Author: ecn Date: Wed May 8 13:49:07 2013 New Revision: 1480275 URL: http://svn.apache.org/r1480275 Log: ACCUMULO-1373 applied Corey's patch
Modified: accumulo/trunk/ (props changed) accumulo/trunk/assemble/ (props changed) accumulo/trunk/core/ (props changed) accumulo/trunk/examples/ (props changed) accumulo/trunk/fate/src/main/java/org/apache/accumulo/fate/ZooStore.java (props changed) accumulo/trunk/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooSession.java (props changed) accumulo/trunk/pom.xml (props changed) accumulo/trunk/proxy/README (props changed) accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java accumulo/trunk/server/ (props changed) accumulo/trunk/src/ (props changed) Propchange: accumulo/trunk/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5:r1480274 Propchange: accumulo/trunk/assemble/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/assemble:r1480274 Propchange: accumulo/trunk/core/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/core:r1480274 Propchange: accumulo/trunk/examples/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/examples:r1480274 Propchange: accumulo/trunk/fate/src/main/java/org/apache/accumulo/fate/ZooStore.java ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/fate/src/main/java/org/apache/accumulo/fate/ZooStore.java:r1480274 Propchange: accumulo/trunk/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooSession.java ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooSession.java:r1480274 Propchange: accumulo/trunk/pom.xml ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/pom.xml:r1480274 Propchange: accumulo/trunk/proxy/README ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/proxy/README:r1480274 Modified: accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java?rev=1480275&r1=1480274&r2=1480275&view=diff ============================================================================== --- accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java (original) +++ accumulo/trunk/proxy/src/main/java/org/apache/accumulo/proxy/ProxyServer.java Wed May 8 13:49:07 2013 @@ -1454,7 +1454,9 @@ public class ProxyServer implements Accu try { AuthenticationToken token = getToken(principal, loginProperties); TCredentials credential = CredentialHelper.create(principal, token, instance.getInstanceID()); - return ByteBuffer.wrap(CredentialHelper.asByteArray(credential)); + ByteBuffer login = ByteBuffer.wrap(CredentialHelper.asByteArray(credential)); + getConnector(login); // check to make sure user exists + return login; } catch (AccumuloSecurityException e) { throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(e.toString()); } catch (Exception e) { Modified: accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java URL: http://svn.apache.org/viewvc/accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java?rev=1480275&r1=1480274&r2=1480275&view=diff ============================================================================== --- accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java (original) +++ accumulo/trunk/proxy/src/test/java/org/apache/accumulo/proxy/SimpleTest.java Wed May 8 13:49:07 2013 @@ -90,6 +90,7 @@ import org.apache.hadoop.fs.FSDataInputS import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.io.Text; +import org.apache.thrift.TException; import org.apache.thrift.protocol.TProtocolFactory; import org.apache.thrift.server.TServer; import org.junit.AfterClass; @@ -165,6 +166,275 @@ public class SimpleTest { } @Test(timeout = 10000) + public void security() throws Exception { + client.createLocalUser(creds, "user", s2bb(secret)); + ByteBuffer badLogin = client.login("user", properties); + client.dropLocalUser(creds, "user"); + String table = "test1"; + client.createTable(creds, table, false, TimeType.MILLIS); + + final IteratorSetting setting = new IteratorSetting(100, "slow", SlowIterator.class.getName(), Collections.singletonMap("sleepTime", "200")); + + try { + client.addConstraint(badLogin, table, NumericValueConstraint.class.getName()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.addSplits(badLogin, table, Collections.singleton(s2bb("1"))); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.clearLocatorCache(badLogin, table); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.compactTable(badLogin, table, null, null, null, true, false); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.cancelCompaction(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.createTable(badLogin, table, false, TimeType.MILLIS); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.deleteTable(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.deleteRows(badLogin, table, null, null); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.tableExists(badLogin, table); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.flushTable(badLogin, table, null, null, false); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getLocalityGroups(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getMaxRow(badLogin, table, Collections.