accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1389490 [1/2] - in /accumulo/branches/ACCUMULO-259: ./ core/ server/ server/src/main/java/org/apache/accumulo/server/client/ server/src/main/java/org/apache/accumulo/server/master/ server/src/main/java/org/apache/accumulo/server/master/tab...
Date Mon, 24 Sep 2012 17:17:25 GMT
Author: vines
Date: Mon Sep 24 17:17:23 2012
New Revision: 1389490

URL: http://svn.apache.org/viewvc?rev=1389490&view=rev
Log:
After meandering this code base through multiple dropboxes, it seems somewhat borked. Trying to archive changes while I merge things back together


Added:
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
      - copied, changed from r1363473, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Removed:
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Modified:
    accumulo/branches/ACCUMULO-259/   (props changed)
    accumulo/branches/ACCUMULO-259/core/   (props changed)
    accumulo/branches/ACCUMULO-259/server/   (props changed)
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
    accumulo/branches/ACCUMULO-259/src/   (props changed)

Propchange: accumulo/branches/ACCUMULO-259/
------------------------------------------------------------------------------
  Merged /accumulo/branches/1.4/src:r1363430
  Merged /accumulo/trunk:r1362561-1363473

Propchange: accumulo/branches/ACCUMULO-259/core/
------------------------------------------------------------------------------
  Merged /accumulo/trunk/core:r1362561-1363473
  Merged /accumulo/branches/1.4/src/core:r1363430

Propchange: accumulo/branches/ACCUMULO-259/server/
------------------------------------------------------------------------------
  Merged /accumulo/branches/1.4/src/server:r1363430
  Merged /accumulo/trunk/server:r1362561-1363473

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Mon Sep 24 17:17:23 2012
@@ -44,8 +44,8 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.server.conf.ServerConfiguration;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.zookeeper.TransactionWatcher;
 import org.apache.accumulo.start.classloader.AccumuloClassLoader;
 import org.apache.log4j.Logger;
@@ -54,7 +54,7 @@ import org.apache.thrift.TException;
 
 public class ClientServiceHandler implements ClientService.Iface {
   private static final Logger log = Logger.getLogger(ClientServiceHandler.class);
-  private static SecurityOperation security = SecurityOperationImpl.getInstance();
+  private static SecurityOperation security = AuditedSecurityOperation.getInstance();
   private final TransactionWatcher transactionWatcher;
   private final Instance instance;
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java Mon Sep 24 17:17:23 2012
@@ -136,9 +136,9 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.master.tableOps.TraceRepo;
 import org.apache.accumulo.server.master.tserverOps.ShutdownTServer;
 import org.apache.accumulo.server.monitor.Monitor;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.trace.TraceFileSystem;
@@ -499,7 +499,7 @@ public class Master implements LiveTServ
     log.info("Version " + Constants.VERSION);
     log.info("Instance " + instance.getInstanceID());
     ThriftTransportPool.getInstance().setIdleTime(aconf.getTimeInMillis(Property.GENERAL_RPC_TIMEOUT));
-    security = SecurityOperationImpl.getInstance();
+    security = AuditedSecurityOperation.getInstance();
     tserverSet = new LiveTServerSet(instance, config.getConfiguration(), this);
     this.tabletBalancer = createInstanceFromPropertyName(aconf, Property.MASTER_TABLET_BALANCER, TabletBalancer.class, new DefaultLoadBalancer());
     this.tabletBalancer.init(serverConfig);

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java Mon Sep 24 17:17:23 2012
@@ -31,8 +31,8 @@ import org.apache.accumulo.fate.zookeepe
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.util.MetadataTable;
 import org.apache.log4j.Logger;
 
@@ -183,7 +183,7 @@ class ClonePermissions extends MasterRep
     // give all table permissions to the creator
     for (TablePermission permission : TablePermission.values()) {
       try {
-        SecurityOperationImpl.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
+        AuditedSecurityOperation.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
         throw e;
@@ -198,7 +198,7 @@ class ClonePermissions extends MasterRep
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
   }
 }
 

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java Mon Sep 24 17:17:23 2012
@@ -38,9 +38,9 @@ import org.apache.accumulo.server.client
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.trace.TraceFileSystem;
 import org.apache.accumulo.server.util.MetadataTable;
@@ -231,7 +231,7 @@ class SetupPermissions extends MasterRep
   @Override
   public Repo<Master> call(long tid, Master env) throws Exception {
     // give all table permissions to the creator
-    SecurityOperation security = SecurityOperationImpl.getInstance();
+    SecurityOperation security = AuditedSecurityOperation.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
         security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
@@ -249,7 +249,7 @@ class SetupPermissions extends MasterRep
   
   @Override
   public void undo(long tid, Master env) throws Exception {
-    SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
   }
   
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java Mon Sep 24 17:17:23 2012
@@ -45,8 +45,8 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.master.state.TabletState;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.problems.ProblemReports;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.util.MetadataTable;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
@@ -190,7 +190,7 @@ class CleanUp extends MasterRepo {
     
     // remove any permissions associated with this table
     try {
-      SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
+      AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
     } catch (ThriftSecurityException e) {
       log.error(e.getMessage(), e);
     }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Mon Sep 24 17:17:23 2012
@@ -20,27 +20,40 @@ import java.nio.ByteBuffer;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException;
 import org.apache.accumulo.core.security.AuditLevel;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.server.security.handler.Authenticator;
+import org.apache.accumulo.server.security.handler.Authorizor;
+import org.apache.accumulo.server.security.handler.PermissionHandler;
 import org.apache.log4j.Logger;
 
