accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e..@apache.org
Subject svn commit: r1489585 [1/2] - in /accumulo/trunk: conf/examples/1GB/native-standalone/ conf/examples/1GB/standalone/ conf/examples/2GB/native-standalone/ conf/examples/2GB/standalone/ conf/examples/3GB/native-standalone/ conf/examples/3GB/standalone/ co...
Date Tue, 04 Jun 2013 19:54:22 GMT
Author: ecn
Date: Tue Jun  4 19:54:19 2013
New Revision: 1489585

URL: http://svn.apache.org/r1489585
Log:
ACCUMULO-1070 committing Rob Tallis' initial auditing changes

Added:
    accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml   (with props)
    accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml   (with props)
    accumulo/trunk/test/src/test/java/org/apache/accumulo/test/AuditMessageTest.java   (with props)
Modified:
    accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml
    accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml
    accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml
    accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml
    accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml
    accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml
    accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml
    accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java
    accumulo/trunk/core/src/test/resources/shelltest.txt
    accumulo/trunk/fate/src/test/resources/log4j.properties
    accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java
    accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
    accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
    accumulo/trunk/test/src/main/resources/log4j.properties
    accumulo/trunk/test/src/test/resources/log4j.properties

Added: accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/1GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/1GB/native-standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/1GB/standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/1GB/standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/2GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/2GB/native-standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/2GB/standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/2GB/standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/3GB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/3GB/native-standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/3GB/standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/3GB/standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/512MB/native-standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/512MB/native-standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Added: accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml?rev=1489585&view=auto
==============================================================================
--- accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml (added)
+++ accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml Tue Jun  4 19:54:19 2013
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+
+
+    <!--  Write out Audit info to an Audit file -->
+    <appender name="Audit" class="org.apache.log4j.DailyRollingFileAppender">
+        <param name="File"           value="${org.apache.accumulo.core.dir.log}/${org.apache.accumulo.core.ip.localhost.hostname}.audit"/>
+        <param name="MaxBackupIndex" value="10"/>
+        <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss,SSS/Z} [%c{2}] %-5p: %m%n"/>
+        </layout>
+    </appender>
+    <logger name="Audit"  additivity="false">
+        <appender-ref ref="Audit" />
+        <level value="OFF"/>
+    </logger>
+
+
+
+
+
+</log4j:configuration>

Propchange: accumulo/trunk/conf/examples/512MB/standalone/auditLog.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml
URL: http://svn.apache.org/viewvc/accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml (original)
+++ accumulo/trunk/conf/examples/512MB/standalone/generic_logger.xml Tue Jun  4 19:54:19 2013
@@ -61,10 +61,6 @@
      <appender-ref ref="ASYNC" />
   </logger>
 
-  <logger name="org.apache.accumulo.server.security.Auditor">
-     <level value="WARN"/> <!-- change to INFO for authorization events -->
-  </logger>
-
   <logger name="org.apache.accumulo.core.file.rfile.bcfile">
      <level value="INFO"/>
   </logger>

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/Constants.java Tue Jun  4 19:54:19 2013
@@ -197,6 +197,7 @@ public class Constants {
   public static String getRootTabletDir(final AccumuloConfiguration conf) {
     return getMetadataTableDir(conf) + ZROOT_TABLET;
   }
+
   
   /**
    * @param conf
@@ -205,4 +206,6 @@ public class Constants {
   public static String getWalDirectory(final AccumuloConfiguration conf) {
     return getBaseDir(conf) + "/wal";
   }
+
+    public static final String AUDITLOG = "Audit";
 }

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/client/impl/Translator.java Tue Jun  4 19:54:19 2013
@@ -64,6 +64,13 @@ public abstract class Translator<IT,OT> 
       return input.toThrift();
     }
   }
+
+  public static class TColumnTranslator extends Translator<TColumn,Column> {
+    @Override
+    public Column translate(TColumn input) {
+      return new Column(input);
+    }
+  }
   
   public static class ColumnTranslator extends Translator<Column,TColumn> {
     @Override

