Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java Sun Feb 24 12:30:11 2013 @@ -24,9 +24,9 @@ import java.nio.ByteBuffer; import java.nio.charset.Charset; import org.apache.accumulo.core.client.AccumuloSecurityException; -import org.apache.accumulo.core.security.thrift.Credential; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.thrift.TCredentials; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.output.ByteArrayOutputStream; import org.apache.log4j.Logger; @@ -37,30 +37,16 @@ import org.apache.thrift.TSerializer; public class CredentialHelper { static Logger log = Logger.getLogger(CredentialHelper.class); - /** - * @param principal - * @param token - * @param instanceID - * @return A proper Credential object which can be deserialized by the server - */ - public static Credential create(String principal, SecurityToken token, String instanceID) throws AccumuloSecurityException { - String className = token.getClass().getCanonicalName(); - return new Credential(principal, className, ByteBuffer.wrap(toBytes(token)), instanceID); - } - - /** - * @param cred - * @return A serialized Credential as a Base64 encoded String - */ - public static String asBase64String(Credential cred) throws AccumuloSecurityException { + public static TCredentials create(String principal, AuthenticationToken token, String instanceID) throws AccumuloSecurityException { + String className = token.getClass().getName(); + return new TCredentials(principal, className, ByteBuffer.wrap(toBytes(token)), instanceID); + } + + public static String asBase64String(TCredentials cred) throws AccumuloSecurityException { return new String(Base64.encodeBase64(asByteArray(cred)), Charset.forName("UTF-8")); } - /** - * @param cred - * @return a serialized Credential - */ - public static byte[] asByteArray(Credential cred) throws AccumuloSecurityException { + public static byte[] asByteArray(TCredentials cred) throws AccumuloSecurityException { TSerializer ts = new TSerializer(); try { return ts.serialize(cred); @@ -71,22 +57,14 @@ public class CredentialHelper { } } - /** - * @param string - * @return - */ - public static Credential fromBase64String(String string) throws AccumuloSecurityException { + public static TCredentials fromBase64String(String string) throws AccumuloSecurityException { return fromByteArray(Base64.decodeBase64(string.getBytes(Charset.forName("UTF-8")))); } - /** - * @param decodeBase64 - * @return - */ - private static Credential fromByteArray(byte[] decodeBase64) throws AccumuloSecurityException { + private static TCredentials fromByteArray(byte[] decodeBase64) throws AccumuloSecurityException { TDeserializer td = new TDeserializer(); try { - Credential toRet = new Credential(); + TCredentials toRet = new TCredentials(); td.deserialize(toRet, decodeBase64); return toRet; } catch (TException e) { @@ -96,23 +74,11 @@ public class CredentialHelper { } } - /** - * @param toAuth - * @return - * @throws AccumuloSecurityException - */ - public static SecurityToken extractToken(Credential toAuth) throws AccumuloSecurityException { - return extractToken(toAuth.tokenClass, toAuth.getToken()); - } - - /** - * @param systemPrincipal - * @param systemToken - * @param instanceID - * @param b - * @return - */ - public static Credential createSquelchError(String principal, SecurityToken token, String instanceID) { + public static AuthenticationToken extractToken(TCredentials toAuth) throws AccumuloSecurityException { + return extractToken(toAuth.tokenClassName, toAuth.getToken()); + } + + public static TCredentials createSquelchError(String principal, AuthenticationToken token, String instanceID) { try { return create(principal, token, instanceID); } catch (AccumuloSecurityException e) { @@ -121,21 +87,11 @@ public class CredentialHelper { } } - /** - * @param token - * @return - * @throws AccumuloSecurityException - */ - public static String tokenAsBase64(SecurityToken token) throws AccumuloSecurityException { + public static String tokenAsBase64(AuthenticationToken token) throws AccumuloSecurityException { return new String(Base64.encodeBase64(toBytes(token)), Charset.forName("UTF-8")); } - /** - * @param token - * @return - * @throws AccumuloSecurityException - */ - private static byte[] toBytes(SecurityToken token) throws AccumuloSecurityException { + private static byte[] toBytes(AuthenticationToken token) throws AccumuloSecurityException { try { ByteArrayOutputStream bais = new ByteArrayOutputStream(); token.write(new DataOutputStream(bais)); @@ -148,18 +104,12 @@ public