 /**
  * 
  */
-public class AuditedSecurityOperation implements SecurityOperation {
+public class AuditedSecurityOperation extends SecurityOperation {
+  /**
+   * @param author
+   * @param authent
+   * @param pm
+   * @param instanceId
+   */
+  public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
+    super(author, authent, pm, instanceId);
+  }
+
   public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
-  private SecurityOperation impl;
   
-  public AuditedSecurityOperation(SecurityOperation impl) {
-    this.impl = impl;
+  public static synchronized SecurityOperation getInstance(String instanceId) {
+    if (instance == null) {
+      instance = new AuditedSecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
+    }
+    return instance;
   }
-  
+
   private void audit(AuthInfo credentials, ThriftSecurityException ex, String template, Object... args) {
     log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.user + ": " + String.format(template, args));
   }
@@ -49,10 +62,6 @@ public class AuditedSecurityOperation im
     log.log(AuditLevel.AUDIT, "Using credentials " + credentials.user + ": " + String.format(template, args));
   }
   
-  public synchronized String getRootUsername() {
-    return impl.getRootUsername();
-  }
-  
   /**
    * @param credentials
    * @param user
@@ -62,7 +71,7 @@ public class AuditedSecurityOperation im
    */
   public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
     try {
-      boolean result = impl.authenticateUser(credentials, user, password);
+      boolean result = super.authenticateUser(credentials, user, password);
       audit(credentials, result ? "authenticated" : "failed authentication");
       return result;
     } catch (ThriftSecurityException ex) {
@@ -79,7 +88,7 @@ public class AuditedSecurityOperation im
    */
   public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException {
     try {
-      Authorizations result = impl.getUserAuthorizations(credentials, user);
+      Authorizations result = super.getUserAuthorizations(credentials, user);
       audit(credentials, "got authorizations for %s", user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -97,249 +106,6 @@ public class AuditedSecurityOperation im
   public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException {
     return getUserAuthorizations(credentials, credentials.user);
   }
-    
-  /**
-   * @param credentials
-   * @param string
-   * @return
-   * @throws ThriftSecurityException
-   * @throws TableNotFoundException
-   */
-  public boolean canScan(AuthInfo credentials, String table) throws ThriftSecurityException {
-    return impl.canScan(credentials, table);
-  }
-  
-  /**
-   * @param credentials
-   * @param string
-   * @return
-   * @throws ThriftSecurityException
-   * @throws TableNotFoundException
-   */
-  public boolean canWrite(AuthInfo credentials, String table) throws ThriftSecurityException {
-    return impl.canWrite(credentials, table);
-  }
-  
-  /**
-   * @param credentials
-   * @param string
-   * @return
-   * @throws ThriftSecurityException
-   * @throws TableNotFoundException
-   */
-  public boolean canSplitTablet(AuthInfo credentials, String table) throws ThriftSecurityException {
-    return impl.canSplitTablet(credentials, table);
-  }
-  
-  /**
-   * @param credentials
-   * @return
-   * @throws ThriftSecurityException
-   * 
-   *           This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system
-   *           properties.
-   */
-  public boolean canPerformSystemActions(AuthInfo credentials) throws ThriftSecurityException {
-    return impl.canPerformSystemActions(credentials);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @throws ThriftSecurityException
-   * @throws ThriftTableOperationException
-   */
-  public boolean canFlush(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canFlush(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @throws ThriftSecurityException
-   * @throws ThriftTableOperationException
-   */
-  public boolean canAlterTable(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canAlterTable(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @throws ThriftSecurityException
-   */
-  public boolean canCreateTable(AuthInfo c) throws ThriftSecurityException {
-    return impl.canCreateTable(c);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canRenameTable(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canRenameTable(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canCloneTable(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canCloneTable(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canDeleteTable(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canDeleteTable(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canOnlineOfflineTable(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canOnlineOfflineTable(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canMerge(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canMerge(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canDeleteRange(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canDeleteRange(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canBulkImport(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canBulkImport(c, tableId);
-  }
-  
-  /**
-   * @param c
-   * @param tableId
-   * @return
-   * @throws TableNotFoundException
-   * @throws ThriftSecurityException
-   */
-  public boolean canCompact(AuthInfo c, String tableId) throws ThriftSecurityException {
-    return impl.canCompact(c, tableId);
-  }
-  
-  /**
-   * @param credentials
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canChangeAuthorizations(AuthInfo c, String user) throws ThriftSecurityException {
-    return impl.canChangeAuthorizations(c, user);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canChangePassword(AuthInfo c, String user) throws ThriftSecurityException {
-    return impl.canChangePassword(c, user);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canCreateUser(AuthInfo c, String user) throws ThriftSecurityException {
-    return impl.canCreateUser(c, user);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canDropUser(AuthInfo c, String user) throws ThriftSecurityException {
-    return impl.canDropUser(c, user);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @param sysPerm
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canGrantSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
-    return impl.canGrantSystem(c, user, sysPerm);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @param table
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canGrantTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
-    return impl.canGrantTable(c, user, table);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @param sysPerm
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canRevokeSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
-    return impl.canRevokeSystem(c, user, sysPerm);
-  }
-  
-  /**
-   * @param credentials
-   * @param user
-   * @param table
-   * @return
-   * @throws ThriftSecurityException
-   */
-  public boolean canRevokeTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
-    return impl.canRevokeTable(c, user, table);
-  }
   
