accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ktur...@apache.org
Subject [33/50] git commit: ACCUMULO-1132 Provide AuthenticationToken type for system user
Date Tue, 23 Jul 2013 16:54:58 GMT
ACCUMULO-1132 Provide AuthenticationToken type for system user


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/a943f323
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/a943f323
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/a943f323

Branch: refs/heads/ACCUMULO-1000
Commit: a943f323b6ef9a614edee55c075eb63567b5c80a
Parents: 0793476
Author: Christopher Tubbs <ctubbsii@apache.org>
Authored: Fri Jul 19 19:05:22 2013 -0400
Committer: Christopher Tubbs <ctubbsii@apache.org>
Committed: Fri Jul 19 19:05:22 2013 -0400

----------------------------------------------------------------------
 .../client/admin/SecurityOperationsImpl.java    |   2 +-
 .../core/client/impl/ConnectorImpl.java         |   5 +-
 .../client/security/tokens/PasswordToken.java   |   7 +-
 .../core/security/CredentialHelper.java         |   2 +-
 .../accumulo/core/security/Credentials.java     |  18 +-
 server/pom.xml                                  |   6 +
 .../server/client/ClientServiceHandler.java     |  14 +-
 .../accumulo/server/client/HdfsZooInstance.java |   3 -
 .../client/security/token/SystemToken.java      |  30 ---
 .../server/gc/GarbageCollectWriteAheadLogs.java |   8 +-
 .../server/gc/SimpleGarbageCollector.java       |   9 +-
 .../accumulo/server/master/LiveTServerSet.java  |  24 +--
 .../apache/accumulo/server/master/Master.java   |   8 +-
 .../server/master/TabletGroupWatcher.java       |  12 +-
 .../master/balancer/TableLoadBalancer.java      |   4 +-
 .../server/master/balancer/TabletBalancer.java  |   8 +-
 .../server/master/state/MetaDataStateStore.java |   4 +-
 .../server/master/tableOps/BulkImport.java      |   4 +-
 .../server/master/tableOps/CloneTable.java      |  10 +-
 .../server/master/tableOps/CreateTable.java     |  12 +-
 .../server/master/tableOps/DeleteTable.java     |   6 +-
 .../server/master/tableOps/ImportTable.java     |   8 +-
 .../apache/accumulo/server/monitor/Monitor.java |   6 +-
 .../monitor/servlets/TServersServlet.java       |  18 +-
 .../server/monitor/servlets/TablesServlet.java  |   6 +-
 .../accumulo/server/problems/ProblemReport.java |   6 +-
 .../server/problems/ProblemReports.java         |   8 +-
 .../security/AuditedSecurityOperation.java      |   2 +-
 .../server/security/SecurityConstants.java      | 111 ----------
 .../server/security/SecurityOperation.java      | 207 +++++++++----------
 .../server/security/SystemCredentials.java      | 132 ++++++++++++
 .../accumulo/server/tabletserver/Tablet.java    |  34 +--
 .../server/tabletserver/TabletServer.java       |  78 ++++---
 .../org/apache/accumulo/server/util/Admin.java  |   6 +-
 .../server/util/FindOfflineTablets.java         |   6 +-
 .../apache/accumulo/server/util/Initialize.java |   4 +-
 .../accumulo/server/util/MetadataTableUtil.java |  16 +-
 .../server/security/SystemCredentialsTest.java  |  67 ++++++
 server/src/test/resources/accumulo-site.xml     |  32 +++
 .../apache/accumulo/test/GetMasterStats.java    |   6 +-
 .../continuous/ContinuousStatsCollector.java    |   7 +-
 .../test/functional/SplitRecoveryTest.java      |  26 +--
 .../metadata/MetadataBatchScanTest.java         |   6 +-
 .../test/performance/thrift/NullTserver.java    |   4 +-
 .../test/randomwalk/concurrent/Shutdown.java    |  24 +--
 .../test/randomwalk/concurrent/StartAll.java    |   8 +-
 .../randomwalk/security/WalkingSecurity.java    |   3 +-
 47 files changed, 549 insertions(+), 478 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
index 84a1ebd..d5e1d8b 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
@@ -157,7 +157,7 @@ public class SecurityOperationsImpl implements SecurityOperations {
         client.changeLocalUserPassword(Tracer.traceInfo(), credentials, principal, ByteBuffer.wrap(token.getPassword()));
       }
     });
-    if (this.credentials.principal.equals(principal)) {
+    if (this.credentials.getPrincipal().equals(principal)) {
       this.credentials = toChange;
     }
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/core/src/main/java/org/apache/accumulo/core/client/impl/ConnectorImpl.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/ConnectorImpl.java b/core/src/main/java/org/apache/accumulo/core/client/impl/ConnectorImpl.java
index 1702082..3c6e445 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/impl/ConnectorImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/impl/ConnectorImpl.java
@@ -58,9 +58,8 @@ public class ConnectorImpl extends Connector {
     
     this.credentials = cred;
     
