accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1439632 [2/3] - in /accumulo/trunk: core/src/main/java/org/apache/accumulo/core/cli/ core/src/main/java/org/apache/accumulo/core/client/ core/src/main/java/org/apache/accumulo/core/client/admin/ core/src/main/java/org/apache/accumulo/core/...
Date Mon, 28 Jan 2013 21:03:45 GMT
Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/KerberosToken.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/KerberosToken.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/KerberosToken.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/KerberosToken.java Mon Jan 28 21:03:43 2013
@@ -3,7 +3,6 @@ package org.apache.accumulo.core.securit
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
-import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.PrivilegedAction;
 import java.util.Arrays;
@@ -12,8 +11,6 @@ import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 
 import org.apache.accumulo.core.security.SecurityUtil;
-import org.apache.accumulo.core.security.thrift.ThriftKerberosToken;
-import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSException;
@@ -21,13 +18,12 @@ import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
 import org.ietf.jgss.Oid;
 
-public class KerberosToken extends ThriftKerberosToken implements AccumuloToken<ThriftKerberosToken,ThriftKerberosToken._Fields> {
-  private static final long serialVersionUID = -3592193087970250922L;
+public class KerberosToken implements SecurityToken {
+  private String principal;
+  private byte[] sessionKey;
   
   public KerberosToken() {
-    super();
     System.setProperty("java.security.auth.login.config", "./conf/jaas.conf");
-
   }
   
   /**
@@ -38,7 +34,7 @@ public class KerberosToken extends Thrif
    *          replaced by the systems host name.
    * @param keyTabPath
    *          Fully qualified path to the principal's keytab file
-   * @throws IOException 
+   * @throws IOException
    */
   public KerberosToken(String principalConfig, String keyTabPath, String destinationId) throws IOException {
     this();
@@ -86,8 +82,8 @@ public class KerberosToken extends Thrif
     // The GSS context initiation has to be performed as a privileged action.
     byte[] serviceTicket = Subject.doAs(subject, new GetToken(destination));
     
-    user = username;
-    ticket = ByteBuffer.wrap(serviceTicket);
+    principal = username;
+    sessionKey = serviceTicket;
   }
   
   class GetToken implements PrivilegedAction<byte[]> {
@@ -121,13 +117,21 @@ public class KerberosToken extends Thrif
   }
   
   public String getPrincipal() {
-    return user;
+    return principal;
   }
   
-  public byte[] getTicket() {
-    return ByteBufferUtil.toBytes(ticket);
+  public byte[] getSessionKey() {
+    return sessionKey;
   }
   
+  public void setPrincipal(String principal) {
+    this.principal = principal;
+  }
+
+  public void setSessionKey(byte[] sessionKey) {
+    this.sessionKey = sessionKey;
+  }
+
   private void readObject(ObjectInputStream aInputStream) throws IOException, ClassNotFoundException {
     aInputStream.defaultReadObject();
   }
@@ -137,24 +141,49 @@ public class KerberosToken extends Thrif
   }
   
   public void destroy() {
-    Arrays.fill(ticket.array(), (byte) 0);
-    ticket = null;
+    Arrays.fill(sessionKey, (byte) 0);
+    sessionKey = null;
   }
   
   @Override
   public boolean isDestroyed() {
-    return ticket == null;
+    return sessionKey == null;
   }
   
-  public boolean equals(AccumuloToken<?,?> token) {
-    if (token instanceof KerberosToken) {
-      KerberosToken kt = (KerberosToken) token;
-      return this.user.equals(kt.user) && Arrays.equals(this.getTicket(), kt.getTicket());
-    } else
+  public String toString() {
+    return "KerberosToken(" + this.principal + ":" + new String(this.getSessionKey()) + ")";
+  }
+
+  @Override
+  public int hashCode() {
+    final int prime = 31;
+    int result = 1;
+    result = prime * result + ((principal == null) ? 0 : principal.hashCode());
+    result = prime * result + Arrays.hashCode(sessionKey);
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object obj) {
+    if (this == obj)
+      return true;
+    if (obj == null)
+      return false;
+    if (!(obj instanceof KerberosToken))
+      return false;
+    KerberosToken other = (KerberosToken) obj;
+    if (principal == null) {
+      if (other.principal != null)
+        return false;
+    } else if (!principal.equals(other.principal))
+      return false;
+    if (!Arrays.equals(sessionKey, other.sessionKey))
       return false;
+    return true;
   }
-  
-  public String toString() {
-    return "KerberosToken("+this.user+":"+new String(this.getTicket())+")";
+
+  @Override
+  public SecuritySerDe<? extends SecurityToken> getSerDe() {
+    return new KerberosSerDe();
   }
 }

Added: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecuritySerDe.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecuritySerDe.java?rev=1439632&view=auto
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecuritySerDe.java (added)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecuritySerDe.java Mon Jan 28 21:03:43 2013
@@ -0,0 +1,8 @@
+package org.apache.accumulo.core.security.tokens;
+
+import org.apache.accumulo.core.client.AccumuloSecurityException;
+
+public interface SecuritySerDe<T extends SecurityToken> {
+	public byte[] serialize(T token) throws AccumuloSecurityException;
+	public T deserialize(byte[] serializedToken) throws AccumuloSecurityException;
+}

Propchange: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecuritySerDe.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java (from r1439499, accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/AccumuloToken.java)
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java?p2=accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java&p1=accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/AccumuloToken.java&r1=1439499&r2=1439632&rev=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/AccumuloToken.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/SecurityToken.java Mon Jan 28 21:03:43 2013
@@ -2,13 +2,10 @@ package org.apache.accumulo.core.securit
 
 import javax.security.auth.Destroyable;
 
-import org.apache.thrift.TBase;
-import org.apache.thrift.TFieldIdEnum;
-
 /**
  * Any AccumuloTokens created need to have an empty constructor as well
  */
-public interface AccumuloToken<T extends TBase<?,?>, F extends TFieldIdEnum> extends TBase<T, F>, Destroyable {
+public interface SecurityToken extends Destroyable {
   public String getPrincipal();
-  public boolean equals(AccumuloToken<?,?> token);
+  public SecuritySerDe<? extends SecurityToken> getSerDe();
 }

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/TokenHelper.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/TokenHelper.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/TokenHelper.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/TokenHelper.java Mon Jan 28 21:03:43 2013
@@ -6,36 +6,33 @@ import java.io.DataOutputStream;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 
+import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.io.output.ByteArrayOutputStream;
 import org.apache.hadoop.io.WritableUtils;
 import org.apache.log4j.Logger;
-import org.apache.thrift.TDeserializer;
-import org.apache.thrift.TException;
-import org.apache.thrift.TSerializer;
 
 public class TokenHelper {
   private static Logger log = Logger.getLogger(TokenHelper.class);
   
-  public static ByteBuffer wrapper(AccumuloToken<?,?> token) {
+  public static ByteBuffer wrapper(SecurityToken token) throws AccumuloSecurityException {
     return ByteBuffer.wrap(getBytes(token));
   }
   
