accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1391344 [1/2] - in /accumulo/branches/ACCUMULO-259: ./ core/ server/ server/src/main/java/org/apache/accumulo/server/client/ server/src/main/java/org/apache/accumulo/server/master/ server/src/main/java/org/apache/accumulo/server/master/tab...
Date Fri, 28 Sep 2012 07:26:00 GMT
Author: vines
Date: Fri Sep 28 07:25:59 2012
New Revision: 1391344

URL: http://svn.apache.org/viewvc?rev=1391344&view=rev
Log:
Reverting to fix the messed up merge


Added:
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
      - copied unchanged from r1363041, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
      - copied unchanged from r1363041, accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Modified:
    accumulo/branches/ACCUMULO-259/   (props changed)
    accumulo/branches/ACCUMULO-259/core/   (props changed)
    accumulo/branches/ACCUMULO-259/server/   (props changed)
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
    accumulo/branches/ACCUMULO-259/src/   (props changed)

Propchange: accumulo/branches/ACCUMULO-259/
------------------------------------------------------------------------------
  Reverse-merged /accumulo/branches/1.4/src:r1363430
  Reverse-merged /accumulo/trunk:r1362561-1363473

Propchange: accumulo/branches/ACCUMULO-259/core/
------------------------------------------------------------------------------
  Reverse-merged /accumulo/trunk/core:r1362561-1363473
  Reverse-merged /accumulo/branches/1.4/src/core:r1363430

Propchange: accumulo/branches/ACCUMULO-259/server/
------------------------------------------------------------------------------
  Reverse-merged /accumulo/branches/1.4/src/server:r1363430
  Reverse-merged /accumulo/trunk/server:r1362561-1363473

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Fri Sep 28 07:25:59 2012
@@ -44,8 +44,8 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.server.conf.ServerConfiguration;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.zookeeper.TransactionWatcher;
 import org.apache.accumulo.start.classloader.AccumuloClassLoader;
 import org.apache.log4j.Logger;
@@ -54,7 +54,7 @@ import org.apache.thrift.TException;
 
 public class ClientServiceHandler implements ClientService.Iface {
   private static final Logger log = Logger.getLogger(ClientServiceHandler.class);
-  private static SecurityOperation security = AuditedSecurityOperation.getInstance();
+  private static SecurityOperation security = SecurityOperationImpl.getInstance();
   private final TransactionWatcher transactionWatcher;
   private final Instance instance;
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java Fri Sep 28 07:25:59 2012
@@ -136,9 +136,9 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.master.tableOps.TraceRepo;
 import org.apache.accumulo.server.master.tserverOps.ShutdownTServer;
 import org.apache.accumulo.server.monitor.Monitor;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.trace.TraceFileSystem;
@@ -499,7 +499,7 @@ public class Master implements LiveTServ
     log.info("Version " + Constants.VERSION);
     log.info("Instance " + instance.getInstanceID());
     ThriftTransportPool.getInstance().setIdleTime(aconf.getTimeInMillis(Property.GENERAL_RPC_TIMEOUT));
-    security = AuditedSecurityOperation.getInstance();
+    security = SecurityOperationImpl.getInstance();
     tserverSet = new LiveTServerSet(instance, config.getConfiguration(), this);
     this.tabletBalancer = createInstanceFromPropertyName(aconf, Property.MASTER_TABLET_BALANCER, TabletBalancer.class, new DefaultLoadBalancer());
     this.tabletBalancer.init(serverConfig);

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java Fri Sep 28 07:25:59 2012
@@ -31,8 +31,8 @@ import org.apache.accumulo.fate.zookeepe
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.util.MetadataTable;
 import org.apache.log4j.Logger;
 
@@ -183,7 +183,7 @@ class ClonePermissions extends MasterRep
     // give all table permissions to the creator
     for (TablePermission permission : TablePermission.values()) {
       try {
-        AuditedSecurityOperation.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
+        SecurityOperationImpl.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
         throw e;
@@ -198,7 +198,7 @@ class ClonePermissions extends MasterRep
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
+    SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
   }
 }
 

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java Fri Sep 28 07:25:59 2012
@@ -38,9 +38,9 @@ import org.apache.accumulo.server.client
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.trace.TraceFileSystem;
 import org.apache.accumulo.server.util.MetadataTable;
@@ -231,7 +231,7 @@ class SetupPermissions extends MasterRep
   @Override
   public Repo<Master> call(long tid, Master env) throws Exception {
     // give all table permissions to the creator
-    SecurityOperation security = AuditedSecurityOperation.getInstance();
+    SecurityOperation security = SecurityOperationImpl.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
         security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
@@ -249,7 +249,7 @@ class SetupPermissions extends MasterRep
   
   @Override
   public void undo(long tid, Master env) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+    SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
   }
   
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java Fri Sep 28 07:25:59 2012
@@ -45,8 +45,8 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.master.state.TabletState;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.problems.ProblemReports;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.util.MetadataTable;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
@@ -190,7 +190,7 @@ class CleanUp extends MasterRepo {
     
     // remove any permissions associated with this table
     try {
-      AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
+      SecurityOperationImpl.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
     } catch (ThriftSecurityException e) {
       log.error(e.getMessage(), e);
     }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Fri Sep 28 07:25:59 2012
@@ -20,40 +20,27 @@ import java.nio.ByteBuffer;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException;
 import org.apache.accumulo.core.security.AuditLevel;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.server.security.handler.Authenticator;
-import org.apache.accumulo.server.security.handler.Authorizor;
-import org.apache.accumulo.server.security.handler.PermissionHandler;
 import org.apache.log4j.Logger;
 