-    // hardcoded string for SYSTEM user since the definition is
-    // in server code
-    if (!cred.getPrincipal().equals("!SYSTEM")) {
+    // Skip fail fast for system services; string literal for class name, to avoid
+    if (!"org.apache.accumulo.server.security.SystemCredentials$SystemToken".equals(cred.getTokenClassName())) {
       ServerClient.execute(instance, new ClientExec<ClientService.Client>() {
         @Override
         public void execute(ClientService.Client iface) throws Exception {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/core/src/main/java/org/apache/accumulo/core/client/security/tokens/PasswordToken.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/PasswordToken.java b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/PasswordToken.java
index 50d6938..c39fb8d 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/PasswordToken.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/PasswordToken.java
@@ -137,15 +137,14 @@ public class PasswordToken implements AuthenticationToken {
       }
     }
   }
-
+  
   @Override
   public void init(Properties properties) {
-    if (properties.containsKey("password")){
+    if (properties.containsKey("password")) {
       setPassword(CharBuffer.wrap(properties.get("password")));
-    }else
+    } else
       throw new IllegalArgumentException("Missing 'password' property");
   }
-
   
   @Override
   public Set<TokenProperty> getProperties() {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java b/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
index 69e3ba1..15fc47a 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java
@@ -77,7 +77,7 @@ public class CredentialHelper {
   }
   
   public static AuthenticationToken extractToken(TCredentials toAuth) throws AccumuloSecurityException {
-    return extractToken(toAuth.tokenClassName, toAuth.getToken());
+    return extractToken(toAuth.getTokenClassName(), toAuth.getToken());
   }
   
   public static TCredentials createSquelchError(String principal, AuthenticationToken token, String instanceID) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/core/src/main/java/org/apache/accumulo/core/security/Credentials.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/Credentials.java b/core/src/main/java/org/apache/accumulo/core/security/Credentials.java
index 31fe18d..2c1dd8b 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/Credentials.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/Credentials.java
@@ -24,20 +24,30 @@ import org.apache.accumulo.core.security.thrift.TCredentials;
 /**
  * A wrapper for internal use. This class carries the instance, principal, and authentication token for use in the public API, in a non-serialized form. This is
  * important, so that the authentication token carried in a {@link Connector} can be destroyed, invalidating future RPC operations from that {@link Connector}.
+ * <p>
+ * See ACCUMULO-1312
+ * 
+ * @since 1.6.0
  */
 public class Credentials {
   
-  private Instance instance;
   private String principal;
   private AuthenticationToken token;
   
-  public Credentials(Instance instance, String principal, AuthenticationToken token) {
-    this.instance = instance;
+  public Credentials(String principal, AuthenticationToken token) {
     this.principal = principal;
     this.token = token;
   }
   
-  public TCredentials toThrift() {
+  public String getPrincipal() {
+    return principal;
+  }
+  
+  public AuthenticationToken getToken() {
+    return token;
+  }
+  
+  public TCredentials toThrift(Instance instance) {
     return CredentialHelper.createSquelchError(principal, token, instance.getInstanceID());
   }
   

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/pom.xml
----------------------------------------------------------------------
diff --git a/server/pom.xml b/server/pom.xml
index 75447be..ff846b4 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -124,6 +124,12 @@
     </dependency>
   </dependencies>
   <build>
+    <testResources>
+      <testResource>
+        <filtering>true</filtering>
+        <directory>src/test/resources</directory>
+      </testResource>
+    </testResources>
     <pluginManagement>
       <plugins>
         <plugin>

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java b/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
index 6c3f110..6fd6a65 100644
--- a/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
+++ b/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
@@ -135,14 +135,14 @@ public class ClientServiceHandler implements ClientService.Iface {
   @Override
   public void changeLocalUserPassword(TInfo tinfo, TCredentials credentials, String principal, ByteBuffer password) throws ThriftSecurityException {
     PasswordToken token = new PasswordToken(password);
-    TCredentials toChange = CredentialHelper.createSquelchError(principal, token, credentials.instanceId);
+    TCredentials toChange = CredentialHelper.createSquelchError(principal, token, credentials.getInstanceId());
     security.changePassword(credentials, toChange);
   }
   
   @Override
   public void createLocalUser(TInfo tinfo, TCredentials credentials, String principal, ByteBuffer password) throws ThriftSecurityException {
     PasswordToken token = new PasswordToken(password);
-    TCredentials newUser = CredentialHelper.createSquelchError(principal, token, credentials.instanceId);
+    TCredentials newUser = CredentialHelper.createSquelchError(principal, token, credentials.getInstanceId());
     security.createUser(credentials, newUser, new Authorizations());
   }
   
@@ -230,11 +230,10 @@ public class ClientServiceHandler implements ClientService.Iface {
   }
   
   @Override
-  public List<String> bulkImportFiles(TInfo tinfo, final TCredentials tikw, final long tid, final String tableId, final List<String> files,
+  public List<String> bulkImportFiles(TInfo tinfo, final TCredentials credentials, final long tid, final String tableId, final List<String> files,
       final String errorDir, final boolean setTime) throws ThriftSecurityException, ThriftTableOperationException, TException {
     try {
-      final TCredentials credentials = new TCredentials(tikw);
-      if (!security.hasSystemPermission(credentials, credentials.getPrincipal(), SystemPermission.SYSTEM))
+      if (!security.canPerformSystemActions(credentials))
         throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
       return transactionWatcher.run(Constants.BULK_ARBITRATOR_TYPE, tid, new Callable<List<String>>() {
         @Override
@@ -281,7 +280,6 @@ public class ClientServiceHandler implements ClientService.Iface {
     }
   }
   