-  private static byte[] getBytes(AccumuloToken<?,?> token) {
-    TSerializer serializer = new TSerializer();
+  // Cannot get typing right to get both warnings resolved. Open to suggestions.
+  @SuppressWarnings({"rawtypes", "unchecked"})
+  private static byte[] getBytes(SecurityToken token) throws AccumuloSecurityException {
     ByteArrayOutputStream bout = null;
     DataOutputStream out = null;
     try {
       bout = new ByteArrayOutputStream();
       out = new DataOutputStream(bout);
-      WritableUtils.writeCompressedString(out, token.getClass().getCanonicalName());
-      
-      WritableUtils.writeCompressedByteArray(out, serializer.serialize(token));
+      SecuritySerDe serDe = token.getSerDe();
+      WritableUtils.writeCompressedString(out, serDe.getClass().getCanonicalName());
+      WritableUtils.writeCompressedByteArray(out, serDe.serialize(token));
       return bout.toByteArray();
-    } catch (TException te) {
-      // This shouldn't happen
-      throw new RuntimeException(te);
     } catch (IOException e) {
       // This shouldn't happen
       throw new RuntimeException(e);
@@ -52,16 +49,15 @@ public class TokenHelper {
     
   }
   
-  public static String asBase64String(AccumuloToken<?,?> token2) {
+  public static String asBase64String(SecurityToken token2) throws AccumuloSecurityException {
     return new String(Base64.encodeBase64(getBytes(token2)));
   }
   
-  public static AccumuloToken<?,?> fromBase64String(String token) {
+  public static SecurityToken fromBase64String(String token) throws AccumuloSecurityException {
     return fromBytes(Base64.decodeBase64(token.getBytes()));
   }
   
-  private static AccumuloToken<?,?> fromBytes(byte[] token) {
-    TDeserializer deserializer = new TDeserializer();
+  private static SecurityToken fromBytes(byte[] token) throws AccumuloSecurityException {
     String clazz = "";
     ByteArrayInputStream bin = null;
     DataInputStream in = null;
@@ -71,25 +67,21 @@ public class TokenHelper {
         in = new DataInputStream(bin);
         
         clazz = WritableUtils.readCompressedString(in);
-        AccumuloToken<?,?> obj = (AccumuloToken<?,?>) Class.forName(clazz).newInstance();
-        
-        byte[] tokenBytes = WritableUtils.readCompressedByteArray(in);
-        deserializer.deserialize(obj, tokenBytes);
-        
-        return obj;
+        SecuritySerDe<?> serDe = (SecuritySerDe<?>) Class.forName(clazz).newInstance();
+        return serDe.deserialize(WritableUtils.readCompressedByteArray(in));
       } catch (IOException e) {
         // This shouldn't happen
-        throw new RuntimeException(e);
+        log.error(e);
+        throw new AccumuloSecurityException("unknown user", SecurityErrorCode.INVALID_TOKEN);
       } catch (InstantiationException e) {
         // This shouldn't happen
-        throw new RuntimeException(e);
+        log.error(e);
+        throw new AccumuloSecurityException("unknown user", SecurityErrorCode.INVALID_TOKEN);
       } catch (IllegalAccessException e) {
         // This shouldn't happen
-        throw new RuntimeException(e);
-      } catch (TException e) {
-        // This shouldn't happen
-        throw new RuntimeException(e);
-      }
+        log.error(e);
+        throw new AccumuloSecurityException("unknown user", SecurityErrorCode.INVALID_TOKEN);
+      } 
     } catch (ClassNotFoundException e) {
       throw new RuntimeException("Unable to load class " + clazz, e);
     } finally {
@@ -104,7 +96,7 @@ public class TokenHelper {
     }
   }
   
-  public static AccumuloToken<?,?> unwrap(ByteBuffer token) {
+  public static SecurityToken unwrap(ByteBuffer token) throws AccumuloSecurityException {
     return fromBytes(ByteBufferUtil.toBytes(token));
   }
 }

Added: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassSerDe.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassSerDe.java?rev=1439632&view=auto
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassSerDe.java (added)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassSerDe.java Mon Jan 28 21:03:43 2013
@@ -0,0 +1,85 @@
+package org.apache.accumulo.core.security.tokens;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.ThriftUserPassToken;
+import org.apache.commons.io.output.ByteArrayOutputStream;
+import org.apache.hadoop.io.WritableUtils;
+import org.apache.log4j.Logger;
+import org.apache.thrift.TDeserializer;
+import org.apache.thrift.TException;
+import org.apache.thrift.TSerializer;
+
+public class UserPassSerDe implements SecuritySerDe<UserPassToken> {
+  private static Logger log = Logger.getLogger(UserPassSerDe.class);
+  
+  @Override
+  public byte[] serialize(UserPassToken token) throws AccumuloSecurityException {
+    ThriftUserPassToken t = new ThriftUserPassToken(token.getPrincipal(), ByteBuffer.wrap(token.getPassword()));
+    TSerializer serializer = new TSerializer();
+    ByteArrayOutputStream bout = null;
+    DataOutputStream out = null;
+    try {
+      bout = new ByteArrayOutputStream();
+      out = new DataOutputStream(bout);
+      WritableUtils.writeCompressedByteArray(out, serializer.serialize(t));
+      return bout.toByteArray();
+    } catch (TException te) {
+      // This shouldn't happen
+      log.error(te);
+      throw new AccumuloSecurityException(token.getPrincipal(), SecurityErrorCode.INVALID_TOKEN);
+    } catch (IOException e) {
+      // This shouldn't happen
+      log.error(e);
+      throw new AccumuloSecurityException(token.getPrincipal(), SecurityErrorCode.INVALID_TOKEN);
+    } finally {
+      try {
+        if (bout != null)
+          bout.close();
+        if (out != null)
+          out.close();
+      } catch (IOException e) {
+        log.error(e);
+      }
+    }
+  }
+  
+  @Override
+  public UserPassToken deserialize(byte[] serializedToken) throws AccumuloSecurityException {
+    ByteArrayInputStream bin = null;
+    DataInputStream in = null;
+    try {
+      bin = new ByteArrayInputStream(serializedToken);
+      in = new DataInputStream(bin);
+      
+      TDeserializer deserializer = new TDeserializer();
+      ThriftUserPassToken obj = new ThriftUserPassToken();
+      byte[] tokenBytes;
+      tokenBytes = WritableUtils.readCompressedByteArray(in);
+      deserializer.deserialize(obj, tokenBytes);
+      
+      return new UserPassToken(obj.user, obj.getPassword());
+    } catch (IOException e) {
+      log.error(e);
+      throw new AccumuloSecurityException("unknown user", SecurityErrorCode.INVALID_TOKEN);
+    } catch (TException e) {
+      log.error(e);
+      throw new AccumuloSecurityException("unknown user", SecurityErrorCode.INVALID_TOKEN);
+    } finally {
+      try {
+        if (bin != null)
+          bin.close();
+        if (in != null)
+          in.close();
+      } catch (IOException e) {
+        log.error(e);
+      }
+    }
+  }
+}

Propchange: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassSerDe.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassToken.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassToken.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassToken.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/tokens/UserPassToken.java Mon Jan 28 21:03:43 2013
@@ -5,34 +5,28 @@ import java.nio.charset.Charset;
 import java.util.Arrays;
 
 import org.apache.accumulo.core.security.thrift.AuthInfo;
-import org.apache.accumulo.core.security.thrift.ThriftUserPassToken;
+import org.apache.accumulo.core.util.ByteBufferUtil;
 