 /**
  * 
  */
-public class AuditedSecurityOperation extends SecurityOperation {
-  /**
-   * @param author
-   * @param authent
-   * @param pm
-   * @param instanceId
-   */
-  public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
-    super(author, authent, pm, instanceId);
-  }
-
+public class AuditedSecurityOperation implements SecurityOperation {
   public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
+  private SecurityOperation impl;
   
-  public static synchronized SecurityOperation getInstance(String instanceId) {
-    if (instance == null) {
-      instance = new AuditedSecurityOperation(getAuthorizor(instanceId), getAuthenticator(instanceId), getPermHandler(instanceId), instanceId);
-    }
-    return instance;
+  public AuditedSecurityOperation(SecurityOperation impl) {
+    this.impl = impl;
   }
-
+  
   private void audit(AuthInfo credentials, ThriftSecurityException ex, String template, Object... args) {
     log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.user + ": " + String.format(template, args));
   }
@@ -62,6 +49,10 @@ public class AuditedSecurityOperation ex
     log.log(AuditLevel.AUDIT, "Using credentials " + credentials.user + ": " + String.format(template, args));
   }
   
+  public synchronized String getRootUsername() {
+    return impl.getRootUsername();
+  }
+  
   /**
    * @param credentials
    * @param user
@@ -71,7 +62,7 @@ public class AuditedSecurityOperation ex
    */
   public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
     try {
-      boolean result = super.authenticateUser(credentials, user, password);
+      boolean result = impl.authenticateUser(credentials, user, password);
       audit(credentials, result ? "authenticated" : "failed authentication");
       return result;
     } catch (ThriftSecurityException ex) {
@@ -88,7 +79,7 @@ public class AuditedSecurityOperation ex
    */
   public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException {
     try {
-      Authorizations result = super.getUserAuthorizations(credentials, user);
+      Authorizations result = impl.getUserAuthorizations(credentials, user);
       audit(credentials, "got authorizations for %s", user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -106,6 +97,249 @@ public class AuditedSecurityOperation ex
   public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException {
     return getUserAuthorizations(credentials, credentials.user);
   }
+    
+  /**
+   * @param credentials
+   * @param string
+   * @return
+   * @throws ThriftSecurityException
+   * @throws TableNotFoundException
+   */
+  public boolean canScan(AuthInfo credentials, String table) throws ThriftSecurityException {
+    return impl.canScan(credentials, table);
+  }
+  
+  /**
+   * @param credentials
+   * @param string
+   * @return
+   * @throws ThriftSecurityException
+   * @throws TableNotFoundException
+   */
+  public boolean canWrite(AuthInfo credentials, String table) throws ThriftSecurityException {
+    return impl.canWrite(credentials, table);
+  }
+  
+  /**
+   * @param credentials
+   * @param string
+   * @return
+   * @throws ThriftSecurityException
+   * @throws TableNotFoundException
+   */
+  public boolean canSplitTablet(AuthInfo credentials, String table) throws ThriftSecurityException {
+    return impl.canSplitTablet(credentials, table);
+  }
+  
+  /**
+   * @param credentials
+   * @return
+   * @throws ThriftSecurityException
+   * 
+   *           This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system
+   *           properties.
+   */
+  public boolean canPerformSystemActions(AuthInfo credentials) throws ThriftSecurityException {
+    return impl.canPerformSystemActions(credentials);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @throws ThriftSecurityException
+   * @throws ThriftTableOperationException
+   */
+  public boolean canFlush(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canFlush(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @throws ThriftSecurityException
+   * @throws ThriftTableOperationException
+   */
+  public boolean canAlterTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canAlterTable(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @throws ThriftSecurityException
+   */
+  public boolean canCreateTable(AuthInfo c) throws ThriftSecurityException {
+    return impl.canCreateTable(c);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canRenameTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canRenameTable(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canCloneTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canCloneTable(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canDeleteTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canDeleteTable(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canOnlineOfflineTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canOnlineOfflineTable(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canMerge(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canMerge(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canDeleteRange(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canDeleteRange(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canBulkImport(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canBulkImport(c, tableId);
+  }
+  
+  /**
+   * @param c
+   * @param tableId
+   * @return
+   * @throws TableNotFoundException
+   * @throws ThriftSecurityException
+   */
+  public boolean canCompact(AuthInfo c, String tableId) throws ThriftSecurityException {
+    return impl.canCompact(c, tableId);
+  }
+  
+  /**
+   * @param credentials
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canChangeAuthorizations(AuthInfo c, String user) throws ThriftSecurityException {
+    return impl.canChangeAuthorizations(c, user);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canChangePassword(AuthInfo c, String user) throws ThriftSecurityException {
+    return impl.canChangePassword(c, user);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canCreateUser(AuthInfo c, String user) throws ThriftSecurityException {
+    return impl.canCreateUser(c, user);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canDropUser(AuthInfo c, String user) throws ThriftSecurityException {
+    return impl.canDropUser(c, user);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @param sysPerm
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canGrantSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+    return impl.canGrantSystem(c, user, sysPerm);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @param table
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canGrantTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+    return impl.canGrantTable(c, user, table);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @param sysPerm
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canRevokeSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+    return impl.canRevokeSystem(c, user, sysPerm);
+  }
+  
+  /**
+   * @param credentials
+   * @param user
+   * @param table
+   * @return
+   * @throws ThriftSecurityException
+   */
+  public boolean canRevokeTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+    return impl.canRevokeTable(c, user, table);
+  }
   