-  @SuppressWarnings({"rawtypes", "unchecked"})
   @Override
   public boolean checkTableClass(TInfo tinfo, TCredentials credentials, String tableName, String className, String interfaceMatch) throws TException,
       ThriftTableOperationException, ThriftSecurityException {
@@ -291,7 +289,7 @@ public class ClientServiceHandler implements ClientService.Iface {
     String tableId = checkTableId(tableName, null);
     
     ClassLoader loader = getClass().getClassLoader();
-    Class shouldMatch;
+    Class<?> shouldMatch;
     try {
       shouldMatch = loader.loadClass(interfaceMatch);
       
@@ -307,7 +305,7 @@ public class ClientServiceHandler implements ClientService.Iface {
         currentLoader = AccumuloVFSClassLoader.getClassLoader();
       }
       
-      Class test = currentLoader.loadClass(className).asSubclass(shouldMatch);
+      Class<?> test = currentLoader.loadClass(className).asSubclass(shouldMatch);
       test.newInstance();
       return true;
     } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java b/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
index db5ece0..f306b86 100644
--- a/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
+++ b/server/src/main/java/org/apache/accumulo/server/client/HdfsZooInstance.java
@@ -145,7 +145,6 @@ public class HdfsZooInstance implements Instance {
   }
   
   @Override
-  // Not really deprecated, just not for client use
   public Connector getConnector(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException {
     return getConnector(CredentialHelper.create(principal, token, getInstanceID()));
   }
@@ -156,13 +155,11 @@ public class HdfsZooInstance implements Instance {
   }
   
   @Override
-  // Not really deprecated, just not for client use
   public Connector getConnector(String user, byte[] pass) throws AccumuloException, AccumuloSecurityException {
     return getConnector(user, new PasswordToken(pass));
   }
   
   @Override
-  // Not really deprecated, just not for client use
   public Connector getConnector(String user, ByteBuffer pass) throws AccumuloException, AccumuloSecurityException {
     return getConnector(user, ByteBufferUtil.toBytes(pass));
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/client/security/token/SystemToken.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/client/security/token/SystemToken.java b/server/src/main/java/org/apache/accumulo/server/client/security/token/SystemToken.java
deleted file mode 100644
index 72b2217..0000000
--- a/server/src/main/java/org/apache/accumulo/server/client/security/token/SystemToken.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.accumulo.server.client.security.token;
-
-import org.apache.accumulo.core.client.security.tokens.PasswordToken;
-
-/**
- * @since 1.5.0
- */
-
-public class SystemToken extends PasswordToken {
-  
-  public SystemToken(byte[] systemPassword) {
-    super(systemPassword);
-  }
-}

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java b/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java
index d50cff2..9bf7bf6 100644
--- a/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java
+++ b/server/src/main/java/org/apache/accumulo/server/gc/GarbageCollectWriteAheadLogs.java
@@ -40,7 +40,7 @@ import org.apache.accumulo.core.util.ThriftUtil;
 import org.apache.accumulo.core.zookeeper.ZooUtil;
 import org.apache.accumulo.server.ServerConstants;
 import org.apache.accumulo.server.fs.VolumeManager;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.AddressUtil;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.util.MetadataTableUtil.LogEntry;
@@ -165,7 +165,7 @@ public class GarbageCollectWriteAheadLogs {
           Client tserver = null;
           try {
             tserver = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
-            tserver.removeLogs(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), paths2strings(entry.getValue()));
+            tserver.removeLogs(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), paths2strings(entry.getValue()));
             log.debug("deleted " + entry.getValue() + " from " + entry.getKey());
             status.currentLog.deleted += entry.getValue().size();
           } catch (TException e) {
@@ -206,7 +206,7 @@ public class GarbageCollectWriteAheadLogs {
       result.add(path.toString());
     return result;
   }
-
+  
   private static Map<String,ArrayList<Path>> mapServersToFiles(Map<Path,String> fileToServerMap) {
     Map<String,ArrayList<Path>> result = new HashMap<String,ArrayList<Path>>();
     for (Entry<Path,String> fileServer : fileToServerMap.entrySet()) {
@@ -223,7 +223,7 @@ public class GarbageCollectWriteAheadLogs {
   private static int removeMetadataEntries(Map<Path,String> fileToServerMap, Set<Path> sortedWALogs, GCStatus status) throws IOException, KeeperException,
       InterruptedException {
     int count = 0;
-    Iterator<LogEntry> iterator = MetadataTableUtil.getLogEntries(SecurityConstants.getSystemCredentials());
+    Iterator<LogEntry> iterator = MetadataTableUtil.getLogEntries(SystemCredentials.get().getAsThrift());
     while (iterator.hasNext()) {
       for (String filename : iterator.next().logSet) {
         Path path;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java b/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
index f18e5bc..de73282 100644
--- a/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
+++ b/server/src/main/java/org/apache/accumulo/server/gc/SimpleGarbageCollector.java
@@ -85,7 +85,7 @@ import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.fs.VolumeManager;
 import org.apache.accumulo.server.fs.VolumeManagerImpl;
 import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.Halt;
 import org.apache.accumulo.server.util.TServerUtils;
 import org.apache.accumulo.server.util.TabletIterator;
@@ -162,7 +162,7 @@ public class SimpleGarbageCollector implements Iface {
     if (opts.address != null)
       gc.useAddress(address);
     