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/AuditLevel.java Tue Jun  4 19:54:19 2013
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.accumulo.core.security;
-
-import org.apache.log4j.Level;
-
-public class AuditLevel extends Level {
-  
-  private static final long serialVersionUID = 1L;
-  public final static Level AUDIT = new AuditLevel();
-  
-  protected AuditLevel() {
-    super(Level.INFO_INT + 100, "AUDIT", Level.INFO_INT + 100);
-  }
-  
-  static public Level toLevel(int val) {
-    if (val == Level.INFO_INT + 100)
-      return Level.INFO;
-    return Level.toLevel(val);
-  }
-}

Modified: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java (original)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/util/shell/Shell.java Tue Jun  4 19:54:19 2013
@@ -55,7 +55,6 @@ import org.apache.accumulo.core.conf.Pro
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.data.thrift.TConstraintViolationSummary;
-import org.apache.accumulo.core.security.AuditLevel;
 import org.apache.accumulo.core.tabletserver.thrift.ConstraintViolationException;
 import org.apache.accumulo.core.trace.DistributedTrace;
 import org.apache.accumulo.core.util.BadArgumentException;
@@ -539,7 +538,7 @@ public class Shell extends ShellOptions 
   }
   
   public void execCommand(String input, boolean ignoreAuthTimeout, boolean echoPrompt) throws IOException {
-    audit.log(AuditLevel.AUDIT, getDefaultPrompt() + input);
+    audit.log(Level.INFO, getDefaultPrompt() + input);
     if (echoPrompt) {
       reader.print(getDefaultPrompt());
       reader.println(input);

Modified: accumulo/trunk/core/src/test/resources/shelltest.txt
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/test/resources/shelltest.txt?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/core/src/test/resources/shelltest.txt (original)
+++ accumulo/trunk/core/src/test/resources/shelltest.txt Tue Jun  4 19:54:19 2013
@@ -1,2 +1,16 @@
+# Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 exit
 foo

Modified: accumulo/trunk/fate/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/accumulo/trunk/fate/src/test/resources/log4j.properties?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/fate/src/test/resources/log4j.properties (original)
+++ accumulo/trunk/fate/src/test/resources/log4j.properties Tue Jun  4 19:54:19 2013
@@ -21,5 +21,4 @@ log4j.appender.CA.layout.ConversionPatte
 log4j.logger.org.apache.zookeeper=ERROR,CA
 log4j.logger.org.apache.accumulo.fate.zookeeper.DistributedReadWriteLock=WARN
 log4j.logger.org.apache.accumulo.core.client.impl.ServerClient=ERROR
-log4j.logger.org.apache.accumulo.server.security.Auditor=off
 

Modified: accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java (original)
+++ accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloCluster.java Tue Jun  4 19:54:19 2013
@@ -49,8 +49,8 @@ import org.apache.zookeeper.server.ZooKe
  * @since 1.5.0
  */
 public class MiniAccumuloCluster {
-
-  private static class LogWriter extends Thread {
+  
+  public static class LogWriter extends Thread {
     private BufferedReader in;
     private BufferedWriter out;
 
@@ -107,6 +107,11 @@ public class MiniAccumuloCluster {
 
   private File zooCfgFile;
 
+  public List<LogWriter> getLogWriters() {
+    return logWriters;
+  }
+
+
   private List<LogWriter> logWriters = new ArrayList<MiniAccumuloCluster.LogWriter>();
 
   private MiniAccumuloConfig config;

Modified: accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java (original)
+++ accumulo/trunk/minicluster/src/main/java/org/apache/accumulo/minicluster/MiniAccumuloConfig.java Tue Jun  4 19:54:19 2013
@@ -252,7 +252,7 @@ public class MiniAccumuloConfig {
     return accumuloDir;
   }
   