 @SuppressWarnings("deprecation")
-public class UserPassToken extends ThriftUserPassToken implements AccumuloToken<ThriftUserPassToken,ThriftUserPassToken._Fields>, PasswordUpdatable {
-  private static final long serialVersionUID = 7331872580391311737L;
-  
-  public UserPassToken() {
-    super();
-  }
-  
+public class UserPassToken implements SecurityToken, PasswordUpdatable {
+  private String username;
+  private byte[] password;
+
   public UserPassToken(String user, ByteBuffer password) {
-    super(user, password);
+    this(user, ByteBufferUtil.toBytes(password));
   }
   
   public UserPassToken(String user, byte[] password) {
-    super(user, ByteBuffer.wrap(password));
+    this.username = user;
+    this.password = password;
   }
   
   public UserPassToken(String user, CharSequence password) {
     this(user, password.toString().getBytes(Charset.forName("UTF-8")));
   }
   
-  public UserPassToken(ThriftUserPassToken upt) {
-    super(upt);
-  }
-  
   public void destroy() {
-    Arrays.fill(password.array(), (byte) 0);
+    Arrays.fill(password, (byte) 0);
     password = null;
   }
   
@@ -41,18 +35,27 @@ public class UserPassToken extends Thrif
     return password == null;
   }
   
+  /**
+   * @deprecated since 1.5
+   * @param credentials
+   * @return
+   */
   public static UserPassToken convertAuthInfo(AuthInfo credentials) {
     return new UserPassToken(credentials.user, credentials.password);
   }
   
   @Override
   public String getPrincipal() {
-    return user;
+    return username;
+  }
+  
+  public byte[] getPassword() {
+    return password;
   }
   
   @Override
   public void updatePassword(byte[] newPassword) {
-    this.password = ByteBuffer.wrap(Arrays.copyOf(newPassword, newPassword.length));
+    this.password = Arrays.copyOf(newPassword, newPassword.length);
   }
   
   @Override
@@ -60,16 +63,41 @@ public class UserPassToken extends Thrif
     updatePassword(pu.getPassword());
   }
   
-  public boolean equals(AccumuloToken<?,?> token) {
-    if (token instanceof UserPassToken) {
-      UserPassToken upt = (UserPassToken) token;
-      return this.user.equals(upt.user) && Arrays.equals(this.getPassword(), upt.getPassword());
-    } else {
-      System.out.println("Compared UserPassToken to " + token.getClass());
-      return false;
-    }  }
-  
   public String toString() {
-    return "UserPassToken("+this.user+":"+new String(this.getPrincipal())+")";
+    return "UserPassToken("+this.username+":"+new String(this.getPrincipal())+")";
+  }
+
+  @Override
+  public int hashCode() {
+    final int prime = 31;
+    int result = 1;
+    result = prime * result + Arrays.hashCode(password);
+    result = prime * result + ((username == null) ? 0 : username.hashCode());
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object obj) {
+    if (this == obj)
+      return true;
+    if (obj == null)
+      return false;
+    if (!(obj instanceof UserPassToken))
+      return false;
+    UserPassToken other = (UserPassToken) obj;
+    if (!Arrays.equals(password, other.password))
+      return false;
+    if (username == null) {
+      if (other.username != null)
+        return false;
+    } else if (!username.equals(other.username))
+      return false;
+    return true;
+  }
+
+  @Override
+  public SecuritySerDe<? extends SecurityToken> getSerDe() {
+    return new UserPassSerDe();
   }
+  
 }

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java Mon Jan 28 21:03:43 2013
@@ -52,7 +52,7 @@ import org.apache.accumulo.core.data.Key
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.data.thrift.TConstraintViolationSummary;
 import org.apache.accumulo.core.security.AuditLevel;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.tabletserver.thrift.ConstraintViolationException;
 import org.apache.accumulo.core.trace.DistributedTrace;
@@ -168,7 +168,7 @@ public class Shell extends ShellOptions 
   protected Instance instance;
   private Connector connector;
   protected ConsoleReader reader;
-  private AccumuloToken<?,?> credentials;
+  private SecurityToken credentials;
   private Class<? extends Formatter> defaultFormatterClass = DefaultFormatter.class;
   private Class<? extends Formatter> binaryFormatterClass = BinaryFormatter.class;
   public Map<String,List<IteratorSetting>> scanIteratorOptions = new HashMap<String,List<IteratorSetting>>();
@@ -931,8 +931,8 @@ public class Shell extends ShellOptions 
     return reader;
   }
   
-  public AccumuloToken<?,?> updateUser(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException {
-    AccumuloToken<?,?> token;
+  public SecurityToken updateUser(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException {
+    SecurityToken token;
     try {
       String tokenClass = instance.getSecurityTokenClass();
       System.out.println(tokenClass);
@@ -955,7 +955,7 @@ public class Shell extends ShellOptions 
     return token;
   }
   
-  public AccumuloToken<?,?> getCredentials() {
+  public SecurityToken getCredentials() {
     return credentials;
   }
   

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/commands/AuthenticateCommand.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/commands/AuthenticateCommand.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/commands/AuthenticateCommand.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/commands/AuthenticateCommand.java Mon Jan 28 21:03:43 2013
@@ -22,6 +22,7 @@ import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.util.shell.Shell;
 import org.apache.accumulo.core.util.shell.Shell.Command;
 import org.apache.accumulo.core.util.shell.Token;
@@ -37,7 +38,7 @@ public class AuthenticateCommand extends
       return 0;
     } // user canceled
     final byte[] password = p.getBytes();
-    final boolean valid = shellState.getConnector().securityOperations().authenticateUser(user, password);
+    final boolean valid = shellState.getConnector().securityOperations().authenticateUser(new UserPassToken(user, password));
     shellState.getReader().printString((valid ? "V" : "Not v") + "alid\n");
     return 0;
   }

Modified: accumulo/trunk/core/src/test/java/org/apache/accumulo/core/client/impl/TabletLocatorImplTest.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/test/java/org/apache/accumulo/core/client/impl/TabletLocatorImplTest.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/test/java/org/apache/accumulo/core/client/impl/TabletLocatorImplTest.java (original)
+++ accumulo/trunk/core/src/test/java/org/apache/accumulo/core/client/impl/TabletLocatorImplTest.java Mon Jan 28 21:03:43 2013
@@ -48,13 +48,14 @@ import org.apache.accumulo.core.data.Par
 import org.apache.accumulo.core.data.Range;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.security.thrift.AuthInfo;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.util.MetadataTable;
 import org.apache.accumulo.core.util.Pair;
 import org.apache.hadoop.io.Text;
 
+@SuppressWarnings("deprecation")
 public class TabletLocatorImplTest extends TestCase {
   
   private static final KeyExtent RTE = Constants.ROOT_TABLET_EXTENT;
@@ -469,7 +470,7 @@ public class TabletLocatorImplTest exten
       return getConnector(auth.user, auth.password);
     }
     
-    public Connector getConnector(AccumuloToken<?,?> token) throws AccumuloException, AccumuloSecurityException {
+    public Connector getConnector(SecurityToken token) throws AccumuloException, AccumuloSecurityException {
       throw new UnsupportedOperationException();
     }
     