class CredentialHelper { } } - - /** - * @param tokenClass - * @param token - * @return - * @throws AccumuloSecurityException - */ - public static SecurityToken extractToken(String tokenClass, byte[] token) throws AccumuloSecurityException { + + public static AuthenticationToken extractToken(String tokenClass, byte[] token) throws AccumuloSecurityException { try { Object obj = Class.forName(tokenClass).newInstance(); - if (obj instanceof SecurityToken) { - SecurityToken toRet = (SecurityToken) obj; + if (obj instanceof AuthenticationToken) { + AuthenticationToken toRet = (AuthenticationToken) obj; toRet.readFields(new DataInputStream(new ByteArrayInputStream(token))); return toRet; }
Added: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/Credentials.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/Credentials.java?rev=1449467&view=auto ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/Credentials.java (added) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/Credentials.java Sun Feb 24 12:30:11 2013 @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.accumulo.core.security; + +import org.apache.accumulo.core.client.Connector; +import org.apache.accumulo.core.client.Instance; +import org.apache.accumulo.core.security.thrift.TCredentials; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; + +/** + * A wrapper for internal use. This class carries the instance, principal, and authentication token for use in the public API, in a non-serialized form. This is + * important, so that the authentication token carried in a {@link Connector} can be destroyed, invalidating future RPC operations from that {@link Connector}. + */ +public class Credentials { + + private Instance instance; + private String principal; + private AuthenticationToken token; + + public Credentials(Instance instance, String principal, AuthenticationToken token) { + this.instance = instance; + this.principal = principal; + this.token = token; + } + + public TCredentials toThrift() { + return CredentialHelper.createSquelchError(principal, token, instance.getInstanceID()); + } + +} Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java Sun Feb 24 12:30:11 2013 @@ -19,8 +19,8 @@ package org.apache.accumulo.core.securit import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; public interface Authenticator { - public SecurityToken login(Properties properties) throws AccumuloSecurityException; + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException; } Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java Sun Feb 24 12:30:11 2013 @@ -20,7 +20,7 @@ import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.security.tokens.NullToken; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; /** * @@ -28,7 +28,7 @@ import org.apache.accumulo.core.security public class InsecureAuthenticator implements Authenticator { @Override - public SecurityToken login(Properties properties) throws AccumuloSecurityException { + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException { return new NullToken(); } Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java Sun Feb 24 12:30:11 2013 @@ -16,13 +16,12 @@ */ package org.apache.accumulo.core.security.handler; -import java.nio.charset.Charset; import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; import org.apache.accumulo.core.security.tokens.PasswordToken; -import org.apache.accumulo.core.security.tokens.SecurityToken; /** * @@ -30,9 +29,9 @@ import org.apache.accumulo.core.security public class ZKAuthenticator implements Authenticator { @Override - public SecurityToken login(Properties properties) throws AccumuloSecurityException{ + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException { if (properties.containsKey("password")) - return new PasswordToken().setPassword(properties.getProperty("password").getBytes(Charset.forName("UTF-8"))); + return new PasswordToken(properties.getProperty("password")); throw new AccumuloSecurityException(properties.getProperty("user"), SecurityErrorCode.INSUFFICIENT_PROPERTIES); } } Added: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/thrift/TCredentials.