<ByteBuffer> emptySet(), null, false, null, false); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getTableProperties(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.listSplits(badLogin, table, 10000); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.listTables(badLogin); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.listConstraints(badLogin, table); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.mergeTablets(badLogin, table, null, null); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.offlineTable(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.onlineTable(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.removeConstraint(badLogin, table, 0); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.removeTableProperty(badLogin, table, Property.TABLE_FILE_MAX.getKey()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.renameTable(badLogin, table, "someTableName"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + Map<String,Set<String>> groups = new HashMap<String,Set<String>>(); + groups.put("group1", Collections.singleton("cf1")); + groups.put("group2", Collections.singleton("cf2")); + client.setLocalityGroups(badLogin, table, groups); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.setTableProperty(badLogin, table, Property.TABLE_FILE_MAX.getKey(), "0"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.tableIdMap(badLogin); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.getSiteConfiguration(badLogin); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getSystemConfiguration(badLogin); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getTabletServers(badLogin); + fail("exception not thrown"); + } catch (TException ex) {} + try { + client.getActiveScans(badLogin, "fake"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getActiveCompactions(badLogin, "fakse"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.removeProperty(badLogin, "table.split.threshold"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.setProperty(badLogin, "table.split.threshold", "500M"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.testClassLoad(badLogin, DevNull.class.getName(), SortedKeyValueIterator.class.getName()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.authenticateUser(badLogin, "root", s2pp(secret)); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + HashSet<ByteBuffer> auths = new HashSet<ByteBuffer>(Arrays.asList(s2bb("A"), s2bb("B"))); + client.changeUserAuthorizations(badLogin, "stooge", auths); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.changeLocalUserPassword(badLogin, "stooge", s2bb("")); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.createLocalUser(badLogin, "stooge", s2bb("password")); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.dropLocalUser(badLogin, "stooge"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getUserAuthorizations(badLogin, "stooge"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.grantSystemPermission(badLogin, "stooge", SystemPermission.CREATE_TABLE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.grantTablePermission(badLogin, "root", table, TablePermission.WRITE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.hasSystemPermission(badLogin, "stooge", SystemPermission.CREATE_TABLE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.hasTablePermission(badLogin, "root", table, TablePermission.WRITE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.listLocalUsers(badLogin); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.revokeSystemPermission(badLogin, "stooge", SystemPermission.CREATE_TABLE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.revokeTablePermission(badLogin, "root", table, TablePermission.ALTER_TABLE); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.createScanner(badLogin, table, new ScanOptions()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.createBatchScanner(badLogin, table, new BatchScanOptions()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.updateAndFlush(badLogin, table, new HashMap<ByteBuffer,List<ColumnUpdate>>()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.createWriter(badLogin, table, new WriterOptions()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.attachIterator(badLogin, "slow", setting, EnumSet.allOf(IteratorScope.class)); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.checkIteratorConflicts(badLogin, table, setting, EnumSet.allOf(IteratorScope.class)); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.cloneTable(badLogin, table, TABLE_TEST, false, null, null); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.exportTable(badLogin, table, "/tmp"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.importTable(badLogin, "testify", "/tmp"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.getIteratorSetting(badLogin, table, "foo", IteratorScope.SCAN); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.listIterators(badLogin, table); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.removeIterator(badLogin, table, "name", EnumSet.allOf(IteratorScope.class)); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.splitRangeByTablets(badLogin, table, client.getRowRange(ByteBuffer.wrap("row".getBytes())), 10); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + File newFolder = folder.newFolder(); + client.importDirectory(badLogin, table, "/tmp", newFolder.getAbsolutePath(), true); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.pingTabletServer(badLogin, "fake"); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.login("badUser", properties); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + try { + client.testTableClassLoad(badLogin, table, VersioningIterator.class.getName(), SortedKeyValueIterator.class.getName()); + fail("exception not thrown"); + } catch (AccumuloSecurityException ex) {} + } + + @Test(timeout = 10000) public void tableNotFound() throws Exception { final String doesNotExist = "doesNotExists"; try { Propchange: accumulo/trunk/server/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/server:r1480274 Propchange: accumulo/trunk/src/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5/src:r1480274