-  File getLogDir() {
+  public File getLogDir() {
     return logDir;
   }
   

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/Accumulo.java Tue Jun  4 19:54:19 2013
@@ -107,11 +107,18 @@ public class Accumulo {
     }
     // Turn off messages about not being able to reach the remote logger... we protect against that.
     LogLog.setQuietMode(true);
-    
-    // Configure logging
+
+      // Configure logging
     DOMConfigurator.configureAndWatch(logConfig, 5000);
-    
-    log.info(application + " starting");
+
+    // Read the auditing config
+    String auditConfig = String.format("%s/conf/auditLog.xml", System.getenv("ACCUMULO_HOME"), application);
+
+     DOMConfigurator.configureAndWatch(auditConfig, 5000);
+
+
+
+      log.info(application + " starting");
     log.info("Instance " + config.getInstance().getInstanceID());
     int dataVersion = Accumulo.getAccumuloPersistentVersion(fs);
     log.info("Data Version " + dataVersion);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/master/Master.java Tue Jun  4 19:54:19 2013
@@ -822,7 +822,7 @@ public class Master implements LiveTServ
       switch (op) {
         case CREATE: {
           String tableName = ByteBufferUtil.toString(arguments.get(0));
-          if (!security.canCreateTable(c))
+          if (!security.canCreateTable(c, tableName))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           checkNotMetadataTable(tableName, TableOperation.CREATE);
           checkTableName(tableName, TableOperation.CREATE);
@@ -841,7 +841,7 @@ public class Master implements LiveTServ
           checkNotMetadataTable(oldTableName, TableOperation.RENAME);
           checkNotMetadataTable(newTableName, TableOperation.RENAME);
           checkTableName(newTableName, TableOperation.RENAME);
-          if (!security.canRenameTable(c, tableId))
+          if (!security.canRenameTable(c, tableId, oldTableName, newTableName))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           fate.seedTransaction(opid, new TraceRepo<Master>(new RenameTable(tableId, oldTableName, newTableName)), autoCleanup);
@@ -851,10 +851,9 @@ public class Master implements LiveTServ
         case CLONE: {
           String srcTableId = ByteBufferUtil.toString(arguments.get(0));
           String tableName = ByteBufferUtil.toString(arguments.get(1));
-          
           checkNotMetadataTable(tableName, TableOperation.CLONE);
           checkTableName(tableName, TableOperation.CLONE);
-          if (!security.canCloneTable(c, srcTableId))
+          if (!security.canCloneTable(c, srcTableId, tableName))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           Map<String,String> propertiesToSet = new HashMap<String,String>();
@@ -894,7 +893,7 @@ public class Master implements LiveTServ
           final String tableId = checkTableId(tableName, TableOperation.ONLINE);
           checkNotMetadataTable(tableName, TableOperation.ONLINE);
           
-          if (!security.canOnlineOfflineTable(c, tableId))
+          if (!security.canOnlineOfflineTable(c, tableId, op))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.ONLINE)), autoCleanup);
@@ -905,7 +904,7 @@ public class Master implements LiveTServ
           final String tableId = checkTableId(tableName, TableOperation.OFFLINE);
           checkNotMetadataTable(tableName, TableOperation.OFFLINE);
           
-          if (!security.canOnlineOfflineTable(c, tableId))
+          if (!security.canOnlineOfflineTable(c, tableId, op))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, TableOperation.OFFLINE)), autoCleanup);
@@ -940,7 +939,7 @@ public class Master implements LiveTServ
           final String tableId = checkTableId(tableName, TableOperation.DELETE_RANGE);
           checkNotMetadataTable(tableName, TableOperation.DELETE_RANGE);
           
-          if (!security.canDeleteRange(c, tableId))
+          if (!security.canDeleteRange(c, tableId, tableName, startRow, endRow))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup);
@@ -955,7 +954,7 @@ public class Master implements LiveTServ
           final String tableId = checkTableId(tableName, TableOperation.BULK_IMPORT);
           checkNotMetadataTable(tableName, TableOperation.BULK_IMPORT);
           
-          if (!security.canBulkImport(c, tableId))
+          if (!security.canBulkImport(c, tableId, tableName, dir, failDir))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup);
@@ -986,7 +985,7 @@ public class Master implements LiveTServ
           String tableName = ByteBufferUtil.toString(arguments.get(0));
           String exportDir = ByteBufferUtil.toString(arguments.get(1));
           
-          if (!security.canImport(c))
+          if (!security.canImport(c, tableName, exportDir))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           checkNotMetadataTable(tableName, TableOperation.CREATE);
@@ -1001,7 +1000,7 @@ public class Master implements LiveTServ
           
           String tableId = checkTableId(tableName, TableOperation.EXPORT);
           
-          if (!security.canExport(c, tableId))
+          if (!security.canExport(c, tableId, tableName, exportDir))
             throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
           
           checkNotMetadataTable(tableName, TableOperation.EXPORT);

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java Tue Jun  4 19:54:19 2013
@@ -16,30 +16,50 @@
  */
 package org.apache.accumulo.server.security;
 
