Author: stevel
Date: Wed Dec 23 12:11:51 2009
New Revision: 893490
URL: http://svn.apache.org/viewvc?rev=893490&view=rev
Log:
HADOOP-6452 Hadoop JSP pages don't work under a security manager
Modified:
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
Modified:
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java?rev=893490&r1=893489&r2=893490&view=diff
==============================================================================
---
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
(original)
+++
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ConfiguredPolicy.java
Wed Dec 23 12:11:51 2009
@@ -22,6 +22,8 @@
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
+import java.security.CodeSource;
+import java.security.Permissions;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -77,6 +79,19 @@
return super.implies(domain, permission);
}
+ /**
+ * {...@inheritdoc}
+ * @return a writable permission collection
+ */
+ @Override
+ public PermissionCollection getPermissions(CodeSource codesource) {
+ return new Permissions();
+ }
+
+ /**
+ * {...@inheritdoc}
+ * @return a writable permission collection
+ */
@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
PermissionCollection permissionCollection = super.getPermissions(domain);
@@ -153,4 +168,14 @@
LOG.debug("Policy - Adding " + permission + " to " + principal);
}
}
+
+ /**
+ * For debugging: identify ourselves and the policyproviders
+ *
+ * @return a string representation of the object.
+ */
+ @Override
+ public String toString() {
+ return "Hadoop ConfiguredPolicy " + super.toString() + " Policy provider
"+ policyProvider;
+ }
}
Modified:
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java?rev=893490&r1=893489&r2=893490&view=diff
==============================================================================
---
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
(original)
+++
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestConfiguredPolicy.java
Wed Dec 23 12:11:51 2009
@@ -17,7 +17,13 @@
*/
package org.apache.hadoop.security.authorize;
-import java.security.Permission;
+import java.security.CodeSource;
+import java.security.CodeSigner;
+import java.security.PermissionCollection;
+import java.security.ProtectionDomain;
+import java.net.URL;
+import java.net.NetPermission;
+import java.net.MalformedURLException;
import javax.security.auth.Subject;
@@ -36,7 +42,7 @@
private static final String KEY_1 = "test.policy.1";
private static final String KEY_2 = "test.policy.2";
-
+
public static class Protocol1 {
int i;
}
@@ -55,11 +61,7 @@
}
public void testConfiguredPolicy() throws Exception {
- Configuration conf = new Configuration();
- conf.set(KEY_1, AccessControlList.WILDCARD_ACL_VALUE);
- conf.set(KEY_2, USER1 + " " + GROUPS1[0]);
-
- ConfiguredPolicy policy = new ConfiguredPolicy(conf, new
TestPolicyProvider());
+ ConfiguredPolicy policy = createConfiguredPolicy();
SecurityUtil.setPolicy(policy);
Subject user1 =
@@ -79,4 +81,60 @@
}
assertTrue(failed);
}
+
+ /**
+ * Create a configured policy with some keys
+ * @return a new configured policy
+ */
+ private ConfiguredPolicy createConfiguredPolicy() {
+ Configuration conf = new Configuration();
+ conf.set(KEY_1, AccessControlList.WILDCARD_ACL_VALUE);
+ conf.set(KEY_2, USER1 + " " + GROUPS1[0]);
+
+ return new ConfiguredPolicy(conf, new TestPolicyProvider());
+ }
+
+ /**
+ * Create a test code source against a test URL
+ * @return a new code source
+ * @throws MalformedURLException
+ */
+ private CodeSource createCodeSource() throws MalformedURLException {
+ return new CodeSource(new URL("http://hadoop.apache.org";),
+ (CodeSigner[]) null);
+ }
+
+ /**
+ * Assert that a permission collection can have new permissions added
+ * @param permissions the collection to check
+ */
+ private void assertWritable(PermissionCollection permissions) {
+ assertFalse(permissions.isReadOnly());
+ NetPermission netPermission = new NetPermission("something");
+ permissions.add(netPermission);
+ }
+
+ /**
+ * test that the {...@link PermissionCollection} returned by
+ * {...@link ConfiguredPolicy#getPermissions(CodeSource)} is writeable
+ * @throws Throwable on any failure
+ */
+ public void testPolicyWritable() throws Throwable {
+ ConfiguredPolicy policy = createConfiguredPolicy();
+ CodeSource source = createCodeSource();
+ PermissionCollection permissions = policy.getPermissions(source);
+ assertWritable(permissions);
+ }
+
+ /**
+ * test that the {...@link PermissionCollection} returned by
+ * {...@link ConfiguredPolicy#getPermissions(CodeSource)} is writeable
+ * @throws Throwable on any failure
+ */
+ public void testProtectionDomainPolicyWritable() throws Throwable {
+ ConfiguredPolicy policy = createConfiguredPolicy();
+ CodeSource source = createCodeSource();
+ PermissionCollection permissions = policy.getPermissions(new
ProtectionDomain(source, null));
+ assertWritable(permissions);
+ }
}
