Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java Wed Jan 23 18:05:10 2013 @@ -88,7 +88,7 @@ public class LiveTServerSet implements W public void assignTablet(ZooLock lock, KeyExtent extent) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.loadTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift()); + client.loadTablet(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), extent.toThrift()); } finally { ThriftUtil.returnClient(client); } @@ -97,7 +97,7 @@ public class LiveTServerSet implements W public void unloadTablet(ZooLock lock, KeyExtent extent, boolean save) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.unloadTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift(), save); + client.unloadTablet(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), extent.toThrift(), save); } finally { ThriftUtil.returnClient(client); } @@ -106,7 +106,7 @@ public class LiveTServerSet implements W public TabletServerStatus getTableMap() throws TException, ThriftSecurityException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - return client.getTabletServerStatus(Tracer.traceInfo(), SecurityConstants.getSystemCredentials()); + return client.getTabletServerStatus(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials()); } finally { ThriftUtil.returnClient(client); } @@ -115,7 +115,7 @@ public class LiveTServerSet implements W public void halt(ZooLock lock) throws TException, ThriftSecurityException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.halt(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock)); + client.halt(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock)); } finally { ThriftUtil.returnClient(client); } @@ -124,7 +124,7 @@ public class LiveTServerSet implements W public void fastHalt(ZooLock lock) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.fastHalt(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock)); + client.fastHalt(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock)); } finally { ThriftUtil.returnClient(client); } @@ -133,7 +133,7 @@ public class LiveTServerSet implements W public void flush(ZooLock lock, String tableId, byte[] startRow, byte[] endRow) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.flush(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow), + client.flush(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow)); } finally { ThriftUtil.returnClient(client); @@ -143,7 +143,7 @@ public class LiveTServerSet implements W public void chop(ZooLock lock, KeyExtent extent) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.chop(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift()); + client.chop(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), extent.toThrift()); } finally { ThriftUtil.returnClient(client); } @@ -153,7 +153,7 @@ public class LiveTServerSet implements W TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { client - .splitTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), extent.toThrift(), ByteBuffer.wrap(splitPoint.getBytes(), 0, splitPoint.getLength())); + .splitTablet(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), extent.toThrift(), ByteBuffer.wrap(splitPoint.getBytes(), 0, splitPoint.getLength())); } finally { ThriftUtil.returnClient(client); } @@ -162,7 +162,7 @@ public class LiveTServerSet implements W public void flushTablet(ZooLock lock, KeyExtent extent) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.flushTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift()); + client.flushTablet(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), extent.toThrift()); } finally { ThriftUtil.returnClient(client); } @@ -171,7 +171,7 @@ public class LiveTServerSet implements W public void compact(ZooLock lock, String tableId, byte[] startRow, byte[] endRow) throws TException { TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf); try { - client.compact(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow), + client.compact(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow)); } finally { ThriftUtil.returnClient(client);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java Wed Jan 23 18:05:10 2013 @@ -80,9 +80,10 @@ import org.apache.accumulo.core.master.t import org.apache.accumulo.core.master.thrift.TabletLoadState; import org.apache.accumulo.core.master.thrift.TabletServerStatus; import org.apache.accumulo.core.master.thrift.TabletSplit; -import org.apache.accumulo.core.security.thrift.AuthInfo; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; +import org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper; import org.apache.accumulo.core.security.thrift.ThriftSecurityException; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; import org.apache.accumulo.core.util.ByteBufferUtil; import