Modified: accumulo/trunk/core/src/test/java/org/apache/accumulo/core/iterators/user/TransformingIteratorTest.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/test/java/org/apache/accumulo/core/iterators/user/TransformingIteratorTest.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/core/src/test/java/org/apache/accumulo/core/iterators/user/TransformingIteratorTest.java (original)
+++ accumulo/trunk/core/src/test/java/org/apache/accumulo/core/iterators/user/TransformingIteratorTest.java Mon Jan 28 21:03:43 2013
@@ -54,6 +54,7 @@ import org.apache.accumulo.core.iterator
 import org.apache.accumulo.core.iterators.WrappingIterator;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.ColumnVisibility;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.hadoop.io.Text;
 import org.junit.Before;
 import org.junit.Test;
@@ -67,7 +68,7 @@ public class TransformingIteratorTest {
   @Before
   public void setUpMockAccumulo() throws Exception {
     MockInstance instance = new MockInstance("test");
-    connector = instance.getConnector("user", "password");
+    connector = instance.getConnector(new UserPassToken("user", "password"));
     connector.securityOperations().changeUserAuthorizations("user", authorizations);
     
     if (connector.tableOperations().exists(TABLE_NAME))
@@ -276,7 +277,7 @@ public class TransformingIteratorTest {
   @Test
   public void testDeepCopy() throws Exception {
     MockInstance instance = new MockInstance("test");
-    Connector connector = instance.getConnector("user", "password");
+    Connector connector = instance.getConnector(new UserPassToken("user", "password"));
     
     connector.tableOperations().create("shard_table");
     

Modified: accumulo/trunk/examples/instamo/src/main/java/org/apache/accumulo/instamo/AccumuloApp.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/examples/instamo/src/main/java/org/apache/accumulo/instamo/AccumuloApp.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/examples/instamo/src/main/java/org/apache/accumulo/instamo/AccumuloApp.java (original)
+++ accumulo/trunk/examples/instamo/src/main/java/org/apache/accumulo/instamo/AccumuloApp.java Mon Jan 28 21:03:43 2013
@@ -28,6 +28,7 @@ import org.apache.accumulo.core.client.Z
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 
 public class AccumuloApp {
   
@@ -36,7 +37,7 @@ public class AccumuloApp {
 
     Instance instance = new ZooKeeperInstance(instanceName, zookeepers);
     
-    Connector conn = instance.getConnector("root", rootPassword);
+    Connector conn = instance.getConnector(new UserPassToken("root", rootPassword));
     
     conn.tableOperations().create("foo");
     

Modified: accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/filedata/FileDataQuery.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/filedata/FileDataQuery.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/filedata/FileDataQuery.java (original)
+++ accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/filedata/FileDataQuery.java Mon Jan 28 21:03:43 2013
@@ -31,7 +31,7 @@ import org.apache.accumulo.core.data.Key
 import org.apache.accumulo.core.data.Range;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.util.PeekingIterator;
 
 /**
@@ -44,7 +44,7 @@ public class FileDataQuery {
   private ChunkInputStream cis;
   Scanner scanner;
   
-  public FileDataQuery(String instanceName, String zooKeepers, AccumuloToken<?,?> token, String tableName, Authorizations auths) throws AccumuloException,
+  public FileDataQuery(String instanceName, String zooKeepers, SecurityToken token, String tableName, Authorizations auths) throws AccumuloException,
       AccumuloSecurityException, TableNotFoundException {
     ZooKeeperInstance instance = new ZooKeeperInstance(instanceName, zooKeepers);
     conn = instance.getConnector(token);

Modified: accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/mapreduce/TableToFile.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/mapreduce/TableToFile.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/mapreduce/TableToFile.java (original)
+++ accumulo/trunk/examples/simple/src/main/java/org/apache/accumulo/examples/simple/mapreduce/TableToFile.java Mon Jan 28 21:03:43 2013
@@ -21,6 +21,7 @@ import java.util.HashSet;
 import java.util.Map;
 
 import org.apache.accumulo.core.cli.ClientOnRequiredTable;
+import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.mapreduce.AccumuloInputFormat;
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Value;
@@ -82,7 +83,7 @@ public class TableToFile extends Configu
   }
   
   @Override
-  public int run(String[] args) throws IOException, InterruptedException, ClassNotFoundException {
+  public int run(String[] args) throws IOException, InterruptedException, ClassNotFoundException, AccumuloSecurityException {
     Job job = new Job(getConf(), this.getClass().getSimpleName() + "_" + System.currentTimeMillis());
     job.setJarByClass(this.getClass());
     Opts opts = new Opts();

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Mon Jan 28 21:03:43 2013
@@ -103,74 +103,137 @@ public class ClientServiceHandler implem
     } catch (ThriftSecurityException e) {
       log.error(e);
       throw e;
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
     }
   }
   
   @Override
   public void changeAuthorizations(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, List<ByteBuffer> authorizations)
       throws ThriftSecurityException {
-    security.changeAuthorizations(new InstanceTokenWrapper(credentials), user, new Authorizations(authorizations));
+    try {
+      security.changeAuthorizations(new InstanceTokenWrapper(credentials), user, new Authorizations(authorizations));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void changePassword(TInfo tinfo, ThriftInstanceTokenWrapper credentials, ByteBuffer token) throws ThriftSecurityException {
-    security.changePassword(new InstanceTokenWrapper(credentials), TokenHelper.unwrap(token));
+    try {
+      security.changePassword(new InstanceTokenWrapper(credentials), TokenHelper.unwrap(token));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void createUser(TInfo tinfo, ThriftInstanceTokenWrapper credentials, ByteBuffer token, List<ByteBuffer> authorizations) throws ThriftSecurityException {
-    security.createUser(new InstanceTokenWrapper(credentials), TokenHelper.unwrap(token), new Authorizations(authorizations));
+    try {
+      security.createUser(new InstanceTokenWrapper(credentials), TokenHelper.unwrap(token), new Authorizations(authorizations));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void dropUser(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
-    security.dropUser(new InstanceTokenWrapper(credentials), user);
+    try {
+      security.dropUser(new InstanceTokenWrapper(credentials), user);
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public List<ByteBuffer> getUserAuthorizations(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user) throws ThriftSecurityException {
-    return security.getUserAuthorizations(new InstanceTokenWrapper(credentials), user).getAuthorizationsBB();
+    try {
+      return security.getUserAuthorizations(new InstanceTokenWrapper(credentials), user).getAuthorizationsBB();
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void grantSystemPermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, byte permission) throws ThriftSecurityException {
-    security.grantSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(permission));
+    try {
+      security.grantSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(permission));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void grantTablePermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, String tableName, byte permission)
       throws ThriftSecurityException, ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
-    security.grantTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(permission));
+    try {
+      security.grantTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(permission));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void revokeSystemPermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, byte permission) throws ThriftSecurityException {
-    security.revokeSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(permission));
+    try {
+      security.revokeSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(permission));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public void revokeTablePermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, String tableName, byte permission)
       throws ThriftSecurityException, ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
-    security.revokeTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(permission));
+    try {
+      security.revokeTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(permission));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public boolean hasSystemPermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, byte sysPerm) throws ThriftSecurityException {
-    return security.hasSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(sysPerm));
+    try {
+      return security.hasSystemPermission(new InstanceTokenWrapper(credentials), user, SystemPermission.getPermissionById(sysPerm));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public boolean hasTablePermission(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String user, String tableName, byte tblPerm)
       throws ThriftSecurityException, ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
-    return security.hasTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(tblPerm));
+    try {
+      return security.hasTablePermission(new InstanceTokenWrapper(credentials), user, tableId, TablePermission.getPermissionById(tblPerm));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   @Override
   public Set<String> listUsers(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException {
-    return security.listUsers(new InstanceTokenWrapper(credentials));
+    try {
+      return security.listUsers(new InstanceTokenWrapper(credentials));
+    } catch (AccumuloSecurityException e) {
+      log.error(e);
+      throw e.asThriftException();
+    }
   }
   