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/thrift/TCredentials.java?rev=1449467&view=auto ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/thrift/TCredentials.java (added) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/thrift/TCredentials.java Sun Feb 24 12:30:11 2013 @@ -0,0 +1,713 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * Autogenerated by Thrift Compiler (0.9.0) + * + * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING + * @generated + */ +package org.apache.accumulo.core.security.thrift; + +import org.apache.thrift.scheme.IScheme; +import org.apache.thrift.scheme.SchemeFactory; +import org.apache.thrift.scheme.StandardScheme; + +import org.apache.thrift.scheme.TupleScheme; +import org.apache.thrift.protocol.TTupleProtocol; +import org.apache.thrift.protocol.TProtocolException; +import org.apache.thrift.EncodingUtils; +import org.apache.thrift.TException; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.HashMap; +import java.util.EnumMap; +import java.util.Set; +import java.util.HashSet; +import java.util.EnumSet; +import java.util.Collections; +import java.util.BitSet; +import java.nio.ByteBuffer; +import java.util.Arrays; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@SuppressWarnings("all") public class TCredentials implements org.apache.thrift.TBase<TCredentials, TCredentials._Fields>, java.io.Serializable, Cloneable { + private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TCredentials"); + + private static final org.apache.thrift.protocol.TField PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("principal", org.apache.thrift.protocol.TType.STRING, (short)1); + private static final org.apache.thrift.protocol.TField TOKEN_CLASS_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("tokenClassName", org.apache.thrift.protocol.TType.STRING, (short)2); + private static final org.apache.thrift.protocol.TField TOKEN_FIELD_DESC = new org.apache.thrift.protocol.TField("token", org.apache.thrift.protocol.TType.STRING, (short)3); + private static final org.apache.thrift.protocol.TField INSTANCE_ID_FIELD_DESC = new org.apache.thrift.protocol.TField("instanceId", org.apache.thrift.protocol.TType.STRING, (short)4); + + private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); + static { + schemes.put(StandardScheme.class, new TCredentialsStandardSchemeFactory()); + schemes.put(TupleScheme.class, new TCredentialsTupleSchemeFactory()); + } + + public String principal; // required + public String tokenClassName; // required + public ByteBuffer token; // required + public String instanceId; // required + + /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ + @SuppressWarnings("all") public enum _Fields implements org.apache.thrift.TFieldIdEnum { + PRINCIPAL((short)1, "principal"), + TOKEN_CLASS_NAME((short)2, "tokenClassName"), + TOKEN((short)3, "token"), + INSTANCE_ID((short)4, "instanceId"); + + private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); + + static { + for (_Fields field : EnumSet.allOf(_Fields.class)) { + byName.put(field.getFieldName(), field); + } + } + + /** + * Find the _Fields constant that matches fieldId, or null if its not found. + */ + public static _Fields findByThriftId(int fieldId) { + switch(fieldId) { + case 1: // PRINCIPAL + return PRINCIPAL; + case 2: // TOKEN_CLASS_NAME + return TOKEN_CLASS_NAME; + case 3: // TOKEN + return TOKEN; + case 4: // INSTANCE_ID + return INSTANCE_ID; + default: + return null; + } + } + + /** + * Find the _Fields constant that matches fieldId, throwing an exception + * if it is not found. + */ + public static _Fields findByThriftIdOrThrow(int fieldId) { + _Fields fields = findByThriftId(fieldId); + if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); + return fields; + } + + /** + * Find the _Fields constant that matches name, or null if its not found. + */ + public static _Fields findByName(String name) { + return byName.get(name); + } + + private final short _thriftId; + private final String _fieldName; + + _Fields(short thriftId, String fieldName) { + _thriftId = thriftId; + _fieldName = fieldName; + } + + public short getThriftFieldId() { + return _thriftId; + } + + public String getFieldName() { + return _fieldName; + } + } + + // isset id assignments + public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; + static { + Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); + tmpMap.put(_Fields.PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("principal", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.TOKEN_CLASS_NAME, new org.apache.thrift.meta_data.FieldMetaData("tokenClassName", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.TOKEN, new org.apache.thrift.meta_data.FieldMetaData("token", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING , true))); + tmpMap.put(_Fields.INSTANCE_ID, new org.apache.thrift.meta_data.FieldMetaData("instanceId", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + metaDataMap = Collections.unmodifiableMap(tmpMap); + org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TCredentials.class, metaDataMap); + } + + public TCredentials() { + } + + public TCredentials( + String principal, + String tokenClassName, + ByteBuffer token, + String instanceId) + { + this(); + this.principal = principal; + this.tokenClassName = tokenClassName; + this.token = token; + this.instanceId = instanceId; + } + + /** + * Performs a deep copy on <i>other</i>. + */ + public TCredentials(TCredentials other) { + if (other.isSetPrincipal()) { + this.principal = other.principal; + } + if (other.isSetTokenClassName()) { + this.tokenClassName = other.tokenClassName; + } + if (other.isSetToken()) { + this.token = org.apache.thrift.TBaseHelper.copyBinary(other.token); +; + } + if (other.isSetInstanceId()) { + this.instanceId = other.instanceId; + } + } + + public TCredentials deepCopy() { + return new TCredentials(this); + } + + @Override + public void clear() { + this.principal = null; + this.tokenClassName = null; + this.token = null; + this.instanceId = null; + } + + public String getPrincipal() { + return this.principal; + } + + public TCredentials setPrincipal(String principal) { + this.principal = principal; + return this; + } + + public void unsetPrincipal() { + this.principal = null; + } + + /** Returns true if field principal is set (has been assigned a value) and false otherwise */ + public boolean isSetPrincipal() { + return this.principal != null; + } + + public void setPrincipalIsSet(boolean value) { + if (!value) { + this.principal = null; + } + } + + public String getTokenClassName() { + return this.tokenClassName; + } + + public TCredentials setTokenClassName(String tokenClassName) { + this.tokenClassName = tokenClassName; + return this; + } + + public void unsetTokenClassName() { + this.tokenClassName = null; + } + + /** Returns true if field tokenClassName is set (has been assigned a value) and false otherwise */ + public boolean isSetTokenClassName() { + return this.tokenClassName != null; + } + + public void setTokenClassNameIsSet(boolean value) { + if (!value) { + this.tokenClassName = null; + } + } + + public byte[] getToken() { + setToken(org.apache.thrift.TBaseHelper.rightSize(token)); + return token == null ? null : token.array(); + } + + public ByteBuffer bufferForToken() { + return token; + } + + public TCredentials setToken(byte[] token) { + setToken(token == null ? (ByteBuffer)null : ByteBuffer.wrap(token)); + return this; + } + + public TCredentials setToken(ByteBuffer token) { + this.token = token; + return this; + } + + public void unsetToken() { + this.token = null; + } + + /** Returns true if field token is set (has been assigned a value) and false otherwise */ + public boolean isSetToken() { + return this.token != null; + } + + public void setTokenIsSet(boolean value) { + if (!value) { + this.token = null; + } + } + + public String getInstanceId() { + return this.instanceId; + } + + public TCredentials setInstanceId(String instanceId) { + this.instanceId = instanceId; + return this; + } + + public void unsetInstanceId() { + this.instanceId = null; + } + + /** Returns true if field instanceId is set (has been assigned a value) and false otherwise */ + public boolean isSetInstanceId() { + return this.instanceId != null; + } + + public void setInstanceIdIsSet(boolean value) { + if (!value) { + this.instanceId = null; + } + } + + public void setFieldValue(_Fields field, Object value) { + switch (field) { + case PRINCIPAL: + if (value == null) { + unsetPrincipal(); + } else { + setPrincipal((String)value); + } + break; + + case TOKEN_CLASS_NAME: + if (value == null) { + unsetTokenClassName(); + } else { + setTokenClassName((String)value); + } + break; + + case TOKEN: + if (value == null) { + unsetToken(); + } else { + setToken((ByteBuffer)value); + } + break; + + case INSTANCE_ID: + if (value == null) { + unsetInstanceId(); + } else { + setInstanceId((String)value); + } + break; + + } + } + + public Object getFieldValue(_Fields field) { + switch (field) { + case PRINCIPAL: + return getPrincipal(); + + case TOKEN_CLASS_NAME: + return getTokenClassName(); + + case TOKEN: + return getToken(); + + case INSTANCE_ID: + return getInstanceId(); + + } + throw new IllegalStateException(); + } + + /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ + public boolean isSet(_Fields field) { + if (field == null) { + throw new IllegalArgumentException(); + } + + switch (field) { + case PRINCIPAL: + return isSetPrincipal(); + case TOKEN_CLASS_NAME: + return isSetTokenClassName(); + case TOKEN: + return isSetToken(); + case INSTANCE_ID: + return isSetInstanceId(); + } + throw new IllegalStateException(); + } + + @Override + public boolean equals(Object that) { + if (that == null) + return false; + if (that instanceof TCredentials) + return this.equals((TCredentials)that); + return false; + } + + public boolean equals(TCredentials that) { + if (that == null) + return false; + + boolean this_present_principal = true && this.isSetPrincipal(); + boolean that_present_principal = true && that.isSetPrincipal(); + if (this_present_principal || that_present_principal) { + if (!