org.apache.accumulo.core.util.CachedConfiguration; import org.apache.accumulo.core.util.Daemon; @@ -533,8 +534,8 @@ public class Master implements LiveTServ } @Override - public long initiateFlush(TInfo tinfo, AuthInfo c, String tableId) throws ThriftSecurityException, ThriftTableOperationException, TException { - security.canFlush(c, tableId); + public long initiateFlush(TInfo tinfo, ThriftInstanceTokenWrapper c, String tableId) throws ThriftSecurityException, ThriftTableOperationException, TException { + security.canFlush(new InstanceTokenWrapper(c), tableId); String zTablePath = Constants.ZROOT + "/" + HdfsZooInstance.getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId + Constants.ZTABLE_FLUSH_ID; @@ -559,9 +560,9 @@ public class Master implements LiveTServ } @Override - public void waitForFlush(TInfo tinfo, AuthInfo c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops) + public void waitForFlush(TInfo tinfo, ThriftInstanceTokenWrapper c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops) throws ThriftSecurityException, ThriftTableOperationException, TException { - security.canFlush(c, tableId); + security.canFlush(new InstanceTokenWrapper(c), tableId); if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0) throw new ThriftTableOperationException(tableId, null, TableOperation.FLUSH, TableOperationExceptionType.BAD_RANGE, @@ -670,7 +671,7 @@ public class Master implements LiveTServ } @Override - public MasterMonitorInfo getMasterStats(TInfo info, AuthInfo credentials) throws ThriftSecurityException, TException { + public MasterMonitorInfo getMasterStats(TInfo info, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException { final MasterMonitorInfo result = new MasterMonitorInfo(); result.tServerInfo = new ArrayList<TabletServerStatus>(); @@ -703,11 +704,12 @@ public class Master implements LiveTServ return result; } - private void alterTableProperty(AuthInfo c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException, + private void alterTableProperty(ThriftInstanceTokenWrapper c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException, ThriftTableOperationException { final String tableId = checkTableId(tableName, op); - if (!security.canAlterTable(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + InstanceTokenWrapper itw = new InstanceTokenWrapper(c); + if (!security.canAlterTable(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { if (value == null) { @@ -722,26 +724,26 @@ public class Master implements LiveTServ } @Override - public void removeTableProperty(TInfo info, AuthInfo credentials, String tableName, String property) throws ThriftSecurityException, + public void removeTableProperty(TInfo info, ThriftInstanceTokenWrapper credentials, String tableName, String property) throws ThriftSecurityException, ThriftTableOperationException, TException { alterTableProperty(credentials, tableName, property, null, TableOperation.REMOVE_PROPERTY); } @Override - public void setTableProperty(TInfo info, AuthInfo credentials, String tableName, String property, String value) throws ThriftSecurityException, + public void setTableProperty(TInfo info, ThriftInstanceTokenWrapper credentials, String tableName, String property, String value) throws ThriftSecurityException, ThriftTableOperationException, TException { alterTableProperty(credentials, tableName, property, value, TableOperation.SET_PROPERTY); } @Override - public void shutdown(TInfo info, AuthInfo c, boolean stopTabletServers) throws ThriftSecurityException, TException { - security.canPerformSystemActions(c); + public void shutdown(TInfo info, ThriftInstanceTokenWrapper c, boolean stopTabletServers) throws ThriftSecurityException, TException { + security.canPerformSystemActions(new InstanceTokenWrapper(c)); Master.this.shutdown(stopTabletServers); } @Override - public void shutdownTabletServer(TInfo info, AuthInfo c, String tabletServer, boolean force) throws ThriftSecurityException, TException { - security.canPerformSystemActions(c); + public void shutdownTabletServer(TInfo info, ThriftInstanceTokenWrapper c, String tabletServer, boolean force) throws ThriftSecurityException, TException { + security.canPerformSystemActions(new InstanceTokenWrapper(c)); final InetSocketAddress addr = AddressUtil.parseAddress(tabletServer, Property.TSERV_CLIENTPORT); final String addrString = org.apache.accumulo.core.util.AddressUtil.toString(addr); @@ -761,7 +763,7 @@ public class Master implements LiveTServ } @Override - public void reportSplitExtent(TInfo info, AuthInfo credentials, String serverName, TabletSplit split) throws TException { + public void reportSplitExtent(TInfo info, ThriftInstanceTokenWrapper credentials, String serverName, TabletSplit split) throws TException { if (migrations.remove(new KeyExtent(split.oldTablet)) != null) { log.info("Canceled