accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1437605 [10/12] - in /accumulo/branches/ACCUMULO-259: core/src/main/java/org/apache/accumulo/core/cli/ core/src/main/java/org/apache/accumulo/core/client/ core/src/main/java/org/apache/accumulo/core/client/admin/ core/src/main/java/org/apa...
Date Wed, 23 Jan 2013 18:05:13 GMT
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Wed Jan 23 18:05:10 2013
@@ -16,8 +16,6 @@
  */
 package org.apache.accumulo.server.security;
 
-import java.nio.ByteBuffer;
-import java.util.Arrays;
 import java.util.Set;
 
 import org.apache.accumulo.core.Constants;
@@ -30,9 +28,10 @@ import org.apache.accumulo.core.conf.Pro
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.security.handler.Authenticator;
@@ -56,6 +55,8 @@ public class SecurityOperation {
   private static String rootUserName = null;
   private final ZooCache zooCache;
   private final String ZKUserPath;
+
+  private String instanceId;
   
   protected static SecurityOperation instance;
   
@@ -100,11 +101,13 @@ public class SecurityOperation {
    * @Deprecated not for client use
    */
   public SecurityOperation(String instanceId) {
+    this.instanceId = instanceId;
     ZKUserPath = Constants.ZROOT + "/" + instanceId + "/users";
     zooCache = new ZooCache();
   }
   
   public SecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
+    this(instanceId);
     authorizor = author;
     authenticator = authent;
     permHandle = pm;
@@ -113,22 +116,19 @@ public class SecurityOperation {
         || !permHandle.validSecurityHandlers(authent, author))
       throw new RuntimeException(authorizor + ", " + authenticator + ", and " + pm
           + " do not play nice with eachother. Please choose authentication and authorization mechanisms that are compatible with one another.");
-    
-    ZKUserPath = Constants.ZROOT + "/" + instanceId + "/users";
-    zooCache = new ZooCache();
   }
   
-  public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> rootToken) throws AccumuloSecurityException, ThriftSecurityException {
     authenticate(credentials);
     
-    if (!credentials.user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+    if (!credentials.getPrincipal().equals(SecurityConstants.SYSTEM_USERNAME))
+      throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
-    authenticator.initializeSecurity(credentials, rootuser, rootpass);
-    authorizor.initializeSecurity(rootuser);
-    permHandle.initializeSecurity(rootuser);
+    authenticator.initializeSecurity(credentials, rootToken);
+    authorizor.initializeSecurity(credentials, rootToken.getPrincipal());
+    permHandle.initializeSecurity(credentials, rootToken.getPrincipal());
     try {
-      permHandle.grantTablePermission(rootuser, Constants.METADATA_TABLE_ID, TablePermission.ALTER_TABLE);
+      permHandle.grantTablePermission(rootToken.getPrincipal(), Constants.METADATA_TABLE_ID, TablePermission.ALTER_TABLE);
     } catch (TableNotFoundException e) {
       // Shouldn't happen
       throw new RuntimeException(e);
@@ -141,31 +141,31 @@ public class SecurityOperation {
     return rootUserName;
   }
   
-  private void authenticate(String user, ByteBuffer password, String instance) throws ThriftSecurityException {
-    if (!instance.equals(HdfsZooInstance.getInstance().getInstanceID()))
-      throw new ThriftSecurityException(user, SecurityErrorCode.INVALID_INSTANCEID);
-    
-    if (user.equals(SecurityConstants.SYSTEM_USERNAME)) {
-      if (Arrays.equals(SecurityConstants.getSystemCredentials().password.array(), password.array())
-          && instance.equals(SecurityConstants.getSystemCredentials().instanceId))
+  private void authenticate(InstanceTokenWrapper credentials) throws ThriftSecurityException {
+    if (!credentials.getInstance().equals(HdfsZooInstance.getInstance().getInstanceID()))
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);
+    
+    if (credentials.getPrincipal().equals(SecurityConstants.SYSTEM_USERNAME)) {
+      if (SecurityConstants.getSystemCredentials().getToken().equals(credentials.getToken())
+          && instanceId.equals(SecurityConstants.getSystemCredentials().getInstance()))
         return;
       else
-        throw new ThriftSecurityException(user, SecurityErrorCode.BAD_CREDENTIALS);
+        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
     }
     
-    if (!authenticator.authenticateUser(user, password, instance)) {
-      throw new ThriftSecurityException(user, SecurityErrorCode.BAD_CREDENTIALS);
+    try {
+      if (!authenticator.authenticateUser(credentials.getToken())) {
+        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
+      }
+    } catch (AccumuloSecurityException e) {
+      throw e.asThriftException();
     }
   }
   
-  private void authenticate(AuthInfo credentials) throws ThriftSecurityException {
-    authenticate(credentials.user, credentials.password, credentials.instanceId);
-  }
-  
-  public boolean canAskAboutUser(AuthInfo credentials, String user) throws ThriftSecurityException {
+  public boolean canAskAboutUser(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
     // Authentication done in canPerformSystemActions
-    if (!(canPerformSystemActions(credentials) || credentials.user.equals(user)))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+    if (!(canPerformSystemActions(credentials) || credentials.getPrincipal().equals(user)))
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return true;
   }
   
@@ -176,10 +176,13 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean authenticateUser(AuthInfo credentials, String user, ByteBuffer password) throws ThriftSecurityException {
-    canAskAboutUser(credentials, user);
-    return authenticator.authenticateUser(user, password, credentials.instanceId);
-    
+  public boolean authenticateUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+    canAskAboutUser(credentials, token.getPrincipal());
+    try {
+      return authenticator.authenticateUser(token);
+    } catch (AccumuloSecurityException e) {
+      throw e.asThriftException();
+    }    
   }
   
   /**
@@ -188,13 +191,13 @@ public class SecurityOperation {
    * @return The given user's authorizations
    * @throws ThriftSecurityException
    */
-  public Authorizations getUserAuthorizations(AuthInfo credentials, String user) throws ThriftSecurityException {
+  public Authorizations getUserAuthorizations(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
     authenticate(credentials);
     
     targetUserExists(user);
     
-    if (!credentials.user.equals(user) && !hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+    if (!credentials.getPrincipal().equals(user) && !hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false))
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     // system user doesn't need record-level authorizations for the tables it reads (for now)
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
@@ -212,8 +215,8 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public Authorizations getUserAuthorizations(AuthInfo credentials) throws ThriftSecurityException {
-    return getUserAuthorizations(credentials, credentials.user);
+  public Authorizations getUserAuthorizations(InstanceTokenWrapper credentials) throws ThriftSecurityException {
+    return getUserAuthorizations(credentials, credentials.getPrincipal());
   }
   
