accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1444337 [8/10] - in /accumulo/trunk: core/src/main/java/org/apache/accumulo/core/cli/ core/src/main/java/org/apache/accumulo/core/client/ core/src/main/java/org/apache/accumulo/core/client/admin/ core/src/main/java/org/apache/accumulo/core...
Date Sat, 09 Feb 2013 07:57:39 GMT
Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOnRequiredTable.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOnRequiredTable.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOnRequiredTable.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOnRequiredTable.java Sat Feb  9 07:57:36 2013
@@ -23,7 +23,7 @@ import org.apache.accumulo.server.client
 
 public class ClientOnRequiredTable extends org.apache.accumulo.core.cli.ClientOnRequiredTable {
   {
-    user = "root";
+    principal = "root";
   }
 
   @Override

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOpts.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOpts.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOpts.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/cli/ClientOpts.java Sat Feb  9 07:57:36 2013
@@ -24,7 +24,7 @@ import org.apache.accumulo.server.client
 public class ClientOpts extends org.apache.accumulo.core.cli.ClientOpts {
   
   {
-    user = "root";
+    principal = "root";
   }
 
   @Override

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/BulkImporter.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/BulkImporter.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/BulkImporter.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/BulkImporter.java Sat Feb  9 07:57:36 2013
@@ -51,7 +51,7 @@ import org.apache.accumulo.core.data.thr
 import org.apache.accumulo.core.file.FileOperations;
 import org.apache.accumulo.core.file.FileSKVIterator;
 import org.apache.accumulo.core.file.FileUtil;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.tabletserver.thrift.TabletClientService;
 import org.apache.accumulo.core.util.CachedConfiguration;
@@ -74,7 +74,7 @@ public class BulkImporter {
   
   private static final Logger log = Logger.getLogger(BulkImporter.class);
   
-  public static List<String> bulkLoad(AccumuloConfiguration conf, Instance instance, Credentials creds, long tid, String tableId, List<String> files,
+  public static List<String> bulkLoad(AccumuloConfiguration conf, Instance instance, Credential creds, long tid, String tableId, List<String> files,
       String errorDir, boolean setTime) throws IOException, AccumuloException, AccumuloSecurityException, ThriftTableOperationException {
     AssignmentStats stats = new BulkImporter(conf, instance, creds, tid, tableId, setTime).importFiles(files, new Path(errorDir));
     List<String> result = new ArrayList<String>();
@@ -91,13 +91,13 @@ public class BulkImporter {
   }
   
   private Instance instance;
-  private Credentials credentials;
+  private Credential credentials;
   private String tableId;
   private long tid;
   private AccumuloConfiguration acuConf;
   private boolean setTime;
   
-  public BulkImporter(AccumuloConfiguration conf, Instance instance, Credentials credentials, long tid, String tableId, boolean setTime) {
+  public BulkImporter(AccumuloConfiguration conf, Instance instance, Credential credentials, long tid, String tableId, boolean setTime) {
     this.instance = instance;
     this.credentials = credentials;
     this.tid = tid;
@@ -415,7 +415,7 @@ public class BulkImporter {
     return result;
   }
   
-  private Map<Path,List<KeyExtent>> assignMapFiles(AccumuloConfiguration acuConf, Instance instance, Configuration conf, Credentials credentials, FileSystem fs,
+  private Map<Path,List<KeyExtent>> assignMapFiles(AccumuloConfiguration acuConf, Instance instance, Configuration conf, Credential credentials, FileSystem fs,
       String tableId, Map<Path,List<TabletLocation>> assignments, Collection<Path> paths, int numThreads, int numMapThreads) {
     timer.start(Timers.EXAMINE_MAP_FILES);
     Map<Path,List<AssignmentInfo>> assignInfo = estimateSizes(acuConf, conf, fs, assignments, paths, numMapThreads);
@@ -433,10 +433,10 @@ public class BulkImporter {
   private class AssignmentTask implements Runnable {
     final Map<Path,List<KeyExtent>> assignmentFailures;
     String location;
-    Credentials credentials;
+    Credential credentials;
     private Map<KeyExtent,List<PathSize>> assignmentsPerTablet;
     
-    public AssignmentTask(Credentials credentials, Map<Path,List<KeyExtent>> assignmentFailures, String tableName, String location,
+    public AssignmentTask(Credential credentials, Map<Path,List<KeyExtent>> assignmentFailures, String tableName, String location,
         Map<KeyExtent,List<PathSize>> assignmentsPerTablet) {
       this.assignmentFailures = assignmentFailures;
       this.location = location;
@@ -497,7 +497,7 @@ public class BulkImporter {
     }
   }
   
-  private Map<Path,List<KeyExtent>> assignMapFiles(Credentials credentials, String tableName, Map<Path,List<AssignmentInfo>> assignments,
+  private Map<Path,List<KeyExtent>> assignMapFiles(Credential credentials, String tableName, Map<Path,List<AssignmentInfo>> assignments,
       Map<KeyExtent,String> locations, int numThreads) {
     
     // group assignments by tablet
@@ -575,7 +575,7 @@ public class BulkImporter {
     return assignmentFailures;
   }
   
-  private List<KeyExtent> assignMapFiles(Credentials credentials, String location, Map<KeyExtent,List<PathSize>> assignmentsPerTablet) throws AccumuloException,
+  private List<KeyExtent> assignMapFiles(Credential credentials, String location, Map<KeyExtent,List<PathSize>> assignmentsPerTablet) throws AccumuloException,
       AccumuloSecurityException {
     try {
       long timeInMillis = instance.getConfiguration().getTimeInMillis(Property.TSERV_BULK_TIMEOUT);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Sat Feb  9 07:57:36 2013
@@ -38,10 +38,9 @@ import org.apache.accumulo.core.conf.Pro
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
 import org.apache.accumulo.server.security.SecurityOperation;
@@ -90,15 +89,15 @@ public class ClientServiceHandler implem
   }
   
   @Override
-  public void ping(Credentials credentials) {
+  public void ping(Credential credentials) {
     // anybody can call this; no authentication check
     log.info("Master reports: I just got pinged!");
   }
   
   @Override
-  public boolean authenticateUser(TInfo tinfo, Credentials credentials, String principal, ByteBuffer token) throws ThriftSecurityException {
+  public boolean authenticateUser(TInfo tinfo, Credential credentials, Credential toAuth) throws ThriftSecurityException {
     try {
-      return security.authenticateUser(credentials, principal, ByteBufferUtil.toBytes(token));
+      return security.authenticateUser(credentials, toAuth);
     } catch (ThriftSecurityException e) {
       log.error(e);
       throw e;
@@ -106,69 +105,69 @@ public class ClientServiceHandler implem
   }
   
   @Override
-  public void changeAuthorizations(TInfo tinfo, Credentials credentials, String user, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+  public void changeAuthorizations(TInfo tinfo, Credential credentials, String user, List<ByteBuffer> authorizations) throws ThriftSecurityException {
     security.changeAuthorizations(credentials, user, new Authorizations(authorizations));
   }
   
   @Override
-  public void changePassword(TInfo tinfo, Credentials credentials, String principal, ByteBuffer token) throws ThriftSecurityException {
-    security.changePassword(credentials, principal, ByteBufferUtil.toBytes(token));
+  public void changePassword(TInfo tinfo, Credential credentials, Credential toChange) throws ThriftSecurityException {
+    security.changePassword(credentials, toChange);
   }
   