   static private Map<String,String> conf(AccumuloConfiguration conf) {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java Mon Jan 28 21:03:43 2013
@@ -34,7 +34,7 @@ import org.apache.accumulo.core.conf.Pro
 import org.apache.accumulo.core.master.thrift.MasterClientService.Client;
 import org.apache.accumulo.core.security.thrift.AuthInfo;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.util.OpTimer;
@@ -56,6 +56,7 @@ import org.apache.thrift.transport.TTran
  * An implementation of Instance that looks in HDFS and ZooKeeper to find the master and root tablet location.
  * 
  */
+@SuppressWarnings("deprecation")
 public class HdfsZooInstance implements Instance {
   
   public static class AccumuloNotInitializedException extends RuntimeException {
@@ -125,7 +126,6 @@ public class HdfsZooInstance implements 
     return instanceId;
   }
   
-  @SuppressWarnings("deprecation")
   private static synchronized void _getInstanceID() {
     if (instanceId == null) {
       instanceId = ZooKeeperInstance.getInstanceIDFromHdfs(ServerConstants.getInstanceIdLocation());
@@ -148,7 +148,7 @@ public class HdfsZooInstance implements 
   }
   
   /**
-   * @deprecated since 1.5, use {@link #getConnector(AccumuloToken)}
+   * @deprecated since 1.5, use {@link #getConnector(SecurityToken)}
    */
   @Override
   public Connector getConnector(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException {
@@ -156,7 +156,7 @@ public class HdfsZooInstance implements 
   }
   
   /**
-   * @deprecated since 1.5, use {@link #getConnector(AccumuloToken)}
+   * @deprecated since 1.5, use {@link #getConnector(SecurityToken)}
    */
   @Override
   public Connector getConnector(String user, ByteBuffer pass) throws AccumuloException, AccumuloSecurityException {
@@ -164,7 +164,7 @@ public class HdfsZooInstance implements 
   }
   
   /**
-   * @deprecated since 1.5, use {@link #getConnector(AccumuloToken)}
+   * @deprecated since 1.5, use {@link #getConnector(SecurityToken)}
    */
   @Override
   public Connector getConnector(String user, CharSequence pass) throws AccumuloException, AccumuloSecurityException {
@@ -194,15 +194,14 @@ public class HdfsZooInstance implements 
   }
   
   /**
-   * @deprecated since 1.5, use {@link #getConnector(AccumuloToken)}
+   * @deprecated since 1.5, use {@link #getConnector(SecurityToken)}
    */
   @Override
   public Connector getConnector(AuthInfo auth) throws AccumuloException, AccumuloSecurityException {
     return getConnector(UserPassToken.convertAuthInfo(auth));
   }
   
-  @SuppressWarnings("deprecation")
-  public Connector getConnector(AccumuloToken<?,?> token) throws AccumuloException, AccumuloSecurityException {
+  public Connector getConnector(SecurityToken token) throws AccumuloException, AccumuloSecurityException {
     return new ConnectorImpl(this, token);
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java Mon Jan 28 21:03:43 2013
@@ -30,6 +30,7 @@ import org.apache.accumulo.trace.instrum
 import org.apache.accumulo.trace.instrument.Trace;
 import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Instance;
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
@@ -146,6 +147,8 @@ public class GarbageCollectWriteAheadLog
           status.currentLog.deleted += entry.getValue().size();
         } catch (TException e) {
           log.warn("Error talking to " + address + ": " + e);
+        } catch (AccumuloSecurityException e) {
+          log.warn("Error generating system credentials");
         } finally {
           if (tserver != null)
             ThriftUtil.returnClient(tserver);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java Mon Jan 28 21:03:43 2013
@@ -534,7 +534,12 @@ public class Master implements LiveTServ
     
     @Override
     public long initiateFlush(TInfo tinfo, ThriftInstanceTokenWrapper c, String tableId) throws ThriftSecurityException, ThriftTableOperationException, TException {
-      security.canFlush(new InstanceTokenWrapper(c), tableId);
+      try {
+        security.canFlush(new InstanceTokenWrapper(c), tableId);
+      } catch (AccumuloSecurityException e1) {
+        log.error(e1);
+        throw e1.asThriftException();
+      }
       
       String zTablePath = Constants.ZROOT + "/" + getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
           + Constants.ZTABLE_FLUSH_ID;
@@ -562,7 +567,12 @@ public class Master implements LiveTServ
     @Override
     public void waitForFlush(TInfo tinfo, ThriftInstanceTokenWrapper c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
         throws ThriftSecurityException, ThriftTableOperationException, TException {
-      security.canFlush(new InstanceTokenWrapper(c), tableId);
+      try {
+        security.canFlush(new InstanceTokenWrapper(c), tableId);
+      } catch (AccumuloSecurityException e1) {
+        log.error(e1);
+        throw e1.asThriftException();
+      }
       
       if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0)
         throw new ThriftTableOperationException(tableId, null, TableOperation.FLUSH, TableOperationExceptionType.BAD_RANGE,
@@ -707,7 +717,12 @@ public class Master implements LiveTServ
     private void alterTableProperty(ThriftInstanceTokenWrapper c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
         ThriftTableOperationException {
       final String tableId = checkTableId(tableName, op);
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(c);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(c);
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       if (!security.canAlterTable(itw, tableId))
         throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
@@ -737,13 +752,21 @@ public class Master implements LiveTServ
     
     @Override
     public void shutdown(TInfo info, ThriftInstanceTokenWrapper c, boolean stopTabletServers) throws ThriftSecurityException, TException {
-      security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      try {
+        security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      } catch (AccumuloSecurityException e) {
+        e.asThriftException();
+      }
       Master.this.shutdown(stopTabletServers);
     }
     
     @Override
     public void shutdownTabletServer(TInfo info, ThriftInstanceTokenWrapper c, String tabletServer, boolean force) throws ThriftSecurityException, TException {
-      security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      try {
+        security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       
       final InetSocketAddress addr = AddressUtil.parseAddress(tabletServer, Property.TSERV_CLIENTPORT);
       final String addrString = org.apache.accumulo.core.util.AddressUtil.toString(addr);
@@ -806,7 +829,11 @@ public class Master implements LiveTServ
     
     @Override
     public void setMasterGoalState(TInfo info, ThriftInstanceTokenWrapper c, MasterGoalState state) throws ThriftSecurityException, TException {
-      security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      try {
+        security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       
       Master.this.setMasterGoalState(state);
     }
@@ -823,7 +850,11 @@ public class Master implements LiveTServ
     
     @Override
     public void removeSystemProperty(TInfo info, ThriftInstanceTokenWrapper c, String property) throws ThriftSecurityException, TException {
-      security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      try {
+        security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       
       try {
         SystemPropUtil.removeSystemProperty(property);
@@ -836,7 +867,11 @@ public class Master implements LiveTServ
     