   /**
@@ -263,12 +266,12 @@ public class SecurityOperation {
   }
   
   // some people just aren't allowed to ask about other users; here are those who can ask
-  private boolean canAskAboutOtherUsers(AuthInfo credentials, String user) throws ThriftSecurityException {
+  private boolean canAskAboutOtherUsers(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
     authenticate(credentials);
-    return credentials.user.equals(user) || hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false)
-        || hasSystemPermission(credentials, credentials.user, SystemPermission.CREATE_USER)
-        || hasSystemPermission(credentials, credentials.user, SystemPermission.ALTER_USER)
-        || hasSystemPermission(credentials, credentials.user, SystemPermission.DROP_USER);
+    return credentials.getPrincipal().equals(user) || hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false)
+        || hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_USER, false)
+        || hasSystemPermission(credentials.getPrincipal(), SystemPermission.ALTER_USER, false)
+        || hasSystemPermission(credentials.getPrincipal(), SystemPermission.DROP_USER, false);
   }
   
   /**
@@ -290,9 +293,9 @@ public class SecurityOperation {
    * @throws ThriftSecurityException
    * @throws TableNotFoundException
    */
-  public boolean canScan(AuthInfo credentials, String table) throws ThriftSecurityException {
+  public boolean canScan(InstanceTokenWrapper credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials.user, table, TablePermission.READ, true);
+    return hasTablePermission(credentials.getPrincipal(), table, TablePermission.READ, true);
   }
   
   /**
@@ -302,9 +305,9 @@ public class SecurityOperation {
    * @throws ThriftSecurityException
    * @throws TableNotFoundException
    */
-  public boolean canWrite(AuthInfo credentials, String table) throws ThriftSecurityException {
+  public boolean canWrite(InstanceTokenWrapper credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials.user, table, TablePermission.WRITE, true);
+    return hasTablePermission(credentials.getPrincipal(), table, TablePermission.WRITE, true);
   }
   
   /**
@@ -314,10 +317,11 @@ public class SecurityOperation {
    * @throws ThriftSecurityException
    * @throws TableNotFoundException
    */
-  public boolean canSplitTablet(AuthInfo credentials, String table) throws ThriftSecurityException {
+  public boolean canSplitTablet(InstanceTokenWrapper credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasSystemPermission(credentials.user, SystemPermission.ALTER_TABLE, false) || hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false)
-        || hasTablePermission(credentials.user, table, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermission(credentials.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false)
+        || hasTablePermission(credentials.getPrincipal(), table, TablePermission.ALTER_TABLE, false);
   }
   
   /**
@@ -328,9 +332,9 @@ public class SecurityOperation {
    *           This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system
    *           properties.
    */
-  public boolean canPerformSystemActions(AuthInfo credentials) throws ThriftSecurityException {
+  public boolean canPerformSystemActions(InstanceTokenWrapper credentials) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasSystemPermission(credentials.user, SystemPermission.SYSTEM, false);
+    return hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false);
   }
   
   /**
@@ -339,9 +343,10 @@ public class SecurityOperation {
    * @throws ThriftSecurityException
    * @throws ThriftTableOperationException
    */
-  public boolean canFlush(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canFlush(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c.user, tableId, TablePermission.WRITE, false) || hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false);
+    return hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
   /**
@@ -350,18 +355,19 @@ public class SecurityOperation {
    * @throws ThriftSecurityException
    * @throws ThriftTableOperationException
    */
-  public boolean canAlterTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canAlterTable(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false) || hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false);
+    return hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false)
+        || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false);
   }
   
   /**
    * @param c
    * @throws ThriftSecurityException
    */
-  public boolean canCreateTable(AuthInfo c) throws ThriftSecurityException {
+  public boolean canCreateTable(InstanceTokenWrapper c) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.CREATE_TABLE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false);
   }
   
   /**
@@ -371,9 +377,10 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canRenameTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canRenameTable(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
   /**
@@ -382,9 +389,10 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canCloneTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canCloneTable(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.CREATE_TABLE, false) && hasTablePermission(c.user, tableId, TablePermission.READ, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false)
+        && hasTablePermission(c.getPrincipal(), tableId, TablePermission.READ, false);
   }
   
   /**
@@ -394,9 +402,10 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canDeleteTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteTable(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.DROP_TABLE, false) || hasTablePermission(c.user, tableId, TablePermission.DROP_TABLE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.DROP_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.DROP_TABLE, false);
   }
   
   /**
@@ -406,10 +415,10 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canOnlineOfflineTable(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canOnlineOfflineTable(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.SYSTEM, false) || hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false)
-        || hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
   /**
@@ -419,10 +428,10 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canMerge(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canMerge(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.SYSTEM, false) || hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false)
-        || hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
   /**
@@ -432,9 +441,9 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canDeleteRange(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteRange(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.SYSTEM, false) || hasTablePermission(c.user, tableId, TablePermission.WRITE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
   }
   
   /**
@@ -444,9 +453,9 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canBulkImport(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canBulkImport(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasTablePermission(c.user, tableId, TablePermission.BULK_IMPORT, false);
+    return hasTablePermission(c.getPrincipal(), tableId, TablePermission.BULK_IMPORT, false);
   }
   
   /**
@@ -456,10 +465,11 @@ public class SecurityOperation {
    * @throws TableNotFoundException
    * @throws ThriftSecurityException
    */
-  public boolean canCompact(AuthInfo c, String tableId) throws ThriftSecurityException {
+  public boolean canCompact(InstanceTokenWrapper c, String tableId) throws ThriftSecurityException {
     authenticate(c);
-    return hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c.user, tableId, TablePermission.ALTER_TABLE, false)
-        || hasTablePermission(c.user, tableId, TablePermission.WRITE, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
   }
   
   /**
@@ -467,11 +477,11 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canChangeAuthorizations(AuthInfo c, String user) throws ThriftSecurityException {
+  public boolean canChangeAuthorizations(InstanceTokenWrapper c, String user) throws ThriftSecurityException {
     authenticate(c);
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
-    return hasSystemPermission(c.user, SystemPermission.ALTER_USER, false);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_USER, false);
   }
   
   /**
@@ -480,11 +490,11 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canChangePassword(AuthInfo c, String user) throws ThriftSecurityException {
+  public boolean canChangePassword(InstanceTokenWrapper c, String user) throws ThriftSecurityException {
     authenticate(c);
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
-    return c.user.equals(user) || hasSystemPermission(c.user, SystemPermission.ALTER_USER, false);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+    return c.getPrincipal().equals(user) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_USER, false);
   }
   
   /**
@@ -493,14 +503,14 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canCreateUser(AuthInfo c, String user) throws ThriftSecurityException {
+  public boolean canCreateUser(InstanceTokenWrapper c, String user) throws ThriftSecurityException {
     authenticate(c);
     