   @Override
-  public void createUser(TInfo tinfo, Credentials credentials, String principal, ByteBuffer token, List<ByteBuffer> authorizations)
+  public void createUser(TInfo tinfo, Credential credentials, Credential newUser, List<ByteBuffer> authorizations)
       throws ThriftSecurityException {
-    security.createUser(credentials, principal, ByteBufferUtil.toBytes(token), new Authorizations(authorizations));
+    security.createUser(credentials, newUser, new Authorizations(authorizations));
   }
   
   @Override
-  public void dropUser(TInfo tinfo, Credentials credentials, String user) throws ThriftSecurityException {
+  public void dropUser(TInfo tinfo, Credential credentials, String user) throws ThriftSecurityException {
     security.dropUser(credentials, user);
   }
   
   @Override
-  public List<ByteBuffer> getUserAuthorizations(TInfo tinfo, Credentials credentials, String user) throws ThriftSecurityException {
+  public List<ByteBuffer> getUserAuthorizations(TInfo tinfo, Credential credentials, String user) throws ThriftSecurityException {
     return security.getUserAuthorizations(credentials, user).getAuthorizationsBB();
   }
   
   @Override
-  public void grantSystemPermission(TInfo tinfo, Credentials credentials, String user, byte permission) throws ThriftSecurityException {
+  public void grantSystemPermission(TInfo tinfo, Credential credentials, String user, byte permission) throws ThriftSecurityException {
     security.grantSystemPermission(credentials, user, SystemPermission.getPermissionById(permission));
   }
   
   @Override
-  public void grantTablePermission(TInfo tinfo, Credentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
+  public void grantTablePermission(TInfo tinfo, Credential credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
       ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
     security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
   }
   
   @Override
-  public void revokeSystemPermission(TInfo tinfo, Credentials credentials, String user, byte permission) throws ThriftSecurityException {
+  public void revokeSystemPermission(TInfo tinfo, Credential credentials, String user, byte permission) throws ThriftSecurityException {
     security.revokeSystemPermission(credentials, user, SystemPermission.getPermissionById(permission));
   }
   
   @Override
-  public void revokeTablePermission(TInfo tinfo, Credentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
+  public void revokeTablePermission(TInfo tinfo, Credential credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
       ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
     security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
   }
   
   @Override
-  public boolean hasSystemPermission(TInfo tinfo, Credentials credentials, String user, byte sysPerm) throws ThriftSecurityException {
+  public boolean hasSystemPermission(TInfo tinfo, Credential credentials, String user, byte sysPerm) throws ThriftSecurityException {
     return security.hasSystemPermission(credentials, user, SystemPermission.getPermissionById(sysPerm));
   }
   
   @Override
-  public boolean hasTablePermission(TInfo tinfo, Credentials credentials, String user, String tableName, byte tblPerm) throws ThriftSecurityException,
+  public boolean hasTablePermission(TInfo tinfo, Credential credentials, String user, String tableName, byte tblPerm) throws ThriftSecurityException,
       ThriftTableOperationException {
     String tableId = checkTableId(tableName, TableOperation.PERMISSION);
     return security.hasTablePermission(credentials, user, tableId, TablePermission.getPermissionById(tblPerm));
   }
   
   @Override
-  public Set<String> listUsers(TInfo tinfo, Credentials credentials) throws ThriftSecurityException {
+  public Set<String> listUsers(TInfo tinfo, Credential credentials) throws ThriftSecurityException {
     return security.listUsers(credentials);
   }
   
@@ -202,10 +201,10 @@ public class ClientServiceHandler implem
   }
   
   @Override
-  public List<String> bulkImportFiles(TInfo tinfo, final Credentials tikw, final long tid, final String tableId, final List<String> files,
+  public List<String> bulkImportFiles(TInfo tinfo, final Credential tikw, final long tid, final String tableId, final List<String> files,
       final String errorDir, final boolean setTime) throws ThriftSecurityException, ThriftTableOperationException, TException {
     try {
-      final Credentials credentials = new Credentials(tikw);
+      final Credential credentials = new Credential(tikw);
       if (!security.hasSystemPermission(credentials, credentials.getPrincipal(), SystemPermission.SYSTEM))
         throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       return transactionWatcher.run(Constants.BULK_ARBITRATOR_TYPE, tid, new Callable<List<String>>() {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java Sat Feb  9 07:57:36 2013
@@ -32,8 +32,12 @@ import org.apache.accumulo.core.client.i
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.master.thrift.MasterClientService.Client;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.CredentialHelper;
+import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.thrift.tokens.PasswordToken;
+import org.apache.accumulo.core.security.thrift.tokens.SecurityToken;
 import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.core.util.OpTimer;
 import org.apache.accumulo.core.util.StringUtil;
@@ -144,18 +148,27 @@ public class HdfsZooInstance implements 
     return (int) ServerConfiguration.getSiteConfiguration().getTimeInMillis(Property.INSTANCE_ZK_TIMEOUT);
   }
   
+  @Override
+  // Not really deprecated, just not for client use
+  public Connector getConnector(String principal, SecurityToken token) throws AccumuloException, AccumuloSecurityException {
+    return getConnector(CredentialHelper.create(principal, token, getInstanceID()));
+  }
+  
   @SuppressWarnings("deprecation")
+  public Connector getConnector(Credential cred) throws AccumuloException, AccumuloSecurityException {
+    return new ConnectorImpl(this, cred);
+  }
+  
   @Override
   // Not really deprecated, just not for client use
   public Connector getConnector(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException {
-    return new ConnectorImpl(this, user, pass);
+    return getConnector(user, new PasswordToken().setPassword(pass));
   }
   
-  @SuppressWarnings("deprecation")
   @Override
   // Not really deprecated, just not for client use
   public Connector getConnector(String user, ByteBuffer pass) throws AccumuloException, AccumuloSecurityException {
-    return new ConnectorImpl(this, user, ByteBufferUtil.toBytes(pass));
+    return getConnector(user, ByteBufferUtil.toBytes(pass));
   }
   
   @Override
@@ -186,8 +199,8 @@ public class HdfsZooInstance implements 
   }
   
   @Override
-  public Connector getConnector(Credentials auth) throws AccumuloException, AccumuloSecurityException {
-    return getConnector(auth.getPrincipal(), auth.getToken());
+  public Connector getConnector(AuthInfo auth) throws AccumuloException, AccumuloSecurityException {
+    return getConnector(auth.user, auth.getPassword());
   }
   
   @Override

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java Sat Feb  9 07:57:36 2013
@@ -58,8 +58,9 @@ import org.apache.accumulo.core.gc.thrif
 import org.apache.accumulo.core.gc.thrift.GCStatus;
 import org.apache.accumulo.core.gc.thrift.GcCycleStats;
 import org.apache.accumulo.core.master.state.tables.TableState;
+import org.apache.accumulo.core.security.CredentialHelper;
 import org.apache.accumulo.core.security.SecurityUtil;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.util.CachedConfiguration;
 import org.apache.accumulo.core.util.NamingThreadFactory;
 import org.apache.accumulo.core.util.ServerServices;
@@ -119,7 +120,7 @@ public class SimpleGarbageCollector impl
   
   private static final Logger log = Logger.getLogger(SimpleGarbageCollector.class);
     
-  private Credentials credentials;
+  private Credential credentials;
   private long gcStartDelay;
   private boolean checkForBulkProcessingFiles;
   private FileSystem fs;
@@ -179,7 +180,7 @@ public class SimpleGarbageCollector impl
     this.address = address;
   }
 
