You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by to...@apache.org on 2010/09/25 04:41:11 UTC
svn commit: r1001127 - in /hadoop/common/trunk: CHANGES.txt
src/java/org/apache/hadoop/ipc/Server.java
src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
src/test/core/org/apache/hadoop/ipc/TestRPC.java
Author: tomwhite
Date: Sat Sep 25 02:41:10 2010
New Revision: 1001127
URL: http://svn.apache.org/viewvc?rev=1001127&view=rev
Log:
Reverting commit 1001067 while related HDFS and MR JIRAs are tested (HADOOP-6951).
Modified:
hadoop/common/trunk/CHANGES.txt
hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java
Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=1001127&r1=1001126&r2=1001127&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Sat Sep 25 02:41:10 2010
@@ -247,9 +247,6 @@ Trunk (unreleased changes)
HADOOP-6940. RawLocalFileSystem's markSupported method misnamed markSupport.
(Tom White via eli).
- HADOOP-6951. Distinct minicluster services (e.g. NN and JT) overwrite each
- other's service policies. (Aaron T. Myers via tomwhite)
-
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java?rev=1001127&r1=1001126&r2=1001127&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java Sat Sep 25 02:41:10 2010
@@ -60,7 +60,6 @@ import javax.security.sasl.SaslServer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.io.BytesWritable;
@@ -79,7 +78,6 @@ import org.apache.hadoop.security.UserGr
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.authorize.AuthorizationException;
-import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.SecretManager;
@@ -184,7 +182,6 @@ public abstract class Server {
private Configuration conf;
private SecretManager<TokenIdentifier> secretManager;
- private ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
private int maxQueueSize;
private final int maxRespSize;
@@ -242,22 +239,6 @@ public abstract class Server {
return rpcMetrics;
}
- /**
- * Refresh the service authorization ACL for the service handled by this server.
- */
- public void refreshServiceAcl(Configuration conf, PolicyProvider provider) {
- serviceAuthorizationManager.refresh(conf, provider);
- }
-
- /**
- * Returns a handle to the serviceAuthorizationManager (required in tests)
- * @return instance of ServiceAuthorizationManager for this server
- */
- @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
- public ServiceAuthorizationManager getServiceAuthorizationManager() {
- return serviceAuthorizationManager;
- }
-
/** A call queued for handling. */
private static class Call {
private int id; // the client's call id
@@ -1671,7 +1652,7 @@ public abstract class Server {
throw new AuthorizationException("Unknown protocol: " +
connection.getProtocol());
}
- serviceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
+ ServiceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
}
}
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1001127&r1=1001126&r2=1001127&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java Sat Sep 25 02:41:10 2010
@@ -20,7 +20,6 @@ package org.apache.hadoop.security.autho
import java.io.IOException;
import java.util.IdentityHashMap;
import java.util.Map;
-import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -44,7 +43,7 @@ public class ServiceAuthorizationManager
private static final Log LOG = LogFactory
.getLog(ServiceAuthorizationManager.class);
- private Map<Class<?>, AccessControlList> protocolToAcl =
+ private static Map<Class<?>, AccessControlList> protocolToAcl =
new IdentityHashMap<Class<?>, AccessControlList>();
/**
@@ -74,7 +73,7 @@ public class ServiceAuthorizationManager
* @param hostname fully qualified domain name of the client
* @throws AuthorizationException on authorization failure
*/
- public void authorize(UserGroupInformation user,
+ public static void authorize(UserGroupInformation user,
Class<?> protocol,
Configuration conf,
String hostname
@@ -130,7 +129,7 @@ public class ServiceAuthorizationManager
AUDITLOG.info(AUTHZ_SUCCESSFULL_FOR + user + " for protocol="+protocol);
}
- public synchronized void refresh(Configuration conf,
+ public static synchronized void refresh(Configuration conf,
PolicyProvider provider) {
// Get the system property 'hadoop.policy.file'
String policyFile =
@@ -159,9 +158,4 @@ public class ServiceAuthorizationManager
// Flip to the newly parsed permissions
protocolToAcl = newAcls;
}
-
- // Package-protected for use in tests.
- Set<Class<?>> getProtocolsWithAcls() {
- return protocolToAcl.keySet();
- }
}
Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java?rev=1001127&r1=1001126&r2=1001127&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java (original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java Sat Sep 25 02:41:10 2010
@@ -41,6 +41,7 @@ import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.Service;
+import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
import org.apache.hadoop.security.AccessControlException;
import static org.mockito.Mockito.*;
@@ -363,11 +364,11 @@ public class TestRPC extends TestCase {
}
private void doRPCs(Configuration conf, boolean expectFailure) throws Exception {
+ ServiceAuthorizationManager.refresh(conf, new TestPolicyProvider());
+
Server server = RPC.getServer(TestProtocol.class,
new TestImpl(), ADDRESS, 0, 5, true, conf, null);
- server.refreshServiceAcl(conf, new TestPolicyProvider());
-
TestProtocol proxy = null;
server.start();