     // don't allow creating a user with the same name as system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
-    return hasSystemPermission(c.user, SystemPermission.CREATE_USER, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_USER, false);
   }
   
   /**
@@ -509,14 +519,14 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canDropUser(AuthInfo c, String user) throws ThriftSecurityException {
+  public boolean canDropUser(InstanceTokenWrapper c, String user) throws ThriftSecurityException {
     authenticate(c);
     
     // can't delete root or system users
     if (user.equals(getRootUsername()) || user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
-    return hasSystemPermission(c.user, SystemPermission.DROP_USER, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.DROP_USER, false);
   }
   
   /**
@@ -526,18 +536,18 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canGrantSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+  public boolean canGrantSystem(InstanceTokenWrapper c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     // can't grant GRANT
     if (sysPerm.equals(SystemPermission.GRANT))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.GRANT_INVALID);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.GRANT_INVALID);
     
-    return hasSystemPermission(c.user, SystemPermission.GRANT, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.GRANT, false);
   }
   
   /**
@@ -547,14 +557,15 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canGrantTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+  public boolean canGrantTable(InstanceTokenWrapper c, String user, String table) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
-    return hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c.user, table, TablePermission.GRANT, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), table, TablePermission.GRANT, false);
   }
   
   /**
@@ -564,18 +575,18 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canRevokeSystem(AuthInfo c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+  public boolean canRevokeSystem(InstanceTokenWrapper c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system or root user
     if (user.equals(getRootUsername()) || user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     // can't revoke GRANT
     if (sysPerm.equals(SystemPermission.GRANT))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.GRANT_INVALID);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.GRANT_INVALID);
     
-    return hasSystemPermission(c.user, SystemPermission.GRANT, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.GRANT, false);
   }
   
   /**
@@ -585,14 +596,15 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean canRevokeTable(AuthInfo c, String user, String table) throws ThriftSecurityException {
+  public boolean canRevokeTable(InstanceTokenWrapper c, String user, String table) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
-    return hasSystemPermission(c.user, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c.user, table, TablePermission.GRANT, false);
+    return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
+        || hasTablePermission(c.getPrincipal(), table, TablePermission.GRANT, false);
   }
   
   /**
@@ -601,15 +613,15 @@ public class SecurityOperation {
    * @param authorizations
    * @throws ThriftSecurityException
    */
-  public void changeAuthorizations(AuthInfo credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
+  public void changeAuthorizations(InstanceTokenWrapper credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     if (!canChangeAuthorizations(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     targetUserExists(user);
     
     try {
       authorizor.changeAuthorizations(user, authorizations);
-      log.info("Changed authorizations for user " + user + " at the request of user " + credentials.user);
+      log.info("Changed authorizations for user " + user + " at the request of user " + credentials.getPrincipal());
     } catch (AccumuloSecurityException ase) {
       throw ase.asThriftException();
     }
@@ -621,12 +633,12 @@ public class SecurityOperation {
    * @param bytes
    * @throws ThriftSecurityException
    */
-  public void changePassword(AuthInfo credentials, String user, byte[] pass) throws ThriftSecurityException {
-    if (!canChangePassword(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+  public void changePassword(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+    if (!canChangePassword(credentials, token.getPrincipal()))
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
-      authenticator.changePassword(user, pass);
-      log.info("Changed password for user " + user + " at the request of user " + credentials.user);
+      authenticator.changePassword(token);
+      log.info("Changed password for user " + token.getPrincipal() + " at the request of user " + credentials.getPrincipal());
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     }
@@ -639,16 +651,16 @@ public class SecurityOperation {
    * @param authorizations
    * @throws ThriftSecurityException
    */
-  public void createUser(AuthInfo credentials, String user, byte[] pass, Authorizations authorizations) throws ThriftSecurityException {
-    if (!canCreateUser(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
-    try {
-      authenticator.createUser(user, pass);
-      authorizor.initUser(user);
-      permHandle.initUser(user);
-      log.info("Created user " + user + " at the request of user " + credentials.user);
-      if (canChangeAuthorizations(credentials, user))
-        authorizor.changeAuthorizations(user, authorizations);
+  public void createUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token, Authorizations authorizations) throws ThriftSecurityException {
+    if (!canCreateUser(credentials, token.getPrincipal()))
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+    try {
+      authenticator.createUser(token);
+      authorizor.initUser(token.getPrincipal());
+      permHandle.initUser(token.getPrincipal());
+      log.info("Created user " + token.getPrincipal() + " at the request of user " + credentials.getPrincipal());
+      if (canChangeAuthorizations(credentials, token.getPrincipal()))
+        authorizor.changeAuthorizations(token.getPrincipal(), authorizations);
     } catch (AccumuloSecurityException ase) {
       throw ase.asThriftException();
     }
@@ -659,14 +671,14 @@ public class SecurityOperation {
    * @param user
    * @throws ThriftSecurityException
    */
-  public void dropUser(AuthInfo credentials, String user) throws ThriftSecurityException {
+  public void dropUser(InstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
     if (!canDropUser(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
       authorizor.dropUser(user);
       authenticator.dropUser(user);
       permHandle.cleanUser(user);
-      log.info("Deleted user " + user + " at the request of user " + credentials.user);
+      log.info("Deleted user " + user + " at the request of user " + credentials.getPrincipal());
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     }
@@ -678,15 +690,15 @@ public class SecurityOperation {
    * @param permissionById
    * @throws ThriftSecurityException
    */
-  public void grantSystemPermission(AuthInfo credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
+  public void grantSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
     if (!canGrantSystem(credentials, user, permissionById))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     targetUserExists(user);
     
     try {
       permHandle.grantSystemPermission(user, permissionById);
-      log.info("Granted system permission " + permissionById + " for user " + user + " at the request of user " + credentials.user);
+      log.info("Granted system permission " + permissionById + " for user " + user + " at the request of user " + credentials.getPrincipal());
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     }
@@ -699,19 +711,19 @@ public class SecurityOperation {
    * @param permission
    * @throws ThriftSecurityException
    */
-  public void grantTablePermission(AuthInfo c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void grantTablePermission(InstanceTokenWrapper c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
     if (!canGrantTable(c, user, tableId))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     targetUserExists(user);
     
     try {
       permHandle.grantTablePermission(user, tableId, permission);
-      log.info("Granted table permission " + permission + " for user " + user + " on the table " + tableId + " at the request of user " + c.user);
+      log.info("Granted table permission " + permission + " for user " + user + " on the table " + tableId + " at the request of user " + c.getPrincipal());
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     } catch (TableNotFoundException e) {
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.TABLE_DOESNT_EXIST);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
     }
   }
   