   /**
    * @param credentials
@@ -349,7 +115,7 @@ public class AuditedSecurityOperation im
    */
   public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      impl.changeAuthorizations(credentials, user, authorizations);
+      super.changeAuthorizations(credentials, user, authorizations);
       audit(credentials, "changed authorizations for %s to %s", user, authorizations);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "changing authorizations for %s", user);
@@ -365,7 +131,7 @@ public class AuditedSecurityOperation im
    */
   public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException {
     try {
-      impl.changePassword(credentials, user, pass);
+      super.changePassword(credentials, user, pass);
       audit(credentials, "changed password for %s", user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "changing password for %s", user);
@@ -382,7 +148,7 @@ public class AuditedSecurityOperation im
    */
   public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      impl.createUser(credentials, user, pass, authorizations);
+      super.createUser(credentials, user, pass, authorizations);
       audit(credentials, "createUser");
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "createUser %s", user);
@@ -397,7 +163,7 @@ public class AuditedSecurityOperation im
    */
   public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException {
     try {
-      impl.dropUser(credentials, user);
+      super.dropUser(credentials, user);
       audit(credentials, "dropUser");
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "dropUser %s", user);
@@ -413,7 +179,7 @@ public class AuditedSecurityOperation im
    */
   public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      impl.grantSystemPermission(credentials, user, permission);
+      super.grantSystemPermission(credentials, user, permission);
       audit(credentials, "granted permission %s for %s", permission, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "granting permission %s for %s", permission, user);
@@ -430,7 +196,7 @@ public class AuditedSecurityOperation im
    */
   public void grantTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      impl.grantTablePermission(credentials, user, table, permission);
+      super.grantTablePermission(credentials, user, table, permission);
       audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
@@ -446,7 +212,7 @@ public class AuditedSecurityOperation im
    */
   public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      impl.revokeSystemPermission(credentials, user, permission);
+      super.revokeSystemPermission(credentials, user, permission);
       audit(credentials, "revoked permission %s for %s", permission, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "revoking permission %s on %s", permission, user);
@@ -463,7 +229,7 @@ public class AuditedSecurityOperation im
    */
   public void revokeTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      impl.revokeTablePermission(credentials, user, table, permission);
+      super.revokeTablePermission(credentials, user, table, permission);
       audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
@@ -480,7 +246,7 @@ public class AuditedSecurityOperation im
    */
   public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      boolean result = impl.hasSystemPermission(credentials, user, permission);
+      boolean result = super.hasSystemPermission(credentials, user, permission);
       audit(credentials, "checked permission %s on %s", permission, user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -499,7 +265,7 @@ public class AuditedSecurityOperation im
    */
   public boolean hasTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      boolean result = impl.hasTablePermission(credentials, user, table, permission);
+      boolean result = super.hasTablePermission(credentials, user, table, permission);
       audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -515,7 +281,7 @@ public class AuditedSecurityOperation im
    */
   public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException {
     try {
-      Set<String> result = impl.listUsers(credentials);
+      Set<String> result = super.listUsers(credentials);
       audit(credentials, "listUsers");
       return result;
     } catch (ThriftSecurityException ex) {
@@ -531,7 +297,7 @@ public class AuditedSecurityOperation im
    */
   public void deleteTable(AuthInfo credentials, String table) throws ThriftSecurityException {
     try {
-      impl.deleteTable(credentials, table);
+      super.deleteTable(credentials, table);
       audit(credentials, "deleted table %s", table);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "deleting table %s", table);
@@ -541,7 +307,7 @@ public class AuditedSecurityOperation im
 
   @Override
   public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException {
-    impl.initializeSecurity(credentials, rootuser, rootpass);
+    super.initializeSecurity(credentials, rootuser, rootpass);
     log.info("Initialized root user with username: " + rootuser + " at the request of user " + credentials.user);
   }
 }

Copied: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (from r1363473, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java)
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?p2=accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java&p1=accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java&r1=1363473&r2=1389490&rev=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Mon Sep 24 17:17:23 2012
@@ -47,17 +47,17 @@ import org.apache.log4j.Logger;
 /**
  * Utility class for performing various security operations with the appropriate checks
  */
-public class SecurityOperationImpl implements SecurityOperation {
+public class SecurityOperation {
   private static final Logger log = Logger.getLogger(SecurityOperationsImpl.class);
 
-  private static Authorizor authorizor;
-  private static Authenticator authenticator;
-  private static PermissionHandler permHandle;
+  protected static Authorizor authorizor;
+  protected static Authenticator authenticator;
+  protected static PermissionHandler permHandle;
   private static String rootUserName = null;
   private final ZooCache zooCache;
   private final String ZKUserPath;
   
-  private static SecurityOperation instance;
+  protected static SecurityOperation instance;
   
   public static synchronized SecurityOperation getInstance() {
     String instanceId = HdfsZooInstance.getInstance().getInstanceID();
@@ -66,14 +66,13 @@ public class SecurityOperationImpl imple
   
   public static synchronized SecurityOperation getInstance(String instanceId) {
     if (instance == null) {
-      instance = new AuditedSecurityOperation(new SecurityOperationImpl(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId),
-          instanceId));
+      instance = new SecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
     }
     return instance;
   }
   
   @SuppressWarnings("deprecation")
-  private static Authorizor getAuthorizor(String instanceId) {
+  protected static Authorizor getAuthorizor(String instanceId) {
     Authorizor toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHORIZOR,
         Authorizor.class, ZKAuthorizor.getInstance());
     toRet.initialize(instanceId);
@@ -81,7 +80,7 @@ public class SecurityOperationImpl imple
   }
 