-import java.util.Set;
+import java.nio.ByteBuffer;
+import java.util.List;
+import java.util.Map;
 
-import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.Constants;
+import org.apache.accumulo.core.client.TableNotFoundException;
+import org.apache.accumulo.core.client.impl.Tables;
+import org.apache.accumulo.core.client.impl.Translator;
 import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
-import org.apache.accumulo.core.security.AuditLevel;
+import org.apache.accumulo.core.data.Column;
+import org.apache.accumulo.core.data.KeyExtent;
+import org.apache.accumulo.core.data.Range;
+import org.apache.accumulo.core.data.thrift.IterInfo;
+import org.apache.accumulo.core.data.thrift.TColumn;
+import org.apache.accumulo.core.data.thrift.TKeyExtent;
+import org.apache.accumulo.core.data.thrift.TRange;
+import org.apache.accumulo.core.master.thrift.TableOperation;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.TCredentials;
+import org.apache.accumulo.core.util.ByteBufferUtil;
+import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.security.handler.Authenticator;
 import org.apache.accumulo.server.security.handler.Authorizor;
 import org.apache.accumulo.server.security.handler.PermissionHandler;
+import org.apache.hadoop.io.Text;
 import org.apache.log4j.Logger;
 
 /**
- * 
+ *
  */
 public class AuditedSecurityOperation extends SecurityOperation {
   
+  public static final Logger audit = Logger.getLogger(Constants.AUDITLOG);
+  
   public AuditedSecurityOperation(Authorizor author, Authenticator authent, PermissionHandler pm, String instanceId) {
     super(author, authent, pm, instanceId);
   }
   
-  public static final Logger log = Logger.getLogger(AuditedSecurityOperation.class);
+  public static synchronized SecurityOperation getInstance() {
+    String instanceId = HdfsZooInstance.getInstance().getInstanceID();
+    return getInstance(instanceId, false);
+  }
   
   public static synchronized SecurityOperation getInstance(String instanceId, boolean initialize) {
     if (instance == null) {
@@ -49,201 +69,326 @@ public class AuditedSecurityOperation ex
     return instance;
   }
   
+  private static String getTableName(String tableId) {
+    try {
+      return Tables.getTableName(HdfsZooInstance.getInstance(), tableId);
+    } catch (TableNotFoundException e) {
+      return "Unknown Table with ID " + tableId;
+    }
+  }
+  
+  public static StringBuilder getAuthString(List<ByteBuffer> authorizations) {
+    StringBuilder auths = new StringBuilder();
+    for (ByteBuffer bb : authorizations) {
+      auths.append(ByteBufferUtil.toString(bb)).append(",");
+    }
+    return auths;
+  }
+  
+  private static boolean shouldAudit(TCredentials credentials, String tableId) {
+    return !tableId.equals(Constants.METADATA_TABLE_ID) && shouldAudit(credentials);
+  }
+  
+  // Is INFO the right level to check? Do we even need that check?
+  private static boolean shouldAudit(TCredentials credentials) {
+    return !credentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL);
+  }
+  
+  /*
+   * Three auditing methods try to capture the 4 states we might have here. audit is in response to a thrown exception, the operation failed (perhaps due to
+   * insufficient privs, or some other reason) audit(credentials, template, args) is a successful operation audit(credentials, permitted, template, args) is a
+   * privileges check that is either permitted or denied. We don't know if the operation went on to be successful or not at this point, we would have to go
+   * digging through loads of other code to find it.
+   */
   private void audit(TCredentials credentials, ThriftSecurityException ex, String template, Object... args) {
-    log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " + credentials.getPrincipal() + ": " + String.format(template, args));
+    audit.warn("operation: failed; user: " + credentials.getPrincipal() + "; " + String.format(template, args) + "; exception: " + ex.toString());
   }
   
   private void audit(TCredentials credentials, String template, Object... args) {
-    log.log(AuditLevel.AUDIT, "Using credentials " + credentials.getPrincipal() + ": " + String.format(template, args));
+    if (shouldAudit(credentials)) {
+      audit.info("operation: success; user: " + credentials.getPrincipal() + ": " + String.format(template, args));
+    }
   }
   