@@ -721,15 +733,15 @@ public class SecurityOperation {
    * @param permission
    * @throws ThriftSecurityException
    */
-  public void revokeSystemPermission(AuthInfo credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public void revokeSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     if (!canRevokeSystem(credentials, user, permission))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     targetUserExists(user);
     
     try {
       permHandle.revokeSystemPermission(user, permission);
-      log.info("Revoked system permission " + permission + " for user " + user + " at the request of user " + credentials.user);
+      log.info("Revoked system permission " + permission + " for user " + user + " at the request of user " + credentials.getPrincipal());
       
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
@@ -743,20 +755,20 @@ public class SecurityOperation {
    * @param permission
    * @throws ThriftSecurityException
    */
-  public void revokeTablePermission(AuthInfo c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void revokeTablePermission(InstanceTokenWrapper c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
     if (!canRevokeTable(c, user, tableId))
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
     targetUserExists(user);
     
     try {
       permHandle.revokeTablePermission(user, tableId, permission);
-      log.info("Revoked table permission " + permission + " for user " + user + " on the table " + tableId + " at the request of user " + c.user);
+      log.info("Revoked table permission " + permission + " for user " + user + " on the table " + tableId + " at the request of user " + c.getPrincipal());
       
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     } catch (TableNotFoundException e) {
-      throw new ThriftSecurityException(c.user, SecurityErrorCode.TABLE_DOESNT_EXIST);
+      throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
     }
   }
   
@@ -767,9 +779,9 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean hasSystemPermission(AuthInfo credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
+  public boolean hasSystemPermission(InstanceTokenWrapper credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
     if (!canAskAboutOtherUsers(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return hasSystemPermission(user, permissionById, false);
   }
   
@@ -781,9 +793,10 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean hasTablePermission(AuthInfo credentials, String user, String tableId, TablePermission permissionById) throws ThriftSecurityException {
+  public boolean hasTablePermission(InstanceTokenWrapper credentials, String user, String tableId, TablePermission permissionById)
+      throws ThriftSecurityException {
     if (!canAskAboutOtherUsers(credentials, user))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return hasTablePermission(user, tableId, permissionById, false);
   }
   
@@ -792,7 +805,7 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public Set<String> listUsers(AuthInfo credentials) throws ThriftSecurityException {
+  public Set<String> listUsers(InstanceTokenWrapper credentials) throws ThriftSecurityException {
     authenticate(credentials);
     try {
       return authenticator.listUsers();
@@ -806,26 +819,30 @@ public class SecurityOperation {
    * @param tableId
    * @throws ThriftSecurityException
    */
-  public void deleteTable(AuthInfo credentials, String tableId) throws ThriftSecurityException {
+  public void deleteTable(InstanceTokenWrapper credentials, String tableId) throws ThriftSecurityException {
     if (!canDeleteTable(credentials, tableId))
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
       permHandle.cleanTablePermissions(tableId);
     } catch (AccumuloSecurityException e) {
-      e.setUser(credentials.user);
+      e.setUser(credentials.getPrincipal());
       throw e.asThriftException();
     } catch (TableNotFoundException e) {
-      throw new ThriftSecurityException(credentials.user, SecurityErrorCode.TABLE_DOESNT_EXIST);
+      throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
     }
   }
   
-  public boolean canExport(AuthInfo credentials, String tableId) throws ThriftSecurityException {
+  public boolean canExport(InstanceTokenWrapper credentials, String tableId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasTablePermission(credentials.user, tableId, TablePermission.READ, false);
+    return hasTablePermission(credentials.getPrincipal(), tableId, TablePermission.READ, false);
   }
   
-  public boolean canImport(AuthInfo credentials, String tableId) throws ThriftSecurityException {
+  public boolean canImport(InstanceTokenWrapper credentials, String tableId) throws ThriftSecurityException {
     authenticate(credentials);
-    return hasSystemPermission(credentials.user, SystemPermission.CREATE_TABLE, false);
+    return hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
+  }
+  
+  public String getTokenClassName() {
+    return authenticator.getTokenClassName();
   }
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java Wed Jan 23 18:05:10 2013
@@ -16,11 +16,12 @@
  */
 package org.apache.accumulo.server.security.handler;
 
-import java.nio.ByteBuffer;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 
 /**
  * This interface is used for the system which will be used for authenticating a user. If the implementation does not support configuration through Accumulo, it
@@ -33,17 +34,19 @@ public interface Authenticator {
 
   public boolean validSecurityHandlers(Authorizor auth, PermissionHandler pm);
 
-  public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException;
+  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> at) throws AccumuloSecurityException, ThriftSecurityException;
 
-  public boolean authenticateUser(String user, ByteBuffer password, String instanceId);
+  public boolean authenticateUser(AccumuloToken<?,?> token) throws AccumuloSecurityException;
   
   public Set<String> listUsers() throws AccumuloSecurityException;
   
-  public void createUser(String user, byte[] pass) throws AccumuloSecurityException;
+  public void createUser(AccumuloToken<?,?> user) throws AccumuloSecurityException;
   
   public void dropUser(String user) throws AccumuloSecurityException;
   
-  public void changePassword(String user, byte[] pass) throws AccumuloSecurityException;
+  public void changePassword(AccumuloToken<?,?> user) throws AccumuloSecurityException;
   
   public boolean userExists(String user);
+
+  public String getTokenClassName();
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java Wed Jan 23 18:05:10 2013
@@ -18,6 +18,8 @@ package org.apache.accumulo.server.secur
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 
 /**
  * This interface is used for the system which will be used for getting a users Authorizations. If the implementation does not support configuration through
@@ -45,7 +47,7 @@ public interface Authorizor {
    * @param rootuser
    * @throws AccumuloSecurityException
    */
-  public void initializeSecurity(String rootuser) throws AccumuloSecurityException;
+  public void initializeSecurity(InstanceTokenWrapper credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
   
   /**
    * Used to change the authorizations for the user

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java Wed Jan 23 18:05:10 2013
@@ -16,12 +16,13 @@
  */
 package org.apache.accumulo.server.security.handler;
 
-import java.nio.ByteBuffer;
 import java.util.Collections;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 
 /**
  * This is an Authenticator implementation that doesn't actually do any security. Use at your own risk.
@@ -45,10 +46,10 @@ public class InsecureAuthenticator imple
   }
   
   /* (non-Javadoc)
-   * @see org.apache.accumulo.server.security.handler.Authenticator#initializeSecurity(org.apache.accumulo.core.security.thrift.AuthInfo, java.lang.String, byte[])
+   * @see org.apache.accumulo.server.security.handler.Authenticator#initializeSecurity(org.apache.accumulo.core.security.thrift.InstanceTokenWrapper, java.lang.String, byte[])
    */
   @Override
-  public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException {
     return;
   }
   
