HDFS-14026. Overload BlockPoolTokenSecretManager.checkAccess to make storageId and storageType optional. Contributed by Arpit Agarwal.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/eb252630 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/eb252630 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/eb252630 Branch: refs/heads/HDFS-13891 Commit: eb2526300ff05a653d428a46555b58b887e1ce31 Parents: b179c48 Author: Ajay Kumar <a...@apache.com> Authored: Wed Oct 24 21:55:42 2018 -0700 Committer: Brahma Reddy Battula <bra...@apache.org> Committed: Tue Oct 30 11:31:17 2018 +0530 ---------------------------------------------------------------------- .../block/BlockPoolTokenSecretManager.java | 20 ++++++++++++++++++++ .../token/block/BlockTokenSecretManager.java | 20 ++++++++++++++++++++ .../security/token/block/TestBlockToken.java | 8 +++++++- 3 files changed, 47 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/eb252630/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java index 4d3915e..bbd3750 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockPoolTokenSecretManager.java @@ -107,6 +107,26 @@ public class BlockPoolTokenSecretManager extends } /** + * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, + * String, ExtendedBlock, BlockTokenIdentifier.AccessMode)}. + */ + public void checkAccess(BlockTokenIdentifier id, String userId, + ExtendedBlock block, AccessMode mode) + throws InvalidToken { + get(block.getBlockPoolId()).checkAccess(id, userId, block, mode); + } + + /** + * See {@link BlockTokenSecretManager#checkAccess(Token, String, + * ExtendedBlock, BlockTokenIdentifier.AccessMode)}. + */ + public void checkAccess(Token<BlockTokenIdentifier> token, + String userId, ExtendedBlock block, AccessMode mode) + throws InvalidToken { + get(block.getBlockPoolId()).checkAccess(token, userId, block, mode); + } + + /** * See {@link BlockTokenSecretManager#checkAccess(Token, String, * ExtendedBlock, BlockTokenIdentifier.AccessMode, * StorageType[], String[])} http://git-wip-us.apache.org/repos/asf/hadoop/blob/eb252630/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java index 85fef13..3b2e8d2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/block/BlockTokenSecretManager.java @@ -390,6 +390,26 @@ public class BlockTokenSecretManager extends } } + /** Check if access should be allowed. userID is not checked if null */ + public void checkAccess(Token<BlockTokenIdentifier> token, String userId, + ExtendedBlock block, BlockTokenIdentifier.AccessMode mode) + throws InvalidToken { + BlockTokenIdentifier id = new BlockTokenIdentifier(); + try { + id.readFields(new DataInputStream(new ByteArrayInputStream(token + .getIdentifier()))); + } catch (IOException e) { + throw new InvalidToken( + "Unable to de-serialize block token identifier for user=" + userId + + ", block=" + block + ", access mode=" + mode); + } + checkAccess(id, userId, block, mode); + if (!Arrays.equals(retrievePassword(id), token.getPassword())) { + throw new InvalidToken("Block token with " + id + + " doesn't have the correct token password"); + } + } + private static boolean isExpired(long expiryDate) { return Time.now() > expiryDate; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/eb252630/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java index 4bdd34c..9c537a4 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/token/block/TestBlockToken.java @@ -217,9 +217,14 @@ public class TestBlockToken { Token<BlockTokenIdentifier> t, ExtendedBlock blk, BlockTokenIdentifier.AccessMode mode, StorageType[] storageTypes, String[] storageIds) throws IOException { - if(storageIds == null) { + if (storageIds == null) { // Test overloaded checkAccess method. m.checkAccess(t.decodeIdentifier(), null, blk, mode, storageTypes); + + if (storageTypes == null) { + // Test overloaded checkAccess method. + m.checkAccess(t, null, blk, mode); + } } m.checkAccess(t, null, blk, mode, storageTypes, storageIds); } @@ -807,6 +812,7 @@ public class TestBlockToken { sm.checkAccess(id, null, block3, mode, storageTypes, null); sm.checkAccess(id, null, block3, mode, storageTypes); + sm.checkAccess(id, null, block3, mode); } @Test --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org