accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1438354 [11/12] - in /accumulo/trunk: ./ assemble/ bin/ conf/examples/1GB/native-standalone/ conf/examples/1GB/standalone/ conf/examples/2GB/native-standalone/ conf/examples/2GB/standalone/ conf/examples/3GB/native-standalone/ conf/example...
Date Fri, 25 Jan 2013 07:04:29 GMT
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/CopyTool.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/CopyTool.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/CopyTool.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/CopyTool.java Fri Jan 25 07:04:25 2013
@@ -17,7 +17,6 @@
 package org.apache.accumulo.server.test.randomwalk.multitable;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
 
 import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.client.mapreduce.AccumuloInputFormat;
@@ -25,6 +24,7 @@ import org.apache.accumulo.core.client.m
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.hadoop.conf.Configured;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapreduce.Job;
@@ -55,7 +55,7 @@ public class CopyTool extends Configured
     }
     
     job.setInputFormatClass(AccumuloInputFormat.class);
-    AccumuloInputFormat.setConnectorInfo(job, args[0], args[1].getBytes(Charset.forName("UTF-8")));
+    AccumuloInputFormat.setConnectorInfo(job, new UserPassToken(args[0], args[1]));
     AccumuloInputFormat.setInputTableName(job, args[2]);
     AccumuloInputFormat.setScanAuthorizations(job, Constants.NO_AUTHS);
     AccumuloInputFormat.setZooKeeperInstance(job, args[3], args[4]);
@@ -67,7 +67,7 @@ public class CopyTool extends Configured
     job.setNumReduceTasks(0);
     
     job.setOutputFormatClass(AccumuloOutputFormat.class);
-    AccumuloOutputFormat.setConnectorInfo(job, args[0], args[1].getBytes(Charset.forName("UTF-8")));
+    AccumuloOutputFormat.setConnectorInfo(job, new UserPassToken(args[0], args[1]));
     AccumuloOutputFormat.setCreateTables(job, true);
     AccumuloOutputFormat.setDefaultTableName(job, args[5]);
     AccumuloOutputFormat.setZooKeeperInstance(job, args[3], args[4]);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/Write.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/Write.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/Write.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/multitable/Write.java Fri Jan 25 07:04:25 2013
@@ -76,7 +76,7 @@ public class Write extends Test {
     // add mutation
     bw.addMutation(m);
     
-    state.set("numWrites", state.getInteger("numWrites") + 1);
+    state.set("numWrites", state.getLong("numWrites") + 1);
   }
   
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterSystemPerm.java Fri Jan 25 07:04:25 2013
@@ -31,11 +31,12 @@ public class AlterSystemPerm extends Tes
   @Override
   public void visit(State state, Properties props) throws Exception {
     Connector conn = state.getConnector();
+    WalkingSecurity ws = new WalkingSecurity(state);
     
     String action = props.getProperty("task", "toggle");
     String perm = props.getProperty("perm", "random");
     
-    String targetUser = SecurityHelper.getSysUserName(state);
+    String targetUser = WalkingSecurity.get(state).getSysUserName();
     
     SystemPermission sysPerm;
     if (perm.equals("random")) {
@@ -45,7 +46,7 @@ public class AlterSystemPerm extends Tes
     } else
       sysPerm = SystemPermission.valueOf(perm);
     
-    boolean hasPerm = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm);
+    boolean hasPerm = ws.hasSystemPermission(targetUser, sysPerm);
     
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
@@ -65,6 +66,7 @@ public class AlterSystemPerm extends Tes
           case GRANT_INVALID:
             if (sysPerm.equals(SystemPermission.GRANT))
               return;
+            throw new AccumuloException("Got GRANT_INVALID when not dealing with GRANT", ae);
           case PERMISSION_DENIED:
             throw new AccumuloException("Test user doesn't have root", ae);
           case USER_DOESNT_EXIST:
@@ -73,7 +75,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, false);
+      ws.revokeSystemPermission(targetUser, sysPerm);
     } else if ("give".equals(action)) {
       try {
         conn.securityOperations().grantSystemPermission(targetUser, sysPerm);
@@ -90,7 +92,7 @@ public class AlterSystemPerm extends Tes
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setSysPerm(state, SecurityHelper.getSysUserName(state), sysPerm, true);
+      ws.grantSystemPermission(targetUser, sysPerm);
     }
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTable.java Fri Jan 25 07:04:25 2013
@@ -24,8 +24,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
@@ -34,15 +32,12 @@ public class AlterTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysAuthInfo());
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_TABLE)
-        || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.ALTER_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysAuthInfo(), tableName);
     String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
         System.currentTimeMillis());
     
@@ -59,6 +54,9 @@ public class AlterTable extends Test {
           throw new AccumuloException("Got a security exception when I should have had permission.", ae);
         else
           return;
+      } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+          return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
     } catch (TableNotFoundException tnfe) {
@@ -67,7 +65,7 @@ public class AlterTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableName(state, newName);
+    WalkingSecurity.get(state).setTableName(newName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/AlterTablePerm.java Fri Jan 25 07:04:25 2013
@@ -24,6 +24,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -34,23 +35,21 @@ public class AlterTablePerm extends Test
     alter(state, props);
   }
   
-  public static void alter(State state, Properties props) throws Exception {
-    Connector conn;
-    
+  public static void alter(State state, Properties props) throws Exception {    
     String action = props.getProperty("task", "toggle");
     String perm = props.getProperty("perm", "random");
     String sourceUser = props.getProperty("source", "system");
     String targetUser = props.getProperty("target", "table");
-    boolean tabExists = SecurityHelper.getTableExists(state);
+    boolean tabExists = WalkingSecurity.get(state).getTableExists();
     
     String target;
     if ("table".equals(targetUser))
-      target = SecurityHelper.getTabUserName(state);
+      target = WalkingSecurity.get(state).getTabUserName();
     else
-      target = SecurityHelper.getSysUserName(state);
+      target = WalkingSecurity.get(state).getSysUserName();
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean tableExists = SecurityHelper.getTableExists(state);
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    boolean tableExists = WalkingSecurity.get(state).getTableExists();
     
     TablePermission tabPerm;
     if (perm.equals("random")) {
@@ -59,26 +58,26 @@ public class AlterTablePerm extends Test
       tabPerm = TablePermission.values()[i];
     } else
       tabPerm = TablePermission.valueOf(perm);
-    
-    boolean hasPerm = SecurityHelper.getTabPerm(state, target, tabPerm);
+    String tableName = WalkingSecurity.get(state).getTableName();
+    boolean hasPerm = WalkingSecurity.get(state).hasTablePermission(target, tableName, tabPerm);
     boolean canGive;
+    InstanceTokenWrapper source;
     if ("system".equals(sourceUser)) {
-      conn = SecurityHelper.getSystemConnector(state);
-      canGive = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER)
-          || SecurityHelper.getTabPerm(state, SecurityHelper.getSysUserName(state), TablePermission.GRANT);
+      source = WalkingSecurity.get(state).getSysAuthInfo();
     } else if ("table".equals(sourceUser)) {
-      conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
-      canGive = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.GRANT);
+      source = WalkingSecurity.get(state).getTabAuthInfo();
     } else {
-      conn = state.getConnector();
-      canGive = true;
+      source = state.getAuthInfo();
     }
+    Connector conn = state.getInstance().getConnector(source);
     
