You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2012/01/19 18:40:49 UTC
svn commit: r1233497 -
/incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Author: vines
Date: Thu Jan 19 17:40:48 2012
New Revision: 1233497
URL: http://svn.apache.org/viewvc?rev=1233497&view=rev
Log:
ACCUMULO-328 - better solution
Modified:
incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Modified: incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java?rev=1233497&r1=1233496&r2=1233497&view=diff
==============================================================================
--- incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java (original)
+++ incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java Thu Jan 19 17:40:48 2012
@@ -337,12 +337,11 @@ public final class ZKAuthenticator imple
if (user.equals(SecurityConstants.SYSTEM_USERNAME))
return Constants.NO_AUTHS;
- if (userExists(user))
- try {
- return Tool.convertAuthorizations(zooCache.get(ZKUserPath + "/" + user + ZKUserAuths));
- } catch (IllegalArgumentException iae) {
- // User was deleted between checking existance and grabbing auths.
- }
+ if (userExists(user)) {
+ byte[] authsBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserAuths);
+ if (authsBytes != null)
+ return Tool.convertAuthorizations(authsBytes);
+ }
throw new AccumuloSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
}
@@ -411,11 +410,7 @@ public final class ZKAuthenticator imple
byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserTablePerms + "/" + table);
if (serializedPerms != null) {
- try {
- return Tool.convertTablePermissions(serializedPerms).contains(permission);
- } catch (IllegalArgumentException iae) {
- throw new AccumuloSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
- }
+ return Tool.convertTablePermissions(serializedPerms).contains(permission);
}
return false;
}
@@ -434,7 +429,12 @@ public final class ZKAuthenticator imple
if (userExists(user)) {
try {
- Set<SystemPermission> perms = Tool.convertSystemPermissions(zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms));
+ byte[] permBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
+ if (permBytes == null) {
+ throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
+ }
+
+ Set<SystemPermission> perms = Tool.convertSystemPermissions(permBytes);
if (perms.add(permission)) {
synchronized (zooCache) {
zooCache.clear();
@@ -443,10 +443,6 @@ public final class ZKAuthenticator imple
}
}
log.info("Granted system permission " + permission + " for user " + user + " at the request of user " + credentials.user);
- return;
- } catch (IllegalArgumentException iae) {
- // User was deleted between checking existance and grabbing auths.
- // Exception at end handles this
} catch (KeeperException e) {
log.error(e, e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
@@ -454,8 +450,8 @@ public final class ZKAuthenticator imple
log.error(e, e);
throw new RuntimeException(e);
}
- }
- throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
+ } else
+ throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
}
@Override
@@ -509,8 +505,13 @@ public final class ZKAuthenticator imple
throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.GRANT_INVALID);
if (userExists(user)) {
+ byte[] sysPermBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
+ if (sysPermBytes == null)
+ throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST);
+
+ Set<SystemPermission> sysPerms = Tool.convertSystemPermissions(sysPermBytes);
+
try {
- Set<SystemPermission> sysPerms = Tool.convertSystemPermissions(zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms));
if (sysPerms.remove(permission)) {
synchronized (zooCache) {
zooCache.clear();
@@ -519,10 +520,6 @@ public final class ZKAuthenticator imple
}
}
log.info("Revoked system permission " + permission + " for user " + user + " at the request of user " + credentials.user);
- } catch (IllegalArgumentException iae) {
- // User was deleted between checking and pulling from the zooCache
- throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.USER_DOESNT_EXIST);
-
} catch (KeeperException e) {
log.error(e, e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);