This is an automated email from the ASF dual-hosted git repository. mmiller pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/accumulo-testing.git
The following commit(s) were added to refs/heads/master by this push: new 03453ac ACCUMULO-4717 Refactor WalkingSecurity to use API (#9) 03453ac is described below commit 03453aceeed5559e07ccf1ee82f39115004d6313 Author: Mike Miller <mmil...@apache.org> AuthorDate: Wed Oct 25 15:40:10 2017 -0400 ACCUMULO-4717 Refactor WalkingSecurity to use API (#9) Simplified WalkingSecurity by removing the inheritance from server classes and removing unused code. Now it is simply a helper class and the other classes in the randomwalk framework call the API directly. Also added try catch blocks where exceptions are now thrown. --- .../core/randomwalk/security/AlterTable.java | 20 +- .../core/randomwalk/security/AlterTablePerm.java | 17 +- .../core/randomwalk/security/Authenticate.java | 2 +- .../core/randomwalk/security/ChangePass.java | 2 +- .../core/randomwalk/security/CreateTable.java | 3 +- .../core/randomwalk/security/CreateUser.java | 6 +- .../core/randomwalk/security/DropTable.java | 12 +- .../testing/core/randomwalk/security/DropUser.java | 6 +- .../testing/core/randomwalk/security/TableOp.java | 35 +++- .../testing/core/randomwalk/security/Validate.java | 6 - .../core/randomwalk/security/WalkingSecurity.java | 208 +-------------------- 11 files changed, 88 insertions(+), 229 deletions(-) diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java index ee26003..1283fd7 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java @@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.TableExistsException; import org.apache.accumulo.core.client.TableNotFoundException; import org.apache.accumulo.core.client.security.SecurityErrorCode; +import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; @@ -34,13 +35,26 @@ public class AlterTable extends Test { @Override public void visit(State state, RandWalkEnv env, Properties props) throws Exception { - Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken()); + String systemUser = WalkingSecurity.get(state, env).getSysUserName(); + Connector conn = env.getAccumuloInstance().getConnector(systemUser, WalkingSecurity.get(state, env).getSysToken()); String tableName = WalkingSecurity.get(state, env).getTableName(); boolean exists = WalkingSecurity.get(state, env).getTableExists(); - boolean hasPermission = conn.securityOperations().hasTablePermission(WalkingSecurity.get(state, env).getSysUserName(), tableName, - TablePermission.ALTER_TABLE); + boolean hasPermission; + try { + hasPermission = conn.securityOperations().hasTablePermission(systemUser, tableName, TablePermission.ALTER_TABLE) + || conn.securityOperations().hasSystemPermission(systemUser, SystemPermission.ALTER_TABLE); + } catch (AccumuloSecurityException ae) { + if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) { + if (exists) + throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae); + else + return; + } else { + throw new AccumuloException("Got unexpected ae error code", ae); + } + } String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), env.getPid(), System.currentTimeMillis()); diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java index 30f727f..8d1d4a6 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java @@ -22,7 +22,9 @@ import java.util.Random; import org.apache.accumulo.core.client.AccumuloException; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.Connector;; +import org.apache.accumulo.core.client.TableExistsException; import org.apache.accumulo.core.client.admin.SecurityOperations; +import org.apache.accumulo.core.client.security.SecurityErrorCode; import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; @@ -78,8 +80,19 @@ public class AlterTablePerm extends Test { Connector conn = env.getAccumuloInstance().getConnector(sourceUser, sourceToken); SecurityOperations secOps = conn.securityOperations(); - canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE) - || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT); + try { + canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE) + || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT); + } catch (AccumuloSecurityException ae) { + if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) { + if (exists) + throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae); + else + return; + } else { + throw new AccumuloException("Got unexpected ae error code", ae); + } + } // toggle if (!"take".equals(action) && !"give".equals(action)) { diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java index e524d07..63105f4 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java @@ -52,7 +52,7 @@ public class Authenticate extends Test { boolean exists = WalkingSecurity.get(state, env).userExists(target); // Copy so if failed it doesn't mess with the password stored in state byte[] password = Arrays.copyOf(WalkingSecurity.get(state, env).getUserPassword(target), WalkingSecurity.get(state, env).getUserPassword(target).length); - boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM); + boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM) || principal.equals(target); if (!success) for (int i = 0; i < password.length; i++) diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java index 589edff..585a2c1 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java @@ -56,7 +56,7 @@ public class ChangePass extends Test { targetExists = WalkingSecurity.get(state, env).userExists(target); - hasPerm = conn.securityOperations().hasSystemPermission(target, SystemPermission.ALTER_USER); + hasPerm = conn.securityOperations().hasSystemPermission(principal, SystemPermission.ALTER_USER) || principal.equals(target); Random r = new Random(); diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java index 5e71410..de11d62 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java @@ -23,6 +23,7 @@ import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.TableExistsException; import org.apache.accumulo.core.client.security.SecurityErrorCode; +import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; @@ -37,7 +38,7 @@ public class CreateTable extends Test { String tableName = WalkingSecurity.get(state, env).getTableName(); boolean exists = WalkingSecurity.get(state, env).getTableExists(); - boolean hasPermission = WalkingSecurity.get(state, env).canCreateTable(WalkingSecurity.get(state, env).getSysCredentials(), null, null); + boolean hasPermission = conn.securityOperations().hasSystemPermission(WalkingSecurity.get(state, env).getSysUserName(), SystemPermission.CREATE_TABLE); try { conn.tableOperations().create(tableName); diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java index 91e8f8b..ca9afbe 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java @@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.AccumuloException; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.security.tokens.PasswordToken; +import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; import org.apache.accumulo.testing.core.randomwalk.Test; @@ -30,12 +31,13 @@ public class CreateUser extends Test { @Override public void visit(State state, RandWalkEnv env, Properties props) throws Exception { - Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken()); + String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName(); + Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state, env).getSysToken()); String tableUserName = WalkingSecurity.get(state, env).getTabUserName(); boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName); - boolean hasPermission = WalkingSecurity.get(state, env).canCreateUser(WalkingSecurity.get(state, env).getSysCredentials(), tableUserName); + boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.CREATE_USER); PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password"); try { conn.securityOperations().createLocalUser(tableUserName, tabUserPass); diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java index db6b7a3..66fc0e2 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java @@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.TableExistsException; import org.apache.accumulo.core.client.TableNotFoundException; import org.apache.accumulo.core.client.security.SecurityErrorCode; import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; +import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; @@ -41,6 +42,7 @@ public class DropTable extends Test { String sourceUser = props.getProperty("source", "system"); String principal; AuthenticationToken token; + boolean hasPermission = false; if (sourceUser.equals("table")) { principal = WalkingSecurity.get(state, env).getTabUserName(); token = WalkingSecurity.get(state, env).getTabToken(); @@ -53,12 +55,18 @@ public class DropTable extends Test { String tableName = WalkingSecurity.get(state, env).getTableName(); boolean exists = WalkingSecurity.get(state, env).getTableExists(); - boolean hasPermission = conn.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE); try { + hasPermission = conn.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE) + || conn.securityOperations().hasSystemPermission(principal, SystemPermission.DROP_TABLE); conn.tableOperations().delete(tableName); } catch (AccumuloSecurityException ae) { - if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) { + if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) { + if (exists) + throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", ae); + else + return; + } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) { if (hasPermission) throw new AccumuloException("Got a security exception when I should have had permission.", ae); else { diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java index 7d1a9b6..933c26d 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java @@ -21,6 +21,7 @@ import java.util.Properties; import org.apache.accumulo.core.client.AccumuloException; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.Connector; +import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; import org.apache.accumulo.testing.core.randomwalk.Test; @@ -29,12 +30,13 @@ public class DropUser extends Test { @Override public void visit(State state, RandWalkEnv env, Properties props) throws Exception { - Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken()); + String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName(); + Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state, env).getSysToken()); String tableUserName = WalkingSecurity.get(state, env).getTabUserName(); boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName); - boolean hasPermission = WalkingSecurity.get(state, env).canDropUser(WalkingSecurity.get(state, env).getSysCredentials(), tableUserName); + boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.DROP_USER); try { conn.securityOperations().dropLocalUser(tableUserName); diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java index f44511c..7513b23 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java @@ -56,10 +56,10 @@ public class TableOp extends Test { @Override public void visit(State state, RandWalkEnv env, Properties props) throws Exception { - Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getTabUserName(), WalkingSecurity.get(state, env).getTabToken()); + String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName(); + Connector conn = env.getAccumuloInstance().getConnector(tablePrincipal, WalkingSecurity.get(state, env).getTabToken()); TableOperations tableOps = conn.tableOperations(); SecurityOperations secOps = conn.securityOperations(); - String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName(); String action = props.getProperty("action", "_random"); TablePermission tp; @@ -75,8 +75,15 @@ public class TableOp extends Test { switch (tp) { case READ: { - boolean canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ); - Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials()); + boolean canRead; + try { + canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ); + } catch (AccumuloSecurityException ase) { + if (tableExists) + throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase); + return; + } + Authorizations auths = secOps.getUserAuthorizations(tablePrincipal); boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(), tp); boolean ambiguousAuths = WalkingSecurity.get(state, env).ambiguousAuthorizations(conn.whoami()); @@ -146,7 +153,14 @@ public class TableOp extends Test { break; } case WRITE: - boolean canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE); + boolean canWrite; + try { + canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE); + } catch (AccumuloSecurityException ase) { + if (tableExists) + throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase); + return; + } boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(), tp); String key = WalkingSecurity.get(state, env).getLastKey() + "1"; @@ -239,8 +253,15 @@ public class TableOp extends Test { throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName); break; case ALTER_TABLE: - AlterTable.renameTable(conn, state, env, tableName, tableName + "plus", - secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE), tableExists); + boolean tablePerm; + try { + tablePerm = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE); + } catch (AccumuloSecurityException ase) { + if (tableExists) + throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase); + return; + } + AlterTable.renameTable(conn, state, env, tableName, tableName + "plus", tablePerm, tableExists); break; case GRANT: diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java index edf9e4d..9e36c86 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java @@ -101,12 +101,6 @@ public class Validate extends Test { } } - - Authorizations accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state, env).getTabUserName()); - Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials()); - - if (!auths.equals(accuAuths)) - throw new AccumuloException("Table User authorizations out of sync"); } } diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java index 071e5ca..4a0c6f2 100644 --- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java +++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java @@ -17,39 +17,19 @@ package org.apache.accumulo.testing.core.randomwalk.security; import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Collection; import java.util.HashMap; -import java.util.HashSet; -import java.util.List; import java.util.Map; -import java.util.Set; -import java.util.TreeSet; import org.apache.accumulo.core.client.AccumuloSecurityException; -import org.apache.accumulo.core.client.NamespaceNotFoundException; import org.apache.accumulo.core.client.TableNotFoundException; -import org.apache.accumulo.core.client.impl.Credentials; -import org.apache.accumulo.core.client.impl.Namespace; -import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode; -import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException; import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.apache.accumulo.core.security.Authorizations; -import org.apache.accumulo.core.security.NamespacePermission; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; -import org.apache.accumulo.core.security.thrift.TCredentials; -import org.apache.accumulo.core.util.CachedConfiguration; -import org.apache.accumulo.server.AccumuloServerContext; -import org.apache.accumulo.server.client.HdfsZooInstance; -import org.apache.accumulo.server.conf.ServerConfigurationFactory; -import org.apache.accumulo.server.security.SecurityOperation; -import org.apache.accumulo.server.security.handler.Authenticator; -import org.apache.accumulo.server.security.handler.Authorizor; -import org.apache.accumulo.server.security.handler.PermissionHandler; import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv; import org.apache.accumulo.testing.core.randomwalk.State; +import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileSystem; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -57,7 +37,7 @@ import org.slf4j.LoggerFactory; /** * */ -public class WalkingSecurity extends SecurityOperation implements Authorizor, Authenticator, PermissionHandler { +public class WalkingSecurity { State state = null; RandWalkEnv env = null; private static final Logger log = LoggerFactory.getLogger(WalkingSecurity.class); @@ -79,17 +59,9 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au private static WalkingSecurity instance = null; - public