+    canGive = WalkingSecurity.get(state).canGrantTable(source, target, WalkingSecurity.get(state).getTableName());
+
     // toggle
     if (!"take".equals(action) && !"give".equals(action)) {
       try {
         boolean res;
-        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, SecurityHelper.getTableName(state), tabPerm)))
+        if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
           throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
               + " with local vs. accumulo being " + hasPerm + " " + res);
         
@@ -104,9 +103,10 @@ public class AlterTablePerm extends Test
       }
     }
     
+    boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
     if ("take".equals(action)) {
       try {
-        conn.securityOperations().revokeTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+        conn.securityOperations().revokeTablePermission(target, tableName, tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -114,7 +114,7 @@ public class AlterTablePerm extends Test
               return;
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+              throw new AccumuloException(conn.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -124,14 +124,18 @@ public class AlterTablePerm extends Test
             if (tableExists)
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
+          case BAD_CREDENTIALS:
+            if (!trans)
+              throw new AccumuloException("Bad credentials for user " + conn.whoami());
+            return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setTabPerm(state, target, tabPerm, false);
+      WalkingSecurity.get(state).revokeTablePermission(target, tableName, tabPerm);
     } else if ("give".equals(action)) {
       try {
-        conn.securityOperations().grantTablePermission(target, SecurityHelper.getTableName(state), tabPerm);
+        conn.securityOperations().grantTablePermission(target, tableName, tabPerm);
       } catch (AccumuloSecurityException ae) {
         switch (ae.getErrorCode()) {
           case GRANT_INVALID:
@@ -140,7 +144,7 @@ public class AlterTablePerm extends Test
             throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
           case PERMISSION_DENIED:
             if (canGive)
-              throw new AccumuloException("Test user failed to give permission when it should have worked", ae);
+              throw new AccumuloException(conn.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
             return;
           case USER_DOESNT_EXIST:
             if (exists)
@@ -150,11 +154,15 @@ public class AlterTablePerm extends Test
             if (tableExists)
               throw new AccumuloException("Table doesn't exist but it should", ae);
             return;
+          case BAD_CREDENTIALS:
+            if (!trans)
+              throw new AccumuloException("Bad credentials for user " + conn.whoami());
+            return;
           default:
             throw new AccumuloException("Got unexpected exception", ae);
         }
       }
-      SecurityHelper.setTabPerm(state, target, tabPerm, true);
+      WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
     }
     
     if (!exists)
@@ -162,7 +170,7 @@ public class AlterTablePerm extends Test
     if (!tableExists)
       throw new AccumuloException("Table shouldn't have existed, but apparantly does");
     if (!canGive)
-      throw new AccumuloException("Source user shouldn't have been able to grant privilege");
+      throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
     
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Authenticate.java Fri Jan 25 07:04:25 2013
@@ -22,7 +22,7 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,31 +30,27 @@ public class Authenticate extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
-    
-    authenticate(conn, state, props);
+    authenticate(WalkingSecurity.get(state).getSysAuthInfo(), state, props);
   }
   
-  public static void authenticate(Connector conn, State state, Properties props) throws Exception {
+  public static void authenticate(InstanceTokenWrapper auth, State state, Properties props) throws Exception {
     String targetProp = props.getProperty("target");
     boolean success = Boolean.parseBoolean(props.getProperty("valid"));
     
+    Connector conn = state.getInstance().getConnector(auth);
+    
     String target;
-    boolean exists = true;
-    boolean hasPermission = true;
-    byte[] password;
+    
     if (targetProp.equals("table")) {
-      exists = SecurityHelper.getTabUserExists(state);
-      target = SecurityHelper.getTabUserName(state);
-      if (!conn.whoami().equals(state.getConnector().whoami())
-          && !SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.SYSTEM))
-        hasPermission = false;
-      password = Arrays.copyOf(SecurityHelper.getTabUserPass(state), SecurityHelper.getTabUserPass(state).length);
+      target = WalkingSecurity.get(state).getTabUserName();
     } else {
-      target = SecurityHelper.getSysUserName(state);
-      password = Arrays.copyOf(SecurityHelper.getSysUserPass(state), SecurityHelper.getSysUserPass(state).length);
+      target = WalkingSecurity.get(state).getSysUserName();
     }
-    
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    // Copy so if failed it doesn't mess with the password stored in state
+    byte[] password = Arrays.copyOf(WalkingSecurity.get(state).getUserPassword(target), WalkingSecurity.get(state).getUserPassword(target).length);
+    boolean hasPermission = WalkingSecurity.get(state).canAskAboutUser(auth, target);
+
     if (!success)
       for (int i = 0; i < password.length; i++)
         password[i]++;
@@ -77,6 +73,7 @@ public class Authenticate extends Test {
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
     if (result != (success && exists))
-      throw new AccumuloException("Got " + result + " as the result when it should be " + success);
+      throw new AccumuloException("Authentication " + (result ? "succeeded" : "failed") + " when it should have "
+          + ((success && exists) ? "succeeded" : "failed") + " while the user exists? " + exists);
   }
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Fri Jan 25 07:04:25 2013
@@ -16,15 +16,14 @@
  */
 package org.apache.accumulo.server.test.randomwalk.security;
 
-import java.math.BigInteger;
 import java.util.Properties;
 import java.util.Random;
 
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -32,50 +31,33 @@ public class ChangePass extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn;
-    
     String target = props.getProperty("target");
     String source = props.getProperty("source");
     
-    String sourceUser;
+    InstanceTokenWrapper auth;
     if (source.equals("system")) {
-      conn = SecurityHelper.getSystemConnector(state);
-      sourceUser = SecurityHelper.getSysUserName(state);
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
     } else {
-      sourceUser = SecurityHelper.getTabUserName(state);
-      try {
-        conn = state.getInstance().getConnector(sourceUser, (SecurityHelper.getTabUserPass(state)));
-      } catch (AccumuloSecurityException ae) {
-        if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-          if (SecurityHelper.getTabUserExists(state))
-            throw new AccumuloException("Got a security exception when the user should have existed", ae);
-          else
-            return;
-        }
-        throw new AccumuloException("Unexpected exception!", ae);
-      }
+      auth = WalkingSecurity.get(state).getTabAuthInfo();
     }
-    
-    boolean hasPerm = true;
-    if (!source.equals(target))
-      hasPerm = SecurityHelper.getSysPerm(state, sourceUser, SystemPermission.ALTER_USER);
-    
-    boolean targetExists = true;
-    boolean targetSystem = true;
+    Connector conn = state.getInstance().getConnector(auth);
+        
+    boolean hasPerm;
+    boolean targetExists;
     if (target.equals("table")) {
-      targetSystem = false;
-      if (!SecurityHelper.getTabUserExists(state))
-        targetExists = false;
-      target = SecurityHelper.getTabUserName(state);
+      target = WalkingSecurity.get(state).getTabUserName();
     } else
-      target = SecurityHelper.getSysUserName(state);
+      target = WalkingSecurity.get(state).getSysUserName();
+    
+    targetExists = WalkingSecurity.get(state).userExists(target);
+      
+    hasPerm = WalkingSecurity.get(state).canChangePassword(auth, target);
     