   @SuppressWarnings("deprecation")
-  private static Authenticator getAuthenticator(String instanceId) {
+  protected static Authenticator getAuthenticator(String instanceId) {
     Authenticator toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(), Property.INSTANCE_SECURITY_AUTHENTICATOR,
         Authenticator.class, ZKAuthenticator.getInstance());
     toRet.initialize(instanceId);
@@ -89,14 +88,23 @@ public class SecurityOperationImpl imple
   }
 
   @SuppressWarnings("deprecation")
-  private static PermissionHandler getPermHandler(String instanceId) {
+  protected static PermissionHandler getPermHandler(String instanceId) {
     PermissionHandler toRet = Master.createInstanceFromPropertyName(AccumuloConfiguration.getSiteConfiguration(),
         Property.INSTANCE_SECURITY_PERMISSION_HANDLER, PermissionHandler.class, ZKPermHandler.getInstance());
     toRet.initialize(instanceId);
     return toRet;
   }
 
-  public SecurityOperationImpl(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
+  /**
+   * 
+   * @Deprecated not for client use
+   */
+  public SecurityOperation(String instanceId) {
+    ZKUserPath = Constants.ZROOT + "/" + instanceId + "/users";
+    zooCache = new ZooCache();
+  }
+
+  public SecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
     authorizor = author;
     authenticator = authent;
     permHandle = pm;
@@ -153,6 +161,13 @@ public class SecurityOperationImpl imple
     authenticate(credentials.user, credentials.password, credentials.instanceId);
   }
 
+  public boolean canAskAboutUser(AuthInfo credentials, String user) throws ThriftSecurityException {
+    // Authentication done in canPerformSystemActions
+    if (!(canPerformSystemActions(credentials) || credentials.user.equals(user)))
+      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+    return true;
+  }
+  
   /**
    * @param credentials
    * @param user
@@ -161,10 +176,7 @@ public class SecurityOperationImpl imple
    * @throws ThriftSecurityException
    */
   public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
-    // Authentication done in canPerformSystemActions
-    if (!(canPerformSystemActions(credentials) || credentials.user.equals(user)))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
-
+    canAskAboutUser(credentials, user);
     return authenticator.authenticateUser(user, password, credentials.instanceId);
     
   }
@@ -281,7 +293,7 @@ public class SecurityOperationImpl imple
     authenticate(credentials);
     return hasTablePermission(credentials.user, table, TablePermission.READ, true);
   }
-
+  
   /**
    * @param credentials
    * @param string
@@ -293,7 +305,7 @@ public class SecurityOperationImpl imple
     authenticate(credentials);
     return hasTablePermission(credentials.user, table, TablePermission.WRITE, true);
   }
-
+  
   /**
    * @param credentials
    * @param string
@@ -319,7 +331,7 @@ public class SecurityOperationImpl imple
     authenticate(credentials);
     return hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false);
   }
-
+  
   /**
    * @param c
    * @param tableId
@@ -460,7 +472,7 @@ public class SecurityOperationImpl imple
       throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
     return hasSystemPermission(c.user, SystemPermission.ALTER_USER, false);
   }
-
+  
   /**
    * @param credentials
    * @param user
@@ -486,10 +498,10 @@ public class SecurityOperationImpl imple
     // don't allow creating a user with the same name as system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
       throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
-
+    
     return hasSystemPermission(c.user, SystemPermission.CREATE_USER, false);
   }
-
+  
   /**
    * @param credentials
    * @param user
@@ -502,7 +514,7 @@ public class SecurityOperationImpl imple
     // can't delete root or system users
     if (user.equals(getRootUsername()) || user.equals(SecurityConstants.SYSTEM_USERNAME))
       throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
-
+    
     return hasSystemPermission(c.user, SystemPermission.DROP_USER, false);
   }
   
@@ -523,7 +535,7 @@ public class SecurityOperationImpl imple
     // can't grant GRANT
     if (sysPerm.equals(SystemPermission.GRANT))
       throw new ThriftSecurityException(c.user, SecurityErrorCode.GRANT_INVALID);
-
+    
     return hasSystemPermission(c.user, SystemPermission.GRANT, false);
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Mon Sep 24 17:17:23 2012
@@ -152,6 +152,14 @@ public interface PermissionHandler {
   public void initUser(String user) throws AccumuloSecurityException;
   
   /**
+   * Initializes a new user
+   * 
+   * @param user
+   * @throws AccumuloSecurityException
+   */
+  public void initTable(String table) throws AccumuloSecurityException;
+  
+  /**
    * Deletes a user
    * 
    * @param user

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Mon Sep 24 17:17:23 2012
@@ -153,9 +153,9 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.metrics.AbstractMetricsImpl;
 import org.apache.accumulo.server.problems.ProblemReport;
 import org.apache.accumulo.server.problems.ProblemReports;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.tabletserver.Tablet.CommitSession;
 import org.apache.accumulo.server.tabletserver.Tablet.KVEntry;
@@ -2981,7 +2981,7 @@ public class TabletServer extends Abstra
   
   public void config(String hostname) {
     log.info("Tablet server starting on " + hostname);
-    security = SecurityOperationImpl.getInstance();
+    security = AuditedSecurityOperation.getInstance();
     clientAddress = new InetSocketAddress(hostname, 0);
     logger = new TabletServerLogger(this, getSystemConfiguration().getMemoryInBytes(Property.TSERV_WALOG_MAX_SIZE));
     