     @Override
     public void setSystemProperty(TInfo info, ThriftInstanceTokenWrapper c, String property, String value) throws ThriftSecurityException, TException {
-      security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      try {
+        security.canPerformSystemActions(new InstanceTokenWrapper(c));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       
       try {
         SystemPropUtil.setSystemProperty(property, value);
@@ -855,14 +890,23 @@ public class Master implements LiveTServ
     
     @Override
     public long beginTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException, TException {
-      authenticate(new InstanceTokenWrapper(credentials));
+      try {
+        authenticate(new InstanceTokenWrapper(credentials));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       return fate.startTransaction();
     }
     
     @Override
     public void executeTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper c, long opid, org.apache.accumulo.core.master.thrift.TableOperation op, List<ByteBuffer> arguments,
         Map<String,String> options, boolean autoCleanup) throws ThriftSecurityException, ThriftTableOperationException, TException {
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(c);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(c);
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
 
       authenticate(itw);
       
@@ -1064,7 +1108,11 @@ public class Master implements LiveTServ
     
     @Override
     public String waitForTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials, long opid) throws ThriftSecurityException, ThriftTableOperationException, TException {
-      authenticate(new InstanceTokenWrapper(credentials));
+      try {
+        authenticate(new InstanceTokenWrapper(credentials));
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       
       TStatus status = fate.waitForCompletion(opid);
       if (status == TStatus.FAILED) {
@@ -1087,7 +1135,11 @@ public class Master implements LiveTServ
     
     @Override
     public void finishTableOperation(TInfo tinfo, ThriftInstanceTokenWrapper credentials, long opid) throws ThriftSecurityException, TException {
-      authenticate(new InstanceTokenWrapper(credentials));
+      try {
+        authenticate(new InstanceTokenWrapper(credentials));
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       fate.delete(opid);
     }
 

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Mon Jan 28 21:03:43 2013
@@ -24,7 +24,7 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.security.handler.Authenticator;
 import org.apache.accumulo.server.security.handler.Authorizor;
@@ -70,7 +70,7 @@ public class AuditedSecurityOperation ex
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean authenticateUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+  public boolean authenticateUser(InstanceTokenWrapper credentials, SecurityToken token) throws ThriftSecurityException {
     try {
       boolean result = super.authenticateUser(credentials, token);
       audit(credentials, result ? "authenticated" : "failed authentication");
@@ -138,7 +138,7 @@ public class AuditedSecurityOperation ex
    * @param bytes
    * @throws ThriftSecurityException
    */
-  public void changePassword(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+  public void changePassword(InstanceTokenWrapper credentials, SecurityToken token) throws ThriftSecurityException {
     try {
       super.changePassword(credentials, token);
       audit(credentials, "changed password for %s", token.getPrincipal());
@@ -156,7 +156,7 @@ public class AuditedSecurityOperation ex
    * @param authorizations
    * @throws ThriftSecurityException
    */
-  public void createUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token, Authorizations authorizations) throws ThriftSecurityException {
+  public void createUser(InstanceTokenWrapper credentials, SecurityToken token, Authorizations authorizations) throws ThriftSecurityException {
     try {
       super.createUser(credentials, token, authorizations);
       audit(credentials, "createUser");
@@ -326,7 +326,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException, ThriftSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, SecurityToken token) throws AccumuloSecurityException, ThriftSecurityException {
     super.initializeSecurity(credentials, token);
     log.info("Initialized root user with username: " + token.getPrincipal() + " at the request of user " + credentials.getPrincipal());
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java Mon Jan 28 21:03:43 2013
@@ -28,22 +28,25 @@ import java.util.Arrays;
 import java.util.Map.Entry;
 
 import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.security.thrift.ThriftInstanceTokenWrapper;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.master.state.TabletServerState;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
 
 public class SecurityConstants {
   private static SecurityPermission SYSTEM_CREDENTIALS_PERMISSION = new SecurityPermission("systemCredentialsPermission");
+  static Logger log = Logger.getLogger(SecurityConstants.class);
   
   public static final String SYSTEM_USERNAME = "!SYSTEM";
   private static final byte[] SYSTEM_PASSWORD = makeSystemPassword();
-  private static final AccumuloToken<?,?> systemToken = new UserPassToken(SYSTEM_USERNAME, SYSTEM_PASSWORD);
+  private static final SecurityToken systemToken = new UserPassToken(SYSTEM_USERNAME, SYSTEM_PASSWORD);
   private static final InstanceTokenWrapper systemCredentials = new InstanceTokenWrapper(systemToken, HdfsZooInstance.getInstance().getInstanceID());
   public static byte[] confChecksum = null;
   
@@ -56,7 +59,13 @@ public class SecurityConstants {
   }
   
   public static ThriftInstanceTokenWrapper getThriftSystemCredentials() {
-    return systemCredentials.toThrift();
+    try {
+      return systemCredentials.toThrift();
+    } catch (AccumuloSecurityException e) {
+      log.error("This shouldn't be happening. This is very bad.");
+      log.error(e);
+      throw new RuntimeException(e);
+    }
   }
   
   private static byte[] makeSystemPassword() {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Mon Jan 28 21:03:43 2013
@@ -30,7 +30,7 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
@@ -116,7 +116,7 @@ public class SecurityOperation {
           + " do not play nice with eachother. Please choose authentication and authorization mechanisms that are compatible with one another.");
   }
   
-  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> rootToken) throws AccumuloSecurityException, ThriftSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, SecurityToken rootToken) throws AccumuloSecurityException, ThriftSecurityException {
     authenticate(credentials);
     
     if (!credentials.getPrincipal().equals(SecurityConstants.SYSTEM_USERNAME))
@@ -173,7 +173,7 @@ public class SecurityOperation {
    * @return
    * @throws ThriftSecurityException
    */
-  public boolean authenticateUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+  public boolean authenticateUser(InstanceTokenWrapper credentials, SecurityToken token) throws ThriftSecurityException {
     canAskAboutUser(credentials, token.getPrincipal());
     // User is already authenticated from canAskAboutUser, this gets around issues with !SYSTEM user
     if (credentials.getToken().equals(token))
@@ -637,7 +637,7 @@ public class SecurityOperation {
    * @param bytes
    * @throws ThriftSecurityException
    */
-  public void changePassword(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws ThriftSecurityException {
+  public void changePassword(InstanceTokenWrapper credentials, SecurityToken token) throws ThriftSecurityException {
     if (!canChangePassword(credentials, token.getPrincipal()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
@@ -655,7 +655,7 @@ public class SecurityOperation {
    * @param authorizations
    * @throws ThriftSecurityException
    */
-  public void createUser(InstanceTokenWrapper credentials, AccumuloToken<?,?> token, Authorizations authorizations) throws ThriftSecurityException {
+  public void createUser(InstanceTokenWrapper credentials, SecurityToken token, Authorizations authorizations) throws ThriftSecurityException {
     if (!canCreateUser(credentials, token.getPrincipal()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java Mon Jan 28 21:03:43 2013
@@ -20,7 +20,7 @@ import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 
 /**
@@ -34,17 +34,17 @@ public interface Authenticator {
 
   public boolean validSecurityHandlers(Authorizor auth, PermissionHandler pm);
 
-  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> at) throws AccumuloSecurityException, ThriftSecurityException;
+  public void initializeSecurity(InstanceTokenWrapper credentials, SecurityToken at) throws AccumuloSecurityException, ThriftSecurityException;
 