-  public void init(FileSystem fs, Instance instance, Credentials credentials, boolean noTrash) throws IOException {
+  public void init(FileSystem fs, Instance instance, Credential credentials, boolean noTrash) throws IOException {
     this.fs = TraceFileSystem.wrap(fs);
     this.credentials = credentials;
     this.instance = instance;
@@ -434,7 +435,7 @@ public class SimpleGarbageCollector impl
       return candidates;
     }
     
-    Scanner scanner = instance.getConnector(credentials.getPrincipal(), credentials.getToken()).createScanner(Constants.METADATA_TABLE_NAME, Constants.NO_AUTHS);
+    Scanner scanner = instance.getConnector(credentials.getPrincipal(), CredentialHelper.extractToken(credentials)).createScanner(Constants.METADATA_TABLE_NAME, Constants.NO_AUTHS);
 
     if (continueKey != null) {
       // want to ensure GC makes progress... if the 1st N deletes are stable and we keep processing them, then will never inspect deletes after N
@@ -482,7 +483,7 @@ public class SimpleGarbageCollector impl
       }
     } else {
       try {
-        scanner = new IsolatedScanner(instance.getConnector(credentials.getPrincipal(), credentials.getToken()).createScanner(Constants.METADATA_TABLE_NAME, Constants.NO_AUTHS));
+        scanner = new IsolatedScanner(instance.getConnector(credentials.getPrincipal(), CredentialHelper.extractToken(credentials)).createScanner(Constants.METADATA_TABLE_NAME, Constants.NO_AUTHS));
       } catch (AccumuloSecurityException ex) {
         throw new AccumuloException(ex);
       } catch (TableNotFoundException ex) {
@@ -699,7 +700,7 @@ public class SimpleGarbageCollector impl
   }
   
   @Override
-  public GCStatus getStatus(TInfo info, Credentials credentials) {
+  public GCStatus getStatus(TInfo info, Credential credentials) {
     return status;
   }
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java Sat Feb  9 07:57:36 2013
@@ -78,8 +78,8 @@ import org.apache.accumulo.core.master.t
 import org.apache.accumulo.core.master.thrift.TabletServerStatus;
 import org.apache.accumulo.core.master.thrift.TabletSplit;
 import org.apache.accumulo.core.security.SecurityUtil;
-import org.apache.accumulo.core.security.thrift.Credentials;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.util.ByteBufferUtil;
 import org.apache.accumulo.core.util.CachedConfiguration;
@@ -480,7 +480,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public long initiateFlush(TInfo tinfo, Credentials c, String tableId) throws ThriftSecurityException, ThriftTableOperationException, TException {
+    public long initiateFlush(TInfo tinfo, Credential c, String tableId) throws ThriftSecurityException, ThriftTableOperationException, TException {
       security.canFlush(c, tableId);
       
       String zTablePath = Constants.ZROOT + "/" + getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
@@ -507,7 +507,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void waitForFlush(TInfo tinfo, Credentials c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
+    public void waitForFlush(TInfo tinfo, Credential c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
         throws ThriftSecurityException, ThriftTableOperationException, TException {
       security.canFlush(c, tableId);
       
@@ -618,7 +618,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public MasterMonitorInfo getMasterStats(TInfo info, Credentials credentials) throws ThriftSecurityException, TException {
+    public MasterMonitorInfo getMasterStats(TInfo info, Credential credentials) throws ThriftSecurityException, TException {
       final MasterMonitorInfo result = new MasterMonitorInfo();
       
       result.tServerInfo = new ArrayList<TabletServerStatus>();
@@ -651,7 +651,7 @@ public class Master implements LiveTServ
       return result;
     }
     
-    private void alterTableProperty(Credentials c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
+    private void alterTableProperty(Credential c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
         ThriftTableOperationException {
       final String tableId = checkTableId(tableName, op);
       if (!security.canAlterTable(c, tableId))
@@ -670,25 +670,25 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void removeTableProperty(TInfo info, Credentials credentials, String tableName, String property) throws ThriftSecurityException,
+    public void removeTableProperty(TInfo info, Credential credentials, String tableName, String property) throws ThriftSecurityException,
         ThriftTableOperationException, TException {
       alterTableProperty(credentials, tableName, property, null, TableOperation.REMOVE_PROPERTY);
     }
     
     @Override
-    public void setTableProperty(TInfo info, Credentials credentials, String tableName, String property, String value) throws ThriftSecurityException,
+    public void setTableProperty(TInfo info, Credential credentials, String tableName, String property, String value) throws ThriftSecurityException,
         ThriftTableOperationException, TException {
       alterTableProperty(credentials, tableName, property, value, TableOperation.SET_PROPERTY);
     }
     
     @Override
-    public void shutdown(TInfo info, Credentials c, boolean stopTabletServers) throws ThriftSecurityException, TException {
+    public void shutdown(TInfo info, Credential c, boolean stopTabletServers) throws ThriftSecurityException, TException {
       security.canPerformSystemActions(c);
       Master.this.shutdown(stopTabletServers);
     }
     
     @Override
-    public void shutdownTabletServer(TInfo info, Credentials c, String tabletServer, boolean force) throws ThriftSecurityException, TException {
+    public void shutdownTabletServer(TInfo info, Credential c, String tabletServer, boolean force) throws ThriftSecurityException, TException {
       security.canPerformSystemActions(c);
       
       final InetSocketAddress addr = AddressUtil.parseAddress(tabletServer, Property.TSERV_CLIENTPORT);
@@ -709,7 +709,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void reportSplitExtent(TInfo info, Credentials credentials, String serverName, TabletSplit split) throws TException {
+    public void reportSplitExtent(TInfo info, Credential credentials, String serverName, TabletSplit split) throws TException {
       if (migrations.remove(new KeyExtent(split.oldTablet)) != null) {
         log.info("Canceled migration of " + split.oldTablet);
       }
@@ -723,7 +723,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void reportTabletStatus(TInfo info, Credentials credentials, String serverName, TabletLoadState status, TKeyExtent ttablet) throws TException {
+    public void reportTabletStatus(TInfo info, Credential credentials, String serverName, TabletLoadState status, TKeyExtent ttablet) throws TException {
       KeyExtent tablet = new KeyExtent(ttablet);
       
       switch (status) {
@@ -751,7 +751,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void setMasterGoalState(TInfo info, Credentials c, MasterGoalState state) throws ThriftSecurityException, TException {
+    public void setMasterGoalState(TInfo info, Credential c, MasterGoalState state) throws ThriftSecurityException, TException {
       security.canPerformSystemActions(c);
       
       Master.this.setMasterGoalState(state);
@@ -768,7 +768,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void removeSystemProperty(TInfo info, Credentials c, String property) throws ThriftSecurityException, TException {
+    public void removeSystemProperty(TInfo info, Credential c, String property) throws ThriftSecurityException, TException {
       security.canPerformSystemActions(c);
       
       try {
@@ -781,7 +781,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void setSystemProperty(TInfo info, Credentials c, String property, String value) throws ThriftSecurityException, TException {
+    public void setSystemProperty(TInfo info, Credential c, String property, String value) throws ThriftSecurityException, TException {
       security.canPerformSystemActions(c);
       
       try {
@@ -793,20 +793,20 @@ public class Master implements LiveTServ
       }
     }
     
-    private void authenticate(Credentials c) throws ThriftSecurityException {
-      if (!security.authenticateUser(c, c.getPrincipal(), c.getToken()))
+    private void authenticate(Credential c) throws ThriftSecurityException {
+      if (!security.authenticateUser(c, c))
         throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
       
     }
     
     @Override
-    public long beginTableOperation(TInfo tinfo, Credentials credentials) throws ThriftSecurityException, TException {
+    public long beginTableOperation(TInfo tinfo, Credential credentials) throws ThriftSecurityException, TException {
       authenticate(credentials);
       return fate.startTransaction();
     }
     
     @Override
-    public void executeTableOperation(TInfo tinfo, Credentials c, long opid, org.apache.accumulo.core.master.thrift.TableOperation op,
+    public void executeTableOperation(TInfo tinfo, Credential c, long opid, org.apache.accumulo.core.master.thrift.TableOperation op,
         List<ByteBuffer> arguments, Map<String,String> options, boolean autoCleanup) throws ThriftSecurityException, ThriftTableOperationException, TException {
       authenticate(c);
       
@@ -1008,7 +1008,7 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public String waitForTableOperation(TInfo tinfo, Credentials credentials, long opid) throws ThriftSecurityException, ThriftTableOperationException,
+    public String waitForTableOperation(TInfo tinfo, Credential credentials, long opid) throws ThriftSecurityException, ThriftTableOperationException,
         TException {
       authenticate(credentials);
       
@@ -1032,14 +1032,14 @@ public class Master implements LiveTServ
     }
     
     @Override
-    public void finishTableOperation(TInfo tinfo, Credentials credentials, long opid) throws ThriftSecurityException, TException {
+    public void finishTableOperation(TInfo tinfo, Credential credentials, long opid) throws ThriftSecurityException, TException {
       authenticate(credentials);
       fate.delete(opid);
     }
     
     @Override
     public String getAuthenticatorClassName() throws TException {
-      return security.getAuthorizorName();
+      return security.getTokenLoginClass();
     }
   }
   
@@ -2112,7 +2112,7 @@ public class Master implements LiveTServ
       }
     });
     
-    Credentials systemAuths = SecurityConstants.getSystemCredentials();
+    Credential systemAuths = SecurityConstants.getSystemCredentials();
     final TabletStateStore stores[] = {new ZooTabletStateStore(new ZooStore(zroot)), new RootTabletStateStore(instance, systemAuths, this),
         new MetaDataStateStore(instance, systemAuths, this)};
     watchers.add(new TabletGroupWatcher(stores[2], null));

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java Sat Feb  9 07:57:36 2013
@@ -27,7 +27,8 @@ import org.apache.accumulo.core.client.I
 import org.apache.accumulo.core.client.MutationsRejectedException;
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.data.Mutation;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.CredentialHelper;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.hadoop.io.Text;
@@ -41,9 +42,9 @@ public class MetaDataStateStore extends 
   
   final protected Instance instance;
   final protected CurrentState state;
-  final protected Credentials auths;
+  final protected Credential auths;
   
-  public MetaDataStateStore(Instance instance, Credentials auths, CurrentState state) {
+  public MetaDataStateStore(Instance instance, Credential auths, CurrentState state) {
     this.instance = instance;
     this.state = state;
     this.auths = auths;
@@ -82,7 +83,7 @@ public class MetaDataStateStore extends 
   
   BatchWriter createBatchWriter() {
     try {
-      return instance.getConnector(auths.getPrincipal(), auths.getToken()).createBatchWriter(Constants.METADATA_TABLE_NAME,
+      return instance.getConnector(auths.getPrincipal(), CredentialHelper.extractToken(auths)).createBatchWriter(Constants.METADATA_TABLE_NAME,
           new BatchWriterConfig().setMaxMemory(MAX_MEMORY).setMaxLatency(LATENCY, TimeUnit.MILLISECONDS).setMaxWriteThreads(THREADS));
     } catch (TableNotFoundException e) {
       // ya, I don't think so

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataTableScanner.java Sat Feb  9 07:57:36 2013
@@ -40,7 +40,8 @@ import org.apache.accumulo.core.data.Key
 import org.apache.accumulo.core.data.Range;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.iterators.user.WholeRowIterator;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.CredentialHelper;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.hadoop.io.Text;
 import org.apache.log4j.Logger;
 
@@ -50,10 +51,10 @@ public class MetaDataTableScanner implem
   BatchScanner mdScanner;
   Iterator<Entry<Key,Value>> iter;
   
-  public MetaDataTableScanner(Instance instance, Credentials auths, Range range, CurrentState state) {
+  public MetaDataTableScanner(Instance instance, Credential auths, Range range, CurrentState state) {
     // scan over metadata table, looking for tablets in the wrong state based on the live servers and online tables
     try {
-      Connector connector = instance.getConnector(auths.getPrincipal(), auths.getToken());
+      Connector connector = instance.getConnector(auths.getPrincipal(), CredentialHelper.extractToken(auths));
       mdScanner = connector.createBatchScanner(Constants.METADATA_TABLE_NAME, Constants.NO_AUTHS, 8);
       configureScanner(mdScanner, state);
       mdScanner.setRanges(Collections.singletonList(range));
@@ -80,7 +81,7 @@ public class MetaDataTableScanner implem
     scanner.addScanIterator(tabletChange);
   }
   
-  public MetaDataTableScanner(Instance instance, Credentials auths, Range range) {
+  public MetaDataTableScanner(Instance instance, Credential auths, Range range) {
     this(instance, auths, range, null);
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/state/RootTabletStateStore.java Sat Feb  9 07:57:36 2013
@@ -20,11 +20,11 @@ import java.util.Iterator;
 
 import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.client.Instance;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 
 public class RootTabletStateStore extends MetaDataStateStore {
   
-  public RootTabletStateStore(Instance instance, Credentials auths, CurrentState state) {
+  public RootTabletStateStore(Instance instance, Credential auths, CurrentState state) {
     super(instance, auths, state);
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/metanalysis/IndexMeta.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/metanalysis/IndexMeta.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/metanalysis/IndexMeta.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/metanalysis/IndexMeta.java Sat Feb  9 07:57:36 2013
@@ -145,7 +145,7 @@ public class IndexMeta extends Configure
     
     job.setOutputFormatClass(AccumuloOutputFormat.class);
     AccumuloOutputFormat.setZooKeeperInstance(job, opts.instance, opts.zookeepers);
-    AccumuloOutputFormat.setConnectorInfo(job, opts.user, opts.getPassword());
+    AccumuloOutputFormat.setConnectorInfo(job, opts.principal, opts.getToken());
     AccumuloOutputFormat.setCreateTables(job, false);
     
     job.setMapperClass(IndexMapper.class);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Sat Feb  9 07:57:36 2013
@@ -23,7 +23,7 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.server.security.handler.Authenticator;
 import org.apache.accumulo.server.security.handler.Authorizor;
@@ -49,18 +49,18 @@ public class AuditedSecurityOperation ex
     return instance;
   }
   
-  private void audit(Credentials credentials, ThriftSecurityException ex, String template, Object... args) {
+  private void audit(Credential credentials, ThriftSecurityException ex, String template, Object... args) {
     log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.getPrincipal() + ": " + String.format(template, args));
   }
   
-  private void audit(Credentials credentials, String template, Object... args) {
+  private void audit(Credential credentials, String template, Object... args) {
     log.log(AuditLevel.AUDIT, "Using credentials " + credentials.getPrincipal() + ": " + String.format(template, args));
   }
   