migration of " + split.oldTablet); } @@ -775,7 +777,7 @@ public class Master implements LiveTServ } @Override - public void reportTabletStatus(TInfo info, AuthInfo credentials, String serverName, TabletLoadState status, TKeyExtent ttablet) throws TException { + public void reportTabletStatus(TInfo info, ThriftInstanceTokenWrapper credentials, String serverName, TabletLoadState status, TKeyExtent ttablet) throws TException { KeyExtent tablet = new KeyExtent(ttablet); switch (status) { @@ -803,8 +805,8 @@ public class Master implements LiveTServ } @Override - public void setMasterGoalState(TInfo info, AuthInfo c, MasterGoalState state) throws ThriftSecurityException, TException { - security.canPerformSystemActions(c); + public void setMasterGoalState(TInfo info, ThriftInstanceTokenWrapper c, MasterGoalState state) throws ThriftSecurityException, TException { + security.canPerformSystemActions(new InstanceTokenWrapper(c)); Master.this.setMasterGoalState(state); } @@ -820,8 +822,8 @@ public class Master implements LiveTServ } @Override - public void removeSystemProperty(TInfo info, AuthInfo c, String property) throws ThriftSecurityException, TException { - security.canPerformSystemActions(c); + public void removeSystemProperty(TInfo info, ThriftInstanceTokenWrapper c, String property) throws ThriftSecurityException, TException { + security.canPerformSystemActions(new InstanceTokenWrapper(c)); try { SystemPropUtil.removeSystemProperty(property); @@ -833,8 +835,8 @@ public class Master implements LiveTServ } @Override - public void setSystemProperty(TInfo info, AuthInfo credentials, String property, String value) throws ThriftSecurityException, TException { - security.canPerformSystemActions(credentials); + public void setSystemProperty(TInfo info, ThriftInstanceTokenWrapper c, String property, String value) throws ThriftSecurityException, TException { + security.canPerformSystemActions(new InstanceTokenWrapper(c)); try { SystemPropUtil.setSystemProperty(property, value); @@ -845,36 +847,36 @@ public class Master implements LiveTServ } } - private void authenticate(AuthInfo credentials) throws ThriftSecurityException { - if (!security.authenticateUser(credentials, credentials.user, credentials.password)) - throw new ThriftSecurityException(credentials.user, SecurityErrorCode.BAD_CREDENTIALS); + private void authenticate(InstanceTokenWrapper itw) throws ThriftSecurityException { + if (!security.authenticateUser(itw, itw.getToken())) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); } @Override - public long beginTableOperation(TInfo tinfo, AuthInfo credentials) throws ThriftSecurityException, TException { - authenticate(credentials); + public long beginTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException { + authenticate(new InstanceTokenWrapper(credentials)); return fate.startTransaction(); } @Override - public void executeTableOperation(TInfo tinfo, AuthInfo c, long opid, org.apache.accumulo.core.master.thrift.TableOperation op, List<ByteBuffer> arguments, + public void executeTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper c, long opid, org.apache.accumulo.core.master.thrift.TableOperation op, List<ByteBuffer> arguments, Map<String,String> options, boolean autoCleanup) throws ThriftSecurityException, ThriftTableOperationException, TException { - - authenticate(c); + InstanceTokenWrapper itw = new InstanceTokenWrapper(c); + + authenticate(itw); switch (op) { case CREATE: { String tableName = ByteBufferUtil.toString(arguments.get(0)); - - if (!security.canCreateTable(c)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canCreateTable(itw)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); checkNotMetadataTable(tableName, TableOperation.CREATE); checkTableName(tableName, TableOperation.CREATE); org.apache.accumulo.core.client.admin.TimeType timeType = org.apache.accumulo.core.client.admin.TimeType.valueOf(ByteBufferUtil.toString(arguments .get(1))); - fate.seedTransaction(opid, new TraceRepo<Master>(new CreateTable(c.user, tableName, timeType, options)), autoCleanup); + fate.seedTransaction(opid, new TraceRepo<Master>(new CreateTable(itw.getPrincipal(), tableName, timeType, options)), autoCleanup); break; } @@ -886,8 +888,8 @@ public class Master implements LiveTServ checkNotMetadataTable(oldTableName, TableOperation.RENAME); checkNotMetadataTable(newTableName, TableOperation.RENAME); checkTableName(newTableName, TableOperation.RENAME); - if (!security.canRenameTable(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canRenameTable(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new RenameTable(tableId, oldTableName, newTableName)), autoCleanup); @@ -899,8 +901,8 @@ public class Master implements LiveTServ checkNotMetadataTable(tableName, TableOperation.CLONE); checkTableName(tableName, TableOperation.CLONE); - if (!security.canCloneTable(c, srcTableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canCloneTable(itw, srcTableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); Map<String,String> propertiesToSet = new HashMap<String,String>(); Set<String> propertiesToExclude = new HashSet<String>(); @@ -919,7 +921,7 @@ public class Master implements LiveTServ propertiesToSet.put(entry.getKey(), entry.getValue()); } - fate.seedTransaction(opid, new TraceRepo<Master>(new CloneTable(c.user, srcTableId, tableName, propertiesToSet, propertiesToExclude)), autoCleanup); + fate.seedTransaction(opid, new TraceRepo<Master>(new CloneTable(itw.getPrincipal(), srcTableId, tableName, propertiesToSet, propertiesToExclude)), autoCleanup); break; } @@ -927,8 +929,8 @@ public class Master implements LiveTServ String tableName = ByteBufferUtil.toString(arguments.get(0)); final String tableId = checkTableId(tableName, TableOperation.DELETE); checkNotMetadataTable(tableName, TableOperation.DELETE); - if (!security.canDeleteTable(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canDeleteTable(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new DeleteTable(tableId)), autoCleanup); break; @@ -938,8 +940,8 @@ public class Master implements LiveTServ final String tableId = checkTableId(tableName, TableOperation.ONLINE); checkNotMetadataTable(tableName, TableOperation.ONLINE); - if (!security.canOnlineOfflineTable(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canOnlineOfflineTable(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.ONLINE)), autoCleanup); break; @@ -949,8 +951,8 @@ public class Master implements LiveTServ final String tableId = checkTableId(tableName, TableOperation.OFFLINE); checkNotMetadataTable(tableName, TableOperation.OFFLINE); - if (!security.canOnlineOfflineTable(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canOnlineOfflineTable(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.OFFLINE)), autoCleanup); break; @@ -970,8 +972,8 @@ public class Master implements LiveTServ } log.debug("Creating merge op: " + tableId + " " + startRow + " " + endRow); - if (!security.canMerge(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canMerge(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.MERGE, tableId, startRow, endRow)), autoCleanup); break; @@ -984,8 +986,8 @@ public class Master implements LiveTServ final String tableId = checkTableId(tableName, TableOperation.DELETE_RANGE); checkNotMetadataTable(tableName, TableOperation.DELETE_RANGE); - if (!security.canDeleteRange(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canDeleteRange(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup); break; @@ -999,8 +1001,8 @@ public class Master implements LiveTServ final String tableId = checkTableId(tableName, TableOperation.BULK_IMPORT); checkNotMetadataTable(tableName, TableOperation.BULK_IMPORT); - if (!security.canBulkImport(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canBulkImport(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup); break; @@ -1011,8 +1013,8 @@ public class Master implements LiveTServ byte[] endRow = ByteBufferUtil.toBytes(arguments.get(2)); List<IteratorSetting> iterators = IteratorUtil.decodeIteratorSettings(ByteBufferUtil.toBytes(arguments.get(3))); - if (!security.canCompact(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canCompact(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); fate.seedTransaction(opid, new TraceRepo<Master>(new CompactRange(tableId, startRow, endRow, iterators)), autoCleanup); break; @@ -1021,13 +1023,13 @@ public class Master implements LiveTServ String tableName = ByteBufferUtil.toString(arguments.get(0)); String exportDir = ByteBufferUtil.toString(arguments.get(1)); - if (!security.canImport(c, checkTableId(tableName, TableOperation.IMPORT))) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canImport(itw, checkTableId(tableName, TableOperation.IMPORT))) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); checkNotMetadataTable(tableName, TableOperation.CREATE); checkTableName(tableName, TableOperation.CREATE); - fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.user, tableName, exportDir)), autoCleanup); + fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(itw.getPrincipal(), tableName, exportDir)), autoCleanup); break; } case EXPORT: { @@ -1036,8 +1038,8 @@ public class Master implements LiveTServ String tableId = checkTableId(tableName, TableOperation.EXPORT); - if (!security.canExport(c, tableId)) - throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED); + if (!security.canExport(itw, tableId)) + throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); checkNotMetadataTable(tableName, TableOperation.EXPORT); @@ -1052,8 +1054,8 @@ public class Master implements LiveTServ } @Override - public String waitForTableOperation(TInfo tinfo, AuthInfo credentials, long opid) throws ThriftSecurityException, ThriftTableOperationException, TException { - authenticate(credentials); + public String waitForTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials, long opid) throws ThriftSecurityException, ThriftTableOperationException, TException { + authenticate(new InstanceTokenWrapper(credentials)); TStatus status = fate.waitForCompletion(opid); if (status == TStatus.FAILED) { @@ -1075,8 +1077,8 @@ public class Master implements LiveTServ } @Override - public void finishTableOperation(TInfo tinfo, AuthInfo credentials, long opid) throws ThriftSecurityException, TException { - authenticate(credentials); + public void finishTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials, long opid) throws ThriftSecurityException, TException { + authenticate(new InstanceTokenWrapper(credentials)); fate.delete(opid); } @@ -2146,7 +2148,7 @@ public class Master implements LiveTServ } }); - AuthInfo systemAuths = SecurityConstants.getSystemCredentials(); + InstanceTokenWrapper systemAuths = SecurityConstants.getSystemCredentials(); final TabletStateStore stores[] = { new ZooTabletStateStore(new ZooStore(zroot)), new RootTabletStateStore(instance, systemAuths, this), Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java Wed Jan 23 18:05:10 2013 @@ -98,7 +98,7 @@ public abstract class TabletBalancer { log.debug("Scanning tablet server " + tserver + " for table " + tableId); Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), tserver.getLocation(), configuration.getConfiguration()); try { - List<TabletStats> onlineTabletsForTable = client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tableId); + List<TabletStats> onlineTabletsForTable = client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), tableId); return onlineTabletsForTable; } catch (TTransportException e) { log.error("Unable to connect to " + tserver + ": " + e); Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java Wed Jan 23 18:05:10 2013 @@ -27,7 +27,7 @@ import org.apache.accumulo.core.client.I import org.apache.accumulo.core.client.MutationsRejectedException; import org.apache.accumulo.core.client.TableNotFoundException; import org.apache.accumulo.core.data.Mutation; -import org.apache.accumulo.core.security.thrift.AuthInfo; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; import org.apache.accumulo.server.client.HdfsZooInstance; import org.apache.accumulo.server.security.SecurityConstants; import org.apache.hadoop.io.Text; @@ -41,9 +41,9 @@ public class MetaDataStateStore extends final protected Instance instance; final protected CurrentState state; - final protected AuthInfo auths; + final protected InstanceTokenWrapper auths; - public MetaDataStateStore(Instance instance, AuthInfo auths, CurrentState state) { + public MetaDataStateStore(Instance instance, InstanceTokenWrapper auths, CurrentState state) { this.instance = instance; this.state = state; this.auths = auths; Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java Wed Jan 23 18:05:10 2013 @@ -40,7 +40,7 @@ import org.apache.accumulo.core.data.Key import org.apache.accumulo.core.data.Range; import org.apache.accumulo.core.data.Value; import org.apache.accumulo.core.iterators.user.WholeRowIterator; -import org.apache.accumulo.core.security.thrift.AuthInfo; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; import org.apache.hadoop.io.Text; import org.apache.log4j.Logger; @@ -50,7 +50,7 @@ public class MetaDataTableScanner implem BatchScanner mdScanner; Iterator<Entry<Key,Value>> iter; - public MetaDataTableScanner(Instance instance, AuthInfo auths, Range range, CurrentState state) { + public MetaDataTableScanner(Instance instance, InstanceTokenWrapper auths, Range range, CurrentState state) { // scan over metadata table, looking for tablets in the wrong state based on the live servers and online tables try { Connector connector = instance.getConnector(auths); @@ -80,7 +80,7 @@ public class MetaDataTableScanner implem scanner.addScanIterator(tabletChange); } - public MetaDataTableScanner(Instance instance, AuthInfo auths, Range range) { + public MetaDataTableScanner(Instance instance, InstanceTokenWrapper auths, Range range) { this(instance, auths, range, null); } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java Wed Jan 23 18:05:10 2013 @@ -20,11 +20,11 @@ import java.util.Iterator; import org.apache.accumulo.core.Constants; import org.apache.accumulo.core.client.Instance; -import org.apache.accumulo.core.security.thrift.AuthInfo; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; public class RootTabletStateStore extends MetaDataStateStore { - public