-    gc.init(fs, instance, SecurityConstants.getSystemCredentials(), serverConf.getConfiguration().getBoolean(Property.GC_TRASH_IGNORE));
+    gc.init(fs, instance, SystemCredentials.get().getAsThrift(), serverConf.getConfiguration().getBoolean(Property.GC_TRASH_IGNORE));
     Accumulo.enableTracing(address, "gc");
     gc.run();
   }
@@ -582,8 +582,7 @@ public class SimpleGarbageCollector implements Iface {
       Map<Key,Value> tabletKeyValues = tabletIterator.next();
       
       for (Entry<Key,Value> entry : tabletKeyValues.entrySet()) {
-        if (entry.getKey().getColumnFamily().equals(DataFileColumnFamily.NAME)
-            || entry.getKey().getColumnFamily().equals(ScanFileColumnFamily.NAME)) {
+        if (entry.getKey().getColumnFamily().equals(DataFileColumnFamily.NAME) || entry.getKey().getColumnFamily().equals(ScanFileColumnFamily.NAME)) {
           
           String cf = entry.getKey().getColumnQualifier().toString();
           String delete = cf;
@@ -638,7 +637,7 @@ public class SimpleGarbageCollector implements Iface {
     if (!offline) {
       Connector c;
       try {
-        c = instance.getConnector(SecurityConstants.SYSTEM_PRINCIPAL, SecurityConstants.getSystemToken());
+        c = instance.getConnector(SystemCredentials.get().getPrincipal(), SystemCredentials.get().getToken());
         writer = c.createBatchWriter(MetadataTable.NAME, new BatchWriterConfig());
         rootWriter = c.createBatchWriter(RootTable.NAME, new BatchWriterConfig());
       } catch (AccumuloException e) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java b/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java
index bebff7f..68255b8 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/LiveTServerSet.java
@@ -37,7 +37,7 @@ import org.apache.accumulo.core.util.ServerServices;
 import org.apache.accumulo.core.util.ThriftUtil;
 import org.apache.accumulo.core.zookeeper.ZooUtil;
 import org.apache.accumulo.server.master.state.TServerInstance;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.AddressUtil;
 import org.apache.accumulo.server.util.Halt;
 import org.apache.accumulo.server.util.time.SimpleTimer;
@@ -83,7 +83,7 @@ public class LiveTServerSet implements Watcher {
     public void assignTablet(ZooLock lock, KeyExtent extent) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.loadTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift());
+        client.loadTablet(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), extent.toThrift());
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -92,7 +92,7 @@ public class LiveTServerSet implements Watcher {
     public void unloadTablet(ZooLock lock, KeyExtent extent, boolean save) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.unloadTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift(), save);
+        client.unloadTablet(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), extent.toThrift(), save);
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -107,7 +107,7 @@ public class LiveTServerSet implements Watcher {
       
       try {
         TabletClientService.Client client = ThriftUtil.createClient(new TabletClientService.Client.Factory(), transport);
-        return client.getTabletServerStatus(Tracer.traceInfo(), SecurityConstants.getSystemCredentials());
+        return client.getTabletServerStatus(Tracer.traceInfo(), SystemCredentials.get().getAsThrift());
       } finally {
         if (transport != null)
           transport.close();
@@ -117,7 +117,7 @@ public class LiveTServerSet implements Watcher {
     public void halt(ZooLock lock) throws TException, ThriftSecurityException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.halt(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock));
+        client.halt(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock));
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -126,7 +126,7 @@ public class LiveTServerSet implements Watcher {
     public void fastHalt(ZooLock lock) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.fastHalt(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock));
+        client.fastHalt(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock));
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -135,8 +135,8 @@ public class LiveTServerSet implements Watcher {
     public void flush(ZooLock lock, String tableId, byte[] startRow, byte[] endRow) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.flush(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), tableId,
-            startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow));
+        client.flush(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), tableId, startRow == null ? null : ByteBuffer.wrap(startRow),
+            endRow == null ? null : ByteBuffer.wrap(endRow));
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -145,7 +145,7 @@ public class LiveTServerSet implements Watcher {
     public void chop(ZooLock lock, KeyExtent extent) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.chop(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift());
+        client.chop(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), extent.toThrift());
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -154,7 +154,7 @@ public class LiveTServerSet implements Watcher {
     public void splitTablet(ZooLock lock, KeyExtent extent, Text splitPoint) throws TException, ThriftSecurityException, NotServingTabletException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.splitTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), extent.toThrift(),
+        client.splitTablet(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), extent.toThrift(),
             ByteBuffer.wrap(splitPoint.getBytes(), 0, splitPoint.getLength()));
       } finally {
         ThriftUtil.returnClient(client);
@@ -164,7 +164,7 @@ public class LiveTServerSet implements Watcher {
     public void flushTablet(ZooLock lock, KeyExtent extent) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.flushTablet(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), extent.toThrift());
+        client.flushTablet(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), extent.toThrift());
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -173,7 +173,7 @@ public class LiveTServerSet implements Watcher {
     public void compact(ZooLock lock, String tableId, byte[] startRow, byte[] endRow) throws TException {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, conf);
       try {
-        client.compact(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), lockString(lock), tableId,
+        client.compact(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), lockString(lock), tableId,
             startRow == null ? null : ByteBuffer.wrap(startRow), endRow == null ? null : ByteBuffer.wrap(endRow));
       } finally {
         ThriftUtil.returnClient(client);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/Master.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/Master.java b/server/src/main/java/org/apache/accumulo/server/master/Master.java
index b5ffd0a..0cb0378 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/Master.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/Master.java
@@ -129,8 +129,8 @@ import org.apache.accumulo.server.master.tableOps.TraceRepo;
 import org.apache.accumulo.server.master.tserverOps.ShutdownTServer;
 import org.apache.accumulo.server.monitor.Monitor;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
-import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.AddressUtil;
 import org.apache.accumulo.server.util.DefaultMap;
 import org.apache.accumulo.server.util.Halt;
@@ -291,7 +291,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
           @Override
           public void run() {
             try {
-              MetadataTableUtil.moveMetaDeleteMarkers(instance, SecurityConstants.getSystemCredentials());
+              MetadataTableUtil.moveMetaDeleteMarkers(instance, SystemCredentials.get().getAsThrift());
               Accumulo.updateAccumuloVersion(fs);
               