-  public boolean authenticateUser(AccumuloToken<?,?> token) throws AccumuloSecurityException;
+  public boolean authenticateUser(SecurityToken token) throws AccumuloSecurityException;
   
   public Set<String> listUsers() throws AccumuloSecurityException;
   
-  public void createUser(AccumuloToken<?,?> user) throws AccumuloSecurityException;
+  public void createUser(SecurityToken user) throws AccumuloSecurityException;
   
   public void dropUser(String user) throws AccumuloSecurityException;
   
-  public void changePassword(AccumuloToken<?,?> user) throws AccumuloSecurityException;
+  public void changePassword(SecurityToken user) throws AccumuloSecurityException;
   
   public boolean userExists(String user) throws AccumuloSecurityException;
 

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java Mon Jan 28 21:03:43 2013
@@ -20,7 +20,7 @@ import java.util.Collections;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 
@@ -49,7 +49,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#initializeSecurity(org.apache.accumulo.core.security.thrift.InstanceTokenWrapper, java.lang.String, byte[])
    */
   @Override
-  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, SecurityToken token) throws AccumuloSecurityException {
     return;
   }
   
@@ -57,7 +57,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#authenticateUser(java.lang.String, java.nio.ByteBuffer, java.lang.String)
    */
   @Override
-  public boolean authenticateUser(AccumuloToken<?,?> token) {
+  public boolean authenticateUser(SecurityToken token) {
     return true;
   }
   
@@ -73,7 +73,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#createUser(java.lang.String, byte[])
    */
   @Override
-  public void createUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void createUser(SecurityToken token) throws AccumuloSecurityException {
     return;
   }
   
@@ -89,7 +89,7 @@ public class InsecureAuthenticator imple
    * @see org.apache.accumulo.server.security.handler.Authenticator#changePassword(java.lang.String, byte[])
    */
   @Override
-  public void changePassword(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void changePassword(SecurityToken token) throws AccumuloSecurityException {
     return;
   }
 

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/ZKAuthenticator.java Mon Jan 28 21:03:43 2013
@@ -23,7 +23,7 @@ import org.apache.accumulo.core.Constant
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
@@ -57,7 +57,7 @@ public final class ZKAuthenticator imple
   }
   
   @Override
-  public void initializeSecurity(InstanceTokenWrapper credentials, AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void initializeSecurity(InstanceTokenWrapper credentials, SecurityToken token) throws AccumuloSecurityException {
     if (!(token instanceof UserPassToken))
       throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
     UserPassToken upt = (UserPassToken) token;
@@ -108,7 +108,7 @@ public final class ZKAuthenticator imple
    * Creates a user with no permissions whatsoever
    */
   @Override
-  public void createUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void createUser(SecurityToken token) throws AccumuloSecurityException {
     if (!(token instanceof UserPassToken))
       throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
     UserPassToken upt = (UserPassToken) token;
@@ -146,7 +146,7 @@ public final class ZKAuthenticator imple
   }
   
   @Override
-  public void changePassword(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public void changePassword(SecurityToken token) throws AccumuloSecurityException {
     if (!(token instanceof UserPassToken))
       throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
     UserPassToken upt = (UserPassToken) token;
@@ -184,7 +184,7 @@ public final class ZKAuthenticator imple
   }
   
   @Override
-  public boolean authenticateUser(AccumuloToken<?,?> token) throws AccumuloSecurityException {
+  public boolean authenticateUser(SecurityToken token) throws AccumuloSecurityException {
     if (!(token instanceof UserPassToken))
       throw new AccumuloSecurityException("ZKAuthenticator doesn't take this token type", SecurityErrorCode.INVALID_TOKEN);
     UserPassToken upt = (UserPassToken) token;

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Mon Jan 28 21:03:43 2013
@@ -879,7 +879,12 @@ public class TabletServer extends Abstra
     @Override
     public List<TKeyExtent> bulkImport(TInfo tinfo, ThriftInstanceTokenWrapper titw, long tid, Map<TKeyExtent,Map<String,MapFileInfo>> files, boolean setTime)
         throws ThriftSecurityException {
-      InstanceTokenWrapper credentials = new InstanceTokenWrapper(titw);
+      InstanceTokenWrapper credentials;
+      try {
+        credentials = new InstanceTokenWrapper(titw);
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       if (!security.canPerformSystemActions(credentials))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
@@ -927,7 +932,6 @@ public class TabletServer extends Abstra
           if (isCancelled() || scanSession == null)
             return;
           
-          
           runState.set(ScanRunState.RUNNING);
           
           Thread.currentThread().setName(
@@ -1101,7 +1105,12 @@ public class TabletServer extends Abstra
         throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
       
       Authorizations userauths = null;
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       if (!security.canScan(itw, new String(textent.getTable())))
         throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
@@ -1255,7 +1264,12 @@ public class TabletServer extends Abstra
       for (TKeyExtent keyExtent : tbatch.keySet()) {
         tables.add(new String(keyExtent.getTable()));
       }
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       
       // check if user has permission to the tables
       Authorizations userauths = null;
@@ -1375,7 +1389,12 @@ public class TabletServer extends Abstra
     @Override
     public long startUpdate(TInfo tinfo, ThriftInstanceTokenWrapper credentials) throws ThriftSecurityException {
       // Make sure user is real
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e) {
+        throw e.asThriftException();
+      }
       
       security.authenticateUser(itw, itw.getToken());
       if (updateMetrics.isEnabled())
@@ -1649,7 +1668,12 @@ public class TabletServer extends Abstra
     @Override
     public void update(TInfo tinfo, ThriftInstanceTokenWrapper credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
         ConstraintViolationException, ThriftSecurityException {
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       if (!security.canWrite(itw, new String(tkeyExtent.getTable())))
         throw new ThriftSecurityException(itw.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       KeyExtent keyExtent = new KeyExtent(tkeyExtent);
@@ -1698,7 +1722,12 @@ public class TabletServer extends Abstra
     @Override
     public void splitTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, TKeyExtent tkeyExtent, ByteBuffer splitPoint)
         throws NotServingTabletException, ThriftSecurityException {
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       
       String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
       if (!security.canSplitTablet(itw, tableId))
@@ -1820,7 +1849,13 @@ public class TabletServer extends Abstra
     
     @Override
     public void loadTablet(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock, final TKeyExtent textent) {
-      InstanceTokenWrapper itw = new InstanceTokenWrapper(credentials);
+      InstanceTokenWrapper itw;
+      try {
+        itw = new InstanceTokenWrapper(credentials);
+      } catch (AccumuloSecurityException e1) {
+        log.error(e1, e1);
+        throw new RuntimeException(e1);
+      }
       
       try {
         checkPermission(itw, lock, true, "loadTablet");
@@ -1893,6 +1928,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       KeyExtent extent = new KeyExtent(textent);
@@ -1907,6 +1945,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       ArrayList<Tablet> tabletsToFlush = new ArrayList<Tablet>();
@@ -1944,7 +1985,11 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
+      
       Tablet tablet = onlineTablets.get(new KeyExtent(textent));
       if (tablet != null) {
         log.info("Flushing " + tablet.getExtent());
@@ -1959,7 +2004,11 @@ public class TabletServer extends Abstra
     @Override
     public void halt(TInfo tinfo, ThriftInstanceTokenWrapper credentials, String lock) throws ThriftSecurityException {
       