RootTabletStateStore(Instance instance, AuthInfo auths, CurrentState state) { + public RootTabletStateStore(Instance instance, InstanceTokenWrapper auths, CurrentState state) { super(instance, auths, state); } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java Wed Jan 23 18:05:10 2013 @@ -532,7 +532,7 @@ class LoadFiles extends MasterRepo { server = pair.getFirst(); List<String> attempt = Collections.singletonList(file); log.debug("Asking " + pair.getFirst() + " to bulk import " + file); - List<String> fail = client.bulkImportFiles(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tid, tableId, attempt, errorDir, setTime); + List<String> fail = client.bulkImportFiles(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), tid, tableId, attempt, errorDir, setTime); if (fail.isEmpty()) { filesToLoad.remove(file); } else { Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java Wed Jan 23 18:05:10 2013 @@ -293,7 +293,7 @@ public class Monitor { try { client = MasterClient.getConnection(HdfsZooInstance.getInstance()); if (client != null) { - mmi = client.getMasterStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials()); + mmi = client.getMasterStats(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials()); retry = false; } else { mmi = null; @@ -432,7 +432,7 @@ public class Monitor { InetSocketAddress address = new ServerServices(new String(zk.getData(path + "/" + locks.get(0), null, null))).getAddress(Service.GC_CLIENT); GCMonitorService.Client client = ThriftUtil.getClient(new GCMonitorService.Client.Factory(), address, config.getConfiguration()); try { - result = client.getStatus(Tracer.traceInfo(), SecurityConstants.getSystemCredentials()); + result = client.getStatus(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials()); } finally { ThriftUtil.returnClient(client); } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java Wed Jan 23 18:05:10 2013 @@ -126,9 +126,9 @@ public class TServersServlet extends Bas TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, Monitor.getSystemConfiguration()); try { for (String tableId : Monitor.getMmi().tableMap.keySet()) { - tsStats.addAll(client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tableId)); + tsStats.addAll(client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials(), tableId)); } - historical = client.getHistoricalStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials()); + historical = client.getHistoricalStats(Tracer.traceInfo(), SecurityConstants.getThriftSystemCredentials()); } finally { ThriftUtil.returnClient(client); } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Wed Jan 23 18:05:10 2013 @@ -16,7 +16,6 @@ */ package org.apache.accumulo.server.security; -import java.nio.ByteBuffer; import java.util.Set; import org.apache.accumulo.core.client.AccumuloSecurityException; @@ -24,8 +23,9 @@ import org.apache.accumulo.core.security import org.apache.accumulo.core.security.Authorizations; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; -import org.apache.accumulo.core.security.thrift.AuthInfo; import org.apache.accumulo.core.security.thrift.ThriftSecurityException; +import org.apache.accumulo.core.security.tokens.AccumuloToken; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; import org.apache.accumulo.server.security.handler.Authenticator; import org.apache.accumulo.server.security.handler.Authorizor; import org.apache.accumulo.server.security.handler.PermissionHandler; @@ -54,12 +54,12 @@ public class AuditedSecurityOperation ex return instance; } - private void audit(AuthInfo credentials, ThriftSecurityException ex, String template, Object... args) { - log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.user + ": " + String.format(template, args)); + private void audit(InstanceTokenWrapper credentials, ThriftSecurityException ex, String template, Object... args) { + log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.getPrincipal() + ": " + String.format(template, args)); } - private void audit(AuthInfo credentials, String template, Object... args) { - log.log(AuditLevel.AUDIT, "Using credentials " + credentials.user + ": " + String.format(template, args)); + private void audit(InstanceTokenWrapper credentials, String template, Object... args) { + log.log(AuditLevel.AUDIT, "Using credentials " + credentials.getPrincipal() + ": " + String.format(template, args)); } /** @@ -69,9 +69,9 @@ public class AuditedSecurityOperation ex * @return * @throws ThriftSecurityException */ - public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException { + public boolean authenticateUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException { try { - boolean result = super.authenticateUser(credentials, user, password); + boolean result = super.authenticateUser(credentials, token); audit(credentials, result ? "authenticated" : "failed authentication"); return result; } catch (ThriftSecurityException ex) { @@ -86,7 +86,7 @@ public class AuditedSecurityOperation ex * @return The given user's authorizations * @throws ThriftSecurityException */ - public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException { + public Authorizations getUserAuthorizations(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException { try { Authorizations result = super.getUserAuthorizations(credentials, user); audit(credentials, "got authorizations for %s", user); @@ -103,8 +103,8 @@ public class AuditedSecurityOperation ex * @return * @throws ThriftSecurityException */ - public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException { - return getUserAuthorizations(credentials, credentials.user); + public Authorizations getUserAuthorizations(InstanceTokenWrapper credentials) throws ThriftSecurityException { + return getUserAuthorizations(credentials, credentials.getPrincipal()); } /** @@ -113,7 +113,7 @@ public class AuditedSecurityOperation ex * @param authorizations * @throws ThriftSecurityException */ - public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException { + public void changeAuthorizations(InstanceTokenWrapper credentials, String user, Authorizations authorizations) throws ThriftSecurityException { try { super.changeAuthorizations(credentials, user, authorizations); audit(credentials, "changed authorizations for %s to %s", user, authorizations); @@ -129,12 +129,12 @@ public class AuditedSecurityOperation ex * @param bytes * @throws ThriftSecurityException */ - public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException { + public void changePassword(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException { try { - super.changePassword(credentials, user, pass); - audit(credentials, "changed password for %s", user); + super.changePassword(credentials, token); + audit(credentials, "changed password for %s", token.getPrincipal()); } catch (ThriftSecurityException ex) { - audit(credentials, ex, "changing password for %s", user); + audit(credentials, ex, "changing password for %s", token.getPrincipal()); throw ex; } } @@ -146,12 +146,12 @@ public class AuditedSecurityOperation ex * @param authorizations * @throws ThriftSecurityException */ - public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException { + public void createUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token, Authorizations authorizations) throws ThriftSecurityException { try { - super.createUser(credentials, user, pass, authorizations); + super.createUser(credentials, token, authorizations); audit(credentials, "createUser"); } catch (ThriftSecurityException ex) { - audit(credentials, ex, "createUser %s", user); + audit(credentials, ex, "createUser %s", token.getPrincipal()); throw ex; } } @@ -161,7 +161,7 @@ public class AuditedSecurityOperation ex * @param user * @throws ThriftSecurityException */ - public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException { + public void dropUser(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException { try { super.dropUser(credentials, user); audit(credentials, "dropUser"); @@ -177,7 +177,7 @@ public class AuditedSecurityOperation ex * @param permission * @throws ThriftSecurityException */ - public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException { + public void grantSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permission) throws ThriftSecurityException { try { super.grantSystemPermission(credentials, user, permission); audit(credentials, "granted permission %s for %s", permission, user); @@ -194,7 +194,7 @@ public class AuditedSecurityOperation ex * @param permission * @throws ThriftSecurityException */ - public void grantTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { + public void grantTablePermission(InstanceTokenWrapper credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { try { super.grantTablePermission(credentials, user, table, permission); audit(credentials, "granted permission %s on table %s for %s", permission, table, user); @@ -210,7 +210,7 @@ public class AuditedSecurityOperation ex * @param permission * @throws ThriftSecurityException */ - public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException { + public void revokeSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permission) throws ThriftSecurityException { try { super.revokeSystemPermission(credentials, user, permission); audit(credentials, "revoked permission %s for %s", permission, user); @@ -227,7 +227,7 @@ public class AuditedSecurityOperation ex * @param permission * @throws ThriftSecurityException */ - public void revokeTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { + public void