   /**
    * @param credentials
@@ -115,7 +349,7 @@ public class AuditedSecurityOperation ex
    */
   public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      super.changeAuthorizations(credentials, user, authorizations);
+      impl.changeAuthorizations(credentials, user, authorizations);
       audit(credentials, "changed authorizations for %s to %s", user, authorizations);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "changing authorizations for %s", user);
@@ -131,7 +365,7 @@ public class AuditedSecurityOperation ex
    */
   public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException {
     try {
-      super.changePassword(credentials, user, pass);
+      impl.changePassword(credentials, user, pass);
       audit(credentials, "changed password for %s", user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "changing password for %s", user);
@@ -148,7 +382,7 @@ public class AuditedSecurityOperation ex
    */
   public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      super.createUser(credentials, user, pass, authorizations);
+      impl.createUser(credentials, user, pass, authorizations);
       audit(credentials, "createUser");
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "createUser %s", user);
@@ -163,7 +397,7 @@ public class AuditedSecurityOperation ex
    */
   public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException {
     try {
-      super.dropUser(credentials, user);
+      impl.dropUser(credentials, user);
       audit(credentials, "dropUser");
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "dropUser %s", user);
@@ -179,7 +413,7 @@ public class AuditedSecurityOperation ex
    */
   public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      super.grantSystemPermission(credentials, user, permission);
+      impl.grantSystemPermission(credentials, user, permission);
       audit(credentials, "granted permission %s for %s", permission, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "granting permission %s for %s", permission, user);
@@ -196,7 +430,7 @@ public class AuditedSecurityOperation ex
    */
   public void grantTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      super.grantTablePermission(credentials, user, table, permission);
+      impl.grantTablePermission(credentials, user, table, permission);
       audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
@@ -212,7 +446,7 @@ public class AuditedSecurityOperation ex
    */
   public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      super.revokeSystemPermission(credentials, user, permission);
+      impl.revokeSystemPermission(credentials, user, permission);
       audit(credentials, "revoked permission %s for %s", permission, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "revoking permission %s on %s", permission, user);
@@ -229,7 +463,7 @@ public class AuditedSecurityOperation ex
    */
   public void revokeTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      super.revokeTablePermission(credentials, user, table, permission);
+      impl.revokeTablePermission(credentials, user, table, permission);
       audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
@@ -246,7 +480,7 @@ public class AuditedSecurityOperation ex
    */
   public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      boolean result = super.hasSystemPermission(credentials, user, permission);
+      boolean result = impl.hasSystemPermission(credentials, user, permission);
       audit(credentials, "checked permission %s on %s", permission, user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -265,7 +499,7 @@ public class AuditedSecurityOperation ex
    */
   public boolean hasTablePermission(AuthInfo credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
-      boolean result = super.hasTablePermission(credentials, user, table, permission);
+      boolean result = impl.hasTablePermission(credentials, user, table, permission);
       audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
       return result;
     } catch (ThriftSecurityException ex) {
@@ -281,7 +515,7 @@ public class AuditedSecurityOperation ex
    */
   public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException {
     try {
-      Set<String> result = super.listUsers(credentials);
+      Set<String> result = impl.listUsers(credentials);
       audit(credentials, "listUsers");
       return result;
     } catch (ThriftSecurityException ex) {
@@ -297,7 +531,7 @@ public class AuditedSecurityOperation ex
    */
   public void deleteTable(AuthInfo credentials, String table) throws ThriftSecurityException {
     try {
-      super.deleteTable(credentials, table);
+      impl.deleteTable(credentials, table);
       audit(credentials, "deleted table %s", table);
     } catch (ThriftSecurityException ex) {
       audit(credentials, ex, "deleting table %s", table);
@@ -307,7 +541,7 @@ public class AuditedSecurityOperation ex
 
   @Override
   public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException {
-    super.initializeSecurity(credentials, rootuser, rootpass);
+    impl.initializeSecurity(credentials, rootuser, rootpass);
     log.info("Initialized root user with username: " + rootuser + " at the request of user " + credentials.user);
   }
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Fri Sep 28 07:25:59 2012
@@ -152,14 +152,6 @@ public interface PermissionHandler {
   public void initUser(String user) throws AccumuloSecurityException;
   
   /**
-   * Initializes a new user
-   * 
-   * @param user
-   * @throws AccumuloSecurityException
-   */
-  public void initTable(String table) throws AccumuloSecurityException;
-  
-  /**
    * Deletes a user
    * 
    * @param user

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Fri Sep 28 07:25:59 2012
@@ -153,9 +153,9 @@ import org.apache.accumulo.server.master
 import org.apache.accumulo.server.metrics.AbstractMetricsImpl;
 import org.apache.accumulo.server.problems.ProblemReport;
 import org.apache.accumulo.server.problems.ProblemReports;
-import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SecurityOperationImpl;
 import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.tabletserver.Tablet.CommitSession;
 import org.apache.accumulo.server.tabletserver.Tablet.KVEntry;
@@ -2981,7 +2981,7 @@ public class TabletServer extends Abstra
   
   public void config(String hostname) {
     log.info("Tablet server starting on " + hostname);
-    security = AuditedSecurityOperation.getInstance();
+    security = SecurityOperationImpl.getInstance();
     clientAddress = new InetSocketAddress(hostname, 0);
     logger = new TabletServerLogger(this, getSystemConfiguration().getMemoryInBytes(Property.TSERV_WALOG_MAX_SIZE));
     

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java Fri Sep 28 07:25:59 2012
@@ -18,7 +18,6 @@ package org.apache.accumulo.server.test.
 
 import java.io.File;
 import java.lang.management.ManagementFactory;
-import java.nio.ByteBuffer;
 import java.util.HashMap;
 import java.util.Properties;
 
@@ -26,7 +25,6 @@ import org.apache.accumulo.core.client.C
 import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.client.MultiTableBatchWriter;
 import org.apache.accumulo.core.client.ZooKeeperInstance;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.log4j.Logger;
 