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java Mon Sep 24 17:17:23 2012
@@ -18,6 +18,7 @@ package org.apache.accumulo.server.test.
 
 import java.io.File;
 import java.lang.management.ManagementFactory;
+import java.nio.ByteBuffer;
 import java.util.HashMap;
 import java.util.Properties;
 
@@ -25,6 +26,7 @@ import org.apache.accumulo.core.client.C
 import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.client.MultiTableBatchWriter;
 import org.apache.accumulo.core.client.ZooKeeperInstance;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.log4j.Logger;
 
@@ -87,13 +89,19 @@ public class State {
     if (connector == null) {
       String instance = props.getProperty("INSTANCE");
       String zookeepers = props.getProperty("ZOOKEEPERS");
-      String username = props.getProperty("USERNAME");
-      String password = props.getProperty("PASSWORD");
-      connector = new ZooKeeperInstance(instance, zookeepers).getConnector(username, password.getBytes());
+      AuthInfo auth = getAuthInfo();
+      connector = new ZooKeeperInstance(instance, zookeepers).getConnector(auth);
     }
     return connector;
   }
   
+  public AuthInfo getAuthInfo() {
+    String username = props.getProperty("USERNAME");
+    String password = props.getProperty("PASSWORD");
+    String instance = props.getProperty("INSTANCE");
+    return new AuthInfo(username, ByteBuffer.wrap(password.getBytes()), instance);
+  }
+
   public Instance getInstance() {
     if (instance == null) {
       instance = HdfsZooInstance.getInstance();

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java Mon Sep 24 17:17:23 2012
@@ -31,11 +31,12 @@ public class AlterSystemPerm extends Tes
   @Override
   public void visit(State state, Properties props) throws Exception {
     Connector conn = state.getConnector();
+    WalkingSecurity ws = new WalkingSecurity(state);
     
     String action = props.getProperty("task", "toggle");
     String perm = props.getProperty("perm", "random");
     
-    String targetUser = SecurityHelper.getSysUserName(state);
+    String targetUser = WalkingSecurity.get(state).getSysUserName();
     
     SystemPermission sysPerm;
     if (perm.equals("random")) {
@@ -45,7 +46,7 @@ public class AlterSystemPerm extends Tes
     } else
       sysPerm = SystemPermission.valueOf(perm);
     
-    boolean hasPerm = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm);
+    boolean hasPerm = ws.hasSystemPermission(targetUser, sysPerm);
     
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
@@ -65,6 +66,7 @@ public class AlterSystemPerm extends Tes
           case GRANT_INVALID:
             if (sysPerm.equals(SystemPermission.GRANT))
               return;
+            throw new AccumuloException("Got GRANT_INVALID when not dealing with GRANT", ae);
           case PERMISSION_DENIED:
             throw new AccumuloException("Test user doesn't have root", ae);
           case USER_DOESNT_EXIST:
@@ -73,7 +75,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, false);
+      ws.revokeSystemPermission(targetUser, sysPerm);
     } else if ("give".equals(action)) {
       try {
         conn.securityOperations().grantSystemPermission(targetUser, sysPerm);
@@ -90,7 +92,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, true);
+      ws.grantSystemPermission(targetUser, sysPerm);
     }
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java Mon Sep 24 17:17:23 2012
@@ -24,8 +24,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
@@ -34,15 +32,12 @@ public class AlterTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = WalkingSecurity.get(state).getSystemConnector();
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_TABLE)
-        || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.ALTER_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysAuthInfo(), tableName);
     String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
         System.currentTimeMillis());
     
@@ -60,7 +55,7 @@ public class AlterTable extends Test {
         else
           return;
       } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-        if (SecurityHelper.sysUserPassTransient(state))
+        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
           return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
@@ -70,7 +65,7 @@ public class AlterTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableName(state, newName);
+    WalkingSecurity.get(state).setTableName(newName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java Mon Sep 24 17:17:23 2012
@@ -24,6 +24,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -41,16 +42,16 @@ public class AlterTablePerm extends Test
     String perm = props.getProperty("perm", "random");
     String sourceUser = props.getProperty("source", "system");
     String targetUser = props.getProperty("target", "table");
-    boolean tabExists = SecurityHelper.getTableExists(state);
+    boolean tabExists = WalkingSecurity.get(state).getTableExists();
     
     String target;
     if ("table".equals(targetUser))
-      target = SecurityHelper.getTabUserName(state);
+      target = WalkingSecurity.get(state).getTabUserName();
     else
-      target = SecurityHelper.getSysUserName(state);
+      target = WalkingSecurity.get(state).getSysUserName();
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean tableExists = SecurityHelper.getTableExists(state);
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    boolean tableExists = WalkingSecurity.get(state).getTableExists();
     
     TablePermission tabPerm;
     if (perm.equals("random")) {
@@ -59,26 +60,28 @@ public class AlterTablePerm extends Test
       tabPerm = TablePermission.values()[i];
     } else
       tabPerm = TablePermission.valueOf(perm);
-    
-    boolean hasPerm = SecurityHelper.getTabPerm(state, target, tabPerm);
+    String tableName = WalkingSecurity.get(state).getTableName();
+    boolean hasPerm = WalkingSecurity.get(state).hasTablePermission(target, tableName, tabPerm);
     boolean canGive;
+    AuthInfo source;
     if ("system".equals(sourceUser)) {
-      conn = SecurityHelper.getSystemConnector(state);
-      canGive = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER)
-          || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.GRANT);
+      conn = WalkingSecurity.get(state).getSystemConnector();
+      source = WalkingSecurity.get(state).getSysAuthInfo();
     } else if ("table".equals(sourceUser)) {
-      conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
-      canGive = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.GRANT);
+      conn = WalkingSecurity.get(state).getTableConnector();
+      source = WalkingSecurity.get(state).getTabAuthInfo();
     } else {
       conn = state.getConnector();
-      canGive = true;
+      source = state.getAuthInfo();
     }
     