revokeTablePermission(InstanceTokenWrapper credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { try { super.revokeTablePermission(credentials, user, table, permission); audit(credentials, "revoked permission %s on table %s for %s", permission, table, user); @@ -244,7 +244,7 @@ public class AuditedSecurityOperation ex * @return * @throws ThriftSecurityException */ - public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException { + public boolean hasSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permission) throws ThriftSecurityException { try { boolean result = super.hasSystemPermission(credentials, user, permission); audit(credentials, "checked permission %s on %s", permission, user); @@ -263,7 +263,7 @@ public class AuditedSecurityOperation ex * @return * @throws ThriftSecurityException */ - public boolean hasTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { + public boolean hasTablePermission(InstanceTokenWrapper credentials, String user, String table, TablePermission permission) throws ThriftSecurityException { try { boolean result = super.hasTablePermission(credentials, user, table, permission); audit(credentials, "checked permission %s on table %s for %s", permission, table, user); @@ -279,7 +279,7 @@ public class AuditedSecurityOperation ex * @return * @throws ThriftSecurityException */ - public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException { + public Set<String> listUsers(InstanceTokenWrapper credentials) throws ThriftSecurityException { try { Set<String> result = super.listUsers(credentials); audit(credentials, "listUsers"); @@ -295,7 +295,7 @@ public class AuditedSecurityOperation ex * @param table * @throws ThriftSecurityException */ - public void deleteTable(AuthInfo credentials, String table) throws ThriftSecurityException { + public void deleteTable(InstanceTokenWrapper credentials, String table) throws ThriftSecurityException { try { super.deleteTable(credentials, table); audit(credentials, "deleted table %s", table); @@ -306,8 +306,8 @@ public class AuditedSecurityOperation ex } @Override - public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException { - super.initializeSecurity(credentials, rootuser, rootpass); - log.info("Initialized root user with username: " + rootuser + " at the request of user " + credentials.user); + public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException, ThriftSecurityException { + super.initializeSecurity(credentials, token); + log.info("Initialized root user with username: " + token.getPrincipal()+ " at the request of user " + credentials.getPrincipal()); } } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java?rev=1437605&r1=1437604&r2=1437605&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java Wed Jan 23 18:05:10 2013 @@ -21,7 +21,6 @@ import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; -import java.nio.ByteBuffer; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecurityPermission; @@ -30,7 +29,10 @@ import java.util.Map.Entry; import org.apache.accumulo.core.Constants; import org.apache.accumulo.core.conf.Property; -import org.apache.accumulo.core.security.thrift.AuthInfo; +import org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper; +import org.apache.accumulo.core.security.tokens.AccumuloToken; +import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper; +import org.apache.accumulo.core.security.tokens.UserPassToken; import org.apache.accumulo.server.client.HdfsZooInstance; import org.apache.accumulo.server.conf.ServerConfiguration; import org.apache.accumulo.server.master.state.TabletServerState; @@ -41,11 +43,11 @@ public class SecurityConstants { public static final String SYSTEM_USERNAME = "!SYSTEM"; private static final byte[] SYSTEM_PASSWORD = makeSystemPassword(); - private static final AuthInfo systemCredentials = new AuthInfo(SYSTEM_USERNAME, ByteBuffer.wrap(SYSTEM_PASSWORD), HdfsZooInstance.getInstance() - .getInstanceID()); + private static final AccumuloToken<?,?> systemToken = new UserPassToken(SYSTEM_USERNAME, SYSTEM_PASSWORD); + private static final InstanceTokenWrapper systemCredentials = new InstanceTokenWrapper(systemToken, HdfsZooInstance.getInstance().getInstanceID()); public static byte[] confChecksum = null; - public static AuthInfo getSystemCredentials() { + public static InstanceTokenWrapper getSystemCredentials() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION); @@ -53,6 +55,10 @@ public class SecurityConstants { return systemCredentials; } + public static ThriftInstanceTokenWrapper getThriftSystemCredentials() { + return systemCredentials.toThrift(); + } + private static byte[] makeSystemPassword() { byte[] version = Constants.VERSION.getBytes(); byte[] inst = HdfsZooInstance.getInstance().getInstanceID().getBytes();