WalkingSecurity(AccumuloServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm) { - super(context, author, authent, pm); - } - public WalkingSecurity(State state2, RandWalkEnv env2) { - super(new AccumuloServerContext(HdfsZooInstance.getInstance(), new ServerConfigurationFactory(HdfsZooInstance.getInstance()))); this.state = state2; this.env = env2; - authorizor = this; - authenticator = this; - permHandle = this; } public static WalkingSecurity get(State state, RandWalkEnv env) { @@ -103,81 +75,26 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au return instance; } - @Override - public void initialize(String instanceId, boolean initialize) { - throw new UnsupportedOperationException("nope"); - } - - @Override - public boolean validSecurityHandlers(Authenticator one, PermissionHandler two) { - return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass()); - } - - @Override - public boolean validSecurityHandlers(Authenticator one, Authorizor two) { - return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass()); - } - - @Override - public boolean validSecurityHandlers(Authorizor one, PermissionHandler two) { - return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass()); - } - - @Override - public void initializeSecurity(TCredentials rootuser, String token) throws ThriftSecurityException { - throw new UnsupportedOperationException("nope"); - } - - @Override public void changeAuthorizations(String user, Authorizations authorizations) throws AccumuloSecurityException { state.set(user + "_auths", authorizations); state.set("Auths-" + user + '-' + "time", System.currentTimeMillis()); } - @Override - public Authorizations getCachedUserAuthorizations(String user) throws AccumuloSecurityException { - return (Authorizations) state.get(user + "_auths"); - } - public boolean ambiguousAuthorizations(String userName) { Long setTime = state.getLong("Auths-" + userName + '-' + "time"); if (setTime == null) - throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is null"); + throw new RuntimeException("Auths-" + userName + '-' + "time is null"); if (System.currentTimeMillis() < (setTime + 1000)) return true; return false; } - @Override - public void initUser(String user) throws AccumuloSecurityException { - changeAuthorizations(user, new Authorizations()); - } - - @Override - public Set<String> listUsers() throws AccumuloSecurityException { - Set<String> userList = new TreeSet<>(); - for (String user : new String[] {getSysUserName(), getTabUserName()}) { - if (userExists(user)) - userList.add(user); - } - return userList; - } - - @Override - public boolean authenticateUser(String principal, AuthenticationToken token) { - PasswordToken pass = (PasswordToken) state.get(principal + userPass); - boolean ret = pass.equals(token); - return ret; - } - - @Override public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { state.set(principal + userExists, Boolean.toString(true)); changePassword(principal, token); cleanUser(principal); } - @Override public void dropUser(String user) throws AccumuloSecurityException { state.set(user + userExists, Boolean.toString(false)); cleanUser(user); @@ -185,61 +102,32 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au state.set("table" + connector, null); } - @Override public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException { state.set(principal + userPass, token); state.set(principal + userPass + "time", System.currentTimeMillis()); } - @Override public boolean userExists(String user) { return Boolean.parseBoolean(state.getString(user + userExists)); } - @Override public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException { boolean res = Boolean.parseBoolean(state.getString("Sys-" + user + '-' + permission.name())); return res; } - @Override - public boolean hasCachedSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException { - return hasSystemPermission(user, permission); - } - - @Override public boolean hasTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException { return Boolean.parseBoolean(state.getString("Tab-" + user + '-' + permission.name())); } - @Override - public boolean hasCachedTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException { - return hasTablePermission(user, table, permission); - } - - @Override - public boolean hasNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException, - NamespaceNotFoundException { - return Boolean.parseBoolean(state.getString("Nsp-" + user + '-' + permission.name())); - } - - @Override - public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException, - NamespaceNotFoundException { - return hasNamespacePermission(user, namespace, permission); - } - - @Override public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException { setSysPerm(state, user, permission, true); } - @Override public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException { setSysPerm(state, user, permission, false); } - @Override public void grantTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException { setTabPerm(state, user, permission, table, true); } @@ -251,40 +139,17 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au private void setTabPerm(State state, String userName, TablePermission tp, String table, boolean value) { if (table.equals(userName)) - throw new RuntimeException("This is also fucked up"); + throw new RuntimeException("Something went wrong: table is equal to userName: " + userName); log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ? " to" : " from") + " user " + userName); state.set("Tab-" + userName + '-' + tp.name(), Boolean.toString(value)); if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) state.set("Tab-" + userName + '-' + tp.name() + '-' + "time", System.currentTimeMillis()); } - @Override public void revokeTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException { setTabPerm(state, user, permission, table, false); } - @Override - public void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException, - NamespaceNotFoundException { - setNspPerm(state, user, permission, namespace, true); - } - - private void setNspPerm(State state, String userName, NamespacePermission tnp, Namespace.ID namespace, boolean value) { - if (namespace.equals(userName)) - throw new RuntimeException("I don't even know"); - log.debug((value ? "Gave" : "Took") + " the table permission " + tnp.name() + (value ? " to" : " from") + " user " + userName); - state.set("Nsp-" + userName + '-' + tnp.name(), Boolean.toString(value)); - if (tnp.equals(NamespacePermission.READ) || tnp.equals(NamespacePermission.WRITE)) - state.set("Nsp-" + userName + '-' + tnp.name() + '-' + "time", System.currentTimeMillis()); - } - - @Override - public void revokeNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException, - NamespaceNotFoundException { - setNspPerm(state, user, permission, namespace, false); - } - - @Override public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException { for (String user : new String[] {getSysUserName(), getTabUserName()}) { for (TablePermission tp : TablePermission.values()) { @@ -294,17 +159,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au state.set(tableExists, Boolean.toString(false)); } - @Override - public void cleanNamespacePermissions(Namespace.ID namespace) throws AccumuloSecurityException, NamespaceNotFoundException { - for (String user : new String[] {getSysUserName(), getNspUserName()}) { - for (NamespacePermission tnp : NamespacePermission.values()) { - revokeNamespacePermission(user, namespace, tnp); - } - } - state.set(namespaceExists, Boolean.toString(false)); - } - - @Override public void cleanUser(String user) throws AccumuloSecurityException { if (getTableExists()) for (TablePermission tp : TablePermission.values()) @@ -325,20 +179,11 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au return state.getString("system" + userName); } - public String getNspUserName() { - return state.getString("namespace" + userName); - } - public void setTabUserName(String name) { state.set("table" + userName, name); state.set(name + userExists, Boolean.toString(false)); } - public void setNspUserName(String name) { - state.set("namespace" + userName, name); - state.set(name + userExists, Boolean.toString(false)); - } - public void setSysUserName(String name) { state.set("system" + userName, name); } @@ -359,14 +204,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au return Boolean.parseBoolean(state.getString(namespaceExists)); } - public TCredentials getSysCredentials() { - return new Credentials(getSysUserName(), getSysToken()).toThrift(this.env.getAccumuloInstance()); - } - - public TCredentials getTabCredentials() { - return new Credentials(getTabUserName(), getTabToken()).toThrift(this.env.getAccumuloInstance()); - } - public AuthenticationToken getSysToken() { return new PasswordToken(getSysPassword()); } @@ -411,7 +248,6 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au state.set(namespaceName, nsName); } - @Override public void initTable(String table) throws AccumuloSecurityException { state.set(tableExists, Boolean.toString(true)); state.set(tableName, table); @@ -425,7 +261,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) { Long setTime = state.getLong("Tab-" + userName + '-' + tp.name() + '-' + "time"); if (setTime == null) - throw new RuntimeException("WTF? Tab-" + userName + '-' + tp.name() + '-' + "time is null"); + throw new RuntimeException("Tab-" + userName + '-' + tp.name() + '-' + "time is null"); if (System.currentTimeMillis() < (setTime + 1000)) return true; } @@ -458,7 +294,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au if (fs == null) { try { - fs = FileSystem.get(CachedConfiguration.getInstance()); + fs = FileSystem.get(new Configuration()); } catch (IOException e) { throw new RuntimeException(e); } @@ -467,40 +303,8 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au return fs; } - @Override - public boolean canAskAboutUser(TCredentials credentials, String user) throws ThriftSecurityException { - try { - return super.canAskAboutUser(credentials, user); - } catch (ThriftSecurityException tse) { - if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED)) - return false; - throw tse; - } - } - - @Override - public boolean validTokenClass(String tokenClass) { - return tokenClass.equals(PasswordToken.class.getName()); - } - public static void clearInstance() { instance = null; } - @Override - public Set<Class<? extends AuthenticationToken>> getSupportedTokenTypes() { - Set<Class<? extends AuthenticationToken>> cs = new HashSet<>(); - cs.add(PasswordToken.class); - return cs; - } - - @Override - public boolean isValidAuthorizations(String user, List<ByteBuffer> auths) throws AccumuloSecurityException { - Collection<ByteBuffer> userauths = getCachedUserAuthorizations(user).getAuthorizationsBB(); - for (ByteBuffer auth : auths) - if (!userauths.contains(auth)) - return false; - return true; - } - } -- To stop receiving notification emails like this one, please contact ['"commits@accumulo.apache.org" <commits@accumulo.apache.org>'].