@@ -89,19 +87,13 @@ public class State {
     if (connector == null) {
       String instance = props.getProperty("INSTANCE");
       String zookeepers = props.getProperty("ZOOKEEPERS");
-      AuthInfo auth = getAuthInfo();
-      connector = new ZooKeeperInstance(instance, zookeepers).getConnector(auth);
+      String username = props.getProperty("USERNAME");
+      String password = props.getProperty("PASSWORD");
+      connector = new ZooKeeperInstance(instance, zookeepers).getConnector(username, password.getBytes());
     }
     return connector;
   }
   
-  public AuthInfo getAuthInfo() {
-    String username = props.getProperty("USERNAME");
-    String password = props.getProperty("PASSWORD");
-    String instance = props.getProperty("INSTANCE");
-    return new AuthInfo(username, ByteBuffer.wrap(password.getBytes()), instance);
-  }
-
   public Instance getInstance() {
     if (instance == null) {
       instance = HdfsZooInstance.getInstance();

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java Fri Sep 28 07:25:59 2012
@@ -31,12 +31,11 @@ public class AlterSystemPerm extends Tes
   @Override
   public void visit(State state, Properties props) throws Exception {
     Connector conn = state.getConnector();
-    WalkingSecurity ws = new WalkingSecurity(state);
     
     String action = props.getProperty("task", "toggle");
     String perm = props.getProperty("perm", "random");
     
-    String targetUser = WalkingSecurity.get(state).getSysUserName();
+    String targetUser = SecurityHelper.getSysUserName(state);
     
     SystemPermission sysPerm;
     if (perm.equals("random")) {
@@ -46,7 +45,7 @@ public class AlterSystemPerm extends Tes
     } else
       sysPerm = SystemPermission.valueOf(perm);
     
-    boolean hasPerm = ws.hasSystemPermission(targetUser, sysPerm);
+    boolean hasPerm = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm);
     
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
@@ -66,7 +65,6 @@ public class AlterSystemPerm extends Tes
           case GRANT_INVALID:
             if (sysPerm.equals(SystemPermission.GRANT))
               return;
-            throw new AccumuloException("Got GRANT_INVALID when not dealing with GRANT", ae);
           case PERMISSION_DENIED:
             throw new AccumuloException("Test user doesn't have root", ae);
           case USER_DOESNT_EXIST:
@@ -75,7 +73,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      ws.revokeSystemPermission(targetUser, sysPerm);
+      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, false);
     } else if ("give".equals(action)) {
       try {
         conn.securityOperations().grantSystemPermission(targetUser, sysPerm);
@@ -92,7 +90,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      ws.grantSystemPermission(targetUser, sysPerm);
+      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, true);
     }
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java Fri Sep 28 07:25:59 2012
@@ -24,6 +24,8 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
@@ -32,12 +34,15 @@ public class AlterTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getSystemConnector();
+    Connector conn = SecurityHelper.getSystemConnector(state);
     
-    String tableName = WalkingSecurity.get(state).getTableName();
+    String tableName = SecurityHelper.getTableName(state);
     
-    boolean exists = WalkingSecurity.get(state).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysAuthInfo(), tableName);
+    boolean exists = SecurityHelper.getTableExists(state);
+    boolean hasPermission = false;
+    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_TABLE)
+        || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.ALTER_TABLE))
+      hasPermission = true;
     String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
         System.currentTimeMillis());
     
@@ -55,7 +60,7 @@ public class AlterTable extends Test {
         else
           return;
       } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+        if (SecurityHelper.sysUserPassTransient(state))
           return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
@@ -65,7 +70,7 @@ public class AlterTable extends Test {
       else
         return;
     }
-    WalkingSecurity.get(state).setTableName(newName);
+    SecurityHelper.setTableName(state, newName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java Fri Sep 28 07:25:59 2012
@@ -24,7 +24,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -42,16 +41,16 @@ public class AlterTablePerm extends Test
     String perm = props.getProperty("perm", "random");
     String sourceUser = props.getProperty("source", "system");
     String targetUser = props.getProperty("target", "table");
-    boolean tabExists = WalkingSecurity.get(state).getTableExists();
+    boolean tabExists = SecurityHelper.getTableExists(state);
     
     String target;
     if ("table".equals(targetUser))
-      target = WalkingSecurity.get(state).getTabUserName();
+      target = SecurityHelper.getTabUserName(state);
     else
-      target = WalkingSecurity.get(state).getSysUserName();
+      target = SecurityHelper.getSysUserName(state);
     
-    boolean exists = WalkingSecurity.get(state).userExists(target);
-    boolean tableExists = WalkingSecurity.get(state).getTableExists();
+    boolean exists = SecurityHelper.getTabUserExists(state);
+    boolean tableExists = SecurityHelper.getTableExists(state);
     
     TablePermission tabPerm;
     if (perm.equals("random")) {
@@ -60,28 +59,26 @@ public class AlterTablePerm extends Test
       tabPerm = TablePermission.values()[i];
     } else
       tabPerm = TablePermission.valueOf(perm);
-    String tableName = WalkingSecurity.get(state).getTableName();
-    boolean hasPerm = WalkingSecurity.get(state).hasTablePermission(target, tableName, tabPerm);
+    
+    boolean hasPerm = SecurityHelper.getTabPerm(state, target, tabPerm);
     boolean canGive;
-    AuthInfo source;
     if ("system".equals(sourceUser)) {
-      conn = WalkingSecurity.get(state).getSystemConnector();
-      source = WalkingSecurity.get(state).getSysAuthInfo();
+      conn = SecurityHelper.getSystemConnector(state);
+      canGive = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER)
+          || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.GRANT);
     } else if ("table".equals(sourceUser)) {
-      conn = WalkingSecurity.get(state).getTableConnector();
-      source = WalkingSecurity.get(state).getTabAuthInfo();
+      conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
+      canGive = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.GRANT);
     } else {
       conn = state.getConnector();
-      source = state.getAuthInfo();
+      canGive = true;
     }
     