+  private void audit(TCredentials credentials, boolean permitted, String template, Object... args) {
+    if (shouldAudit(credentials)) {
+      String prefix = permitted ? "permitted" : "denied";
+      audit.info("operation: " + prefix + "; user: " + credentials.getPrincipal() + "; " + String.format(template, args));
+    }
+  }
+
+  public static final String CAN_SCAN_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
+
+  @Override
+  public boolean canScan(TCredentials credentials, String tableId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+      Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+    if (shouldAudit(credentials, tableId)) {
+      Range convertedRange = new Range(range);
+      List<Column> convertedColumns = Translator.translate(columns, new Translator.TColumnTranslator());
+      String tableName = getTableName(tableId);
+      
+      try {
+        boolean canScan = super.canScan(credentials, tableId);
+        audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
+        
+        return canScan;
+      } catch (ThriftSecurityException ex) {
+        audit(credentials, ex, CAN_SCAN_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedRange, convertedColumns, ssiList, ssio);
+        throw ex;
+      }
+    } else {
+      return super.canScan(credentials, tableId);
+    }
+  }
+  public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
+
   @Override
-  public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException {
+  public boolean canScan(TCredentials credentials, String tableId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+      Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+    if (shouldAudit(credentials, tableId)) {
+      @SuppressWarnings({"unchecked", "rawtypes"})
+      Map<KeyExtent,List<Range>> convertedBatch = Translator.translate(tbatch, new Translator.TKeyExtentTranslator(), new Translator.ListTranslator(
+          new Translator.TRangeTranslator()));
+      List<Column> convertedColumns = Translator.translate(tcolumns, new Translator.TColumnTranslator());
+      String tableName = getTableName(tableId);
+      
+      try {
+        boolean canScan = super.canScan(credentials, tableId);
+        audit(credentials, canScan, CAN_SCAN_BATCH_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedBatch, convertedColumns, ssiList, ssio);
+        
+        return canScan;
+      } catch (ThriftSecurityException ex) {
+        audit(credentials, ex, CAN_SCAN_BATCH_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedBatch, convertedColumns, ssiList, ssio);
+        throw ex;
+      }
+    } else {
+      return super.canScan(credentials, tableId);
+    }
+  }
+  public static final String CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE = "action: changeAuthorizations; targetUser: %s; authorizations: %s";
+
+  @Override
+  public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      boolean result = super.authenticateUser(credentials, toAuth);
-      audit(credentials, result ? "authenticated" : "failed authentication");
-      return result;
+      super.changeAuthorizations(credentials, user, authorizations);
+      audit(credentials, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, user, authorizations);
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "authenticateUser");
-      log.debug(ex);
+      audit(credentials, ex, CHANGE_AUTHORIZATIONS_AUDIT_TEMPLATE, user, authorizations);
       throw ex;
     }
   }
-  
+  public static final String CHANGE_PASSWORD_AUDIT_TEMPLATE = "action: changePassword; targetUser: %s;";
+
   @Override
-  public Authorizations getUserAuthorizations(TCredentials credentials, String user) throws ThriftSecurityException {
+  public void changePassword(TCredentials credentials, TCredentials newInfo) throws ThriftSecurityException {
     try {
-      Authorizations result = super.getUserAuthorizations(credentials, user);
-      audit(credentials, "got authorizations for %s", user);
-      return result;
+      super.changePassword(credentials, newInfo);
+      audit(credentials, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal());
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "getting authorizations for %s", user);
-      log.debug(ex);
+      audit(credentials, ex, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal());
       throw ex;
     }
-    
   }
-  
+  public static final String CREATE_USER_AUDIT_TEMPLATE = "action: createUser; targetUser: %s; Authorizations: %s;";
+
   @Override
-  public Authorizations getUserAuthorizations(TCredentials credentials) throws ThriftSecurityException {
+  public void createUser(TCredentials credentials, TCredentials newUser, Authorizations authorizations) throws ThriftSecurityException {
     try {
-      return getUserAuthorizations(credentials, credentials.getPrincipal());
+      super.createUser(credentials, newUser, authorizations);
+      audit(credentials, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations);
     } catch (ThriftSecurityException ex) {
-      log.debug(ex);
+      audit(credentials, ex, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations);
       throw ex;
     }
   }
-  
+  public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE = "action: createTable; targetTable: %s;";
+
   @Override
-  public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
+  public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
     try {
-      super.changeAuthorizations(credentials, user, authorizations);
-      audit(credentials, "changed authorizations for %s to %s", user, authorizations);
+      boolean result = super.canCreateTable(c);
+      audit(c, result, CAN_CREATE_TABLE_AUDIT_TEMPLATE, tableName);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "changing authorizations for %s", user);
-      log.debug(ex);
+      audit(c, ex, CAN_CREATE_TABLE_AUDIT_TEMPLATE, tableName);
       throw ex;
     }
   }
-  
+  public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
+
   @Override
-  public void changePassword(TCredentials credentials, TCredentials newInfo) throws ThriftSecurityException {
+  public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+    String tableName = getTableName(tableId);
     try {
-      super.changePassword(credentials, newInfo);
-      audit(credentials, "changed password for %s", newInfo.getPrincipal());
+      boolean result = super.canDeleteTable(c, tableId);
+      audit(c, result, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "changing password for %s", newInfo.getPrincipal());
-      log.debug(ex);
+      audit(c, ex, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
       throw ex;
     }
   }
-  
+  public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
+
   @Override
-  public void createUser(TCredentials credentials, TCredentials newUser, Authorizations authorizations) throws ThriftSecurityException {
+  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
     try {
-      super.createUser(credentials, newUser, authorizations);
-      audit(credentials, "createUser");
+      boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName);
+      audit(c, result, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "createUser %s", newUser.getPrincipal());
-      log.debug(ex);
+      audit(c, ex, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
       throw ex;
     }
   }
-  
+  public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
+
   @Override
-  public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException {
+  public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+    String oldTableName = getTableName(tableId);
     try {
-      super.dropUser(credentials, user);
-      audit(credentials, "dropUser");
+      boolean result = super.canCloneTable(c, tableId, tableName);
+      audit(c, result, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "dropUser %s", user);