-      checkPermission(new InstanceTokenWrapper(credentials), lock, true, "halt");
+      try {
+        checkPermission(new InstanceTokenWrapper(credentials), lock, true, "halt");
+      } catch (AccumuloSecurityException e1) {
+        throw e1.asThriftException();
+      }
       
       Halt.halt(0, new Runnable() {
         @Override
@@ -1997,6 +2046,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       return sessionManager.getActiveScans();
@@ -2009,6 +2061,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       KeyExtent ke = new KeyExtent(textent);
@@ -2027,6 +2082,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       KeyExtent ke = new KeyExtent(new Text(tableId), ByteBufferUtil.toText(endRow), ByteBufferUtil.toText(startRow));
@@ -2115,6 +2173,9 @@ public class TabletServer extends Abstra
       } catch (ThriftSecurityException e) {
         log.error(e, e);
         throw new RuntimeException(e);
+      } catch (AccumuloSecurityException e) {
+        log.error(e, e);
+        throw new RuntimeException(e);
       }
       
       List<CompactionInfo> compactions = Compactor.getRunningCompactions();
@@ -3158,7 +3219,7 @@ public class TabletServer extends Abstra
     };
     
     SimpleTimer.getInstance().schedule(constraintTask, 0, 1000);
-
+    
     this.resourceManager = new TabletServerResourceManager(instance, fs);
     
     lastPingTime = System.currentTimeMillis();

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/VerifyTabletAssignments.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/VerifyTabletAssignments.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/VerifyTabletAssignments.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/util/VerifyTabletAssignments.java Mon Jan 28 21:03:43 2013
@@ -47,7 +47,7 @@ import org.apache.accumulo.core.data.thr
 import org.apache.accumulo.core.data.thrift.TKeyExtent;
 import org.apache.accumulo.core.data.thrift.TRange;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.tabletserver.thrift.NoSuchScanIDException;
 import org.apache.accumulo.core.tabletserver.thrift.TabletClientService;
@@ -152,7 +152,7 @@ public class VerifyTabletAssignments {
     }
   }
   
-  private static void checkTabletServer(AccumuloConfiguration conf, final AccumuloToken<?,?> token, Entry<String,List<KeyExtent>> entry,
+  private static void checkTabletServer(AccumuloConfiguration conf, final SecurityToken token, Entry<String,List<KeyExtent>> entry,
       HashSet<KeyExtent> failures)
       throws ThriftSecurityException, TException, NoSuchScanIDException {
     TabletClientService.Iface client = ThriftUtil.getTServerClient(entry.getKey(), conf);
@@ -190,8 +190,13 @@ public class VerifyTabletAssignments {
     Map<String,Map<String,String>> emptyMapSMapSS = Collections.emptyMap();
     List<IterInfo> emptyListIterInfo = Collections.emptyList();
     List<TColumn> emptyListColumn = Collections.emptyList();
-    InitialMultiScan is = client.startMultiScan(tinfo, st.toThrift(), batch, emptyListColumn, emptyListIterInfo, emptyMapSMapSS, Constants.NO_AUTHS.getAuthorizationsBB(),
-        false);
+    InitialMultiScan is;
+    try {
+      is = client.startMultiScan(tinfo, st.toThrift(), batch, emptyListColumn, emptyListIterInfo, emptyMapSMapSS, Constants.NO_AUTHS.getAuthorizationsBB(),
+          false);
+    } catch (AccumuloSecurityException e) {
+      throw e.asThriftException();
+    }
     if (is.result.more) {
       MultiScanResult result = client.continueMultiScan(tinfo, is.scanID);
       checkFailures(entry.getKey(), failures, result);

Modified: accumulo/trunk/server/src/test/java/org/apache/accumulo/server/gc/TestConfirmDeletes.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/test/java/org/apache/accumulo/server/gc/TestConfirmDeletes.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/test/java/org/apache/accumulo/server/gc/TestConfirmDeletes.java (original)
+++ accumulo/trunk/server/src/test/java/org/apache/accumulo/server/gc/TestConfirmDeletes.java Mon Jan 28 21:03:43 2013
@@ -32,7 +32,7 @@ import org.apache.accumulo.core.client.m
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
 import org.apache.accumulo.core.data.Value;
-import org.apache.accumulo.core.security.tokens.AccumuloToken;
+import org.apache.accumulo.core.security.tokens.SecurityToken;
 import org.apache.accumulo.core.security.tokens.InstanceTokenWrapper;
 import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.util.CachedConfiguration;
@@ -47,7 +47,7 @@ import org.junit.Test;
  */
 public class TestConfirmDeletes {
   
-  AccumuloToken<?,?> auth = new UserPassToken("root", ByteBuffer.wrap("".getBytes()));
+  SecurityToken auth = new UserPassToken("root", ByteBuffer.wrap("".getBytes()));
 
   SortedSet<String> newSet(String... s) {
     SortedSet<String> result = new TreeSet<String>(Arrays.asList(s));

Modified: accumulo/trunk/server/src/test/java/org/apache/accumulo/server/master/balancer/TableLoadBalancerTest.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/test/java/org/apache/accumulo/server/master/balancer/TableLoadBalancerTest.java?rev=1439632&r1=1439631&r2=1439632&view=diff
==============================================================================
--- accumulo/trunk/server/src/test/java/org/apache/accumulo/server/master/balancer/TableLoadBalancerTest.java (original)
+++ accumulo/trunk/server/src/test/java/org/apache/accumulo/server/master/balancer/TableLoadBalancerTest.java Mon Jan 28 21:03:43 2013
@@ -25,8 +25,6 @@ import java.util.Set;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
-import org.junit.Assert;
-
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.admin.TableOperations;
 import org.apache.accumulo.core.client.mock.MockInstance;
@@ -34,12 +32,14 @@ import org.apache.accumulo.core.data.Key
 import org.apache.accumulo.core.master.thrift.TableInfo;
 import org.apache.accumulo.core.master.thrift.TabletServerStatus;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.tokens.UserPassToken;
 import org.apache.accumulo.core.tabletserver.thrift.TabletStats;
 import org.apache.accumulo.core.util.AddressUtil;
 import org.apache.accumulo.server.master.state.TServerInstance;
 import org.apache.accumulo.server.master.state.TabletMigration;
 import org.apache.hadoop.io.Text;
 import org.apache.thrift.TException;
+import org.junit.Assert;
 import org.junit.Test;
 
 public class TableLoadBalancerTest {
@@ -106,7 +106,7 @@ public class TableLoadBalancerTest {
     @Override
     protected TableOperations getTableOperations() {
       try {
-        return instance.getConnector("user", "pass").tableOperations();
+        return instance.getConnector(new UserPassToken("user", "pass")).tableOperations();
       } catch (Exception e) {
         throw new RuntimeException(e);
       }
@@ -127,7 +127,7 @@ public class TableLoadBalancerTest {
   
   @Test
   public void test() throws Exception {
-    Connector c = instance.getConnector("user", "pass".getBytes());
+    Connector c = instance.getConnector(new UserPassToken("user", "pass".getBytes()));
     c.tableOperations().create("t1");
     c.tableOperations().create("t2");
     c.tableOperations().create("t3");



Mime
View raw message