(this_present_principal && that_present_principal)) + return false; + if (!this.principal.equals(that.principal)) + return false; + } + + boolean this_present_tokenClassName = true && this.isSetTokenClassName(); + boolean that_present_tokenClassName = true && that.isSetTokenClassName(); + if (this_present_tokenClassName || that_present_tokenClassName) { + if (!(this_present_tokenClassName && that_present_tokenClassName)) + return false; + if (!this.tokenClassName.equals(that.tokenClassName)) + return false; + } + + boolean this_present_token = true && this.isSetToken(); + boolean that_present_token = true && that.isSetToken(); + if (this_present_token || that_present_token) { + if (!(this_present_token && that_present_token)) + return false; + if (!this.token.equals(that.token)) + return false; + } + + boolean this_present_instanceId = true && this.isSetInstanceId(); + boolean that_present_instanceId = true && that.isSetInstanceId(); + if (this_present_instanceId || that_present_instanceId) { + if (!(this_present_instanceId && that_present_instanceId)) + return false; + if (!this.instanceId.equals(that.instanceId)) + return false; + } + + return true; + } + + @Override + public int hashCode() { + return 0; + } + + public int compareTo(TCredentials other) { + if (!getClass().equals(other.getClass())) { + return getClass().getName().compareTo(other.getClass().getName()); + } + + int lastComparison = 0; + TCredentials typedOther = (TCredentials)other; + + lastComparison = Boolean.valueOf(isSetPrincipal()).compareTo(typedOther.isSetPrincipal()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetPrincipal()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.principal, typedOther.principal); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetTokenClassName()).compareTo(typedOther.isSetTokenClassName()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetTokenClassName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.tokenClassName, typedOther.tokenClassName); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetToken()).compareTo(typedOther.isSetToken()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetToken()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.token, typedOther.token); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetInstanceId()).compareTo(typedOther.isSetInstanceId()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetInstanceId()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.instanceId, typedOther.instanceId); + if (lastComparison != 0) { + return lastComparison; + } + } + return 0; + } + + public _Fields fieldForId(int fieldId) { + return _Fields.findByThriftId(fieldId); + } + + public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException { + schemes.get(iprot.getScheme()).getScheme().read(iprot, this); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException { + schemes.get(oprot.getScheme()).getScheme().write(oprot, this); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("TCredentials("); + boolean first = true; + + sb.append("principal:"); + if (this.principal == null) { + sb.append("null"); + } else { + sb.append(this.principal); + } + first = false; + if (!first) sb.append(", "); + sb.append("tokenClassName:"); + if (this.tokenClassName == null) { + sb.append("null"); + } else { + sb.append(this.tokenClassName); + } + first = false; + if (!first) sb.append(", "); + sb.append("token:"); + if (this.token == null) { + sb.append("null"); + } else { + org.apache.thrift.TBaseHelper.toString(this.token, sb); + } + first = false; + if (!first) sb.append(", "); + sb.append("instanceId:"); + if (this.instanceId == null) { + sb.append("null"); + } else { + sb.append(this.instanceId); + } + first = false; + sb.append(")"); + return sb.toString(); + } + + public void validate() throws org.apache.thrift.TException { + // check for required fields + // check for sub-struct