Modified: accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mapreduce/InputFormatBase.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mapreduce/InputFormatBase.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mapreduce/InputFormatBase.java (original) +++ accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mapreduce/InputFormatBase.java Wed Jan 23 18:05:10 2013 @@ -67,7 +67,8 @@ import org.apache.accumulo.core.iterator import org.apache.accumulo.core.master.state.tables.TableState; import org.apache.accumulo.core.security.Authorizations; import org.apache.accumulo.core.security.TablePermission; -import org.apache.accumulo.core.security.thrift.AuthInfo; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; +import org.apache.accumulo.core.security.tokens.UserPassToken; import org.apache.accumulo.core.util.ArgumentChecker; import org.apache.accumulo.core.util.Pair; import org.apache.accumulo.core.util.TextUtil; @@ -409,7 +410,6 @@ public abstract class InputFormatBase<K, return conf.get(USERNAME); } - /** * Gets the password from the configuration. WARNING: The password is stored in the Configuration and shared with all MapReduce tasks; It is BASE64 encoded to * provide a charset safe conversion to a string, and is not intended to be secure. @@ -479,8 +479,7 @@ public abstract class InputFormatBase<K, String username = getUsername(conf); byte[] password = getPassword(conf); String tableName = getTablename(conf); - return TabletLocator.getInstance(instance, new AuthInfo(username, ByteBuffer.wrap(password), instance.getInstanceID()), - new Text(Tables.getTableId(instance, tableName))); + return TabletLocator.getInstance(instance, new InstanceTokenWrapper(new UserPassToken(username, ByteBuffer.wrap(password)), instance.getInstanceID()), new Text(Tables.getTableId(instance, tableName))); } /** @@ -695,8 +694,8 @@ public abstract class InputFormatBase<K, log.debug("Creating scanner for table: " + getTablename(conf)); log.debug("Authorizations are: " + authorizations); if (isOfflineScan(conf)) { - scanner = new OfflineScanner(instance, new AuthInfo(user, ByteBuffer.wrap(password), instance.getInstanceID()), Tables.getTableId(instance, - getTablename(conf)), authorizations); + scanner = new OfflineScanner(instance, new UserPassToken(user, ByteBuffer.wrap(password)), Tables.getTableId(instance, getTablename(conf)), + authorizations); } else { scanner = conn.createScanner(getTablename(conf), authorizations); }
Modified: accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockInstance.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockInstance.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockInstance.java (original) +++ accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockInstance.java Wed Jan 23 18:05:10 2013 @@ -31,6 +31,9 @@ import org.apache.accumulo.core.client.I import org.apache.accumulo.core.conf.AccumuloConfiguration; import org.apache.accumulo.core.security.thrift.AuthInfo; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; +import org.apache.accumulo.core.security.tokens.AccumuloToken; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; +import org.apache.accumulo.core.security.tokens.UserPassToken; import org.apache.accumulo.core.util.ByteBufferUtil; import org.apache.accumulo.core.util.CachedConfiguration; import org.apache.accumulo.core.util.TextUtil; @@ -112,22 +115,42 @@ public class MockInstance implements Ins return 30 * 1000; } - @Override + /** + * @deprecated @since 1.5, use {@link #getConnector(AccumuloToken)} + * @Override + */ public Connector getConnector(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException { - Connector conn = new MockConnector(user, acu, this); - if (!acu.users.containsKey(user)) - conn.securityOperations().createUser(user, pass); - else if (!Arrays.equals(acu.users.get(user).password, pass)) - throw new AccumuloSecurityException(user, SecurityErrorCode.BAD_CREDENTIALS); + return getConnector(new UserPassToken(user, ByteBuffer.wrap(pass))); + } + + public Connector getConnector(AccumuloToken<?,?> token) throws AccumuloException, AccumuloSecurityException { + if (!(token instanceof UserPassToken)) + throw new AccumuloException("Mock only accepts UserPassTokens"); + UserPassToken upt = (UserPassToken) token; + + Connector conn = new MockConnector(token.getPrincipal(), acu, this); + if (!acu.users.containsKey(token.getPrincipal())) + conn.securityOperations().createUser(upt); + else if (!Arrays.equals(acu.users.get(upt.getPrincipal()).password, upt.getPassword())) + throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); return conn; } - @Override + public Connector getConnector(InstanceTokenWrapper token) throws AccumuloException, AccumuloSecurityException { + return getConnector(token.getToken()); + } + /** + * @deprecated @since 1.5, use {@link #getConnector(AccumuloToken)} + * @Override + */ public Connector getConnector(String user, ByteBuffer pass) throws AccumuloException, AccumuloSecurityException { return getConnector(user, ByteBufferUtil.toBytes(pass)); } - @Override + /** + * @deprecated @since 1.5, use {@link #getConnector(AccumuloToken)} + * @Override + */ public Connector getConnector(String user, CharSequence pass) throws AccumuloException, AccumuloSecurityException { return getConnector(user, TextUtil.getBytes(new Text(pass.toString()))); } @@ -146,8 +169,11 @@ public class MockInstance implements Ins this.conf = conf; } - @Override + /** + * @deprecated @since 1.5, use {@link #getConnector(AccumuloToken)} + * @Override + */ public Connector getConnector(AuthInfo auth) throws AccumuloException, AccumuloSecurityException { - return getConnector(auth.user, auth.password); + return getConnector(UserPassToken.convertAuthInfo(auth)); } } Modified: accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockSecurityOperations.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockSecurityOperations.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockSecurityOperations.java (original) +++ accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/client/mock/MockSecurityOperations.java Wed Jan 23 18:05:10 2013 @@ -27,6 +27,9 @@ import org.apache.accumulo.core.security import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; +import org.apache.accumulo.core.security.tokens.AccumuloToken; +import org.apache.accumulo.core.security.tokens.UserPassToken; +import org.apache.accumulo.core.util.ByteBufferUtil; public class MockSecurityOperations implements SecurityOperations { @@ -37,19 +40,40 @@ public class MockSecurityOperations impl } /** - * @deprecated Use {@link #createUser(String,byte[])} instead + * @deprecated Use {@link #createUser(AccumuloToken)} instead */ @Override public void createUser(String user, byte[] password, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException { - this.acu.users.put(user, new MockUser(user, password, authorizations)); + createUser(new UserPassToken(user, password), authorizations); } - - @Override + + /** + * @deprecated @since 1.5, use {@link #createUser(AccumuloToken)} + * @param user + * @param password + * @throws AccumuloException + * @throws AccumuloSecurityException + */ public void createUser(String user, byte[] password) throws AccumuloException, AccumuloSecurityException { createUser(user, password, new Authorizations()); } @Override + public void createUser(AccumuloToken<?,?> token, Authorizations authorization) throws AccumuloException, AccumuloSecurityException { + if (token instanceof UserPassToken) { + UserPassToken upt = (UserPassToken) token; + this.acu.users.put(upt.getPrincipal(), new MockUser(upt.getPrincipal(), upt.getPassword(), authorization)); + } + else + throw new AccumuloSecurityException(token.getPrincipal(), SecurityErrorCode.INVALID_TOKEN); + } + + @Override + public void createUser(AccumuloToken<?,?> token) throws AccumuloException, AccumuloSecurityException { + createUser(token, new Authorizations()); + } + + @Override public void dropUser(String user) throws AccumuloException, AccumuloSecurityException { this.acu.users.remove(user); } @@ -62,13 +86,27 @@ public class MockSecurityOperations impl return Arrays.equals(user.password, password); } + /** + * @deprecated @since 1.5, use {@link #changeUserPassword(AccumuloToken)} + */ @Override public void changeUserPassword(String name, byte[] password) throws AccumuloException, AccumuloSecurityException { - MockUser user = acu.users.get(name); - if (user != null) - user.password = Arrays.copyOf(password, password.length); + changeUserPassword(new UserPassToken(name, password)); + } + + @Override + public void changeUserPassword(AccumuloToken<?,?> token) throws AccumuloException, AccumuloSecurityException { + MockUser user = acu.users.get(token.getPrincipal()); + if (user != null){ + if (token instanceof UserPassToken) { + UserPassToken upt = (UserPassToken) token; + // want to copy the password + user.password = ByteBufferUtil.toBytes(upt.password); + } + else throw new AccumuloSecurityException(token.getPrincipal(), SecurityErrorCode.INVALID_TOKEN); + } else - throw new AccumuloSecurityException(name, SecurityErrorCode.USER_DOESNT_EXIST); + throw new AccumuloSecurityException(token.getPrincipal(), SecurityErrorCode.USER_DOESNT_EXIST); } @Override Modified: accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/gc/thrift/GCMonitorService.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/gc/thrift/GCMonitorService.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/gc/thrift/GCMonitorService.java (original) +++ accumulo/branches/ACCUMULO-259/core/src/main/java/org/apache/accumulo/core/gc/thrift/GCMonitorService.java Wed Jan 23 18:05:10 2013 @@ -50,13 +50,13 @@ import org.slf4j.LoggerFactory; public interface Iface { - public GCStatus getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials) throws org.apache.accumulo.core.security.thrift.ThriftSecurityException, org.apache.thrift.TException; + public GCStatus getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials) throws org.apache.accumulo.core.security.thrift.ThriftSecurityException, org.apache.thrift.TException; } public interface AsyncIface { - public void getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.getStatus_call> resultHandler) throws org.apache.thrift.TException; + public void getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials, org.apache.thrift.async.AsyncMethodCallback<AsyncClient.getStatus_call> resultHandler) throws org.apache.thrift.TException; } @@ -80,13 +80,13 @@ import org.slf4j.LoggerFactory; super(iprot, oprot); } - public GCStatus getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials) throws