getUserAuthorizations(connector.whoami());
}
Text max = connector.tableOperations().getMaxRow(tableName, auth, startText, startinclusive, endText, endinclusive);
return TextUtil.getByteBuffer(max);
@@ -608,9 +608,9 @@ public class ProxyServer implements Accu
}
@Override
- public boolean authenticateUser(ByteBuffer login, String user, ByteBuffer password) throws TException {
+ public boolean authenticateUser(ByteBuffer login, String user, Map<String, String> properties) throws TException {
try {
- return getConnector(login).securityOperations().authenticateUser(user, new PasswordToken(password));
+ return getConnector(login).securityOperations().authenticateUser(user, getToken(properties));
} catch (Exception e) {
throw translateException(e);
}
@@ -630,7 +630,7 @@ public class ProxyServer implements Accu
}
@Override
- public void changeUserPassword(ByteBuffer login, String user, ByteBuffer password) throws TException {
+ public void changeLocalUserPassword(ByteBuffer login, String user, ByteBuffer password) throws TException {
try {
getConnector(login).securityOperations().changeLocalUserPassword(user, new PasswordToken(password));
} catch (Exception e) {
@@ -639,17 +639,16 @@ public class ProxyServer implements Accu
}
@Override
- public void createUser(ByteBuffer login, String user, ByteBuffer password) throws TException {
+ public void createLocalUser(ByteBuffer login, String user, ByteBuffer password) throws TException {
try {
- PasswordToken st = new PasswordToken(password);
- getConnector(login).securityOperations().createLocalUser(user, st);
+ getConnector(login).securityOperations().createLocalUser(user, new PasswordToken(password));
} catch (Exception e) {
throw translateException(e);
}
}
@Override
- public void dropUser(ByteBuffer login, String user) throws TException {
+ public void dropLocalUser(ByteBuffer login, String user) throws TException {
try {
getConnector(login).securityOperations().dropLocalUser(user);
} catch (Exception e) {
@@ -703,7 +702,7 @@ public class ProxyServer implements Accu
}
@Override
- public Set<String> listUsers(ByteBuffer login) throws TException {
+ public Set<String> listLocalUsers(ByteBuffer login) throws TException {
try {
return getConnector(login).securityOperations().listLocalUsers();
} catch (Exception e) {
@@ -746,8 +745,7 @@ public class ProxyServer implements Accu
if (opts != null && opts.isSetAuthorizations()) {
auth = getAuthorizations(opts.authorizations);
} else {
- TCredentials token = tokenCache.getIfPresent(login);
- auth = connector.securityOperations().getUserAuthorizations(token.getPrincipal());
+ auth = connector.securityOperations().getUserAuthorizations(connector.whoami());
}
Scanner scanner = connector.createScanner(tableName, auth);
@@ -795,8 +793,7 @@ public class ProxyServer implements Accu
if (opts != null && opts.isSetAuthorizations()) {
auth = getAuthorizations(opts.authorizations);
} else {
- TCredentials token = tokenCache.getIfPresent(login);
- auth = connector.securityOperations().getUserAuthorizations(token.getPrincipal());
+ auth = connector.securityOperations().getUserAuthorizations(connector.whoami());
}
if (opts != null && opts.threads > 0)
threads = opts.threads;
@@ -1183,10 +1180,19 @@ public class ProxyServer implements Accu
}
@Override
- public ByteBuffer login(UserPass login) throws TException {
- ByteBuffer result = ByteBuffer.wrap(Long.toHexString(random.nextLong()).getBytes());
- TCredentials credential = CredentialHelper.createSquelchError(login.getUsername(), new PasswordToken(login.getPassword()), instance.getInstanceID());
- tokenCache.put(result, credential);
- return result;
+ public ByteBuffer login(String principal, Map<String,String> loginProperties) throws TException {
+ try {
+ AuthenticationToken token = getToken(loginProperties);
+ TCredentials credential = CredentialHelper.create(principal, token, instance.getInstanceID());
+ return ByteBuffer.wrap(CredentialHelper.asByteArray(credential));
+ } catch (Exception e) {
+ throw translateException(e);
+ }
+ }
+
+ private AuthenticationToken getToken(Map<String, String> properties) throws AccumuloSecurityException, AccumuloException {
+ Properties props = new Properties();
+ props.putAll(properties);
+ return instance.getAuthenticator().login(props);
}
}
Modified: accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/TestProxyClient.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/TestProxyClient.java?rev=1452947&r1=1452946&r2=1452947&view=diff
==============================================================================
--- accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/TestProxyClient.java (original)
+++ accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/TestProxyClient.java Tue Mar 5 19:04:04 2013
@@ -22,6 +22,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.TreeMap;
import org.apache.accumulo.core.client.IteratorSetting;
import org.apache.accumulo.core.iterators.user.RegExFilter;
@@ -30,7 +31,6 @@ import org.apache.accumulo.proxy.thrift.
import org.apache.accumulo.proxy.thrift.Key;
import org.apache.accumulo.proxy.thrift.ScanResult;
import org.apache.accumulo.proxy.thrift.TimeType;
-import org.apache.accumulo.proxy.thrift.UserPass;
import org.apache.thrift.protocol.TCompactProtocol;
import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.protocol.TProtocolFactory;
@@ -64,16 +64,18 @@ public class TestProxyClient {
public static void main(String[] args) throws Exception {
TestProxyClient tpc = new TestProxyClient("localhost", 42424);
- UserPass userPass = new UserPass("root", ByteBuffer.wrap("secret".getBytes()));
+ String principal = "root";
+ Map<String, String> props = new TreeMap<String, String>();
+ props.put("password", "secret");
System.out.println("Logging in");
- ByteBuffer login = tpc.proxy.login(userPass);
+ ByteBuffer login = tpc.proxy.login(principal, props);
System.out.println("Creating user: ");
- if (!tpc.proxy().listUsers(login).contains("testuser")) {
- tpc.proxy().createUser(login, "testuser", ByteBuffer.wrap("testpass".getBytes()));
+ if (!tpc.proxy().listLocalUsers(login).contains("testuser")) {
+ tpc.proxy().createLocalUser(login, "testuser", ByteBuffer.wrap("testpass".getBytes()));
}
- System.out.println("UserList: " + tpc.proxy().listUsers(login));
+ System.out.println("UserList: " + tpc.proxy().listLocalUsers(login));
System.out.println("Listing: " + tpc.proxy().listTables(login));