     Random r = new Random();
     
     byte[] newPass = new byte[r.nextInt(50) + 1];
-    r.nextBytes(newPass);
-    BigInteger bi = new BigInteger(newPass);
-    newPass = bi.toString(36).getBytes();
+    for (int i =0; i < newPass.length; i++)
+      newPass[i] = (byte) ((r.nextInt(26)+65) & 0xFF);
     
     try {
       conn.securityOperations().changeUserPassword(target, newPass);
@@ -89,15 +71,16 @@ public class ChangePass extends Test {
           if (targetExists)
             throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
           return;
+        case BAD_CREDENTIALS:
+          if (!WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+            throw new AccumuloException("Bad credentials for user " + conn.whoami());
+          return;
         default:
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    if (targetSystem) {
-      SecurityHelper.setSysUserPass(state, newPass);
-    } else
-      SecurityHelper.setTabUserPass(state, newPass);
+    WalkingSecurity.get(state).changePassword(new UserPassToken(target, newPass));
     if (!hasPerm)
-      throw new AccumuloException("Password change succeeded when it should have failed.");
+      throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
   }
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateTable.java Fri Jan 25 07:04:25 2013
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
-import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.server.test.randomwalk.State;
@@ -32,14 +31,12 @@ public class CreateTable extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysAuthInfo());
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysAuthInfo());
     
     try {
       conn.tableOperations().create(tableName);
@@ -52,7 +49,7 @@ public class CreateTable extends Test {
         {
           try {
             state.getConnector().tableOperations().create(tableName);
-            SecurityHelper.setTableExists(state, true);
+            WalkingSecurity.get(state).initTable(tableName);
           } catch (TableExistsException tee) {
             if (exists)
               return;
@@ -69,9 +66,9 @@ public class CreateTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableExists(state, true);
+    WalkingSecurity.get(state).initTable(tableName);
     for (TablePermission tp : TablePermission.values())
-      SecurityHelper.setTabPerm(state, conn.whoami(), tp, true);
+      WalkingSecurity.get(state).grantTablePermission(conn.whoami(), tableName, tp);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/CreateUser.java Fri Jan 25 07:04:25 2013
@@ -21,7 +21,7 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -29,17 +29,16 @@ public class CreateUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysAuthInfo());
     
-    String tableUserName = SecurityHelper.getTabUserName(state);
+    String tableUserName = WalkingSecurity.get(state).getTabUserName();
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.CREATE_USER))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+    boolean hasPermission = WalkingSecurity.get(state).canCreateUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
     byte[] tabUserPass = "Super Sekret Table User Password".getBytes();
+    UserPassToken upt = new UserPassToken(tableUserName, tabUserPass);
     try {
-      conn.securityOperations().createUser(tableUserName, tabUserPass);
+      conn.securityOperations().createUser(upt);
     } catch (AccumuloSecurityException ae) {
       switch (ae.getErrorCode()) {
         case PERMISSION_DENIED:
@@ -49,9 +48,8 @@ public class CreateUser extends Test {
           // create user anyway for sake of state
           {
             if (!exists) {
-              state.getConnector().securityOperations().createUser(tableUserName, tabUserPass);
-              SecurityHelper.setTabUserPass(state, tabUserPass);
-              SecurityHelper.setTabUserExists(state, true);
+              state.getConnector().securityOperations().createUser(upt);
+              WalkingSecurity.get(state).createUser(upt);
             }
             return;
           }
@@ -64,8 +62,7 @@ public class CreateUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setTabUserPass(state, tabUserPass);
-    SecurityHelper.setTabUserExists(state, true);
+    WalkingSecurity.get(state).createUser(upt);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropTable.java Fri Jan 25 07:04:25 2013
@@ -23,9 +23,8 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -38,22 +37,18 @@ public class DropTable extends Test {
   
   public static void dropTable(State state, Properties props) throws Exception {
     String sourceUser = props.getProperty("source", "system");
-    Connector conn;
-    String username;
+    InstanceTokenWrapper auth;
     if (sourceUser.equals("table")) {
-      username = SecurityHelper.getTabUserName(state);
-      conn = state.getInstance().getConnector(username, SecurityHelper.getTabUserPass(state));
+      auth = WalkingSecurity.get(state).getTabAuthInfo();
     } else {
-      username = SecurityHelper.getSysUserName(state);
-      conn = SecurityHelper.getSystemConnector(state);
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
     }
+    Connector conn = state.getInstance().getConnector(auth);
     
-    String tableName = SecurityHelper.getTableName(state);
+    String tableName = WalkingSecurity.get(state).getTableName();
     
-    boolean exists = SecurityHelper.getTableExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, username, SystemPermission.DROP_TABLE) || SecurityHelper.getTabPerm(state, username, TablePermission.DROP_TABLE))
-      hasPermission = true;
+    boolean exists = WalkingSecurity.get(state).getTableExists();
+    boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(auth, tableName);
     
     try {
       conn.tableOperations().delete(tableName);
@@ -64,12 +59,12 @@ public class DropTable extends Test {
         else {
           // Drop anyway for sake of state
           state.getConnector().tableOperations().delete(tableName);
-          SecurityHelper.setTableExists(state, false);
-          for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
-            for (TablePermission tp : TablePermission.values())
-              SecurityHelper.setTabPerm(state, user, tp, false);
+          WalkingSecurity.get(state).cleanTablePermissions(tableName);
           return;
         }
+      } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+        if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+          return;
       }
       throw new AccumuloException("Got unexpected ae error code", ae);
     } catch (TableNotFoundException tnfe) {
@@ -78,10 +73,7 @@ public class DropTable extends Test {
       else
         return;
     }
-    SecurityHelper.setTableExists(state, false);
-    for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)})
-      for (TablePermission tp : TablePermission.values())
-        SecurityHelper.setTabPerm(state, user, tp, false);
+    WalkingSecurity.get(state).cleanTablePermissions(tableName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/DropUser.java Fri Jan 25 07:04:25 2013
@@ -21,8 +21,6 @@ import java.util.Properties;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.security.SystemPermission;
-import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -30,14 +28,13 @@ public class DropUser extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn = SecurityHelper.getSystemConnector(state);
+    Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysAuthInfo());
     
-    String tableUserName = SecurityHelper.getTabUserName(state);
+    String tableUserName = WalkingSecurity.get(state).getTabUserName();
+    
+    boolean exists = WalkingSecurity.get(state).userExists(tableUserName);
+    boolean hasPermission = WalkingSecurity.get(state).canDropUser(WalkingSecurity.get(state).getSysAuthInfo(), tableUserName);
     
-    boolean exists = SecurityHelper.getTabUserExists(state);
-    boolean hasPermission = false;
-    if (SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.DROP_USER))
-      hasPermission = true;
     try {
       conn.securityOperations().dropUser(tableUserName);
     } catch (AccumuloSecurityException ae) {
@@ -48,11 +45,7 @@ public class DropUser extends Test {
           else {
             if (exists) {
               state.getConnector().securityOperations().dropUser(tableUserName);
-              SecurityHelper.setTabUserExists(state, false);
-              for (TablePermission tp : TablePermission.values())
-                SecurityHelper.setTabPerm(state, tableUserName, tp, false);
-              for (SystemPermission sp : SystemPermission.values())
-                SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+              WalkingSecurity.get(state).dropUser(tableUserName);
             }
             return;
           }
@@ -66,11 +59,7 @@ public class DropUser extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setTabUserExists(state, false);
-    for (TablePermission tp : TablePermission.values())
-      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
-    for (SystemPermission sp : SystemPermission.values())
-      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+    WalkingSecurity.get(state).dropUser(tableUserName);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Fri Jan 25 07:04:25 2013
@@ -17,13 +17,13 @@
 package org.apache.accumulo.server.test.randomwalk.security;
 
 import java.net.InetAddress;
-import java.util.HashMap;
+import java.util.Set;
 
 import org.apache.accumulo.core.client.Connector;
-import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.server.test.randomwalk.Fixture;
 import org.apache.accumulo.server.test.randomwalk.State;
 