+    canGive = WalkingSecurity.get(state).canGrantTable(source, target, WalkingSecurity.get(state).getTableName());
+
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
       try {
         boolean res;
-        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, SecurityHelper.getTableName(state), tabPerm)))
+        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
           throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
               + " with local vs. accumulo being " + hasPerm + " " + res);
         
@@ -104,9 +107,10 @@ public class AlterTablePerm extends Test
       }
     }
     
+    boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
     if ("take".equals(action)) {
       try {
-        conn.securityOperations().revokeTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+        conn.securityOperations().revokeTablePermission(target, tableName, tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -114,7 +118,7 @@ public class AlterTablePerm extends Test
               return;
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+              throw new AccumuloException(conn.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -125,17 +129,17 @@ public class AlterTablePerm extends Test
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
           case BAD_CREDENTIALS:
-            if (!SecurityHelper.sysUserPassTransient(state))
+            if (!trans)
               throw new AccumuloException("Bad credentials for user " + conn.whoami());
             return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setTabPerm(state, target, tabPerm, false);
+      WalkingSecurity.get(state).revokeTablePermission(target, tableName, tabPerm);
     } else if ("give".equals(action)) {
       try {
-        conn.securityOperations().grantTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+        conn.securityOperations().grantTablePermission(target, tableName, tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -144,7 +148,7 @@ public class AlterTablePerm extends Test
             throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+              throw new AccumuloException(conn.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -155,14 +159,14 @@ public class AlterTablePerm extends Test
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
           case BAD_CREDENTIALS:
-            if (!SecurityHelper.sysUserPassTransient(state))
+            if (!trans)
               throw new AccumuloException("Bad credentials for user " + conn.whoami());
             return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setTabPerm(state, target, tabPerm, true);
+      WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
     }
     
     if (!exists)
@@ -170,7 +174,7 @@ public class AlterTablePerm extends Test
     if (!tableExists)
       throw new AccumuloException("Table shouldn't have existed, but apparantly does");
     if (!canGive)
-      throw new AccumuloException("Source user shouldn't have been able to grant privilege");
+      throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
     
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,7 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,7 +30,7 @@ public class Authenticate extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = WalkingSecurity.get(state).getSystemConnector();
     
     authenticate(conn, state, props);
   }
@@ -40,21 +40,20 @@ public class Authenticate extends Test {
     boolean success = Boolean.parseBoolean(props.getProperty("valid"));
     
     String target;
-    boolean exists = true;
-    boolean hasPermission = true;
-    byte[] password;
+    
+    AuthInfo auth;
     if (targetProp.equals("table")) {
-      exists = SecurityHelper.getTabUserExists(state);
-      target = SecurityHelper.getTabUserName(state);
-      if (!conn.whoami().equals(state.getConnector().whoami())
-          && !SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.SYSTEM))
-        hasPermission = false;
-      password = Arrays.copyOf(SecurityHelper.getTabUserPass(state), SecurityHelper.getTabUserPass(state).length);
+      target = WalkingSecurity.get(state).getTabUserName();
+      auth = WalkingSecurity.get(state).getTabAuthInfo();
     } else {
-      target = SecurityHelper.getSysUserName(state);
-      password = Arrays.copyOf(SecurityHelper.getSysUserPass(state), SecurityHelper.getSysUserPass(state).length);
+      target = WalkingSecurity.get(state).getSysUserName();
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
     }
-    
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    // Copy so if failed it doesn't mess with the password stored in state
+    byte[] password = Arrays.copyOf(WalkingSecurity.get(state).getUserPassword(target), WalkingSecurity.get(state).getUserPassword(target).length);
+    boolean hasPermission = WalkingSecurity.get(state).canAskAboutUser(auth, target);
+
     if (!success)
       for (int i = 0; i < password.length; i++)
         password[i]++;

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Mon Sep 24 17:17:23 2012
@@ -23,8 +23,7 @@ import java.util.Random;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -37,38 +36,25 @@ public class ChangePass extends Test {
     String target = props.getProperty("target");
     String source = props.getProperty("source");
     
-    String sourceUser;
+    AuthInfo auth;
     if (source.equals("system")) {
-      conn = SecurityHelper.getSystemConnector(state);
-      sourceUser = SecurityHelper.getSysUserName(state);
+      conn = WalkingSecurity.get(state).getSystemConnector();
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
     } else {
-      sourceUser = SecurityHelper.getTabUserName(state);
-      try {
-        conn = state.getInstance().getConnector(sourceUser, (SecurityHelper.getTabUserPass(state)));
-      } catch (AccumuloSecurityException ae) {
-        if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-          if (SecurityHelper.getTabUserExists(state))
-            throw new AccumuloException("Got a security exception when the user should have existed", ae);
-          else
-            return;
-        }
-        throw new AccumuloException("Unexpected exception!", ae);
-      }
+      conn = WalkingSecurity.get(state).getTableConnector();
+      auth = WalkingSecurity.get(state).getTabAuthInfo();
     }
     