-    canGive = WalkingSecurity.get(state).canGrantTable(source, target, WalkingSecurity.get(state).getTableName());
-
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
       try {
         boolean res;
-        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
+        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, SecurityHelper.getTableName(state), tabPerm)))
           throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
               + " with local vs. accumulo being " + hasPerm + " " + res);
         
@@ -107,10 +104,9 @@ public class AlterTablePerm extends Test
       }
     }
     
-    boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
     if ("take".equals(action)) {
       try {
-        conn.securityOperations().revokeTablePermission(target, tableName, tabPerm);
+        conn.securityOperations().revokeTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -118,7 +114,7 @@ public class AlterTablePerm extends Test
               return;
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException(conn.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
+              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -129,17 +125,17 @@ public class AlterTablePerm extends Test
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
           case BAD_CREDENTIALS:
-            if (!trans)
+            if (!SecurityHelper.sysUserPassTransient(state))
               throw new AccumuloException("Bad credentials for user " + conn.whoami());
             return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      WalkingSecurity.get(state).revokeTablePermission(target, tableName, tabPerm);
+      SecurityHelper.setTabPerm(state, target, tabPerm, false);
     } else if ("give".equals(action)) {
       try {
-        conn.securityOperations().grantTablePermission(target, tableName, tabPerm);
+        conn.securityOperations().grantTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -148,7 +144,7 @@ public class AlterTablePerm extends Test
             throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException(conn.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
+              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -159,14 +155,14 @@ public class AlterTablePerm extends Test
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
           case BAD_CREDENTIALS:
-            if (!trans)
+            if (!SecurityHelper.sysUserPassTransient(state))
               throw new AccumuloException("Bad credentials for user " + conn.whoami());
             return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
+      SecurityHelper.setTabPerm(state, target, tabPerm, true);
     }
     
     if (!exists)
@@ -174,7 +170,7 @@ public class AlterTablePerm extends Test
     if (!tableExists)
       throw new AccumuloException("Table shouldn't have existed, but apparantly does");
     if (!canGive)
-      throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
+      throw new AccumuloException("Source user shouldn't have been able to grant privilege");
     
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java Fri Sep 28 07:25:59 2012
@@ -22,7 +22,7 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,7 +30,7 @@ public class Authenticate extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getSystemConnector();
+    Connector conn = SecurityHelper.getSystemConnector(state);
     
     authenticate(conn, state, props);
   }
@@ -40,20 +40,21 @@ public class Authenticate extends Test {
     boolean success = Boolean.parseBoolean(props.getProperty("valid"));
     
     String target;
-    
-    AuthInfo auth;
+    boolean exists = true;
+    boolean hasPermission = true;
+    byte[] password;
     if (targetProp.equals("table")) {
-      target = WalkingSecurity.get(state).getTabUserName();
-      auth = WalkingSecurity.get(state).getTabAuthInfo();
+      exists = SecurityHelper.getTabUserExists(state);
+      target = SecurityHelper.getTabUserName(state);
+      if (!conn.whoami().equals(state.getConnector().whoami())
+          && !SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.SYSTEM))
+        hasPermission = false;
+      password = Arrays.copyOf(SecurityHelper.getTabUserPass(state), SecurityHelper.getTabUserPass(state).length);
     } else {
-      target = WalkingSecurity.get(state).getSysUserName();
-      auth = WalkingSecurity.get(state).getSysAuthInfo();
+      target = SecurityHelper.getSysUserName(state);
+      password = Arrays.copyOf(SecurityHelper.getSysUserPass(state), SecurityHelper.getSysUserPass(state).length);
     }
-    boolean exists = WalkingSecurity.get(state).userExists(target);
-    // Copy so if failed it doesn't mess with the password stored in state
-    byte[] password = Arrays.copyOf(WalkingSecurity.get(state).getUserPassword(target), WalkingSecurity.get(state).getUserPassword(target).length);
-    boolean hasPermission = WalkingSecurity.get(state).canAskAboutUser(auth, target);
-
+    
     if (!success)
       for (int i = 0; i < password.length; i++)
         password[i]++;

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Fri Sep 28 07:25:59 2012
@@ -23,7 +23,8 @@ import java.util.Random;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -36,25 +37,38 @@ public class ChangePass extends Test {
     String target = props.getProperty("target");
     String source = props.getProperty("source");
     
-    AuthInfo auth;
+    String sourceUser;
     if (source.equals("system")) {
-      conn = WalkingSecurity.get(state).getSystemConnector();
-      auth = WalkingSecurity.get(state).getSysAuthInfo();
+      conn = SecurityHelper.getSystemConnector(state);
+      sourceUser = SecurityHelper.getSysUserName(state);
     } else {
-      conn = WalkingSecurity.get(state).getTableConnector();
-      auth = WalkingSecurity.get(state).getTabAuthInfo();
+      sourceUser = SecurityHelper.getTabUserName(state);
+      try {
+        conn = state.getInstance().getConnector(sourceUser, (SecurityHelper.getTabUserPass(state)));
+      } catch (AccumuloSecurityException ae) {
+        if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+          if (SecurityHelper.getTabUserExists(state))
+            throw new AccumuloException("Got a security exception when the user should have existed", ae);
+          else
+            return;
+        }
+        throw new AccumuloException("Unexpected exception!", ae);
+      }
     }
     
-    boolean hasPerm;
-    boolean targetExists;
+    boolean hasPerm = true;
+    if (!source.equals(target))
+      hasPerm = SecurityHelper.getSysPerm(state, sourceUser, SystemPermission.ALTER_USER);
+    
+    boolean targetExists = true;
+    boolean targetSystem = true;
     if (target.equals("table")) {
-      target = WalkingSecurity.get(state).getTabUserName();
+      targetSystem = false;
+      if (!SecurityHelper.getTabUserExists(state))
+        targetExists = false;
+      target = SecurityHelper.getTabUserName(state);
     } else
-      target = WalkingSecurity.get(state).getSysUserName();
-    
-    targetExists = WalkingSecurity.get(state).userExists(target);
-      
-    hasPerm = WalkingSecurity.get(state).canChangePassword(auth, target);
+      target = SecurityHelper.getSysUserName(state);
     