@@ -56,7 +57,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#authenticateUser(java.lang.String, java.nio.ByteBuffer, java.lang.String)
    */
   @Override
-  public boolean authenticateUser(String user, ByteBuffer password, String instanceId) {
+  public boolean authenticateUser(AccumuloToken<?,?> token) {
     return true;
   }
   
@@ -72,7 +73,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#createUser(java.lang.String, byte[])
    */
   @Override
-  public void createUser(String user, byte[] pass) throws AccumuloSecurityException {
+  public void createUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
     return;
   }
   
@@ -88,7 +89,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#changePassword(java.lang.String, byte[])
    */
   @Override
-  public void changePassword(String user, byte[] pass) throws AccumuloSecurityException {
+  public void changePassword(AccumuloToken<?,?> token) throws AccumuloSecurityException {
     return;
   }
 
@@ -99,5 +100,10 @@ public class InsecureAuthenticator imple
   public boolean userExists(String user) {
     return true;
   }
+
+  @Override
+  public String getTokenClassName() {
+    return UserPassToken.class.getName();
+  }
   
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java Wed Jan 23 18:05:10 2013
@@ -20,6 +20,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 
 /**
  * This is a Permission Handler implementation that doesn't actually do any security. Use at your own risk.
@@ -46,7 +47,7 @@ public class InsecurePermHandler impleme
    * @see org.apache.accumulo.server.security.handler.PermissionHandler#initializeSecurity(java.lang.String)
    */
   @Override
-  public void initializeSecurity(String rootuser) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper token, String rootuser) throws AccumuloSecurityException {
     return;
   }
   

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Wed Jan 23 18:05:10 2013
@@ -20,6 +20,8 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 
 /**
  * This interface is used for the system which will be used for getting a users permissions. If the implementation does not support configuration through
@@ -47,7 +49,7 @@ public interface PermissionHandler {
    * @param rootuser
    * @throws AccumuloSecurityException
    */
-  public void initializeSecurity(String rootuser) throws AccumuloSecurityException;
+  public void initializeSecurity(InstanceTokenWrapper credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
   
   /**
    * Used to get the system permission for the user

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java Wed Jan 23 18:05:10 2013
@@ -16,16 +16,16 @@
  */
 package org.apache.accumulo.server.security.handler;
 
-import java.nio.ByteBuffer;
 import java.util.Set;
 import java.util.TreeSet;
 
 import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
-import org.apache.accumulo.core.util.ByteBufferUtil;
+import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeMissingPolicy;
@@ -38,7 +38,7 @@ import org.apache.zookeeper.KeeperExcept
 public final class ZKAuthenticator implements Authenticator {
   static final Logger log = Logger.getLogger(ZKAuthenticator.class);
   private static Authenticator zkAuthenticatorInstance = null;
-
+  
   private String ZKUserPath;
   private final ZooCache zooCache;
   
@@ -55,9 +55,12 @@ public final class ZKAuthenticator imple
   public void initialize(String instanceId) {
     ZKUserPath = Constants.ZROOT + "/" + instanceId + "/users";
   }
-
+  
   @Override
-  public void initializeSecurity(AuthInfo credentials, String rootuser, byte[] rootpass) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException {
+    if (!(token instanceof UserPassToken))
+      throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
+    UserPassToken upt = (UserPassToken) token;
     try {
       // remove old settings from zookeeper first, if any
       IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance();
@@ -69,9 +72,9 @@ public final class ZKAuthenticator imple
         }
         
         // prep parent node of users with root username
-        zoo.putPersistentData(ZKUserPath, rootuser.getBytes(), NodeExistsPolicy.FAIL);
+        zoo.putPersistentData(ZKUserPath, upt.getPrincipal().getBytes(), NodeExistsPolicy.FAIL);
         
-        constructUser(rootuser, ZKSecurityTool.createPass(rootpass));
+        constructUser(upt.getPrincipal(), ZKSecurityTool.createPass(upt.getPassword()));
       }
     } catch (KeeperException e) {
       log.error(e, e);
@@ -88,8 +91,7 @@ public final class ZKAuthenticator imple
   /**
    * Sets up the user in ZK for the provided user. No checking for existence is done here, it should be done before calling.
    */
-  private void constructUser(String user, byte[] pass)
-      throws KeeperException, InterruptedException {
+  private void constructUser(String user, byte[] pass) throws KeeperException, InterruptedException {
     synchronized (zooCache) {
       zooCache.clear();
       IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance();
@@ -106,19 +108,22 @@ public final class ZKAuthenticator imple
    * Creates a user with no permissions whatsoever
    */
   @Override
-  public void createUser(String user, byte[] pass) throws AccumuloSecurityException {
+  public void createUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+    if (!(token instanceof UserPassToken))
+      throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
+    UserPassToken upt = (UserPassToken) token;
     try {
-      constructUser(user, ZKSecurityTool.createPass(pass));
+      constructUser(upt.getPrincipal(), ZKSecurityTool.createPass(upt.getPassword()));
     } catch (KeeperException e) {
       if (e.code().equals(KeeperException.Code.NODEEXISTS))
-        throw new AccumuloSecurityException(user, SecurityErrorCode.USER_EXISTS, e);
-      throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
+        throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.USER_EXISTS, e);
+      throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.CONNECTION_ERROR, e);
     } catch (InterruptedException e) {
       log.error(e, e);
       throw new RuntimeException(e);
     } catch (AccumuloException e) {
       log.error(e, e);
-      throw new AccumuloSecurityException(user, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
+      throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
     }
   }
   
@@ -141,25 +146,28 @@ public final class ZKAuthenticator imple
   }
   
   @Override
-  public void changePassword(String user, byte[] pass) throws AccumuloSecurityException {
-    if (userExists(user)) {
+  public void changePassword(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+    if (!(token instanceof UserPassToken))
+      throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
+    UserPassToken upt = (UserPassToken) token;
+    if (userExists(upt.getPrincipal())) {
       try {
         synchronized (zooCache) {
-          zooCache.clear(ZKUserPath + "/" + user);
-          ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(ZKUserPath + "/" + user, ZKSecurityTool.createPass(pass), NodeExistsPolicy.OVERWRITE);
+          zooCache.clear(ZKUserPath + "/" + upt.getPrincipal());
+          ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(ZKUserPath + "/" + upt.getPrincipal(), ZKSecurityTool.createPass(upt.getPassword()), NodeExistsPolicy.OVERWRITE);
         }
       } catch (KeeperException e) {
         log.error(e, e);
-        throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
+        throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.CONNECTION_ERROR, e);
       } catch (InterruptedException e) {
         log.error(e, e);
         throw new RuntimeException(e);
       } catch (AccumuloException e) {
         log.error(e, e);
-        throw new AccumuloSecurityException(user, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
+        throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.DEFAULT_SECURITY_ERROR, e);
       }
     } else
-      throw new AccumuloSecurityException(user, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
+      throw new AccumuloSecurityException(upt.getPrincipal(), SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist
   }
   