-    boolean hasPerm = true;
-    if (!source.equals(target))
-      hasPerm = SecurityHelper.getSysPerm(state, sourceUser, SystemPermission.ALTER_USER);
-    
-    boolean targetExists = true;
-    boolean targetSystem = true;
+    boolean hasPerm;
+    boolean targetExists;
     if (target.equals("table")) {
-      targetSystem = false;
-      if (!SecurityHelper.getTabUserExists(state))
-        targetExists = false;
-      target = SecurityHelper.getTabUserName(state);
+      target = WalkingSecurity.get(state).getTabUserName();
     } else
-      target = SecurityHelper.getSysUserName(state);
+      target = WalkingSecurity.get(state).getSysUserName();
+    
+    targetExists = WalkingSecurity.get(state).userExists(target);
+      
+    hasPerm = WalkingSecurity.get(state).canChangePassword(auth, target);
     
     Random r = new Random();
     
@@ -90,17 +76,14 @@ public class ChangePass extends Test {
             throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
           return;
         case BAD_CREDENTIALS:
-          if (!SecurityHelper.sysUserPassTransient(state))
+          if (!WalkingSecurity.get(state).userPassTransient(conn.whoami()))
             throw new AccumuloException("Bad credentials for user " + conn.whoami());
           return;
         default:
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    if (targetSystem) {
-      SecurityHelper.setSysUserPass(state, newPass);
-    } else
-      SecurityHelper.setTabUserPass(state, newPass);
+    WalkingSecurity.get(state).changePassword(target, newPass);
     if (!hasPerm)
       throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
-import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
@@ -32,14 +31,12 @@ public class CreateTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = WalkingSecurity.get(state).getSystemConnector();
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysAuthInfo());
     
     try {
       conn.tableOperations().create(tableName);
@@ -52,7 +49,7 @@ public class CreateTable extends Test {
         {
           try {
             state.getConnector().tableOperations().create(tableName);
-            SecurityHelper.setTableExists(state, true);
+            WalkingSecurity.get(state).initTable(tableName);
           } catch (TableExistsException tee) {
             if (exists)
               return;
@@ -69,9 +66,9 @@ public class CreateTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableExists(state, true);
+    WalkingSecurity.get(state).initTable(tableName);
     for (TablePermission tp : TablePermission.values())
-      SecurityHelper.setTabPerm(state, conn.whoami(), tp, true);
+      WalkingSecurity.get(state).grantTablePermission(conn.whoami(), tableName, tp);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java Mon Sep 24 17:17:23 2012
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,14 +29,12 @@ public class CreateUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = WalkingSecurity.get(state).getSystemConnector();
     
-    String tableUserName = SecurityHelper.getTabUserName(state);
+    String tableUserName = WalkingSecurity.get(state).getTabUserName();
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_USER))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+    boolean hasPermission = WalkingSecurity.get(state).canCreateUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
     byte[] tabUserPass = "Super Sekret Table User Password".getBytes();
     try {
       conn.securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
@@ -51,8 +48,7 @@ public class CreateUser extends Test {
           {
             if (!exists) {
               state.getConnector().securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
-              SecurityHelper.setTabUserPass(state, tabUserPass);
-              SecurityHelper.setTabUserExists(state, true);
+              WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
             }
             return;
           }
@@ -65,8 +61,7 @@ public class CreateUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setTabUserPass(state, tabUserPass);
-    SecurityHelper.setTabUserExists(state, true);
+    WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java Mon Sep 24 17:17:23 2012
@@ -23,8 +23,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
@@ -39,21 +38,19 @@ public class DropTable extends Test {
   public static void dropTable(State state, Properties props) throws Exception {
     String sourceUser = props.getProperty("source", "system");
     Connector conn;
-    String username;
+    AuthInfo auth;
     if (sourceUser.equals("table")) {
-      username = SecurityHelper.getTabUserName(state);
-      conn = state.getInstance().getConnector(username, SecurityHelper.getTabUserPass(state));
+      auth = WalkingSecurity.get(state).getTabAuthInfo();
+      conn = WalkingSecurity.get(state).getTableConnector();
     } else {
-      username = SecurityHelper.getSysUserName(state);
-      conn = SecurityHelper.getSystemConnector(state);
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
+      conn = WalkingSecurity.get(state).getSystemConnector();
     }
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, username, SystemPermission.DROP_TABLE) || SecurityHelper.getTabPerm(state, username, TablePermission.DROP_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(auth, tableName);
     
     try {
       conn.tableOperations().delete(tableName);
@@ -64,14 +61,11 @@ public class DropTable extends Test {
         else {
           // Drop anyway for sake of state
           state.getConnector().tableOperations().delete(tableName);
-          SecurityHelper.setTableExists(state, false);
-          for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
-            for (TablePermission tp : TablePermission.values())
-              SecurityHelper.setTabPerm(state, user, tp, false);
+          WalkingSecurity.get(state).cleanTablePermissions(tableName);
           return;
         }
       } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-        if (SecurityHelper.sysUserPassTransient(state))
+        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
           return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
@@ -81,10 +75,7 @@ public class DropTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableExists(state, false);
-    for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
-      for (TablePermission tp : TablePermission.values())
-        SecurityHelper.setTabPerm(state, user, tp, false);
+    WalkingSecurity.get(state).cleanTablePermissions(tableName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java Mon Sep 24 17:17:23 2012
@@ -21,8 +21,6 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,14 +28,13 @@ public class DropUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = WalkingSecurity.get(state).getSystemConnector();
     