     Random r = new Random();
     
@@ -76,14 +90,17 @@ public class ChangePass extends Test {
             throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
           return;
         case BAD_CREDENTIALS:
-          if (!WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+          if (!SecurityHelper.sysUserPassTransient(state))
             throw new AccumuloException("Bad credentials for user " + conn.whoami());
           return;
         default:
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    WalkingSecurity.get(state).changePassword(target, newPass);
+    if (targetSystem) {
+      SecurityHelper.setSysUserPass(state, newPass);
+    } else
+      SecurityHelper.setTabUserPass(state, newPass);
     if (!hasPerm)
       throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java Fri Sep 28 07:25:59 2012
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
@@ -31,12 +32,14 @@ public class CreateTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getSystemConnector();
+    Connector conn = SecurityHelper.getSystemConnector(state);
     
-    String tableName = WalkingSecurity.get(state).getTableName();
+    String tableName = SecurityHelper.getTableName(state);
     
-    boolean exists = WalkingSecurity.get(state).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysAuthInfo());
+    boolean exists = SecurityHelper.getTableExists(state);
+    boolean hasPermission = false;
+    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_TABLE))
+      hasPermission = true;
     
     try {
       conn.tableOperations().create(tableName);
@@ -49,7 +52,7 @@ public class CreateTable extends Test {
         {
           try {
             state.getConnector().tableOperations().create(tableName);
-            WalkingSecurity.get(state).initTable(tableName);
+            SecurityHelper.setTableExists(state, true);
           } catch (TableExistsException tee) {
             if (exists)
               return;
@@ -66,9 +69,9 @@ public class CreateTable extends Test {
       else
         return;
     }
-    WalkingSecurity.get(state).initTable(tableName);
+    SecurityHelper.setTableExists(state, true);
     for (TablePermission tp : TablePermission.values())
-      WalkingSecurity.get(state).grantTablePermission(conn.whoami(), tableName, tp);
+      SecurityHelper.setTabPerm(state, conn.whoami(), tp, true);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java Fri Sep 28 07:25:59 2012
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -29,12 +30,14 @@ public class CreateUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getSystemConnector();
+    Connector conn = SecurityHelper.getSystemConnector(state);
     
-    String tableUserName = WalkingSecurity.get(state).getTabUserName();
+    String tableUserName = SecurityHelper.getTabUserName(state);
     
-    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
-    boolean hasPermission = WalkingSecurity.get(state).canCreateUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
+    boolean exists = SecurityHelper.getTabUserExists(state);
+    boolean hasPermission = false;
+    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_USER))
+      hasPermission = true;
     byte[] tabUserPass = "Super Sekret Table User Password".getBytes();
     try {
       conn.securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
@@ -48,7 +51,8 @@ public class CreateUser extends Test {
           {
             if (!exists) {
               state.getConnector().securityOperations().createUser(tableUserName, tabUserPass, new Authorizations());
-              WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
+              SecurityHelper.setTabUserPass(state, tabUserPass);
+              SecurityHelper.setTabUserExists(state, true);
             }
             return;
           }
@@ -61,7 +65,8 @@ public class CreateUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    WalkingSecurity.get(state).createUser(tableUserName, tabUserPass);
+    SecurityHelper.setTabUserPass(state, tabUserPass);
+    SecurityHelper.setTabUserExists(state, true);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java Fri Sep 28 07:25:59 2012
@@ -23,7 +23,8 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
@@ -38,19 +39,21 @@ public class DropTable extends Test {
   public static void dropTable(State state, Properties props) throws Exception {
     String sourceUser = props.getProperty("source", "system");
     Connector conn;
-    AuthInfo auth;
+    String username;
     if (sourceUser.equals("table")) {
-      auth = WalkingSecurity.get(state).getTabAuthInfo();
-      conn = WalkingSecurity.get(state).getTableConnector();
+      username = SecurityHelper.getTabUserName(state);
+      conn = state.getInstance().getConnector(username, SecurityHelper.getTabUserPass(state));
     } else {
-      auth = WalkingSecurity.get(state).getSysAuthInfo();
-      conn = WalkingSecurity.get(state).getSystemConnector();
+      username = SecurityHelper.getSysUserName(state);
+      conn = SecurityHelper.getSystemConnector(state);
     }
     
-    String tableName = WalkingSecurity.get(state).getTableName();
+    String tableName = SecurityHelper.getTableName(state);
     
-    boolean exists = WalkingSecurity.get(state).getTableExists();
-    boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(auth, tableName);
+    boolean exists = SecurityHelper.getTableExists(state);
+    boolean hasPermission = false;
+    if (SecurityHelper.getSysPerm(state, username, SystemPermission.DROP_TABLE) || SecurityHelper.getTabPerm(state, username, TablePermission.DROP_TABLE))
+      hasPermission = true;
     
     try {
       conn.tableOperations().delete(tableName);
@@ -61,11 +64,14 @@ public class DropTable extends Test {
         else {
           // Drop anyway for sake of state
           state.getConnector().tableOperations().delete(tableName);
-          WalkingSecurity.get(state).cleanTablePermissions(tableName);
+          SecurityHelper.setTableExists(state, false);
+          for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
+            for (TablePermission tp : TablePermission.values())
+              SecurityHelper.setTabPerm(state, user, tp, false);
           return;
         }
       } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+        if (SecurityHelper.sysUserPassTransient(state))
           return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
@@ -75,7 +81,10 @@ public class DropTable extends Test {
       else
         return;
     }
-    WalkingSecurity.get(state).cleanTablePermissions(tableName);
+    SecurityHelper.setTableExists(state, false);
+    for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
+      for (TablePermission tp : TablePermission.values())
+        SecurityHelper.setTabPerm(state, user, tp, false);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java Fri Sep 28 07:25:59 2012
@@ -21,6 +21,8 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -28,13 +30,14 @@ public class DropUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getSystemConnector();
+    Connector conn = SecurityHelper.getSystemConnector(state);
     