   @Override
-  public boolean authenticateUser(Credentials credentials, String principal, byte[] token) throws ThriftSecurityException {
+  public boolean authenticateUser(Credential credentials, Credential toAuth) throws ThriftSecurityException {
     try {
-      boolean result = super.authenticateUser(credentials, principal, token);
+      boolean result = super.authenticateUser(credentials, toAuth);
       audit(credentials, result ? "authenticated" : "failed authentication");
       return result;
     } catch (ThriftSecurityException ex) {
@@ -71,7 +71,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public Authorizations getUserAuthorizations(Credentials credentials, String user) throws ThriftSecurityException {
+  public Authorizations getUserAuthorizations(Credential credentials, String user) throws ThriftSecurityException {
     try {
       Authorizations result = super.getUserAuthorizations(credentials, user);
       audit(credentials, "got authorizations for %s", user);
@@ -85,7 +85,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public Authorizations getUserAuthorizations(Credentials credentials) throws ThriftSecurityException {
+  public Authorizations getUserAuthorizations(Credential credentials) throws ThriftSecurityException {
     try {
       return getUserAuthorizations(credentials, credentials.getPrincipal());
     } catch (ThriftSecurityException ex) {
@@ -95,7 +95,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void changeAuthorizations(Credentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
+  public void changeAuthorizations(Credential credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     try {
       super.changeAuthorizations(credentials, user, authorizations);
       audit(credentials, "changed authorizations for %s to %s", user, authorizations);
@@ -107,31 +107,31 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void changePassword(Credentials credentials, String principal, byte[] token) throws ThriftSecurityException {
+  public void changePassword(Credential credentials, Credential newInfo) throws ThriftSecurityException {
     try {
-      super.changePassword(credentials, principal, token);
-      audit(credentials, "changed password for %s", principal);
+      super.changePassword(credentials, newInfo);
+      audit(credentials, "changed password for %s", newInfo.getPrincipal());
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "changing password for %s", principal);
+      audit(credentials, ex, "changing password for %s", newInfo.getPrincipal());
       log.debug(ex);
       throw ex;
     }
   }
   
   @Override
-  public void createUser(Credentials credentials, String principal, byte[] token, Authorizations authorizations) throws ThriftSecurityException {
+  public void createUser(Credential credentials, Credential newUser, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      super.createUser(credentials, principal, token, authorizations);
+      super.createUser(credentials, newUser, authorizations);
       audit(credentials, "createUser");
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "createUser %s", principal);
+      audit(credentials, ex, "createUser %s", newUser.getPrincipal());
       log.debug(ex);
       throw ex;
     }
   }
   
   @Override
-  public void dropUser(Credentials credentials, String user) throws ThriftSecurityException {
+  public void dropUser(Credential credentials, String user) throws ThriftSecurityException {
     try {
       super.dropUser(credentials, user);
       audit(credentials, "dropUser");
@@ -143,7 +143,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void grantSystemPermission(Credentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public void grantSystemPermission(Credential credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
       super.grantSystemPermission(credentials, user, permission);
       audit(credentials, "granted permission %s for %s", permission, user);
@@ -155,7 +155,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void grantTablePermission(Credentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public void grantTablePermission(Credential credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
       super.grantTablePermission(credentials, user, table, permission);
       audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
@@ -167,7 +167,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void revokeSystemPermission(Credentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public void revokeSystemPermission(Credential credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
       super.revokeSystemPermission(credentials, user, permission);
       audit(credentials, "revoked permission %s for %s", permission, user);
@@ -179,7 +179,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void revokeTablePermission(Credentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public void revokeTablePermission(Credential credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
       super.revokeTablePermission(credentials, user, table, permission);
       audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
@@ -191,7 +191,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public boolean hasSystemPermission(Credentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public boolean hasSystemPermission(Credential credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
       boolean result = super.hasSystemPermission(credentials, user, permission);
       audit(credentials, "checked permission %s on %s", permission, user);
@@ -204,7 +204,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public boolean hasTablePermission(Credentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public boolean hasTablePermission(Credential credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
     try {
       boolean result = super.hasTablePermission(credentials, user, table, permission);
       audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
@@ -217,7 +217,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public Set<String> listUsers(Credentials credentials) throws ThriftSecurityException {
+  public Set<String> listUsers(Credential credentials) throws ThriftSecurityException {
     try {
       Set<String> result = super.listUsers(credentials);
       audit(credentials, "listUsers");
@@ -230,7 +230,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void deleteTable(Credentials credentials, String table) throws ThriftSecurityException {
+  public void deleteTable(Credential credentials, String table) throws ThriftSecurityException {
     try {
       super.deleteTable(credentials, table);
       audit(credentials, "deleted table %s", table);
@@ -242,7 +242,7 @@ public class AuditedSecurityOperation ex
   }
   
   @Override
-  public void initializeSecurity(Credentials credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
+  public void initializeSecurity(Credential credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
     super.initializeSecurity(credentials, principal, token);
     log.info("Initialized root user with username: " + principal + " at the request of user " + credentials.getPrincipal());
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java Sat Feb  9 07:57:36 2013
@@ -16,24 +16,22 @@
  */
 package org.apache.accumulo.server.security;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
 import java.io.DataOutputStream;
 import java.io.IOException;
-import java.nio.ByteBuffer;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecurityPermission;
-import java.util.Arrays;
 import java.util.Map.Entry;
 
 import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.conf.Property;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.CredentialHelper;
+import org.apache.accumulo.core.security.thrift.Credential;
+import org.apache.accumulo.core.security.thrift.tokens.PasswordToken;
+import org.apache.accumulo.core.security.thrift.tokens.SecurityToken;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.conf.ServerConfiguration;
-import org.apache.accumulo.server.master.state.TabletServerState;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
@@ -42,15 +40,15 @@ public class SecurityConstants {
   static Logger log = Logger.getLogger(SecurityConstants.class);
   
   public static final String SYSTEM_PRINCIPAL = "!SYSTEM";
-  private static final byte[] SYSTEM_TOKEN = makeSystemPassword();
-  private static final Credentials systemCredentials = new Credentials(SYSTEM_PRINCIPAL, ByteBuffer.wrap(SYSTEM_TOKEN), HdfsZooInstance.getInstance().getInstanceID());
+  private static final SecurityToken SYSTEM_TOKEN = makeSystemPassword();
+  private static final Credential systemCredentials = CredentialHelper.createSquelchError(SYSTEM_PRINCIPAL, SYSTEM_TOKEN, HdfsZooInstance.getInstance().getInstanceID());
   public static byte[] confChecksum = null;
   
-  public static byte[] getSystemToken() {
+  public static SecurityToken getSystemToken() {
     return SYSTEM_TOKEN;
   }
   
-  public static Credentials getSystemCredentials() {
+  public static Credential getSystemCredentials() {
     SecurityManager sm = System.getSecurityManager();
     if (sm != null) {
       sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION);
@@ -58,7 +56,7 @@ public class SecurityConstants {
     return systemCredentials;
   }
 