validity + } + + private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException { + try { + write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException { + try { + read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private static class TCredentialsStandardSchemeFactory implements SchemeFactory { + public TCredentialsStandardScheme getScheme() { + return new TCredentialsStandardScheme(); + } + } + + private static class TCredentialsStandardScheme extends StandardScheme<TCredentials> { + + public void read(org.apache.thrift.protocol.TProtocol iprot, TCredentials struct) throws org.apache.thrift.TException { + org.apache.thrift.protocol.TField schemeField; + iprot.readStructBegin(); + while (true) + { + schemeField = iprot.readFieldBegin(); + if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { + break; + } + switch (schemeField.id) { + case 1: // PRINCIPAL + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.principal = iprot.readString(); + struct.setPrincipalIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 2: // TOKEN_CLASS_NAME + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.tokenClassName = iprot.readString(); + struct.setTokenClassNameIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 3: // TOKEN + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.token = iprot.readBinary(); + struct.setTokenIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 4: // INSTANCE_ID + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.instanceId = iprot.readString(); + struct.setInstanceIdIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + default: + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + iprot.readFieldEnd(); + } + iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method + struct.validate(); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot, TCredentials struct) throws org.apache.thrift.TException { + struct.validate(); + + oprot.writeStructBegin(STRUCT_DESC); + if (struct.principal != null) { + oprot.writeFieldBegin(PRINCIPAL_FIELD_DESC); + oprot.writeString(struct.principal); + oprot.writeFieldEnd(); + } + if (struct.tokenClassName != null) { + oprot.writeFieldBegin(TOKEN_CLASS_NAME_FIELD_DESC); + oprot.writeString(struct.tokenClassName); + oprot.writeFieldEnd(); + } + if (struct.token != null) { + oprot.writeFieldBegin(TOKEN_FIELD_DESC); + oprot.writeBinary(struct.token); + oprot.writeFieldEnd(); + } + if (struct.instanceId != null) { + oprot.writeFieldBegin(INSTANCE_ID_FIELD_DESC); + oprot.writeString(struct.instanceId); + oprot.writeFieldEnd(); + } + oprot.writeFieldStop(); + oprot.writeStructEnd(); + } + + } + + private static class TCredentialsTupleSchemeFactory implements SchemeFactory { + public TCredentialsTupleScheme getScheme() { + return new TCredentialsTupleScheme(); + } + } + + private static class TCredentialsTupleScheme extends TupleScheme<TCredentials> { + + @Override + public void write(org.apache.thrift.protocol.TProtocol prot, TCredentials struct) throws org.apache.thrift.TException { + TTupleProtocol oprot = (TTupleProtocol) prot; + BitSet optionals = new BitSet(); + if (struct.isSetPrincipal()) { + optionals.set(0); + } + if (struct.isSetTokenClassName()) { + optionals.set(1); + } + if (struct.isSetToken()) { + optionals.set(2); + } + if (struct.isSetInstanceId()) { + optionals.set(3); + } + oprot.writeBitSet(optionals, 4); + if (struct.isSetPrincipal()) { + oprot.writeString(struct.principal); + } + if (struct.isSetTokenClassName()) { + oprot.writeString(struct.tokenClassName); + } + if (struct.isSetToken()) { + oprot.writeBinary(struct.token); + } + if (struct.isSetInstanceId()) { + oprot.writeString(struct.instanceId); + } + } + + @Override + public void read(org.apache.thrift.protocol.TProtocol prot, TCredentials struct) throws org.apache.thrift.TException { + TTupleProtocol iprot = (TTupleProtocol) prot; + BitSet incoming = iprot.readBitSet(4); + if (incoming.get(0)) { + struct.principal = iprot.readString(); + struct.setPrincipalIsSet(true); + } + if (incoming.get(1)) { + struct.tokenClassName = iprot.readString(); + struct.setTokenClassNameIsSet(true); + } + if (incoming.get(2)) { + struct.token = iprot.readBinary(); + struct.setTokenIsSet(true); + } + if (incoming.get(3)) { + struct.instanceId = iprot.readString(); + struct.setInstanceIdIsSet(true); + } + } + } + +} + Copied: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/AuthenticationToken.java (from