org.apache.accumulo.core.security.thrift.ThriftSecurityException, org.apache.thrift.TException + public GCStatus getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials) throws org.apache.accumulo.core.security.thrift.ThriftSecurityException, org.apache.thrift.TException { send_getStatus(tinfo, credentials); return recv_getStatus(); } - public void send_getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials) throws org.apache.thrift.TException + public void send_getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials) throws org.apache.thrift.TException { getStatus_args args = new getStatus_args(); args.setTinfo(tinfo); @@ -125,7 +125,7 @@ import org.slf4j.LoggerFactory; super(protocolFactory, clientManager, transport); } - public void getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials, org.apache.thrift.async.AsyncMethodCallback<getStatus_call> resultHandler) throws org.apache.thrift.TException { + public void getStatus(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials, org.apache.thrift.async.AsyncMethodCallback<getStatus_call> resultHandler) throws org.apache.thrift.TException { checkReady(); getStatus_call method_call = new getStatus_call(tinfo, credentials, resultHandler, this, ___protocolFactory, ___transport); this.___currentMethod = method_call; @@ -134,8 +134,8 @@ import org.slf4j.LoggerFactory; public static class getStatus_call extends org.apache.thrift.async.TAsyncMethodCall { private org.apache.accumulo.cloudtrace.thrift.TInfo tinfo; - private org.apache.accumulo.core.security.thrift.AuthInfo credentials; - public getStatus_call(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.AuthInfo credentials, org.apache.thrift.async.AsyncMethodCallback<getStatus_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException { + private org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials; + public getStatus_call(org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials, org.apache.thrift.async.AsyncMethodCallback<getStatus_call> resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException { super(client, protocolFactory, transport, resultHandler, false); this.tinfo = tinfo; this.credentials = credentials; @@ -216,7 +216,7 @@ import org.slf4j.LoggerFactory; } public org.apache.accumulo.cloudtrace.thrift.TInfo tinfo; // required - public org.apache.accumulo.core.security.thrift.AuthInfo credentials; // required + public org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ @SuppressWarnings("all") public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -286,7 +286,7 @@ import org.slf4j.LoggerFactory; tmpMap.put(_Fields.TINFO, new org.apache.thrift.meta_data.FieldMetaData("tinfo", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.accumulo.cloudtrace.thrift.TInfo.class))); tmpMap.put(_Fields.CREDENTIALS, new org.apache.thrift.meta_data.FieldMetaData("credentials", org.apache.thrift.TFieldRequirementType.DEFAULT, - new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.accumulo.core.security.thrift.AuthInfo.class))); + new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper.class))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(getStatus_args.class, metaDataMap); } @@ -296,7 +296,7 @@ import org.slf4j.LoggerFactory; public getStatus_args( org.apache.accumulo.cloudtrace.thrift.TInfo tinfo, - org.apache.accumulo.core.security.thrift.AuthInfo credentials) + org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials) { this(); this.tinfo = tinfo; @@ -311,7 +311,7 @@ import org.slf4j.LoggerFactory; this.tinfo = new org.apache.accumulo.cloudtrace.thrift.TInfo(other.tinfo); } if (other.isSetCredentials()) { - this.credentials = new org.apache.accumulo.core.security.thrift.AuthInfo(other.credentials); + this.credentials = new org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper(other.credentials); } } @@ -349,11 +349,11 @@ import org.slf4j.LoggerFactory; } } - public org.apache.accumulo.core.security.thrift.AuthInfo getCredentials() { + public org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper getCredentials() { return this.credentials; } - public getStatus_args setCredentials(org.apache.accumulo.core.security.thrift.AuthInfo credentials) { + public getStatus_args setCredentials(org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper credentials) { this.credentials = credentials; return this; } @@ -387,7 +387,7 @@ import org.slf4j.LoggerFactory; if (value == null) { unsetCredentials(); } else { - setCredentials((org.apache.accumulo.core.security.thrift.AuthInfo)value); + setCredentials((org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper)value); } break; @@ -583,7 +583,7 @@ import org.slf4j.LoggerFactory; break; case 1: // CREDENTIALS if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { - struct.credentials = new org.apache.accumulo.core.security.thrift.AuthInfo(); + struct.credentials = new org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper(); struct.credentials.read(iprot); struct.setCredentialsIsSet(true); } else { @@ -658,7 +658,7 @@ import org.slf4j.LoggerFactory; struct.setTinfoIsSet(true); } if (incoming.get(1)) { - struct.credentials = new org.apache.accumulo.core.security.thrift.AuthInfo(); + struct.credentials = new org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper(); struct.credentials.read(iprot); struct.setCredentialsIsSet(true); }