               log.info("Upgrade complete");
@@ -409,7 +409,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
   }
   
   public Connector getConnector() throws AccumuloException, AccumuloSecurityException {
-    return instance.getConnector(SecurityConstants.SYSTEM_PRINCIPAL, SecurityConstants.getSystemToken());
+    return instance.getConnector(SystemCredentials.get().getPrincipal(), SystemCredentials.get().getToken());
   }
   
   private void waitAround(EventCoordinator.Listener listener) {
@@ -1503,7 +1503,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
       }
     });
     
-    TCredentials systemAuths = SecurityConstants.getSystemCredentials();
+    TCredentials systemAuths = SystemCredentials.get().getAsThrift();
     watchers.add(new TabletGroupWatcher(this, new MetaDataStateStore(instance, systemAuths, this), null));
     watchers.add(new TabletGroupWatcher(this, new RootTabletStateStore(instance, systemAuths, this), watchers.get(0)));
     watchers.add(new TabletGroupWatcher(this, new ZooTabletStateStore(new ZooStore(zroot)), watchers.get(1)));

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/TabletGroupWatcher.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/TabletGroupWatcher.java b/server/src/main/java/org/apache/accumulo/server/master/TabletGroupWatcher.java
index c0479dd..fb905c9 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/TabletGroupWatcher.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/TabletGroupWatcher.java
@@ -70,7 +70,7 @@ import org.apache.accumulo.server.master.state.TabletLocationState;
 import org.apache.accumulo.server.master.state.TabletState;
 import org.apache.accumulo.server.master.state.TabletStateStore;
 import org.apache.accumulo.server.master.state.tables.TableManager;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.hadoop.io.Text;
@@ -410,7 +410,7 @@ class TabletGroupWatcher extends Daemon {
         if (key.compareColumnFamily(DataFileColumnFamily.NAME) == 0) {
           datafiles.add(new FileRef(this.master.fs, key));
           if (datafiles.size() > 1000) {
-            MetadataTableUtil.addDeleteEntries(extent, datafiles, SecurityConstants.getSystemCredentials());
+            MetadataTableUtil.addDeleteEntries(extent, datafiles, SystemCredentials.get().getAsThrift());
             datafiles.clear();
           }
         } else if (TabletsSection.ServerColumnFamily.TIME_COLUMN.hasColumns(key)) {
@@ -420,12 +420,12 @@ class TabletGroupWatcher extends Daemon {
         } else if (TabletsSection.ServerColumnFamily.DIRECTORY_COLUMN.hasColumns(key)) {
           datafiles.add(new FileRef(this.master.fs, key));
           if (datafiles.size() > 1000) {
-            MetadataTableUtil.addDeleteEntries(extent, datafiles, SecurityConstants.getSystemCredentials());
+            MetadataTableUtil.addDeleteEntries(extent, datafiles, SystemCredentials.get().getAsThrift());
             datafiles.clear();
           }
         }
       }
-      MetadataTableUtil.addDeleteEntries(extent, datafiles, SecurityConstants.getSystemCredentials());
+      MetadataTableUtil.addDeleteEntries(extent, datafiles, SystemCredentials.get().getAsThrift());
       BatchWriter bw = conn.createBatchWriter(targetSystemTable, new BatchWriterConfig());
       try {
         deleteTablets(info, deleteRange, bw, conn);
@@ -448,8 +448,8 @@ class TabletGroupWatcher extends Daemon {
       } else {
         // Recreate the default tablet to hold the end of the table
         Master.log.debug("Recreating the last tablet to point to " + extent.getPrevEndRow());
-        MetadataTableUtil.addTablet(new KeyExtent(extent.getTableId(), null, extent.getPrevEndRow()), Constants.DEFAULT_TABLET_LOCATION,
-            SecurityConstants.getSystemCredentials(), timeType, this.master.masterLock);
+        MetadataTableUtil.addTablet(new KeyExtent(extent.getTableId(), null, extent.getPrevEndRow()), Constants.DEFAULT_TABLET_LOCATION, SystemCredentials
+            .get().getAsThrift(), timeType, this.master.masterLock);
       }
     } catch (Exception ex) {
       throw new AccumuloException(ex);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/balancer/TableLoadBalancer.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/balancer/TableLoadBalancer.java b/server/src/main/java/org/apache/accumulo/server/master/balancer/TableLoadBalancer.java
index b9cecbf..3e0a2bf 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/balancer/TableLoadBalancer.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/balancer/TableLoadBalancer.java
@@ -33,7 +33,7 @@ import org.apache.accumulo.core.data.KeyExtent;
 import org.apache.accumulo.core.master.thrift.TabletServerStatus;
 import org.apache.accumulo.server.master.state.TServerInstance;
 import org.apache.accumulo.server.master.state.TabletMigration;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader;
 import org.apache.log4j.Logger;
 