r1449466, accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java) URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/AuthenticationToken.java?p2=accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/AuthenticationToken.java&p1=accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java&r1=1449466&r2=1449467&rev=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/AuthenticationToken.java Sun Feb 24 12:30:11 2013 @@ -20,6 +20,6 @@ import javax.security.auth.Destroyable; import org.apache.hadoop.io.Writable; -public interface SecurityToken extends Writable, Destroyable, Cloneable { - public SecurityToken clone(); +public interface AuthenticationToken extends Writable, Destroyable, Cloneable { + public AuthenticationToken clone(); } Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java Sun Feb 24 12:30:11 2013 @@ -25,7 +25,7 @@ import javax.security.auth.DestroyFailed /** * */ -public class NullToken implements SecurityToken { +public class NullToken implements AuthenticationToken { @Override public void readFields(DataInput arg0) throws IOException { Modified: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java?rev=1449467&r1=1449466&r2=1449467&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java (original) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java Sun Feb 24 12:30:11 2013 @@ -19,24 +19,54 @@ package org.apache.accumulo.core.securit import java.io.DataInput; import java.io.DataOutput; import java.io.IOException; +import java.nio.ByteBuffer; import java.util.Arrays; import javax.security.auth.DestroyFailedException; +import org.apache.accumulo.core.Constants; +import org.apache.accumulo.core.util.ByteBufferUtil; +import org.apache.hadoop.io.Writable; import org.apache.hadoop.io.WritableUtils; -public class PasswordToken implements SecurityToken { +public class PasswordToken implements AuthenticationToken { private byte[] password = null; public byte[] getPassword() { return password; } - - public PasswordToken setPassword(byte[] password) { - this.password = password; - return this; + + /** + * Constructor for use with {@link Writable}. Call {@link #readFields(DataInput)}. + */ + public PasswordToken() {} + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + * + * Password tokens created with this constructor will store the password as UTF-8 bytes. + */ + public PasswordToken(CharSequence password) { + this.password = password.toString().getBytes(Constants.UTF8); } - + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + */ + public PasswordToken(byte[] password) { + this.password = Arrays.copyOf(password, password.length); + } + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + */ + public PasswordToken(ByteBuffer password) { + this.password = ByteBufferUtil.toBytes(password); + } + @Override public void readFields(DataInput arg0) throws IOException { password = WritableUtils.readCompressedByteArray(arg0); @@ -46,23 +76,23 @@ public class PasswordToken implements Se public void write(DataOutput arg0) throws IOException { WritableUtils.writeCompressedByteArray(arg0, password); } - + @Override public void destroy() throws DestroyFailedException { - Arrays.fill(password, (byte)0x00); + Arrays.fill(password, (byte) 0x00); password = null; } - + @Override public boolean isDestroyed() { - return password==null; + return password == null; } - + @Override public int hashCode() { return Arrays.hashCode(password); } - + @Override public boolean equals(Object obj) { if (this == obj) @@ -72,12 +102,11 @@ public class PasswordToken implements Se if (!(obj instanceof PasswordToken)) return false; PasswordToken other = (PasswordToken) obj; - if (!Arrays.equals(password, other.password)) - return false; - return true; + return Arrays.equals(password, other.password); } + @Override public PasswordToken clone() { - return new PasswordToken().setPassword(Arrays.copyOf(password, password.length)); + return new PasswordToken(password); } } Added: accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SystemToken.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SystemToken.java?rev=1449467&view=auto ============================================================================== --- accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SystemToken.java (added) +++ accumulo/branches/ACCUMULO-259-polishing/core/src/main/java/org/apache/accumulo/core/security/tokens/SystemToken.java Sun Feb 24 12:30:11 2013 @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.accumulo.core.security.tokens; + +/** + * + */ +public class SystemToken extends PasswordToken { + + public SystemToken(byte[] systemPassword) { + super(systemPassword); + } +}