   /**
@@ -176,16 +184,24 @@ public final class ZKAuthenticator imple
   }
   
   @Override
-  public boolean authenticateUser(String user, ByteBuffer password, String instanceId) {
+  public boolean authenticateUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+    if (!(token instanceof UserPassToken))
+      throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
+    UserPassToken upt = (UserPassToken) token;
     byte[] pass;
-    String zpath = ZKUserPath + "/" + user;
+    String zpath = ZKUserPath + "/" + upt.getPrincipal();
     pass = zooCache.get(zpath);
-    boolean result = ZKSecurityTool.checkPass(ByteBufferUtil.toBytes(password), pass);
+    boolean result = ZKSecurityTool.checkPass(upt.getPassword(), pass);
     if (!result) {
       zooCache.clear(zpath);
       pass = zooCache.get(zpath);
-      result = ZKSecurityTool.checkPass(ByteBufferUtil.toBytes(password), pass);
+      result = ZKSecurityTool.checkPass(upt.getPassword(), pass);
     }
     return result;
   }
+
+  @Override
+  public String getTokenClassName() {
+    return UserPassToken.class.getName();
+  }
 }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthorizor.java Wed Jan 23 18:05:10 2013
@@ -28,6 +28,7 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeMissingPolicy;
@@ -72,7 +73,7 @@ public class ZKAuthorizor implements Aut
   }
   
   @Override
-  public void initializeSecurity(String rootuser) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper itw, String rootuser) throws AccumuloSecurityException {
     IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance();
 
     // create the root user with all system privileges, no table privileges, and no record-level authorizations

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java Wed Jan 23 18:05:10 2013
@@ -29,6 +29,7 @@ import org.apache.accumulo.core.client.T
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeMissingPolicy;
@@ -222,7 +223,7 @@ public class ZKPermHandler implements Pe
   }
   
   @Override
-  public void initializeSecurity(String rootuser) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper itw, String rootuser) throws AccumuloSecurityException {
     IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance();
     
     // create the root user with all system privileges, no table privileges, and no record-level authorizations

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/Tablet.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/Tablet.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/Tablet.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/Tablet.java Wed Jan 23 18:05:10 2013
@@ -86,7 +86,7 @@ import org.apache.accumulo.core.iterator
 import org.apache.accumulo.core.master.thrift.TabletLoadState;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.ColumnVisibility;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.util.CachedConfiguration;
 import org.apache.accumulo.core.util.LocalityGroupUtil;
 import org.apache.accumulo.core.util.MetadataTable.DataFileValue;
@@ -679,10 +679,10 @@ public class Tablet {
       }
       
       synchronized (bulkFileImportLock) {
-        AuthInfo auths = SecurityConstants.getSystemCredentials();
+        InstanceTokenWrapper auths = SecurityConstants.getSystemCredentials();
         Connector conn;
         try {
-          conn = HdfsZooInstance.getInstance().getConnector(auths.user, auths.password);
+          conn = HdfsZooInstance.getInstance().getConnector(auths);
         } catch (Exception ex) {
           throw new IOException(ex);
         }
@@ -844,7 +844,7 @@ public class Tablet {
         // need to write to !METADATA before writing to walog, when things are done in the reverse order
         // data could be lost... the minor compaction start even should be written before the following metadata
         // write is made
-        AuthInfo creds = SecurityConstants.getSystemCredentials();
+        InstanceTokenWrapper creds = SecurityConstants.getSystemCredentials();
         
         synchronized (timeLock) {
           if (commitSession.getMaxCommittedTime() > persistedTime)
@@ -2278,7 +2278,7 @@ public class Tablet {
       }
       
       if (updateMetadata) {
-        AuthInfo creds = SecurityConstants.getSystemCredentials();
+        InstanceTokenWrapper creds = SecurityConstants.getSystemCredentials();
         // if multiple threads were allowed to update this outside of a sync block, then it would be
         // a race condition
         MetadataTable.updateTabletFlushID(extent, tableFlushID, creds, tabletServer.getLock());

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1437605&r1=1437604&r2=1437605&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Wed Jan 23 18:05:10 2013
@@ -106,9 +106,10 @@ import org.apache.accumulo.core.master.t
 import org.apache.accumulo.core.master.thrift.TabletLoadState;
 import org.apache.accumulo.core.master.thrift.TabletServerStatus;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.tabletserver.thrift.ActiveScan;
 import org.apache.accumulo.core.tabletserver.thrift.ConstraintViolationException;
 import org.apache.accumulo.core.tabletserver.thrift.NoSuchScanIDException;
@@ -575,12 +576,12 @@ public class TabletServer extends Abstra
   
   static class TservConstraintEnv implements Environment {
     
-    private AuthInfo credentials;
+    private InstanceTokenWrapper credentials;
     private SecurityOperation security;
     private Authorizations auths;
     private KeyExtent ke;
     
-    TservConstraintEnv(SecurityOperation secOp, AuthInfo credentials) {
+    TservConstraintEnv(SecurityOperation secOp, InstanceTokenWrapper credentials) {
       this.security = secOp;
       this.credentials = credentials;
     }
@@ -596,7 +597,7 @@ public class TabletServer extends Abstra
     
     @Override
     public String getUser() {
-      return credentials.user;
+      return credentials.getPrincipal();
     }
     
     @Override
@@ -716,7 +717,7 @@ public class TabletServer extends Abstra
     Map<KeyExtent,Long> failures = new HashMap<KeyExtent,Long>();
     HashMap<KeyExtent, SecurityErrorCode> authFailures = new HashMap<KeyExtent, SecurityErrorCode>();
     public Violations violations;
-    public AuthInfo credentials;
+    public InstanceTokenWrapper credentials;
     public long totalUpdates = 0;
     public long flushTime = 0;
     Stat prepareTimes = new Stat();
@@ -873,11 +874,11 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public List<TKeyExtent> bulkImport(TInfo tinfo, AuthInfo credentials, long tid, Map<TKeyExtent,Map<String,MapFileInfo>> files, boolean setTime)
+    public List<TKeyExtent> bulkImport(TInfo tinfo, ThriftInstanceTokenWrapper titw, long tid, Map<TKeyExtent,Map<String,MapFileInfo>> files, boolean setTime)
         throws ThriftSecurityException {
-      
+      InstanceTokenWrapper credentials = new InstanceTokenWrapper(titw);
       if (!security.canPerformSystemActions(credentials))
-        throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
       List<TKeyExtent> failures = new ArrayList<TKeyExtent>();
       