@@ -32,43 +32,44 @@ public class SecurityFixture extends Fix
   @Override
   public void setUp(State state) throws Exception {
     String secTableName, systemUserName, tableUserName;
-    Connector sysConn;
-    
     Connector conn = state.getConnector();
-    Instance instance = state.getInstance();
     
     String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
     
-    systemUserName = String.format("system_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
-    tableUserName = String.format("table_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
-    secTableName = String.format("security_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
+    systemUserName = String.format("system_%s", hostname);
+    tableUserName = String.format("table_%s", hostname);
+    secTableName = String.format("security_%s", hostname);
+    
+    if (conn.tableOperations().exists(secTableName))
+      conn.tableOperations().delete(secTableName);
+    Set<String> users = conn.securityOperations().listUsers();
+    if (users.contains(tableUserName))
+      conn.securityOperations().dropUser(tableUserName);
+    if (users.contains(systemUserName))
+      conn.securityOperations().dropUser(systemUserName);
     
     byte[] sysUserPass = "sysUser".getBytes();
-    conn.securityOperations().createUser(systemUserName, sysUserPass);
-    sysConn = instance.getConnector(systemUserName, sysUserPass);
+    conn.securityOperations().createUser(new UserPassToken(systemUserName, sysUserPass));
     
-    SecurityHelper.setSystemConnector(state, sysConn);
-    SecurityHelper.setSysUserName(state, systemUserName);
-    SecurityHelper.setSysUserPass(state, sysUserPass);
+    WalkingSecurity.get(state).setTableName(secTableName);
+    state.set("rootUserPass", ((UserPassToken )state.getAuthInfo().getToken()).getPassword());
     
-    SecurityHelper.setTableExists(state, false);
-    SecurityHelper.setTableExists(state, false);
+    WalkingSecurity.get(state).setSysUserName(systemUserName);
+    WalkingSecurity.get(state).createUser(new UserPassToken(systemUserName, sysUserPass));
     
-    SecurityHelper.setTabUserPass(state, new byte[0]);
+    WalkingSecurity.get(state).changePassword(new UserPassToken(tableUserName, new byte[0]));
     
-    SecurityHelper.setTableName(state, secTableName);
-    SecurityHelper.setTabUserName(state, tableUserName);
+    WalkingSecurity.get(state).setTabUserName(tableUserName);
     
     for (TablePermission tp : TablePermission.values()) {
-      SecurityHelper.setTabPerm(state, systemUserName, tp, false);
-      SecurityHelper.setTabPerm(state, tableUserName, tp, false);
+      WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp);
+      WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp);
     }
     for (SystemPermission sp : SystemPermission.values()) {
-      SecurityHelper.setSysPerm(state, systemUserName, sp, false);
-      SecurityHelper.setSysPerm(state, tableUserName, sp, false);
+      WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp);
+      WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp);
     }
-    SecurityHelper.setUserAuths(state, tableUserName, new Authorizations());
-    SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>());
+    WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations());
   }
   
   @Override
@@ -77,20 +78,20 @@ public class SecurityFixture extends Fix
     Validate.validate(state, log);
     Connector conn = state.getConnector();
     
-    if (SecurityHelper.getTableExists(state)) {
-      String secTableName = SecurityHelper.getTableName(state);
+    if (WalkingSecurity.get(state).getTableExists()) {
+      String secTableName = WalkingSecurity.get(state).getTableName();
       log.debug("Dropping tables: " + secTableName);
       
       conn.tableOperations().delete(secTableName);
     }
     
-    if (SecurityHelper.getTabUserExists(state)) {
-      String tableUserName = SecurityHelper.getTabUserName(state);
+    if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
+      String tableUserName = WalkingSecurity.get(state).getTabUserName();
       log.debug("Dropping user: " + tableUserName);
       
       conn.securityOperations().dropUser(tableUserName);
     }
-    String systemUserName = SecurityHelper.getSysUserName(state);
+    String systemUserName = WalkingSecurity.get(state).getSysUserName();
     log.debug("Dropping user: " + systemUserName);
     conn.securityOperations().dropUser(systemUserName);
     

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityHelper.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityHelper.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityHelper.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityHelper.java Fri Jan 25 07:04:25 2013
@@ -81,8 +81,14 @@ public class SecurityHelper {
   public static void setSysUserPass(State state, byte[] sysUserPass) {
     log.debug("Setting system user pass to " + new String(sysUserPass));
     state.set(masterPass, sysUserPass);
+    state.set(masterPass + "time", System.currentTimeMillis());
+
   }
   
+  public static boolean sysUserPassTransient(State state) {
+    return System.currentTimeMillis() - state.getLong(masterPass + "time") < 1000;
+  }
+
   public static byte[] getTabUserPass(State state) {
     return (byte[]) state.get(tUserPass);
   }
@@ -90,8 +96,13 @@ public class SecurityHelper {
   public static void setTabUserPass(State state, byte[] tabUserPass) {
     log.debug("Setting table user pass to " + new String(tabUserPass));
     state.set(tUserPass, tabUserPass);
+    state.set(tUserPass + "time", System.currentTimeMillis());
   }
   
+  public static boolean tabUserPassTransient(State state) {
+    return System.currentTimeMillis() - state.getLong(tUserPass + "time") < 1000;
+  }
+
   public static boolean getTabUserExists(State state) {
     return Boolean.parseBoolean(state.getString(tUserExists));
   }
@@ -123,6 +134,9 @@ public class SecurityHelper {
   public static void setTabPerm(State state, String userName, TablePermission tp, boolean value) {
     log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ? " to" : " from") + " user " + userName);
     state.set("Tab" + userName + tp.name(), Boolean.toString(value));
+    if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
+      state.set("Tab" + userName + tp.name() + "time", System.currentTimeMillis());
+
   }
   
   public static boolean getSysPerm(State state, String userName, SystemPermission tp) {
@@ -190,4 +204,19 @@ public class SecurityHelper {
     return fs;
   }
   
+  /**
+   * @param state
+   * @param tabUserName
+   * @param tp
+   * @return
+   */
+  public static boolean inAmbiguousZone(State state, String userName, TablePermission tp) {
+    if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
+      Long setTime = (Long) state.get("Tab" + userName + tp.name() + "time");
+      if (System.currentTimeMillis() < (setTime + 1000))
+        return true;
+    }
+    return false;
+  }
+  
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Fri Jan 25 07:04:25 2013
@@ -23,7 +23,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 
@@ -31,28 +31,27 @@ public class SetAuths extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    Connector conn;
+    InstanceTokenWrapper auth;
     
     String authsString = props.getProperty("auths", "_random");
     