@@ -119,7 +119,7 @@ public class TableLoadBalancer extends TabletBalancer {
   protected TableOperations getTableOperations() {
     if (tops == null)
       try {
-        tops = configuration.getInstance().getConnector(SecurityConstants.getSystemPrincipal(), SecurityConstants.getSystemToken()).tableOperations();
+        tops = configuration.getInstance().getConnector(SystemCredentials.get().getPrincipal(), SystemCredentials.get().getToken()).tableOperations();
       } catch (AccumuloException e) {
         log.error("Unable to access table operations from within table balancer", e);
       } catch (AccumuloSecurityException e) {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java b/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java
index d6dce2f..625fa40 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/balancer/TabletBalancer.java
@@ -22,7 +22,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.SortedMap;
 
-import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.data.KeyExtent;
 import org.apache.accumulo.core.master.thrift.TabletServerStatus;
@@ -33,7 +32,8 @@ import org.apache.accumulo.core.util.ThriftUtil;
 import org.apache.accumulo.server.conf.ServerConfiguration;
 import org.apache.accumulo.server.master.state.TServerInstance;
 import org.apache.accumulo.server.master.state.TabletMigration;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
+import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
 import org.apache.thrift.transport.TTransportException;
@@ -43,7 +43,7 @@ public abstract class TabletBalancer {
   private static final Logger log = Logger.getLogger(TabletBalancer.class);
   
   protected ServerConfiguration configuration;
-
+  
   /**
    * Initialize the TabletBalancer. This gives the balancer the opportunity to read the configuration.
    */
@@ -98,7 +98,7 @@ public abstract class TabletBalancer {
     log.debug("Scanning tablet server " + tserver + " for table " + tableId);
     Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), tserver.getLocation(), configuration.getConfiguration());
     try {
-      List<TabletStats> onlineTabletsForTable = client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tableId);
+      List<TabletStats> onlineTabletsForTable = client.getTabletStats(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), tableId);
       return onlineTabletsForTable;
     } catch (TTransportException e) {
       log.error("Unable to connect to " + tserver + ": " + e);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java b/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java
index b58e618..5cb7b0c 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/state/MetaDataStateStore.java
@@ -32,7 +32,7 @@ import org.apache.accumulo.core.metadata.schema.MetadataSchema.TabletsSection;
 import org.apache.accumulo.core.security.CredentialHelper;
 import org.apache.accumulo.core.security.thrift.TCredentials;
 import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.hadoop.io.Text;
 
 public class MetaDataStateStore extends TabletStateStore {
@@ -59,7 +59,7 @@ public class MetaDataStateStore extends TabletStateStore {
   }
   
   protected MetaDataStateStore(String tableName) {
-    this(HdfsZooInstance.getInstance(), SecurityConstants.getSystemCredentials(), null, tableName);
+    this(HdfsZooInstance.getInstance(), SystemCredentials.get().getAsThrift(), null, tableName);
   }
   
   public MetaDataStateStore() {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java b/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java
index 4f44d79..cfbdc97 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/tableOps/BulkImport.java
@@ -68,7 +68,7 @@ import org.apache.accumulo.server.fs.VolumeManager;
 import org.apache.accumulo.server.master.LiveTServerSet.TServerConnection;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.TServerInstance;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.tabletserver.UniqueNameAllocator;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.zookeeper.DistributedWorkQueue;
@@ -557,7 +557,7 @@ class LoadFiles extends MasterRepo {
               server = pair.getFirst();
               List<String> attempt = Collections.singletonList(file);
               log.debug("Asking " + pair.getFirst() + " to bulk import " + file);
-              List<String> fail = client.bulkImportFiles(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tid, tableId, attempt, errorDir, setTime);
+              List<String> fail = client.bulkImportFiles(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), tid, tableId, attempt, errorDir, setTime);
               if (fail.isEmpty()) {
                 loaded.add(file);
               } else {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java b/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
index 8bf437d..3534a78 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/tableOps/CloneTable.java
@@ -32,7 +32,7 @@ import org.apache.accumulo.server.client.HdfsZooInstance;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.log4j.Logger;
 
@@ -108,14 +108,14 @@ class CloneMetadata extends MasterRepo {
     Instance instance = HdfsZooInstance.getInstance();
     // need to clear out any metadata entries for tableId just in case this
     // died before and is executing again
-    MetadataTableUtil.deleteTable(cloneInfo.tableId, false, SecurityConstants.getSystemCredentials(), environment.getMasterLock());
+    MetadataTableUtil.deleteTable(cloneInfo.tableId, false, SystemCredentials.get().getAsThrift(), environment.getMasterLock());
     MetadataTableUtil.cloneTable(instance, cloneInfo.srcTableId, cloneInfo.tableId);
     return new FinishCloneTable(cloneInfo);
   }
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    MetadataTableUtil.deleteTable(cloneInfo.tableId, false, SecurityConstants.getSystemCredentials(), environment.getMasterLock());
+    MetadataTableUtil.deleteTable(cloneInfo.tableId, false, SystemCredentials.get().getAsThrift(), environment.getMasterLock());
   }
   