-      log.debug(ex);
+      audit(c, ex, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
       throw ex;
     }
   }
-  
+  public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
+
   @Override
-  public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
     try {
-      super.grantSystemPermission(credentials, user, permission);
-      audit(credentials, "granted permission %s for %s", permission, user);
+      boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow);
+      audit(c, result, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "granting permission %s for %s", permission, user);
-      log.debug(ex);
+      audit(c, ex, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
       throw ex;
     }
   }
-  
+  public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
+
   @Override
-  public void grantTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
     try {
-      super.grantTablePermission(credentials, user, table, permission);
-      audit(credentials, "granted permission %s on table %s for %s", permission, table, user);
+      boolean result = super.canBulkImport(c, tableId);
+      audit(c, result, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "granting permission %s on table for %s", permission, table, user);
-      log.debug(ex);
+      audit(c, ex, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
       throw ex;
     }
   }
-  
+  public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
+
   @Override
-  public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+    
     try {
-      super.revokeSystemPermission(credentials, user, permission);
-      audit(credentials, "revoked permission %s for %s", permission, user);
+      boolean result = super.canImport(credentials, tableName, importDir);
+      audit(credentials, result, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "revoking permission %s on %s", permission, user);
-      log.debug(ex);
+      audit(credentials, ex, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
       throw ex;
     }
   }
-  
+  public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
+
   @Override
-  public void revokeTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+    
     try {
-      super.revokeTablePermission(credentials, user, table, permission);
-      audit(credentials, "revoked permission %s on table %s for %s", permission, table, user);
+      boolean result = super.canExport(credentials, tableId, tableName, exportDir);
+      audit(credentials, result, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
+      return result;
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "revoking permission %s on table for %s", permission, table, user);
-      log.debug(ex);
+      audit(credentials, ex, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
       throw ex;
     }
   }
-  
+  public static final String DROP_USER_AUDIT_TEMPLATE = "action: dropUser; targetUser: %s;";
+
   @Override
-  public boolean hasSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+  public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException {
     try {
-      boolean result = super.hasSystemPermission(credentials, user, permission);
-      audit(credentials, "checked permission %s on %s", permission, user);
-      return result;
+      super.dropUser(credentials, user);
+      audit(credentials, DROP_USER_AUDIT_TEMPLATE, user);
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "checking permission %s on %s", permission, user);
-      log.debug(ex);
+      audit(credentials, ex, DROP_USER_AUDIT_TEMPLATE, user);
       throw ex;
     }
   }
-  
+  public static final String GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: grantSystemPermission; permission: %s; targetUser: %s;";
+
   @Override
-  public boolean hasTablePermission(TCredentials credentials, String user, String table, TablePermission permission) throws ThriftSecurityException {
+  public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
     try {
-      boolean result = super.hasTablePermission(credentials, user, table, permission);
-      audit(credentials, "checked permission %s on table %s for %s", permission, table, user);
-      return result;
+      super.grantSystemPermission(credentials, user, permission);
+      audit(credentials, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "checking permission %s on %s", permission, user);
-      log.debug(ex);
+      audit(credentials, ex, GRANT_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
       throw ex;
     }
   }
-  
+  public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
+
   @Override
-  public Set<String> listUsers(TCredentials credentials) throws ThriftSecurityException {
+  public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+    String tableName = getTableName(tableId);
     try {
-      Set<String> result = super.listUsers(credentials);
-      audit(credentials, "listUsers");
-      return result;
+      super.grantTablePermission(credentials, user, tableId, permission);
+      audit(credentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "listUsers");
-      log.debug(ex);
+      audit(credentials, ex, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
       throw ex;
     }
   }
-  
+  public static final String REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE = "action: revokeSystemPermission; permission: %s; targetUser: %s;";
+
   @Override
-  public void deleteTable(TCredentials credentials, String table) throws ThriftSecurityException {
+  public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
+    
     try {
-      super.deleteTable(credentials, table);
-      audit(credentials, "deleted table %s", table);
+      super.revokeSystemPermission(credentials, user, permission);
+      audit(credentials, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
     } catch (ThriftSecurityException ex) {
-      audit(credentials, ex, "deleting table %s", table);
-      log.debug(ex);
+      audit(credentials, ex, REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, permission, user);
       throw ex;
     }
   }
-  
+  public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
+
   @Override
-  public void initializeSecurity(TCredentials credentials, String principal, byte[] token) throws AccumuloSecurityException, ThriftSecurityException {
-    super.initializeSecurity(credentials, principal, token);
-    log.info("Initialized root user with username: " + principal + " at the request of user " + credentials.getPrincipal());
+  public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+    String tableName = getTableName(tableId);
+    try {
+      super.revokeTablePermission(credentials, user, tableId, permission);
+      audit(credentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
+    } catch (ThriftSecurityException ex) {
+      audit(credentials, ex, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
+      throw ex;
+    }
+  }
+  public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
+
+  @Override
+  public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, TableOperation op) throws ThriftSecurityException {
+    String tableName = getTableName(tableId);
+    String operation = null;
+    if (op == TableOperation.ONLINE)
+      operation = "onlineTable";
+    if (op == TableOperation.OFFLINE)
+      operation = "offlineTable";
+    try {
+      boolean result = super.canOnlineOfflineTable(credentials, tableId, op);
+      audit(credentials, result, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
+      return result;
+    } catch (ThriftSecurityException ex) {
+      audit(credentials, ex, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
+      throw ex;
+    }
   }
 }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Tue Jun  4 19:54:19 2013
@@ -16,6 +16,9 @@
  */
 package org.apache.accumulo.server.security;
 
