keith-turner closed pull request #386: ACCUMULO-4799 removed redundant auth
check
URL: https://github.com/apache/accumulo/pull/386
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index c4edc96fcf..49d01e4866 100644
---
a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++
b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -269,9 +269,10 @@ public Authorizations getUserAuthorizations(TCredentials
credentials) throws Thr
return getUserAuthorizations(credentials, credentials.getPrincipal());
}
- public boolean userHasAuthorizations(TCredentials credentials,
List<ByteBuffer> list) throws ThriftSecurityException {
- authenticate(credentials);
-
+ /**
+ * Check if an already authenticated user has specified authorizations.
+ */
+ public boolean authenticatedUserHasAuthorizations(TCredentials credentials,
List<ByteBuffer> list) throws ThriftSecurityException {
if (isSystemUser(credentials)) {
// system user doesn't need record-level authorizations for the tables
it reads (for now)
return list.isEmpty();
diff --git
a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index 98a538eb97..cf555ac792 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -486,7 +486,7 @@ public InitialScan startScan(TInfo tinfo, TCredentials
credentials, TKeyExtent t
if (!security.canScan(credentials, tableId, namespaceId, range, columns,
ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(),
SecurityErrorCode.PERMISSION_DENIED);
- if (!security.userHasAuthorizations(credentials, authorizations))
+ if (!security.authenticatedUserHasAuthorizations(credentials,
authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(),
SecurityErrorCode.BAD_AUTHORIZATIONS);
final KeyExtent extent = new KeyExtent(textent);
@@ -657,7 +657,7 @@ public InitialMultiScan startMultiScan(TInfo tinfo,
TCredentials credentials, Ma
}
try {
- if (!security.userHasAuthorizations(credentials, authorizations))
+ if (!security.authenticatedUserHasAuthorizations(credentials,
authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(),
SecurityErrorCode.BAD_AUTHORIZATIONS);
} catch (ThriftSecurityException tse) {
log.error("{} is not authorized", credentials.getPrincipal(), tse);
diff --git
a/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
b/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
index fc371c9fab..a6a0d65c3e 100644
---
a/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
+++
b/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
@@ -72,7 +72,7 @@ public AuthorizationContainer getAuthorizationsContainer() {
@Override
public boolean contains(ByteSequence auth) {
try {
- return security.userHasAuthorizations(credentials,
+ return security.authenticatedUserHasAuthorizations(credentials,
Collections.<ByteBuffer>
singletonList(ByteBuffer.wrap(auth.getBackingArray(), auth.offset(),
auth.length())));
} catch (ThriftSecurityException e) {
throw new RuntimeException(e);
diff --git
a/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
b/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
index a84e8906e3..fff2a84574 100644
---
a/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
+++
b/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
@@ -44,8 +44,8 @@ public void testGetAuthorizationsContainer() throws
ThriftSecurityException {
ByteSequence bs = new ArrayByteSequence("foo".getBytes());
List<ByteBuffer> bbList = Collections.<ByteBuffer>
singletonList(ByteBuffer.wrap(bs.getBackingArray(), bs.offset(), bs.length()));
- expect(security.userHasAuthorizations(goodCred, bbList)).andReturn(true);
- expect(security.userHasAuthorizations(badCred, bbList)).andReturn(false);
+ expect(security.authenticatedUserHasAuthorizations(goodCred,
bbList)).andReturn(true);
+ expect(security.authenticatedUserHasAuthorizations(badCred,
bbList)).andReturn(false);
replay(security);
assertTrue(new TservConstraintEnv(security,
goodCred).getAuthorizationsContainer().contains(bs));
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