 }
@@ -183,7 +183,7 @@ class ClonePermissions extends MasterRepo {
     // give all table permissions to the creator
     for (TablePermission permission : TablePermission.values()) {
       try {
-        AuditedSecurityOperation.getInstance().grantTablePermission(SecurityConstants.getSystemCredentials(), cloneInfo.user, cloneInfo.tableId, permission);
+        AuditedSecurityOperation.getInstance().grantTablePermission(SystemCredentials.get().getAsThrift(), cloneInfo.user, cloneInfo.tableId, permission);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
         throw e;
@@ -198,7 +198,7 @@ class ClonePermissions extends MasterRepo {
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), cloneInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().getAsThrift(), cloneInfo.tableId);
   }
 }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java b/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
index d9acd8d..2f35f97 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/tableOps/CreateTable.java
@@ -36,8 +36,8 @@ import org.apache.accumulo.server.fs.VolumeManager;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
-import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.tabletserver.TabletTime;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.util.TablePropUtil;
@@ -115,7 +115,7 @@ class PopulateMetadata extends MasterRepo {
   public Repo<Master> call(long tid, Master environment) throws Exception {
     
     KeyExtent extent = new KeyExtent(new Text(tableInfo.tableId), null, null);
-    MetadataTableUtil.addTablet(extent, Constants.DEFAULT_TABLET_LOCATION, SecurityConstants.getSystemCredentials(), tableInfo.timeType,
+    MetadataTableUtil.addTablet(extent, Constants.DEFAULT_TABLET_LOCATION, SystemCredentials.get().getAsThrift(), tableInfo.timeType,
         environment.getMasterLock());
     
     return new FinishCreateTable(tableInfo);
@@ -124,7 +124,7 @@ class PopulateMetadata extends MasterRepo {
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    MetadataTableUtil.deleteTable(tableInfo.tableId, false, SecurityConstants.getSystemCredentials(), environment.getMasterLock());
+    MetadataTableUtil.deleteTable(tableInfo.tableId, false, SystemCredentials.get().getAsThrift(), environment.getMasterLock());
   }
   
 }
@@ -153,7 +153,7 @@ class CreateDir extends MasterRepo {
   @Override
   public void undo(long tid, Master master) throws Exception {
     VolumeManager fs = master.getFileSystem();
-    for(String dir : ServerConstants.getTablesDirs()) {
+    for (String dir : ServerConstants.getTablesDirs()) {
       fs.deleteRecursively(new Path(dir + "/" + tableInfo.tableId));
     }
     
@@ -225,7 +225,7 @@ class SetupPermissions extends MasterRepo {
     SecurityOperation security = AuditedSecurityOperation.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
-        security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
+        security.grantTablePermission(SystemCredentials.get().getAsThrift(), tableInfo.user, tableInfo.tableId, permission);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(FinishCreateTable.class).error(e.getMessage(), e);
         throw e;
@@ -240,7 +240,7 @@ class SetupPermissions extends MasterRepo {
   
   @Override
   public void undo(long tid, Master env) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().getAsThrift(), tableInfo.tableId);
   }
   
 }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java b/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
index 7d6186e..3786d27 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/tableOps/DeleteTable.java
@@ -47,7 +47,7 @@ import org.apache.accumulo.server.master.state.TabletState;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.problems.ProblemReports;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.io.Text;
@@ -155,7 +155,7 @@ class CleanUp extends MasterRepo {
       // Intentionally do not pass master lock. If master loses lock, this operation may complete before master can kill itself.
       // If the master lock passed to deleteTable, it is possible that the delete mutations will be dropped. If the delete operations
       // are dropped and the operation completes, then the deletes will not be repeated.
-      MetadataTableUtil.deleteTable(tableId, refCount != 0, SecurityConstants.getSystemCredentials(), null);
+      MetadataTableUtil.deleteTable(tableId, refCount != 0, SystemCredentials.get().getAsThrift(), null);
     } catch (Exception e) {
       log.error("error deleting " + tableId + " from metadata table", e);
     }
@@ -189,7 +189,7 @@ class CleanUp extends MasterRepo {
     
     // remove any permissions associated with this table
     try {
-      AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableId);
+      AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().getAsThrift(), tableId);
     } catch (ThriftSecurityException e) {
       log.error(e.getMessage(), e);
     }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/master/tableOps/ImportTable.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/master/tableOps/ImportTable.java b/server/src/main/java/org/apache/accumulo/server/master/tableOps/ImportTable.java
index ae6930b..364c267 100644
--- a/server/src/main/java/org/apache/accumulo/server/master/tableOps/ImportTable.java
+++ b/server/src/main/java/org/apache/accumulo/server/master/tableOps/ImportTable.java
@@ -59,8 +59,8 @@ import org.apache.accumulo.server.fs.VolumeManager;
 import org.apache.accumulo.server.master.Master;
 import org.apache.accumulo.server.master.state.tables.TableManager;
 import org.apache.accumulo.server.security.AuditedSecurityOperation;
-import org.apache.accumulo.server.security.SecurityConstants;
 import org.apache.accumulo.server.security.SecurityOperation;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.tabletserver.UniqueNameAllocator;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.util.TablePropUtil;
@@ -293,7 +293,7 @@ class PopulateMetadataTable extends MasterRepo {
   