+import java.nio.ByteBuffer;
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.apache.accumulo.core.Constants;
@@ -26,6 +29,11 @@ import org.apache.accumulo.core.client.i
 import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.conf.Property;
+import org.apache.accumulo.core.data.thrift.IterInfo;
+import org.apache.accumulo.core.data.thrift.TColumn;
+import org.apache.accumulo.core.data.thrift.TKeyExtent;
+import org.apache.accumulo.core.data.thrift.TRange;
+import org.apache.accumulo.core.master.thrift.TableOperation;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.CredentialHelper;
 import org.apache.accumulo.core.security.SystemPermission;
@@ -41,6 +49,7 @@ import org.apache.accumulo.server.securi
 import org.apache.accumulo.server.security.handler.ZKAuthorizor;
 import org.apache.accumulo.server.security.handler.ZKPermHandler;
 import org.apache.accumulo.server.zookeeper.ZooCache;
+import org.apache.hadoop.io.Text;
 import org.apache.log4j.Logger;
 
 /**
@@ -238,7 +247,7 @@ public class SecurityOperation {
    * 
    * @return true if a user exists and has permission; false otherwise
    */
-  private boolean hasTablePermission(String user, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
+  protected boolean hasTablePermission(String user, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
     if (user.equals(SecurityConstants.SYSTEM_PRINCIPAL))
       return true;
     