-    String tableUserName = WalkingSecurity.get(state).getTabUserName();
-    
-    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
-    boolean hasPermission = WalkingSecurity.get(state).canDropUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
+    String tableUserName = SecurityHelper.getTabUserName(state);
     
+    boolean exists = SecurityHelper.getTabUserExists(state);
+    boolean hasPermission = false;
+    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.DROP_USER))
+      hasPermission = true;
     try {
       conn.securityOperations().dropUser(tableUserName);
     } catch (AccumuloSecurityException ae) {
@@ -45,7 +48,11 @@ public class DropUser extends Test {
           else {
             if (exists) {
               state.getConnector().securityOperations().dropUser(tableUserName);
-              WalkingSecurity.get(state).dropUser(tableUserName);
+              SecurityHelper.setTabUserExists(state, false);
+              for (TablePermission tp : TablePermission.values())
+                SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+              for (SystemPermission sp : SystemPermission.values())
+                SecurityHelper.setSysPerm(state, tableUserName, sp, false);
             }
             return;
           }
@@ -59,7 +66,11 @@ public class DropUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    WalkingSecurity.get(state).dropUser(tableUserName);
+    SecurityHelper.setTabUserExists(state, false);
+    for (TablePermission tp : TablePermission.values())
+      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+    for (SystemPermission sp : SystemPermission.values())
+      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Fri Sep 28 07:25:59 2012
@@ -17,6 +17,7 @@
 package org.apache.accumulo.server.test.randomwalk.security;
 
 import java.net.InetAddress;
+import java.util.HashMap;
 
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Instance;
@@ -46,22 +47,28 @@ public class SecurityFixture extends Fix
     conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
     sysConn = instance.getConnector(systemUserName, sysUserPass);
     
-    WalkingSecurity.get(state).createUser(systemUserName, sysUserPass);
+    SecurityHelper.setSystemConnector(state, sysConn);
+    SecurityHelper.setSysUserName(state, systemUserName);
+    SecurityHelper.setSysUserPass(state, sysUserPass);
     
-    WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
+    SecurityHelper.setTableExists(state, false);
+    SecurityHelper.setTableExists(state, false);
     
-    WalkingSecurity.get(state).setTableName(secTableName);
-    WalkingSecurity.get(state).setTabUserName(tableUserName);
+    SecurityHelper.setTabUserPass(state, new byte[0]);
+    
+    SecurityHelper.setTableName(state, secTableName);
+    SecurityHelper.setTabUserName(state, tableUserName);
     
     for (TablePermission tp : TablePermission.values()) {
-      WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp);
-      WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp);
+      SecurityHelper.setTabPerm(state, systemUserName, tp, false);
+      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
     }
     for (SystemPermission sp : SystemPermission.values()) {
-      WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
-      WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
+      SecurityHelper.setSysPerm(state, systemUserName, sp, false);
+      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
     }
-    WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
+    SecurityHelper.setUserAuths(state, tableUserName, new Authorizations());
+    SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>());
   }
   
   @Override
@@ -70,20 +77,20 @@ public class SecurityFixture extends Fix
     Validate.validate(state, log);
     Connector conn = state.getConnector();
     
-    if (WalkingSecurity.get(state).getTableExists()) {
-      String secTableName = WalkingSecurity.get(state).getTableName();
+    if (SecurityHelper.getTableExists(state)) {
+      String secTableName = SecurityHelper.getTableName(state);
       log.debug("Dropping tables: " + secTableName);
       
       conn.tableOperations().delete(secTableName);
     }
     
-    if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
-      String tableUserName = WalkingSecurity.get(state).getTabUserName();
+    if (SecurityHelper.getTabUserExists(state)) {
+      String tableUserName = SecurityHelper.getTabUserName(state);
       log.debug("Dropping user: " + tableUserName);
       
       conn.securityOperations().dropUser(tableUserName);
     }
-    String systemUserName = WalkingSecurity.get(state).getSysUserName();
+    String systemUserName = SecurityHelper.getSysUserName(state);
     log.debug("Dropping user: " + systemUserName);
     conn.securityOperations().dropUser(systemUserName);
     

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Fri Sep 28 07:25:59 2012
@@ -23,6 +23,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -36,20 +37,22 @@ public class SetAuths extends Test {
     
     String targetUser = props.getProperty("system");
     String target;
+    boolean exists;
+    boolean hasPermission;
     if ("table".equals(targetUser)) {
-      target = WalkingSecurity.get(state).getTabUserName();
-      conn = WalkingSecurity.get(state).getSystemConnector();
+      target = SecurityHelper.getTabUserName(state);
+      exists = SecurityHelper.getTabUserExists(state);
+      conn = SecurityHelper.getSystemConnector(state);
+      hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER);
     } else {
-      target = WalkingSecurity.get(state).getSysUserName();
+      target = SecurityHelper.getSysUserName(state);
+      exists = true;
       conn = state.getConnector();
+      hasPermission = true;
     }
-
-    boolean exists = WalkingSecurity.get(state).userExists(target);
-    boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(WalkingSecurity.get(state).getSysAuthInfo(), target);
-
     Authorizations auths;
     if (authsString.equals("_random")) {
-      String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray();
+      String[] possibleAuths = SecurityHelper.getAuthsArray();
       