-    String tableUserName = SecurityHelper.getTabUserName(state);
+    String tableUserName = WalkingSecurity.get(state).getTabUserName();
+    
+    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+    boolean hasPermission = WalkingSecurity.get(state).canDropUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.DROP_USER))
-      hasPermission = true;
     try {
       conn.securityOperations().dropUser(tableUserName);
     } catch (AccumuloSecurityException ae) {
@@ -48,11 +45,7 @@ public class DropUser extends Test {
           else {
             if (exists) {
               state.getConnector().securityOperations().dropUser(tableUserName);
-              SecurityHelper.setTabUserExists(state, false);
-              for (TablePermission tp : TablePermission.values())
-                SecurityHelper.setTabPerm(state, tableUserName, tp, false);
-              for (SystemPermission sp : SystemPermission.values())
-                SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+              WalkingSecurity.get(state).dropUser(tableUserName);
             }
             return;
           }
@@ -66,11 +59,7 @@ public class DropUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setTabUserExists(state, false);
-    for (TablePermission tp : TablePermission.values())
-      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
-    for (SystemPermission sp : SystemPermission.values())
-      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+    WalkingSecurity.get(state).dropUser(tableUserName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Mon Sep 24 17:17:23 2012
@@ -17,7 +17,6 @@
 package org.apache.accumulo.server.test.randomwalk.security;
 
 import java.net.InetAddress;
-import java.util.HashMap;
 
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Instance;
@@ -47,28 +46,22 @@ public class SecurityFixture extends Fix
     conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
     sysConn = instance.getConnector(systemUserName, sysUserPass);
     
-    SecurityHelper.setSystemConnector(state, sysConn);
-    SecurityHelper.setSysUserName(state, systemUserName);
-    SecurityHelper.setSysUserPass(state, sysUserPass);
+    WalkingSecurity.get(state).createUser(systemUserName, sysUserPass);
     
-    SecurityHelper.setTableExists(state, false);
-    SecurityHelper.setTableExists(state, false);
+    WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
     
-    SecurityHelper.setTabUserPass(state, new byte[0]);
-    
-    SecurityHelper.setTableName(state, secTableName);
-    SecurityHelper.setTabUserName(state, tableUserName);
+    WalkingSecurity.get(state).setTableName(secTableName);
+    WalkingSecurity.get(state).setTabUserName(tableUserName);
     
     for (TablePermission tp : TablePermission.values()) {
-      SecurityHelper.setTabPerm(state, systemUserName, tp, false);
-      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+      WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp);
+      WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp);
     }
     for (SystemPermission sp : SystemPermission.values()) {
-      SecurityHelper.setSysPerm(state, systemUserName, sp, false);
-      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+      WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
+      WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
     }
-    SecurityHelper.setUserAuths(state, tableUserName, new Authorizations());
-    SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>());
+    WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
   }
   
   @Override
@@ -77,20 +70,20 @@ public class SecurityFixture extends Fix
     Validate.validate(state, log);
     Connector conn = state.getConnector();
     
-    if (SecurityHelper.getTableExists(state)) {
-      String secTableName = SecurityHelper.getTableName(state);
+    if (WalkingSecurity.get(state).getTableExists()) {
+      String secTableName = WalkingSecurity.get(state).getTableName();
       log.debug("Dropping tables: " + secTableName);
       
       conn.tableOperations().delete(secTableName);
     }
     
-    if (SecurityHelper.getTabUserExists(state)) {
-      String tableUserName = SecurityHelper.getTabUserName(state);
+    if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
+      String tableUserName = WalkingSecurity.get(state).getTabUserName();
       log.debug("Dropping user: " + tableUserName);
       
       conn.securityOperations().dropUser(tableUserName);
     }
-    String systemUserName = SecurityHelper.getSysUserName(state);
+    String systemUserName = WalkingSecurity.get(state).getSysUserName();
     log.debug("Dropping user: " + systemUserName);
     conn.securityOperations().dropUser(systemUserName);
     

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1389490&r1=1389489&r2=1389490&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Mon Sep 24 17:17:23 2012
@@ -23,7 +23,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -37,22 +36,20 @@ public class SetAuths extends Test {
     
     String targetUser = props.getProperty("system");
     String target;
-    boolean exists;
-    boolean hasPermission;
     if ("table".equals(targetUser)) {
-      target = SecurityHelper.getTabUserName(state);
-      exists = SecurityHelper.getTabUserExists(state);
-      conn = SecurityHelper.getSystemConnector(state);
-      hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER);
+      target = WalkingSecurity.get(state).getTabUserName();
+      conn = WalkingSecurity.get(state).getSystemConnector();
     } else {
-      target = SecurityHelper.getSysUserName(state);
-      exists = true;
+      target = WalkingSecurity.get(state).getSysUserName();
       conn = state.getConnector();
-      hasPermission = true;
     }
+
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(WalkingSecurity.get(state).getSysAuthInfo(), target);
+
     Authorizations auths;
     if (authsString.equals("_random")) {
-      String[] possibleAuths = SecurityHelper.getAuthsArray();
+      String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray();
       
       Random r = new Random();
       int i = r.nextInt(possibleAuths.length);
@@ -88,7 +85,7 @@ public class SetAuths extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setUserAuths(state, target, auths);
+    WalkingSecurity.get(state).changeAuthorizations(target, auths);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }



Mime
View raw message