-  private static byte[] makeSystemPassword() {
+  private static SecurityToken makeSystemPassword() {
     int wireVersion = Constants.WIRE_VERSION;
     byte[] inst = HdfsZooInstance.getInstance().getInstanceID().getBytes(Constants.UTF8);
     try {
@@ -80,51 +78,7 @@ public class SecurityConstants {
       // ByteArrayOutputStream; crash hard
       // if this happens
     }
-    return Base64.encodeBase64(bytes.toByteArray());
-  }
-  
-  /**
-   * Compare a byte array to the system password.
-   * 
-   * @return RESERVED if the passwords match, otherwise a state that describes the failure state
-   */
-  public static TabletServerState compareSystemPassword(byte[] base64encodedPassword) {
-    if (Arrays.equals(SYSTEM_TOKEN, base64encodedPassword))
-      return TabletServerState.RESERVED;
-    
-    // parse to determine why
-    byte[] decodedPassword = Base64.decodeBase64(base64encodedPassword);
-    boolean versionFails, instanceFails, confFails;
-    
-    ByteArrayInputStream bytes = new ByteArrayInputStream(decodedPassword);
-    DataInputStream in = new DataInputStream(bytes);
-    try {
-      versionFails = in.readInt() * -1 != Constants.WIRE_VERSION;
-      byte[] buff = new byte[in.readInt()];
-      in.readFully(buff);
-      instanceFails = !Arrays.equals(buff, HdfsZooInstance.getInstance().getInstanceID().getBytes(Constants.UTF8));
-      buff = new byte[in.readInt()];
-      in.readFully(buff);
-      confFails = !Arrays.equals(buff, getSystemConfigChecksum());
-      if (in.available() > 0)
-        throw new IOException();
-    } catch (IOException e) {
-      return TabletServerState.BAD_SYSTEM_PASSWORD;
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException("Failed to compare system password", e);
-    }
-    
-    // to be fair, I wanted to do this as one big return statement with
-    // nested ternary conditionals, but
-    // this is more readable; no fun :/
-    if (versionFails) {
-      if (instanceFails)
-        return confFails ? TabletServerState.BAD_VERSION_AND_INSTANCE_AND_CONFIG : TabletServerState.BAD_VERSION_AND_INSTANCE;
-      return confFails ? TabletServerState.BAD_VERSION_AND_CONFIG : TabletServerState.BAD_VERSION;
-    }
-    if (instanceFails)
-      return confFails ? TabletServerState.BAD_INSTANCE_AND_CONFIG : TabletServerState.BAD_INSTANCE;
-    return confFails ? TabletServerState.BAD_CONFIG : TabletServerState.BAD_SYSTEM_PASSWORD;
+    return new PasswordToken().setPassword(Base64.encodeBase64(bytes.toByteArray()));
   }
   
   private static byte[] getSystemConfigChecksum() throws NoSuchAlgorithmException {

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Sat Feb  9 07:57:36 2013
@@ -25,11 +25,13 @@ import org.apache.accumulo.core.client.a
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.core.security.CredentialHelper;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.thrift.tokens.SecurityToken;
 import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.security.handler.Authenticator;
@@ -114,7 +116,7 @@ public class SecurityOperation {
           + " do not play nice with eachother. Please choose authentication and authorization mechanisms that are compatible with one another.");
   }
   
-  public void initializeSecurity(Credentials credentials, String rootPrincipal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
+  public void initializeSecurity(Credential credentials, String rootPrincipal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
     authenticate(credentials);
     
     if (!credentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL))
@@ -137,7 +139,7 @@ public class SecurityOperation {
     return rootUserName;
   }
   
-  private void authenticate(Credentials credentials) throws ThriftSecurityException {
+  private void authenticate(Credential credentials) throws ThriftSecurityException {
     if (!credentials.getInstanceId().equals(HdfsZooInstance.getInstance().getInstanceID()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);
     
@@ -148,7 +150,8 @@ public class SecurityOperation {
     }
     
     try {
-      if (!authenticator.authenticateUser(credentials.getPrincipal(), credentials.getToken())) {
+      SecurityToken token = reassembleToken(credentials);
+      if (!authenticator.authenticateUser(credentials.getPrincipal(), token)) {
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
       }
     } catch (AccumuloSecurityException e) {
@@ -157,26 +160,40 @@ public class SecurityOperation {
     }
   }
   
-  public boolean canAskAboutUser(Credentials credentials, String user) throws ThriftSecurityException {
+  public boolean canAskAboutUser(Credential credentials, String user) throws ThriftSecurityException {
     // Authentication done in canPerformSystemActions
     if (!(canPerformSystemActions(credentials) || credentials.getPrincipal().equals(user)))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return true;
   }
   
-  public boolean authenticateUser(Credentials credentials, String principal, byte[] token) throws ThriftSecurityException {
-    canAskAboutUser(credentials, principal);
+  public boolean authenticateUser(Credential credentials, Credential toAuth) throws ThriftSecurityException {
+    canAskAboutUser(credentials, toAuth.getPrincipal());
     // User is already authenticated from canAskAboutUser, this gets around issues with !SYSTEM user
-    if (credentials.getToken().equals(token))
+    if (credentials.equals(toAuth))
       return true;
     try {
-      return authenticator.authenticateUser(principal, token);
+      SecurityToken token = reassembleToken(toAuth);
+      return authenticator.authenticateUser(toAuth.getPrincipal(), token);
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     }
   }
   
-  public Authorizations getUserAuthorizations(Credentials credentials, String user) throws ThriftSecurityException {
+  /**
+   * @param toAuth
+   * @return
+   * @throws AccumuloSecurityException 
+   */
+  private SecurityToken reassembleToken(Credential toAuth) throws AccumuloSecurityException {
+    String tokenClass = toAuth.getTokenClass();
+    if (authenticator.validTokenClass(tokenClass)) {
+      return CredentialHelper.extractToken(toAuth);
+    }
+    throw new AccumuloSecurityException(toAuth.getPrincipal(), SecurityErrorCode.INVALID_TOKEN);
+  }
+
+  public Authorizations getUserAuthorizations(Credential credentials, String user) throws ThriftSecurityException {
     authenticate(credentials);
     
     targetUserExists(user);
@@ -195,7 +212,7 @@ public class SecurityOperation {
     }
   }
   
-  public Authorizations getUserAuthorizations(Credentials credentials) throws ThriftSecurityException {
+  public Authorizations getUserAuthorizations(Credential credentials) throws ThriftSecurityException {
     return getUserAuthorizations(credentials, credentials.getPrincipal());
   }
   
@@ -245,7 +262,7 @@ public class SecurityOperation {
   }
   
   // some people just aren't allowed to ask about other users; here are those who can ask
-  private boolean canAskAboutOtherUsers(Credentials credentials, String user) throws ThriftSecurityException {
+  private boolean canAskAboutOtherUsers(Credential credentials, String user) throws ThriftSecurityException {
     authenticate(credentials);
     return credentials.getPrincipal().equals(user) || hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false)
         || hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_USER, false)
@@ -265,17 +282,17 @@ public class SecurityOperation {
     }
   }
   
-  public boolean canScan(Credentials credentials, String table) throws ThriftSecurityException {
+  public boolean canScan(Credential credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
     return hasTablePermission(credentials.getPrincipal(), table, TablePermission.READ, true);
   }
   
-  public boolean canWrite(Credentials credentials, String table) throws ThriftSecurityException {
+  public boolean canWrite(Credential credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
     return hasTablePermission(credentials.getPrincipal(), table, TablePermission.WRITE, true);
   }
   
-  public boolean canSplitTablet(Credentials credentials, String table) throws ThriftSecurityException {
+  public boolean canSplitTablet(Credential credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
     return hasSystemPermission(credentials.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false)
@@ -285,90 +302,90 @@ public class SecurityOperation {
   /**
    * This is the check to perform any system action. This includes tserver's loading of a tablet, shutting the system down, or altering system properties.
    */
-  public boolean canPerformSystemActions(Credentials credentials) throws ThriftSecurityException {
+  public boolean canPerformSystemActions(Credential credentials) throws ThriftSecurityException {
     authenticate(credentials);
     return hasSystemPermission(credentials.getPrincipal(), SystemPermission.SYSTEM, false);
   }
   