     String targetUser = props.getProperty("system");
     String target;
-    boolean exists;
-    boolean hasPermission;
     if ("table".equals(targetUser)) {
-      target = SecurityHelper.getTabUserName(state);
-      exists = SecurityHelper.getTabUserExists(state);
-      conn = SecurityHelper.getSystemConnector(state);
-      hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER);
+      target = WalkingSecurity.get(state).getTabUserName();
+      auth = WalkingSecurity.get(state).getSysAuthInfo();
     } else {
-      target = SecurityHelper.getSysUserName(state);
-      exists = true;
-      conn = state.getConnector();
-      hasPermission = true;
+      target = WalkingSecurity.get(state).getSysUserName();
+      auth = state.getAuthInfo();
     }
+    Connector conn = state.getInstance().getConnector(auth);
+    
+    boolean exists = WalkingSecurity.get(state).userExists(target);
+    boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(auth, target);
+    
     Authorizations auths;
     if (authsString.equals("_random")) {
-      String[] possibleAuths = SecurityHelper.getAuthsArray();
+      String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray();
       
       Random r = new Random();
       int i = r.nextInt(possibleAuths.length);
@@ -88,7 +87,7 @@ public class SetAuths extends Test {
           throw new AccumuloException("Got unexpected exception", ae);
       }
     }
-    SecurityHelper.setUserAuths(state, target, auths);
+    WalkingSecurity.get(state).changeAuthorizations(target, auths);
     if (!hasPermission)
       throw new AccumuloException("Didn't get Security Exception when we should have");
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java Fri Jan 25 07:04:25 2013
@@ -53,19 +53,8 @@ public class TableOp extends Test {
   
   @Override
   public void visit(State state, Properties props) throws Exception {
-    boolean userExists = SecurityHelper.getTabUserExists(state);
-    Connector conn;
-    try {
-      conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state));
-    } catch (AccumuloSecurityException ae) {
-      if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
-        if (userExists)
-          throw new AccumuloException("User didn't exist when they should (or worse- password mismatch)", ae);
-        else
-          return;
-      }
-      throw new AccumuloException("Unexpected exception!", ae);
-    }
+    Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getTabAuthInfo());
+    
     String action = props.getProperty("action", "_random");
     TablePermission tp;
     if ("_random".equalsIgnoreCase(action)) {
@@ -75,17 +64,17 @@ public class TableOp extends Test {
       tp = TablePermission.valueOf(action);
     }
     
-    boolean tableExists = SecurityHelper.getTableExists(state);
-    boolean hasPerm = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), tp);
-    
-    String tableName = state.getString("secTableName");
+    boolean tableExists = WalkingSecurity.get(state).getTableExists();
+    String tableName = WalkingSecurity.get(state).getTableName();
     
     switch (tp) {
-      case READ:
-        Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state));
-        boolean canRead = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.READ);
+      case READ: {
+        boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
+        Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
+        boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
+        
         try {
-          Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state)));
+          Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
           int seen = 0;
           Iterator<Entry<Key,Value>> iter = scan.iterator();
           while (iter.hasNext()) {
@@ -95,9 +84,9 @@ public class TableOp extends Test {
             if (!auths.contains(k.getColumnVisibilityData()))
               throw new AccumuloException("Got data I should not be capable of seeing: " + k + " table " + tableName);
           }
-          if (!canRead)
+          if (!canRead && !ambiguousZone)
             throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + conn.whoami() + " table " + tableName);
-          for (Entry<String,Integer> entry : SecurityHelper.getAuthsMap(state).entrySet()) {
+          for (Entry<String,Integer> entry : WalkingSecurity.get(state).getAuthsMap().entrySet()) {
             if (auths.contains(entry.getKey().getBytes()))
               seen = seen - entry.getValue();
           }
@@ -109,7 +98,7 @@ public class TableOp extends Test {
           return;
         } catch (AccumuloSecurityException ae) {
           if (ae.getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
-            if (canRead)
+            if (canRead && !ambiguousZone)
               throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, ae);
             else
               return;
@@ -118,7 +107,7 @@ public class TableOp extends Test {
         } catch (RuntimeException re) {
           if (re.getCause() instanceof AccumuloSecurityException
               && ((AccumuloSecurityException) re.getCause()).getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
-            if (canRead)
+            if (canRead && !ambiguousZone)
               throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, re.getCause());
             else
               return;
@@ -127,10 +116,14 @@ public class TableOp extends Test {
         }
         
         break;
+      }
       case WRITE:
-        String key = SecurityHelper.getLastKey(state) + "1";
+        boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
+        boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
+        
+        String key = WalkingSecurity.get(state).getLastKey() + "1";
         Mutation m = new Mutation(new Text(key));
-        for (String s : SecurityHelper.getAuthsArray()) {
+        for (String s : WalkingSecurity.get(state).getAuthsArray()) {
           m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes()));
         }
         BatchWriter writer;
@@ -144,23 +137,38 @@ public class TableOp extends Test {
         boolean works = true;
         try {
           writer.addMutation(m);
+          writer.close();
         } catch (MutationsRejectedException mre) {
-          throw new AccumuloException("Mutation exception!", mre);
+          // Currently no method for detecting reason for mre. Waiting on ACCUMULO-670
+          // For now, just wait a second and go again if they can write!
+          if (!canWrite)
+            return;
+          
+          if (ambiguousZone) {
+            Thread.sleep(1000);
+            try {
+              writer = conn.createBatchWriter(tableName, new BatchWriterConfig().setMaxWriteThreads(1));
+              writer.addMutation(m);
+              writer.close();
+            } catch (MutationsRejectedException mre2) {
+              throw new AccumuloException("Mutation exception!", mre2);
+            }
+          }
         }
         if (works)
-          for (String s : SecurityHelper.getAuthsArray())
-            SecurityHelper.increaseAuthMap(state, s, 1);
+          for (String s : WalkingSecurity.get(state).getAuthsArray())
+            WalkingSecurity.get(state).increaseAuthMap(s, 1);
         break;
       case BULK_IMPORT:
-        key = SecurityHelper.getLastKey(state) + "1";
+        key = WalkingSecurity.get(state).getLastKey() + "1";
         SortedSet<Key> keys = new TreeSet<Key>();
-        for (String s : SecurityHelper.getAuthsArray()) {
+        for (String s : WalkingSecurity.get(state).getAuthsArray()) {
           Key k = new Key(key, "", "", s);
           keys.add(k);
         }
         Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString());
         Path fail = new Path(dir.toString() + "_fail");
-        FileSystem fs = SecurityHelper.getFs(state);
+        FileSystem fs = WalkingSecurity.get(state).getFs();
         FileSKVWriter f = FileOperations.getInstance().openWriter(dir + "/securityBulk." + RFile.EXTENSION, fs, fs.getConf(),
             AccumuloConfiguration.getDefaultConfiguration());
         f.startDefaultLocalityGroup();
@@ -176,22 +184,26 @@ public class TableOp extends Test {
           return;
         } catch (AccumuloSecurityException ae) {
           if (ae.getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
-            if (hasPerm)
+            if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
               throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
             return;
+          } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+            if (WalkingSecurity.get(state).userPassTransient(conn.whoami()))
+              return;
           }
           throw new AccumuloException("Unexpected exception!", ae);
         }
-        for (String s : SecurityHelper.getAuthsArray())
-          SecurityHelper.increaseAuthMap(state, s, 1);
+        for (String s : WalkingSecurity.get(state).getAuthsArray())
+          WalkingSecurity.get(state).increaseAuthMap(s, 1);
         fs.delete(dir, true);
         fs.delete(fail, true);
-
-        if (!hasPerm)
+        
+        if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
           throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
         break;
       case ALTER_TABLE:
-        AlterTable.renameTable(conn, state, tableName, tableName + "plus", hasPerm, tableExists);
+        AlterTable.renameTable(conn, state, tableName, tableName + "plus",
+            WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabAuthInfo(), tableName), tableExists);
         break;
       
       case GRANT:

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java Fri Jan 25 07:04:25 2013
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.server.test.randomwalk.State;
 import org.apache.accumulo.server.test.randomwalk.Test;
 import org.apache.log4j.Logger;
@@ -39,33 +40,32 @@ public class Validate extends Test {
   public static void validate(State state, Logger log) throws Exception {
     Connector conn = state.getConnector();
     
-    boolean tableExists = SecurityHelper.getTableExists(state);
-    boolean cloudTableExists = conn.tableOperations().list().contains(SecurityHelper.getTableName(state));
+    boolean tableExists = WalkingSecurity.get(state).getTableExists();
+    boolean cloudTableExists = conn.tableOperations().list().contains(WalkingSecurity.get(state).getTableName());
     if (tableExists != cloudTableExists)
       throw new AccumuloException("Table existance out of sync");
     
-    boolean tableUserExists = SecurityHelper.getTabUserExists(state);
-    boolean cloudTableUserExists = conn.securityOperations().listUsers().contains(SecurityHelper.getTabUserName(state));
+    boolean tableUserExists = WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName());
+    boolean cloudTableUserExists = conn.securityOperations().listUsers().contains(WalkingSecurity.get(state).getTabUserName());
     if (tableUserExists != cloudTableUserExists)
       throw new AccumuloException("Table User existance out of sync");
     
     Properties props = new Properties();
     props.setProperty("target", "system");
-    Authenticate.authenticate(conn, state, props);
+    Authenticate.authenticate(state.getAuthInfo(), state, props);
     props.setProperty("target", "table");
-    Authenticate.authenticate(conn, state, props);
+    Authenticate.authenticate(state.getAuthInfo(), state, props);
     
-    boolean tabUserExists = SecurityHelper.getTabUserExists(state);
-    for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)}) {
+    for (String user : new String[] {WalkingSecurity.get(state).getSysUserName(), WalkingSecurity.get(state).getTabUserName()}) {
       for (SystemPermission sp : SystemPermission.values()) {
-        boolean hasSp = SecurityHelper.getSysPerm(state, user, sp);
+        boolean hasSp = WalkingSecurity.get(state).hasSystemPermission(user, sp);
         boolean accuHasSp;
         try {
           accuHasSp = conn.securityOperations().hasSystemPermission(user, sp);
           log.debug("Just checked to see if user " + user + " has system perm " + sp.name() + " with answer " + accuHasSp);
         } catch (AccumuloSecurityException ae) {
           if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) {
-            if (tabUserExists)
+            if (tableUserExists)
               throw new AccumuloException("Got user DNE error when they should", ae);
             else
               continue;
@@ -77,14 +77,14 @@ public class Validate extends Test {
       }
       
       for (TablePermission tp : TablePermission.values()) {
-        boolean hasTp = SecurityHelper.getTabPerm(state, user, tp);
+        boolean hasTp = WalkingSecurity.get(state).hasTablePermission(user, WalkingSecurity.get(state).getTableName(), tp);
         boolean accuHasTp;
         try {
-          accuHasTp = conn.securityOperations().hasTablePermission(user, SecurityHelper.getTableName(state), tp);
+          accuHasTp = conn.securityOperations().hasTablePermission(user, WalkingSecurity.get(state).getTableName(), tp);
           log.debug("Just checked to see if user " + user + " has table perm " + tp.name() + " with answer " + accuHasTp);
         } catch (AccumuloSecurityException ae) {
           if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) {
-            if (tabUserExists)
+            if (tableUserExists)
               throw new AccumuloException("Got user DNE error when they should", ae);
             else
               continue;
@@ -102,13 +102,14 @@ public class Validate extends Test {
       
     }
     
-    Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state));
     Authorizations accuAuths;
+    Authorizations auths;
     try {
-      accuAuths = conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state));
-    } catch (AccumuloSecurityException ae) {
-      if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) {
-        if (tabUserExists)
+      auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
+      accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state).getTabUserName());
+    } catch (ThriftSecurityException ae) {
+      if (ae.getCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) {
+        if (tableUserExists)
           throw new AccumuloException("Table user didn't exist when they should.", ae);
         else
           return;

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/BatchVerify.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/BatchVerify.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/BatchVerify.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/BatchVerify.java Fri Jan 25 07:04:25 2013
@@ -41,9 +41,9 @@ public class BatchVerify extends Test {
     
     Random rand = new Random();
     
-    int numWrites = state.getInteger("numWrites");
+    long numWrites = state.getLong("numWrites");
     int maxVerify = Integer.parseInt(props.getProperty("maxVerify", "2000"));
-    int numVerify = rand.nextInt(maxVerify - 1) + 1;
+    long numVerify = rand.nextInt(maxVerify - 1) + 1;
     
     if (numVerify > (numWrites / 4)) {
       numVerify = numWrites / 4;
@@ -56,8 +56,8 @@ public class BatchVerify extends Test {
       int count = 0;
       List<Range> ranges = new ArrayList<Range>();
       while (count < numVerify) {
-        int rangeStart = rand.nextInt(numWrites);
-        int rangeEnd = rangeStart + 99;
+        long rangeStart = rand.nextInt((int) numWrites);
+        long rangeEnd = rangeStart + 99;
         if (rangeEnd > (numWrites - 1)) {
           rangeEnd = numWrites - 1;
         }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Commit.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Commit.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Commit.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Commit.java Fri Jan 25 07:04:25 2013
@@ -28,7 +28,7 @@ public class Commit extends Test {
     
     state.getMultiTableBatchWriter().flush();
     
-    log.debug("Committed " + state.getInteger("numWrites") + " writes.  Total writes: " + state.getInteger("totalWrites"));
+    log.debug("Committed " + state.getLong("numWrites") + " writes.  Total writes: " + state.getLong("totalWrites"));
     state.set("numWrites", new Integer(0));
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/MapRedVerifyTool.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/MapRedVerifyTool.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/MapRedVerifyTool.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/MapRedVerifyTool.java Fri Jan 25 07:04:25 2013
@@ -17,7 +17,6 @@
 package org.apache.accumulo.server.test.randomwalk.sequential;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
 import java.util.Iterator;
 
 import org.apache.accumulo.core.client.mapreduce.AccumuloInputFormat;
@@ -25,6 +24,7 @@ import org.apache.accumulo.core.client.m
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.hadoop.conf.Configured;
 import org.apache.hadoop.io.IntWritable;
 import org.apache.hadoop.io.NullWritable;
@@ -86,7 +86,7 @@ public class MapRedVerifyTool extends Co
     }
     
     job.setInputFormatClass(AccumuloInputFormat.class);
-    AccumuloInputFormat.setConnectorInfo(job, args[0], args[1].getBytes(Charset.forName("UTF-8")));
+    AccumuloInputFormat.setConnectorInfo(job, new UserPassToken(args[0], args[1]));
     AccumuloInputFormat.setInputTableName(job, args[2]);
     AccumuloInputFormat.setZooKeeperInstance(job, args[3], args[4]);
     
