You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:39:15 UTC
svn commit: r1077088 - in
/hadoop/common/branches/branch-0.20-security-patches/src:
core/org/apache/hadoop/security/AccessTokenHandler.java
test/org/apache/hadoop/security/SecurityTestUtil.java
Author: omalley
Date: Fri Mar 4 03:39:15 2011
New Revision: 1077088
URL: http://svn.apache.org/viewvc?rev=1077088&view=rev
Log:
commit c298600560da6ec05e7295fbeaedf73e6a16337c
Author: Jitendra Nath Pandey <ji...@yahoo-inc.com>
Date: Tue Dec 22 14:52:12 2009 -0800
HADOOP-6176 from https://issues.apache.org/jira/secure/attachment/12428771/HADOOP-6176-0_20.2.patch.
+++ b/YAHOO-CHANGES.txt
+ HADOOP-6176. Adding a couple private methods to AccessTokenHandler
+ for testing purposes. (Jitendra Nath Pandey)
+
Added:
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java?rev=1077088&r1=1077087&r2=1077088&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java Fri Mar 4 03:39:15 2011
@@ -60,7 +60,7 @@ public class AccessTokenHandler {
* sync'ed their access keys with NN at least once during each interval.
*/
private final long keyUpdateInterval;
- private final long tokenLifetime;
+ private long tokenLifetime;
private long serialNo = new SecureRandom().nextLong();
private KeyGenerator keyGen;
private AccessKey currentKey;
@@ -203,7 +203,7 @@ public class AccessTokenHandler {
}
/** Check if token is well formed */
- private synchronized Boolean verifyToken(long keyID, AccessToken token)
+ private synchronized boolean verifyToken(long keyID, AccessToken token)
throws IOException {
AccessKey key = allKeys.get(keyID);
if (key == null) {
@@ -252,7 +252,7 @@ public class AccessTokenHandler {
}
/** Check if access should be allowed. userID is not checked if null */
- public Boolean checkAccess(AccessToken token, String userID, long blockID,
+ public boolean checkAccess(AccessToken token, String userID, long blockID,
AccessMode mode) throws IOException {
long oExpiry = 0;
long oKeyID = 0;
@@ -282,8 +282,26 @@ public class AccessTokenHandler {
+ blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
}
return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
- && System.currentTimeMillis() < oExpiry && oModes.contains(mode)
+ && !isExpired(oExpiry) && oModes.contains(mode)
&& verifyToken(oKeyID, token);
}
+ private static boolean isExpired(long expiryDate) {
+ return System.currentTimeMillis() > expiryDate;
+ }
+
+ /** check if a token is expired. for unit test only.
+ * return true when token is expired, false otherwise */
+ static boolean isTokenExpired(AccessToken token) throws IOException {
+ ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
+ .getBytes());
+ DataInputStream in = new DataInputStream(buf);
+ long expiryDate = WritableUtils.readVLong(in);
+ return isExpired(expiryDate);
+ }
+
+ /** set token lifetime. for unit test only */
+ synchronized void setTokenLifetime(long tokenLifetime) {
+ this.tokenLifetime = tokenLifetime;
+ }
}
\ No newline at end of file
Added: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java?rev=1077088&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java Fri Mar 4 03:39:15 2011
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+
+/** Utilities for security tests */
+public class SecurityTestUtil {
+
+ /**
+ * check if an access token is expired. return true when token is expired,
+ * false otherwise
+ */
+ public static boolean isAccessTokenExpired(AccessToken token)
+ throws IOException {
+ return AccessTokenHandler.isTokenExpired(token);
+ }
+
+ /**
+ * set access token lifetime.
+ */
+ public static void setAccessTokenLifetime(AccessTokenHandler handler,
+ long tokenLifetime) {
+ handler.setTokenLifetime(tokenLifetime);
+ }
+
+}