-  public boolean canFlush(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canFlush(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canAlterTable(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canAlterTable(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false)
         || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false);
   }
   
-  public boolean canCreateTable(Credentials c) throws ThriftSecurityException {
+  public boolean canCreateTable(Credential c) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false);
   }
   
-  public boolean canRenameTable(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canRenameTable(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canCloneTable(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canCloneTable(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false)
         && hasTablePermission(c.getPrincipal(), tableId, TablePermission.READ, false);
   }
   
-  public boolean canDeleteTable(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteTable(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.DROP_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.DROP_TABLE, false);
   }
   
-  public boolean canOnlineOfflineTable(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canOnlineOfflineTable(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canMerge(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canMerge(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canDeleteRange(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteRange(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
   }
   
-  public boolean canBulkImport(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canBulkImport(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasTablePermission(c.getPrincipal(), tableId, TablePermission.BULK_IMPORT, false);
   }
   
-  public boolean canCompact(Credentials c, String tableId) throws ThriftSecurityException {
+  public boolean canCompact(Credential c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
   }
   
-  public boolean canChangeAuthorizations(Credentials c, String user) throws ThriftSecurityException {
+  public boolean canChangeAuthorizations(Credential c, String user) throws ThriftSecurityException {
     authenticate(c);
     if (user.equals(SecurityConstants.SYSTEM_PRINCIPAL))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_USER, false);
   }
   
-  public boolean canChangePassword(Credentials c, String user) throws ThriftSecurityException {
+  public boolean canChangePassword(Credential c, String user) throws ThriftSecurityException {
     authenticate(c);
     if (user.equals(SecurityConstants.SYSTEM_PRINCIPAL))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return c.getPrincipal().equals(user) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_USER, false);
   }
   
-  public boolean canCreateUser(Credentials c, String user) throws ThriftSecurityException {
+  public boolean canCreateUser(Credential c, String user) throws ThriftSecurityException {
     authenticate(c);
     
     // don't allow creating a user with the same name as system user
@@ -378,7 +395,7 @@ public class SecurityOperation {
     return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_USER, false);
   }
   
-  public boolean canDropUser(Credentials c, String user) throws ThriftSecurityException {
+  public boolean canDropUser(Credential c, String user) throws ThriftSecurityException {
     authenticate(c);
     
     // can't delete root or system users
@@ -388,7 +405,7 @@ public class SecurityOperation {
     return hasSystemPermission(c.getPrincipal(), SystemPermission.DROP_USER, false);
   }
   
-  public boolean canGrantSystem(Credentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+  public boolean canGrantSystem(Credential c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
@@ -402,7 +419,7 @@ public class SecurityOperation {
     return hasSystemPermission(c.getPrincipal(), SystemPermission.GRANT, false);
   }
   
-  public boolean canGrantTable(Credentials c, String user, String table) throws ThriftSecurityException {
+  public boolean canGrantTable(Credential c, String user, String table) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
@@ -413,7 +430,7 @@ public class SecurityOperation {
         || hasTablePermission(c.getPrincipal(), table, TablePermission.GRANT, false);
   }
   
-  public boolean canRevokeSystem(Credentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
+  public boolean canRevokeSystem(Credential c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system or root user
@@ -427,7 +444,7 @@ public class SecurityOperation {
     return hasSystemPermission(c.getPrincipal(), SystemPermission.GRANT, false);
   }
   
-  public boolean canRevokeTable(Credentials c, String user, String table) throws ThriftSecurityException {
+  public boolean canRevokeTable(Credential c, String user, String table) throws ThriftSecurityException {
     authenticate(c);
     
     // can't modify system user
@@ -438,7 +455,7 @@ public class SecurityOperation {
         || hasTablePermission(c.getPrincipal(), table, TablePermission.GRANT, false);
   }
   
-  public void changeAuthorizations(Credentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
+  public void changeAuthorizations(Credential credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     if (!canChangeAuthorizations(credentials, user))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
@@ -452,33 +469,35 @@ public class SecurityOperation {
     }
   }
   
-  public void changePassword(Credentials credentials, String principal, byte[] token) throws ThriftSecurityException {
-    if (!canChangePassword(credentials, principal))
+  public void changePassword(Credential credentials, Credential toChange) throws ThriftSecurityException {
+    if (!canChangePassword(credentials, toChange.getPrincipal()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
-      authenticator.changePassword(principal, token);
-      log.info("Changed password for user " + principal + " at the request of user " + credentials.getPrincipal());
+      SecurityToken token = reassembleToken(toChange);
+      authenticator.changePassword(toChange.getPrincipal(), token);
+      log.info("Changed password for user " + toChange.getPrincipal() + " at the request of user " + credentials.getPrincipal());
     } catch (AccumuloSecurityException e) {
       throw e.asThriftException();
     }
   }
   
-  public void createUser(Credentials credentials, String principal, byte[] token, Authorizations authorizations) throws ThriftSecurityException {
-    if (!canCreateUser(credentials, principal))
+  public void createUser(Credential credentials, Credential newUser, Authorizations authorizations) throws ThriftSecurityException {
+    if (!canCreateUser(credentials, newUser.getPrincipal()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
-      authenticator.createUser(principal, token);
-      authorizor.initUser(principal);
-      permHandle.initUser(principal);
-      log.info("Created user " + principal + " at the request of user " + credentials.getPrincipal());
-      if (canChangeAuthorizations(credentials, principal))
-        authorizor.changeAuthorizations(principal, authorizations);
+      SecurityToken token = reassembleToken(newUser);
+      authenticator.createUser(newUser.getPrincipal(), token);
+      authorizor.initUser(newUser.getPrincipal());
+      permHandle.initUser(newUser.getPrincipal());
+      log.info("Created user " + newUser.getPrincipal() + " at the request of user " + credentials.getPrincipal());
+      if (canChangeAuthorizations(credentials, newUser.getPrincipal()))
+        authorizor.changeAuthorizations(newUser.getPrincipal(), authorizations);
     } catch (AccumuloSecurityException ase) {
       throw ase.asThriftException();
     }
   }
   
-  public void dropUser(Credentials credentials, String user) throws ThriftSecurityException {
+  public void dropUser(Credential credentials, String user) throws ThriftSecurityException {
     if (!canDropUser(credentials, user))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
@@ -491,7 +510,7 @@ public class SecurityOperation {
     }
   }
   
-  public void grantSystemPermission(Credentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
+  public void grantSystemPermission(Credential credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
     if (!canGrantSystem(credentials, user, permissionById))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
@@ -505,7 +524,7 @@ public class SecurityOperation {
     }
   }
   
-  public void grantTablePermission(Credentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void grantTablePermission(Credential c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
     if (!canGrantTable(c, user, tableId))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
@@ -521,7 +540,7 @@ public class SecurityOperation {
     }
   }
   
-  public void revokeSystemPermission(Credentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public void revokeSystemPermission(Credential credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     if (!canRevokeSystem(credentials, user, permission))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
@@ -536,7 +555,7 @@ public class SecurityOperation {
     }
   }
   
-  public void revokeTablePermission(Credentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+  public void revokeTablePermission(Credential c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
     if (!canRevokeTable(c, user, tableId))
       throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     
@@ -553,20 +572,20 @@ public class SecurityOperation {
     }
   }
   
-  public boolean hasSystemPermission(Credentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
+  public boolean hasSystemPermission(Credential credentials, String user, SystemPermission permissionById) throws ThriftSecurityException {
     if (!canAskAboutOtherUsers(credentials, user))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return hasSystemPermission(user, permissionById, false);
   }
   