       Random r = new Random();
       int i = r.nextInt(possibleAuths.length);
@@ -85,7 +88,7 @@ public class SetAuths extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    WalkingSecurity.get(state).changeAuthorizations(target, auths);
+    SecurityHelper.setUserAuths(state, target, auths);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1391344&r1=1391343&r2=1391344&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java Fri Sep 28 07:25:59 2012
@@ -52,8 +52,19 @@ public class TableOp extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = WalkingSecurity.get(state).getTableConnector();
-
+    boolean userExists = SecurityHelper.getTabUserExists(state);
+    Connector conn;
+    try {
+      conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
+    } catch (AccumuloSecurityException ae) {
+      if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+        if (userExists)
+          throw new AccumuloException("User didn't exist when they should (or worse- password mismatch)", ae);
+        else
+          return;
+      }
+      throw new AccumuloException("Unexpected exception!", ae);
+    }
     String action = props.getProperty("action", "_random");
     TablePermission tp;
     if ("_random".equalsIgnoreCase(action)) {
@@ -63,17 +74,19 @@ public class TableOp extends Test {
       tp = TablePermission.valueOf(action);
     }
     
-    boolean tableExists = WalkingSecurity.get(state).getTableExists();
-    String tableName = WalkingSecurity.get(state).getTableName();
+    boolean tableExists = SecurityHelper.getTableExists(state);
+    boolean hasPerm = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), tp);
+    
+    String tableName = state.getString("secTableName");
+    boolean ambiguousZone;
     
     switch (tp) {
-      case READ: {
-        boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
-        Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
-        boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
-
+      case READ:
+        Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state));
+        boolean canRead = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.READ);
+        ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp);
         try {
-          Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
+          Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state)));
           int seen = 0;
           Iterator<Entry<Key,Value>> iter = scan.iterator();
           while (iter.hasNext()) {
@@ -85,7 +98,7 @@ public class TableOp extends Test {
           }
           if (!canRead && !ambiguousZone)
             throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + conn.whoami() + " table " + tableName);
-          for (Entry<String,Integer> entry : WalkingSecurity.get(state).getAuthsMap().entrySet()) {
+          for (Entry<String,Integer> entry : SecurityHelper.getAuthsMap(state).entrySet()) {
             if (auths.contains(entry.getKey().getBytes()))
               seen = seen - entry.getValue();
           }
@@ -115,14 +128,13 @@ public class TableOp extends Test {
         }
         
         break;
-      }
       case WRITE:
-        // boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
-        boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
+        // boolean canWrite = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.WRITE);
+        ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp);
 
-        String key = WalkingSecurity.get(state).getLastKey() + "1";
+        String key = SecurityHelper.getLastKey(state) + "1";
         Mutation m = new Mutation(new Text(key));
-        for (String s : WalkingSecurity.get(state).getAuthsArray()) {
+        for (String s : SecurityHelper.getAuthsArray()) {
           m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes()));
         }
         BatchWriter writer;
@@ -144,7 +156,6 @@ public class TableOp extends Test {
           if (ambiguousZone) {
             Thread.sleep(1000);
             try {
-              writer = conn.createBatchWriter(tableName, 9000l, 0l, 1);
               writer.addMutation(m);
               writer.close();
             } catch (MutationsRejectedException mre2) {
@@ -153,19 +164,19 @@ public class TableOp extends Test {
           }
         }
         if (works)
-          for (String s : WalkingSecurity.get(state).getAuthsArray())
-            WalkingSecurity.get(state).increaseAuthMap(s, 1);
+          for (String s : SecurityHelper.getAuthsArray())
+            SecurityHelper.increaseAuthMap(state, s, 1);
         break;
       case BULK_IMPORT:
-        key = WalkingSecurity.get(state).getLastKey() + "1";
+        key = SecurityHelper.getLastKey(state) + "1";
         SortedSet<Key> keys = new TreeSet<Key>();
-        for (String s : WalkingSecurity.get(state).getAuthsArray()) {
+        for (String s : SecurityHelper.getAuthsArray()) {
           Key k = new Key(key, "", "", s);
           keys.add(k);
         }
         Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString());
         Path fail = new Path(dir.toString() + "_fail");
-        FileSystem fs = WalkingSecurity.get(state).getFs();
+        FileSystem fs = SecurityHelper.getFs(state);
         FileSKVWriter f = FileOperations.getInstance().openWriter(dir + "/securityBulk." + RFile.EXTENSION, fs, fs.getConf(),
             AccumuloConfiguration.getDefaultConfiguration());
         f.startDefaultLocalityGroup();
@@ -181,26 +192,25 @@ public class TableOp extends Test {
           return;
         } catch (AccumuloSecurityException ae) {
           if (ae.getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
-            if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
+            if (hasPerm)
               throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
             return;
           } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-            if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+            if (SecurityHelper.sysUserPassTransient(state))
               return;
           }
           throw new AccumuloException("Unexpected exception!", ae);
         }
-        for (String s : WalkingSecurity.get(state).getAuthsArray())
-          WalkingSecurity.get(state).increaseAuthMap(s, 1);
+        for (String s : SecurityHelper.getAuthsArray())
+          SecurityHelper.increaseAuthMap(state, s, 1);
         fs.delete(dir, true);
         fs.delete(fail, true);
 
-        if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
+        if (!hasPerm)
           throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
         break;
       case ALTER_TABLE:
-        AlterTable.renameTable(conn, state, tableName, tableName + "plus",
-            WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabAuthInfo(), tableName), tableExists);
+        AlterTable.renameTable(conn, state, tableName, tableName + "plus", hasPerm, tableExists);
         break;
       
       case GRANT:



Mime
View raw message