@@ -284,6 +293,14 @@ public class SecurityOperation {
     return hasTablePermission(credentials.getPrincipal(), table, TablePermission.READ, true);
   }
   
+  public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+    return canScan(credentials, table);
+  }
+  
+  public boolean canScan(TCredentials credentials, String table, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+    return canScan(credentials, table);
+  }
+  
   public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
     authenticate(credentials);
     return hasTablePermission(credentials.getPrincipal(), table, TablePermission.WRITE, true);
@@ -316,18 +333,22 @@ public class SecurityOperation {
         || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false);
   }
   
+  public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
+    return canCreateTable(c);
+  }
+  
   public boolean canCreateTable(TCredentials c) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false);
   }
   
-  public boolean canRenameTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canCloneTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.CREATE_TABLE, false)
         && hasTablePermission(c.getPrincipal(), tableId, TablePermission.READ, false);
@@ -339,7 +360,7 @@ public class SecurityOperation {
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.DROP_TABLE, false);
   }
   
-  public boolean canOnlineOfflineTable(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canOnlineOfflineTable(TCredentials c, String tableId, TableOperation op) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasSystemPermission(c.getPrincipal(), SystemPermission.ALTER_TABLE, false)
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
@@ -351,11 +372,15 @@ public class SecurityOperation {
         || hasTablePermission(c.getPrincipal(), tableId, TablePermission.ALTER_TABLE, false);
   }
   
-  public boolean canDeleteRange(TCredentials c, String tableId) throws ThriftSecurityException {
+  public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
     authenticate(c);
     return hasSystemPermission(c.getPrincipal(), SystemPermission.SYSTEM, false) || hasTablePermission(c.getPrincipal(), tableId, TablePermission.WRITE, false);
   }
   
+  public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
+    return canBulkImport(c, tableId);
+  }
+  
   public boolean canBulkImport(TCredentials c, String tableId) throws ThriftSecurityException {
     authenticate(c);
     return hasTablePermission(c.getPrincipal(), tableId, TablePermission.BULK_IMPORT, false);
@@ -603,12 +628,12 @@ public class SecurityOperation {
     }
   }
   
-  public boolean canExport(TCredentials credentials, String tableId) throws ThriftSecurityException {
+  public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
     authenticate(credentials);
     return hasTablePermission(credentials.getPrincipal(), tableId, TablePermission.READ, false);
   }
   
-  public boolean canImport(TCredentials credentials) throws ThriftSecurityException {
+  public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
     authenticate(credentials);
     return hasSystemPermission(credentials.getPrincipal(), SystemPermission.CREATE_TABLE, false);
   }

Modified: accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original)
+++ accumulo/trunk/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Tue Jun  4 19:54:19 2013
@@ -1102,7 +1102,7 @@ public class TabletServer extends Abstra
         throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
       
       Authorizations userauths = null;
-      if (!security.canScan(credentials, new String(textent.getTable())))
+      if (!security.canScan(credentials, new String(textent.getTable()), range, columns, ssiList, ssio, authorizations))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
       userauths = security.getUserAuthorizations(credentials);
@@ -1259,7 +1259,7 @@ public class TabletServer extends Abstra
       // check if user has permission to the tables
       Authorizations userauths = null;
       for (String table : tables)
-        if (!security.canScan(credentials, table))
+        if (!security.canScan(credentials, table, tbatch, tcolumns, ssiList, ssio, authorizations))
           throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       
       userauths = security.getUserAuthorizations(credentials);

Modified: accumulo/trunk/test/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/resources/log4j.properties?rev=1489585&r1=1489584&r2=1489585&view=diff
==============================================================================
--- accumulo/trunk/test/src/main/resources/log4j.properties (original)
+++ accumulo/trunk/test/src/main/resources/log4j.properties Tue Jun  4 19:54:19 2013
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-log4j.rootLogger=DEBUG,A1
-log4j.logger.org.apache.accumulo.core.util.shell.Shell.audit=WARN,A1
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout.ConversionPattern=%d{ISO8601} [%-8c{2}] %-5p: %m%n
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-



Mime
View raw message