@@ -98,7 +98,7 @@ public class MapRedVerifyTool extends Co
     job.setNumReduceTasks(1);
     
     job.setOutputFormatClass(AccumuloOutputFormat.class);
-    AccumuloOutputFormat.setConnectorInfo(job, args[0], args[1].getBytes(Charset.forName("UTF-8")));
+    AccumuloOutputFormat.setConnectorInfo(job, new UserPassToken(args[0], args[1]));
     AccumuloOutputFormat.setCreateTables(job, true);
     AccumuloOutputFormat.setDefaultTableName(job, args[5]);
     AccumuloOutputFormat.setZooKeeperInstance(job, args[3], args[4]);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Write.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Write.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Write.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/test/randomwalk/sequential/Write.java Fri Jan 25 07:04:25 2013
@@ -32,9 +32,9 @@ public class Write extends Test {
     
     BatchWriter bw = state.getMultiTableBatchWriter().getBatchWriter(state.getString("seqTableName"));
     
-    state.set("numWrites", state.getInteger("numWrites") + 1);
+    state.set("numWrites", state.getLong("numWrites") + 1);
     
-    Integer totalWrites = state.getInteger("totalWrites") + 1;
+    Long totalWrites = state.getLong("totalWrites") + 1;
     if ((totalWrites % 10000) == 0) {
       log.debug("Total writes: " + totalWrites);
     }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/trace/TraceServer.java Fri Jan 25 07:04:25 2013
@@ -36,6 +36,7 @@ import org.apache.accumulo.core.conf.Pro
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.file.FileUtil;
+import org.apache.accumulo.core.security.SecurityUtil;
 import org.apache.accumulo.core.trace.TraceFormatter;
 import org.apache.accumulo.core.util.AddressUtil;
 import org.apache.accumulo.core.util.CachedConfiguration;
@@ -45,7 +46,6 @@ import org.apache.accumulo.fate.zookeepe
 import org.apache.accumulo.server.Accumulo;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.conf.ServerConfiguration;
-import org.apache.accumulo.server.security.SecurityUtil;
 import org.apache.accumulo.server.util.time.SimpleTimer;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
 import org.apache.hadoop.fs.FileSystem;

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Admin.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Admin.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Admin.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Admin.java Fri Jan 25 07:04:25 2013
@@ -17,12 +17,10 @@
 package org.apache.accumulo.server.util;
 
 import java.net.InetSocketAddress;
-import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.accumulo.cloudtrace.instrument.Tracer;
-import org.apache.accumulo.server.cli.ClientOpts;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Instance;
@@ -30,7 +28,8 @@ import org.apache.accumulo.core.client.i
 import org.apache.accumulo.core.client.impl.MasterClient;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.master.thrift.MasterClientService;
-import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
+import org.apache.accumulo.server.cli.ClientOpts;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.log4j.Logger;
@@ -82,11 +81,11 @@ public class Admin {
     Instance instance = opts.getInstance();
       
     try {
-      AuthInfo creds;
-      if (opts.getPassword() == null) {
+      InstanceTokenWrapper creds;
+      if (opts.getAccumuloToken() == null) {
         creds = SecurityConstants.getSystemCredentials();
       } else {
-        creds = new AuthInfo(opts.user, ByteBuffer.wrap(opts.getPassword()), instance.getInstanceID());
+        creds = opts.getWrappedToken();
       }
 
       if (cl.getParsedCommand().equals("stop")) {
@@ -104,16 +103,16 @@ public class Admin {
     }
   }
   
-  private static void stopServer(Instance instance, final AuthInfo credentials, final boolean tabletServersToo) throws AccumuloException, AccumuloSecurityException {
+  private static void stopServer(Instance instance, final InstanceTokenWrapper credentials, final boolean tabletServersToo) throws AccumuloException, AccumuloSecurityException {
     MasterClient.execute(HdfsZooInstance.getInstance(), new ClientExec<MasterClientService.Client>() {
       @Override
       public void execute(MasterClientService.Client client) throws Exception {
-        client.shutdown(Tracer.traceInfo(), credentials, tabletServersToo);
+        client.shutdown(Tracer.traceInfo(), credentials.toThrift(), tabletServersToo);
       }
     });
   }
   
-  private static void stopTabletServer(Instance instance, final AuthInfo creds, List<String> servers, final boolean force) throws AccumuloException, AccumuloSecurityException {
+  private static void stopTabletServer(Instance instance, final InstanceTokenWrapper creds, List<String> servers, final boolean force) throws AccumuloException, AccumuloSecurityException {
     for (String server : servers) {
       InetSocketAddress address = AddressUtil.parseAddress(server, Property.TSERV_CLIENTPORT);
       final String finalServer = org.apache.accumulo.core.util.AddressUtil.toString(address);
@@ -121,7 +120,7 @@ public class Admin {
       MasterClient.execute(HdfsZooInstance.getInstance(), new ClientExec<MasterClientService.Client>() {
         @Override
         public void execute(MasterClientService.Client client) throws Exception {
-          client.shutdownTabletServer(Tracer.traceInfo(), creds, finalServer, force);
+          client.shutdownTabletServer(Tracer.traceInfo(), creds.toThrift(), finalServer, force);
         }
       });
     }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/CheckForMetadataProblems.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/CheckForMetadataProblems.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/CheckForMetadataProblems.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/CheckForMetadataProblems.java Fri Jan 25 07:04:25 2013
@@ -83,7 +83,7 @@ public class CheckForMetadataProblems {
       if (broke && opts.fix) {
         KeyExtent ke = new KeyExtent(tabke);
         ke.setPrevEndRow(lastEndRow);
-        MetadataTable.updateTabletPrevEndRow(ke, opts.getAuthInfo());
+        MetadataTable.updateTabletPrevEndRow(ke, opts.getWrappedToken());
         System.out.println("KE " + tabke + " has been repaired to " + ke);
       }
       
@@ -147,7 +147,7 @@ public class CheckForMetadataProblems {
           System.out.println("Problem at key " + entry.getKey());
           sawProblems = true;
           if (opts.fix) {
-            Writer t = MetadataTable.getMetadataTable(opts.getAuthInfo());
+            Writer t = MetadataTable.getMetadataTable(opts.getWrappedToken());
             Key k = entry.getKey();
             Mutation m = new Mutation(k.getRow());
             m.putDelete(k.getColumnFamily(), k.getColumnQualifier());

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/FindOfflineTablets.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/FindOfflineTablets.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/FindOfflineTablets.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/FindOfflineTablets.java Fri Jan 25 07:04:25 2013
@@ -23,6 +23,7 @@ import org.apache.accumulo.core.client.I
 import org.apache.accumulo.core.conf.DefaultConfiguration;
 import org.apache.accumulo.core.data.Range;
 import org.apache.accumulo.core.master.state.tables.TableState;
+import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.master.LiveTServerSet;
 import org.apache.accumulo.server.master.LiveTServerSet.Listener;
 import org.apache.accumulo.server.master.state.MetaDataTableScanner;
@@ -43,7 +44,7 @@ public class FindOfflineTablets {
     opts.parseArgs(FindOfflineTablets.class.getName(), args);
     