-  public boolean hasTablePermission(Credentials credentials, String user, String tableId, TablePermission permissionById)
+  public boolean hasTablePermission(Credential credentials, String user, String tableId, TablePermission permissionById)
       throws ThriftSecurityException {
     if (!canAskAboutOtherUsers(credentials, user))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     return hasTablePermission(user, tableId, permissionById, false);
   }
   
-  public Set<String> listUsers(Credentials credentials) throws ThriftSecurityException {
+  public Set<String> listUsers(Credential credentials) throws ThriftSecurityException {
     authenticate(credentials);
     try {
       return authenticator.listUsers();
@@ -575,7 +594,7 @@ public class SecurityOperation {
     }
   }
   
-  public void deleteTable(Credentials credentials, String tableId) throws ThriftSecurityException {
+  public void deleteTable(Credential credentials, String tableId) throws ThriftSecurityException {
     if (!canDeleteTable(credentials, tableId))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
     try {
@@ -588,17 +607,17 @@ public class SecurityOperation {
     }
   }
   
-  public boolean canExport(Credentials credentials, String tableId) throws ThriftSecurityException {
+  public boolean canExport(Credential credentials, String tableId) throws ThriftSecurityException {
     authenticate(credentials);
     return hasTablePermission(credentials.getPrincipal(), tableId, TablePermission.READ, false);
   }
   
-  public boolean canImport(Credentials credentials) throws ThriftSecurityException {
+  public boolean canImport(Credential credentials) throws ThriftSecurityException {
     authenticate(credentials);
     return hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
   }
   
-  public String getAuthorizorName() {
-    return authenticator.getAuthorizorName();
+  public String getTokenLoginClass() {
+    return authenticator.getTokenLoginClass();
   }
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authenticator.java Sat Feb  9 07:57:36 2013
@@ -19,33 +19,39 @@ package org.apache.accumulo.server.secur
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
+import org.apache.accumulo.core.security.thrift.tokens.SecurityToken;
 
 /**
  * This interface is used for the system which will be used for authenticating a user. If the implementation does not support configuration through Accumulo, it
  * should throw an AccumuloSecurityException with the error code UNSUPPORTED_OPERATION
  */
 
-public interface Authenticator {
+public interface Authenticator extends org.apache.accumulo.core.security.handler.Authenticator {
   
   public void initialize(String instanceId, boolean initialize);
-
+  
   public boolean validSecurityHandlers(Authorizor auth, PermissionHandler pm);
-
-  public void initializeSecurity(Credentials credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException;
-
-  public boolean authenticateUser(String principal, byte[] token) throws AccumuloSecurityException;
+  
+  public void initializeSecurity(Credential credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException;
+  
+  public boolean authenticateUser(String principal, SecurityToken token) throws AccumuloSecurityException;
   
   public Set<String> listUsers() throws AccumuloSecurityException;
   
-  public void createUser(String principal, byte[] token) throws AccumuloSecurityException;
+  public void createUser(String principal, SecurityToken token) throws AccumuloSecurityException;
   
   public void dropUser(String user) throws AccumuloSecurityException;
   
-  public void changePassword(String principal, byte[] token) throws AccumuloSecurityException;
+  public void changePassword(String principal, SecurityToken token) throws AccumuloSecurityException;
   
   public boolean userExists(String user) throws AccumuloSecurityException;
-
-  public String getAuthorizorName();
+  
+  public String getTokenLoginClass();
+  
+  /**
+   * Returns true if the given token is appropriate for this Authenticator
+   */
+  public boolean validTokenClass(String tokenClass);
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/Authorizor.java Sat Feb  9 07:57:36 2013
@@ -18,7 +18,7 @@ package org.apache.accumulo.server.secur
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 
 /**
@@ -40,7 +40,7 @@ public interface Authorizor {
   /**
    * Used to initialize security for the root user
    */
-  public void initializeSecurity(Credentials credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
+  public void initializeSecurity(Credential credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
   
   /**
    * Used to change the authorizations for the user

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecureAuthenticator.java Sat Feb  9 07:57:36 2013
@@ -20,12 +20,14 @@ import java.util.Collections;
 import java.util.Set;
 
 import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
+import org.apache.accumulo.core.security.thrift.tokens.NullToken;
+import org.apache.accumulo.core.security.thrift.tokens.SecurityToken;
 
 /**
  * This is an Authenticator implementation that doesn't actually do any security. Use at your own risk.
  */
-public class InsecureAuthenticator implements Authenticator {
+public class InsecureAuthenticator extends org.apache.accumulo.core.security.handler.InsecureAuthenticator implements Authenticator {
   
   @Override
   public void initialize(String instanceId, boolean initialize) {
@@ -38,12 +40,12 @@ public class InsecureAuthenticator imple
   }
   
   @Override
-  public void initializeSecurity(Credentials credentials, String principal, byte[] token) throws AccumuloSecurityException {
+  public void initializeSecurity(Credential credentials, String principal, byte[] token) throws AccumuloSecurityException {
     return;
   }
   
   @Override
-  public boolean authenticateUser(String principal, byte[] token) {
+  public boolean authenticateUser(String principal, SecurityToken token) {
     return true;
   }
   
@@ -53,7 +55,7 @@ public class InsecureAuthenticator imple
   }
   
   @Override
-  public void createUser(String principal, byte[] token) throws AccumuloSecurityException {
+  public void createUser(String principal, SecurityToken token) throws AccumuloSecurityException {
     return;
   }
   
@@ -63,7 +65,7 @@ public class InsecureAuthenticator imple
   }
   
   @Override
-  public void changePassword(String user, byte[] token) throws AccumuloSecurityException {
+  public void changePassword(String user, SecurityToken token) throws AccumuloSecurityException {
     return;
   }
 
@@ -73,8 +75,13 @@ public class InsecureAuthenticator imple
   }
 
   @Override
-  public String getAuthorizorName() {
+  public String getTokenLoginClass() {
     return null;
   }
+
+  @Override
+  public boolean validTokenClass(String tokenClass) {
+    return tokenClass.equals(NullToken.class.getCanonicalName());
+  }
   
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/InsecurePermHandler.java Sat Feb  9 07:57:36 2013
@@ -20,7 +20,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 
 /**
  * This is a Permission Handler implementation that doesn't actually do any security. Use at your own risk.
@@ -47,7 +47,7 @@ public class InsecurePermHandler impleme
    * @see org.apache.accumulo.server.security.handler.PermissionHandler#initializeSecurity(java.lang.String)
    */
   @Override
-  public void initializeSecurity(Credentials token, String rootuser) throws AccumuloSecurityException {
+  public void initializeSecurity(Credential token, String rootuser) throws AccumuloSecurityException {
     return;
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java?rev=1444337&r1=1444336&r2=1444337&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java Sat Feb  9 07:57:36 2013
@@ -20,7 +20,7 @@ import org.apache.accumulo.core.client.A
 import org.apache.accumulo.core.client.TableNotFoundException;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.Credentials;
+import org.apache.accumulo.core.security.thrift.Credential;
 import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 
 /**
@@ -42,7 +42,7 @@ public interface PermissionHandler {
   /**
    * Used to initialize security for the root user
    */
-  public void initializeSecurity(Credentials credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
+  public void initializeSecurity(Credential credentials, String rootuser) throws AccumuloSecurityException, ThriftSecurityException;
   
   /**
    * Used to get the system permission for the user



Mime
View raw message