@@ -1091,19 +1092,19 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public InitialScan startScan(TInfo tinfo, AuthInfo credentials, TKeyExtent textent, TRange range, List<TColumn> columns, int batchSize,
+    public InitialScan startScan(TInfo tinfo, ThriftInstanceTokenWrapper credentials, TKeyExtent textent, TRange range, List<TColumn> columns, int batchSize,
         List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, boolean isolated)
         throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
       
       Authorizations userauths = null;
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      if (!security.canScan(itw, new String(textent.getTable())))
+        throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
-      if (!security.canScan(credentials, new String(textent.getTable())))
-        throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
-      
-      userauths = security.getUserAuthorizations(credentials);
+      userauths = security.getUserAuthorizations(itw);
       for (ByteBuffer auth : authorizations)
         if (!userauths.contains(ByteBufferUtil.toBytes(auth)))
-          throw new ThriftSecurityException(credentials.user, SecurityErrorCode.BAD_AUTHORIZATIONS);
+          throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
       
       KeyExtent extent = new KeyExtent(textent);
       
@@ -1125,7 +1126,7 @@ public class TabletServer extends Abstra
         throw new NotServingTabletException(textent);
       
       ScanSession scanSession = new ScanSession();
-      scanSession.user = credentials.user;
+      scanSession.user = itw.getPrincipal();
       scanSession.extent = new KeyExtent(extent);
       scanSession.columnSet = new HashSet<Column>();
       scanSession.ssiList = ssiList;
@@ -1243,24 +1244,25 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public InitialMultiScan startMultiScan(TInfo tinfo, AuthInfo credentials, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns,
+    public InitialMultiScan startMultiScan(TInfo tinfo, ThriftInstanceTokenWrapper credentials, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns,
         List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites) throws ThriftSecurityException {
       // find all of the tables that need to be scanned
       HashSet<String> tables = new HashSet<String>();
       for (TKeyExtent keyExtent : tbatch.keySet()) {
         tables.add(new String(keyExtent.getTable()));
       }
-      
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+
       // check if user has permission to the tables
       Authorizations userauths = null;
       for (String table : tables)
-        if (!security.canScan(credentials, table))
-          throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+        if (!security.canScan(itw, table))
+          throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
-      userauths = security.getUserAuthorizations(credentials);
+      userauths = security.getUserAuthorizations(itw);
       for (ByteBuffer auth : authorizations)
         if (!userauths.contains(ByteBufferUtil.toBytes(auth)))
-          throw new ThriftSecurityException(credentials.user, SecurityErrorCode.BAD_AUTHORIZATIONS);
+          throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
       
       KeyExtent threadPoolExtent = null;
       
@@ -1281,7 +1283,7 @@ public class TabletServer extends Abstra
         writeTracker.waitForWrites(TabletType.type(batch.keySet()));
       
       MultiScanSession mss = new MultiScanSession();
-      mss.user = credentials.user;
+      mss.user = itw.getPrincipal();
       mss.queries = batch;
       mss.columnSet = new HashSet<Column>(tcolumns.size());
       mss.ssiList = ssiList;
@@ -1367,16 +1369,18 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public long startUpdate(TInfo tinfo, AuthInfo credentials) throws ThriftSecurityException {
+    public long startUpdate(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException {
       // Make sure user is real
-      security.authenticateUser(credentials, credentials.user, credentials.password);
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+
+      security.authenticateUser(itw, itw.getToken());
       if (updateMetrics.isEnabled())
         updateMetrics.add(TabletServerUpdateMetrics.permissionErrors, 0);
       
       UpdateSession us = new UpdateSession();
       us.violations = new Violations();
-      us.credentials = credentials;
-      us.cenv = new TservConstraintEnv(security, credentials);
+      us.credentials = itw;
+      us.cenv = new TservConstraintEnv(security, us.credentials);
       
       long sid = sessionManager.createSession(us, false);
       
@@ -1410,7 +1414,7 @@ public class TabletServer extends Abstra
               updateMetrics.add(TabletServerUpdateMetrics.unknownTabletErrors, 0);
           }
         } else {
-          log.warn("Denying access to table " + keyExtent.getTableId() + " for user " + us.credentials.user);
+          log.warn("Denying access to table " + keyExtent.getTableId() + " for user " + us.credentials.getPrincipal());
           long t2 = System.currentTimeMillis();
           us.authTimes.addStat(t2 - t1);
           us.currentTablet = null;
@@ -1420,7 +1424,7 @@ public class TabletServer extends Abstra
           return;
         }
       } catch (ThriftSecurityException e) {
-        log.error("Denying permission to check user " + us.credentials.user + " with user " + e.getUser(), e);
+        log.error("Denying permission to check user " + us.credentials.getPrincipal() + " with user " + e.getUser(), e);
         long t2 = System.currentTimeMillis();
         us.authTimes.addStat(t2 - t1);
         us.currentTablet = null;
@@ -1638,10 +1642,12 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void update(TInfo tinfo, AuthInfo credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
+    public void update(TInfo tinfo, ThriftInstanceTokenWrapper credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
         ConstraintViolationException, ThriftSecurityException {
-      if (!security.canWrite(credentials, new String(tkeyExtent.getTable())))
-        throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+
+      if (!security.canWrite(itw, new String(tkeyExtent.getTable())))
+        throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
       KeyExtent keyExtent = new KeyExtent(tkeyExtent);
       Tablet tablet = onlineTablets.get(new KeyExtent(keyExtent));
@@ -1659,7 +1665,7 @@ public class TabletServer extends Abstra
         List<Mutation> mutations = Collections.singletonList(mutation);
         
         Span prep = Trace.start("prep");
-        CommitSession cs = tablet.prepareMutationsForCommit(new TservConstraintEnv(security, credentials), mutations);
+        CommitSession cs = tablet.prepareMutationsForCommit(new TservConstraintEnv(security, itw), mutations);
         prep.stop();
         if (cs == null) {
           throw new NotServingTabletException(tkeyExtent);
@@ -1687,11 +1693,13 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void splitTablet(TInfo tinfo, AuthInfo credentials, TKeyExtent tkeyExtent, ByteBuffer splitPoint) throws NotServingTabletException,
+    public void splitTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, TKeyExtent tkeyExtent, ByteBuffer splitPoint) throws NotServingTabletException,
         ThriftSecurityException {
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+
       String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
-      if (!security.canSplitTablet(credentials, tableId))
-        throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+      if (!security.canSplitTablet(itw, tableId))
+        throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
       KeyExtent keyExtent = new KeyExtent(tkeyExtent);
       