     Instance instance = opts.getInstance();
-    MetaDataTableScanner scanner = new MetaDataTableScanner(instance, opts.getAuthInfo(), new Range());
+    MetaDataTableScanner scanner = new MetaDataTableScanner(instance, new InstanceTokenWrapper(opts.getAccumuloToken(), instance.getInstanceID()), new Range());
     LiveTServerSet tservers = new LiveTServerSet(instance, DefaultConfiguration.getDefaultConfiguration(), new Listener() {
       @Override
       public void update(LiveTServerSet current, Set<TServerInstance> deleted, Set<TServerInstance> added) {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java?rev=1438354&r1=1438353&r2=1438354&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/Initialize.java Fri Jan 25 07:04:25 2013
@@ -39,6 +39,9 @@ import org.apache.accumulo.core.file.Fil
 import org.apache.accumulo.core.iterators.user.VersioningIterator;
 import org.apache.accumulo.core.master.state.tables.TableState;
 import org.apache.accumulo.core.master.thrift.MasterGoalState;
+import org.apache.accumulo.core.security.SecurityUtil;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.util.CachedConfiguration;
 import org.apache.accumulo.core.zookeeper.ZooUtil;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
@@ -50,9 +53,8 @@ import org.apache.accumulo.server.conf.S
 import org.apache.accumulo.server.constraints.MetadataConstraints;
 import org.apache.accumulo.server.iterators.MetadataBulkLoadFilter;
 import org.apache.accumulo.server.master.state.tables.TableManager;
+import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityConstants;
-import org.apache.accumulo.server.security.SecurityUtil;
-import org.apache.accumulo.server.security.ZKAuthenticator;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
 import org.apache.hadoop.conf.Configuration;
@@ -72,7 +74,7 @@ import com.beust.jcommander.Parameter;
  */
 public class Initialize {
   private static final Logger log = Logger.getLogger(Initialize.class);
-  private static final String ROOT_USER = "root";
+  private static final String DEFAULT_ROOT_USER = "root";
   
   private static ConsoleReader reader = null;
   
@@ -157,6 +159,7 @@ public class Initialize {
       log.fatal("Failed to talk to zookeeper", e);
       return false;
     }
+    opts.rootuser = getRootUser(opts);
     opts.rootpass = getRootPassword(opts);
     return initialize(opts, instanceNamePath, fs);
   }
@@ -200,7 +203,7 @@ public class Initialize {
       return false;
     }
   }
-
+  
   private static void initFileSystem(Opts opts, FileSystem fs, Configuration conf, UUID uuid) throws IOException {
     FileStatus fstat;
     
@@ -400,6 +403,19 @@ public class Initialize {
     return instanceNamePath;
   }
   
+  private static String getRootUser(Opts opts) throws IOException {
+    if (opts.cliUser != null) {
+      return opts.cliUser;
+    }
+    String rootuser;
+    rootuser = getConsoleReader().readLine("Enter name for initial root user ( " + DEFAULT_ROOT_USER + "): ", '*');
+    if (rootuser == null)
+      System.exit(0);
+    if (rootuser.equals(""))
+      return DEFAULT_ROOT_USER;
+    return rootuser;
+  }
+  
   private static byte[] getRootPassword(Opts opts) throws IOException {
     if (opts.cliPassword != null) {
       return opts.cliPassword.getBytes();
@@ -407,10 +423,10 @@ public class Initialize {
     String rootpass;
     String confirmpass;
     do {
-      rootpass = getConsoleReader().readLine("Enter initial password for " + ROOT_USER + ": ", '*');
+      rootpass = getConsoleReader().readLine("Enter initial password for " + opts.rootuser + " (this may not be applicable for your security setup): ", '*');
       if (rootpass == null)
         System.exit(0);
-      confirmpass = getConsoleReader().readLine("Confirm initial password for " + ROOT_USER + ": ", '*');
+      confirmpass = getConsoleReader().readLine("Confirm initial password for " + opts.rootuser + ": ", '*');
       if (confirmpass == null)
         System.exit(0);
       if (!rootpass.equals(confirmpass))
@@ -419,8 +435,8 @@ public class Initialize {
     return rootpass.getBytes();
   }
   
-  private static void initSecurity(Opts opts, String iid) throws AccumuloSecurityException {
-    new ZKAuthenticator(iid).initializeSecurity(SecurityConstants.getSystemCredentials(), ROOT_USER, opts.rootpass);
+  private static void initSecurity(Opts opts, String iid) throws AccumuloSecurityException, ThriftSecurityException {
+    AuditedSecurityOperation.getInstance(iid, true).initializeSecurity(SecurityConstants.getSystemCredentials(), new UserPassToken(opts.rootuser, opts.rootpass));
   }
   
   protected static void initMetadataConfig() throws IOException {
@@ -445,7 +461,7 @@ public class Initialize {
   private static void setMetadataReplication(int replication, String reason) throws IOException {
     String rep = getConsoleReader().readLine(
         "Your HDFS replication " + reason
-            + " is not compatible with our default !METADATA replication of 5. What do you want to set your !METADATA replication to? (" + replication + ") ");
+        + " is not compatible with our default !METADATA replication of 5. What do you want to set your !METADATA replication to? (" + replication + ") ");
     if (rep == null || rep.length() == 0)
       rep = Integer.toString(replication);
     else
@@ -453,26 +469,27 @@ public class Initialize {
       Integer.parseInt(rep);
     initialMetadataConf.put(Property.TABLE_FILE_REPLICATION.getKey(), rep);
   }
-
+  
   public static boolean isInitialized(FileSystem fs) throws IOException {
     return (fs.exists(ServerConstants.getInstanceIdLocation()) || fs.exists(ServerConstants.getDataVersionLocation()));
   }
   
   static class Opts extends Help {
-    @Parameter(names="--reset-security", description="just update the security information")
+    @Parameter(names = "--reset-security", description = "just update the security information")
     boolean resetSecurity = false;
-    @Parameter(names="--clear-instance-name", description="delete any existing instance name without prompting")
+    @Parameter(names = "--clear-instance-name", description = "delete any existing instance name without prompting")
     boolean clearInstanceName = false;
-    @Parameter(names="--instance-name", description="the instance name, if not provided, will prompt")
+    @Parameter(names = "--instance-name", description = "the instance name, if not provided, will prompt")
     String cliInstanceName;
-    @Parameter(names="--password", description="set the password on the command line")
+    @Parameter(names = "--password", description = "set the password on the command line")
     String cliPassword;
+    @Parameter(names = "--username", description = "set the root username on the command line")
+    String cliUser;
     
     byte[] rootpass = null;
+    String rootuser = null;
   }
   
-  
-  
   public static void main(String[] args) {
     Opts opts = new Opts();
     opts.parseArgs(Initialize.class.getName(), args);
@@ -484,9 +501,10 @@ public class Initialize {
       Configuration conf = CachedConfiguration.getInstance();
       
       FileSystem fs = FileUtil.getFileSystem(conf, ServerConfiguration.getSiteConfiguration());
-
+      
       if (justSecurity) {
         if (isInitialized(fs)) {
+          opts.rootuser = getRootUser(opts);
           opts.rootpass = getRootPassword(opts);
           initSecurity(opts, HdfsZooInstance.getInstance().getInstanceID());
         } else {



Mime
View raw message