@@ -1713,12 +1721,12 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public TabletServerStatus getTabletServerStatus(TInfo tinfo, AuthInfo credentials) throws ThriftSecurityException, TException {
+    public TabletServerStatus getTabletServerStatus(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException {
       return getStats(sessionManager.getActiveScansPerTable());
     }
     
     @Override
-    public List<TabletStats> getTabletStats(TInfo tinfo, AuthInfo credentials, String tableId) throws ThriftSecurityException, TException {
+    public List<TabletStats> getTabletStats(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String tableId) throws ThriftSecurityException, TException {
       TreeMap<KeyExtent,Tablet> onlineTabletsCopy;
       synchronized (onlineTablets) {
         onlineTabletsCopy = new TreeMap<KeyExtent,Tablet>(onlineTablets);
@@ -1744,14 +1752,14 @@ public class TabletServer extends Abstra
     
     private ZooCache masterLockCache = new ZooCache();
     
-    private void checkPermission(AuthInfo credentials, String lock, boolean requiresSystemPermission, final String request) throws ThriftSecurityException {
+    private void checkPermission(InstanceTokenWrapper credentials, String lock, boolean requiresSystemPermission, final String request) throws ThriftSecurityException {
       if (requiresSystemPermission) {
         boolean fatal = false;
         try {
-          log.debug("Got " + request + " message from user: " + credentials.user);
+          log.debug("Got " + request + " message from user: " + credentials.getPrincipal());
           if (!security.canPerformSystemActions(credentials)) {
-            log.warn("Got " + request + " message from user: " + credentials.user);
-            throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
+            log.warn("Got " + request + " message from user: " + credentials.getPrincipal());
+            throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           }
         } catch (ThriftSecurityException e) {
           log.warn("Got " + request + " message from unauthenticatable user: " + e.getUser());
@@ -1807,9 +1815,11 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void loadTablet(TInfo tinfo, AuthInfo credentials, String lock, final TKeyExtent textent) {
+    public void loadTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, final TKeyExtent textent) {
+      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+
       try {
-        checkPermission(credentials, lock, true, "loadTablet");
+        checkPermission(itw, lock, true, "loadTablet");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -1873,9 +1883,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void unloadTablet(TInfo tinfo, AuthInfo credentials, String lock, TKeyExtent textent, boolean save) {
+    public void unloadTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, TKeyExtent textent, boolean save) {
       try {
-        checkPermission(credentials, lock, true, "unloadTablet");
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "unloadTablet");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -1887,9 +1897,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void flush(TInfo tinfo, AuthInfo credentials, String lock, String tableId, ByteBuffer startRow, ByteBuffer endRow) {
+    public void flush(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, String tableId, ByteBuffer startRow, ByteBuffer endRow) {
       try {
-        checkPermission(credentials, lock, true, "flush");
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "flush");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -1924,9 +1934,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void flushTablet(TInfo tinfo, AuthInfo credentials, String lock, TKeyExtent textent) throws TException {
+    public void flushTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, TKeyExtent textent) throws TException {
       try {
-        checkPermission(credentials, lock, true, "flushTablet");
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "flushTablet");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -1943,9 +1953,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void halt(TInfo tinfo, AuthInfo credentials, String lock) throws ThriftSecurityException {
+    public void halt(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock) throws ThriftSecurityException {
       
-      checkPermission(credentials, lock, true, "halt");
+      checkPermission(new InstanceTokenWrapper(credentials), lock, true, "halt");
       
       Halt.halt(0, new Runnable() {
         @Override
@@ -1963,7 +1973,7 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void fastHalt(TInfo info, AuthInfo credentials, String lock) {
+    public void fastHalt(TInfo info, ThriftInstanceTokenWrapper credentials, String lock) {
       try {
         halt(info, credentials, lock);
       } catch (Exception e) {
@@ -1972,14 +1982,14 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public TabletStats getHistoricalStats(TInfo tinfo, AuthInfo credentials) throws ThriftSecurityException, TException {
+    public TabletStats getHistoricalStats(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException {
       return statsKeeper.getTabletStats();
     }
     
     @Override
-    public List<ActiveScan> getActiveScans(TInfo tinfo, AuthInfo credentials) throws ThriftSecurityException, TException {
+    public List<ActiveScan> getActiveScans(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException {
       try {
-        checkPermission(credentials, null, true, "getScans");
+        checkPermission(new InstanceTokenWrapper(credentials), null, true, "getScans");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -1989,9 +1999,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void chop(TInfo tinfo, AuthInfo credentials, String lock, TKeyExtent textent) throws TException {
+    public void chop(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, TKeyExtent textent) throws TException {
       try {
-        checkPermission(credentials, lock, true, "chop");
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "chop");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -2006,9 +2016,9 @@ public class TabletServer extends Abstra
     }
     
     @Override
-    public void compact(TInfo tinfo, AuthInfo credentials, String lock, String tableId, ByteBuffer startRow, ByteBuffer endRow) throws TException {
+    public void compact(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, String tableId, ByteBuffer startRow, ByteBuffer endRow) throws TException {
       try {
-        checkPermission(credentials, lock, true, "compact");
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "compact");
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
@@ -2044,10 +2054,10 @@ public class TabletServer extends Abstra
      * (non-Javadoc)
      * 
      * @see org.apache.accumulo.core.tabletserver.thrift.TabletClientService.Iface#removeLogs(org.apache.accumulo.cloudtrace.thrift.TInfo,
-     * org.apache.accumulo.core.security.thrift.AuthInfo, java.util.List)
+     * org.apache.accumulo.core.security.thrift.InstanceTokenWrapper, java.util.List)
      */
     @Override
-    public void removeLogs(TInfo tinfo, AuthInfo credentials, List<String> filenames) throws TException {
+    public void removeLogs(TInfo tinfo, ThriftInstanceTokenWrapper credentials, List<String> filenames) throws TException {
       String myname = getClientAddressString();
       myname = myname.replace(':', '+');
       Path logDir = new Path(Constants.getWalDirectory(acuConf), myname);
@@ -2771,7 +2781,7 @@ public class TabletServer extends Abstra
           while (!serverStopRequested && mm != null && client != null && client.getOutputProtocol() != null
               && client.getOutputProtocol().getTransport() != null && client.getOutputProtocol().getTransport().isOpen()) {
             try {
-              mm.send(SecurityConstants.getSystemCredentials(), getClientAddressString(), iface);
+              mm.send(SecurityConstants.getThriftSystemCredentials(), getClientAddressString(), iface);
               mm = null;
             } catch (TException ex) {
               log.warn("Error sending message: queuing message again");



Mime
View raw message