   @Override
   public void undo(long tid, Master environment) throws Exception {
-    MetadataTableUtil.deleteTable(tableInfo.tableId, false, SecurityConstants.getSystemCredentials(), environment.getMasterLock());
+    MetadataTableUtil.deleteTable(tableInfo.tableId, false, SystemCredentials.get().getAsThrift(), environment.getMasterLock());
   }
 }
 
@@ -484,7 +484,7 @@ class ImportSetupPermissions extends MasterRepo {
     SecurityOperation security = AuditedSecurityOperation.getInstance();
     for (TablePermission permission : TablePermission.values()) {
       try {
-        security.grantTablePermission(SecurityConstants.getSystemCredentials(), tableInfo.user, tableInfo.tableId, permission);
+        security.grantTablePermission(SystemCredentials.get().getAsThrift(), tableInfo.user, tableInfo.tableId, permission);
       } catch (ThriftSecurityException e) {
         Logger.getLogger(ImportSetupPermissions.class).error(e.getMessage(), e);
         throw e;
@@ -499,7 +499,7 @@ class ImportSetupPermissions extends MasterRepo {
   
   @Override
   public void undo(long tid, Master env) throws Exception {
-    AuditedSecurityOperation.getInstance().deleteTable(SecurityConstants.getSystemCredentials(), tableInfo.tableId);
+    AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().getAsThrift(), tableInfo.tableId);
   }
 }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java b/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
index 56e473a..5957f26 100644
--- a/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
+++ b/server/src/main/java/org/apache/accumulo/server/monitor/Monitor.java
@@ -70,7 +70,7 @@ import org.apache.accumulo.server.monitor.servlets.trace.ShowTrace;
 import org.apache.accumulo.server.monitor.servlets.trace.Summary;
 import org.apache.accumulo.server.problems.ProblemReports;
 import org.apache.accumulo.server.problems.ProblemType;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.EmbeddedWebServer;
 import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.log4j.Logger;
@@ -292,7 +292,7 @@ public class Monitor {
         try {
           client = MasterClient.getConnection(HdfsZooInstance.getInstance());
           if (client != null) {
-            mmi = client.getMasterStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials());
+            mmi = client.getMasterStats(Tracer.traceInfo(), SystemCredentials.get().getAsThrift());
             retry = false;
           } else {
             mmi = null;
@@ -432,7 +432,7 @@ public class Monitor {
           address = new ServerServices(new String(zk.getData(path + "/" + locks.get(0), null, null))).getAddress(Service.GC_CLIENT);
           GCMonitorService.Client client = ThriftUtil.getClient(new GCMonitorService.Client.Factory(), address, config.getConfiguration());
           try {
-            result = client.getStatus(Tracer.traceInfo(), SecurityConstants.getSystemCredentials());
+            result = client.getStatus(Tracer.traceInfo(), SystemCredentials.get().getAsThrift());
           } finally {
             ThriftUtil.returnClient(client);
           }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java b/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java
index 095725e..8484608 100644
--- a/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java
+++ b/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TServersServlet.java
@@ -27,7 +27,6 @@ import java.util.Map.Entry;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.accumulo.core.data.KeyExtent;
 import org.apache.accumulo.core.master.thrift.DeadServer;
 import org.apache.accumulo.core.master.thrift.MasterMonitorInfo;
@@ -51,8 +50,9 @@ import org.apache.accumulo.server.monitor.util.celltypes.PercentageType;
 import org.apache.accumulo.server.monitor.util.celltypes.ProgressChartType;
 import org.apache.accumulo.server.monitor.util.celltypes.TServerLinkType;
 import org.apache.accumulo.server.monitor.util.celltypes.TableLinkType;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.tabletserver.TabletStatsKeeper;
+import org.apache.accumulo.trace.instrument.Tracer;
 import org.apache.commons.codec.binary.Base64;
 
 public class TServersServlet extends BasicServlet {
@@ -126,9 +126,9 @@ public class TServersServlet extends BasicServlet {
       TabletClientService.Client client = ThriftUtil.getClient(new TabletClientService.Client.Factory(), address, Monitor.getSystemConfiguration());
       try {
         for (String tableId : Monitor.getMmi().tableMap.keySet()) {
-          tsStats.addAll(client.getTabletStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials(), tableId));
+          tsStats.addAll(client.getTabletStats(Tracer.traceInfo(), SystemCredentials.get().getAsThrift(), tableId));
         }
-        historical = client.getHistoricalStats(Tracer.traceInfo(), SecurityConstants.getSystemCredentials());
+        historical = client.getHistoricalStats(Tracer.traceInfo(), SystemCredentials.get().getAsThrift());
       } finally {
         ThriftUtil.returnClient(client);
       }
@@ -239,12 +239,10 @@ public class TServersServlet extends BasicServlet {
     
     opHistoryDetails.addRow("Split", historical.splits.num, historical.splits.fail, null, null,
         historical.splits.num != 0 ? (historical.splits.elapsed / historical.splits.num) : null, splitStdDev, historical.splits.elapsed);
-    opHistoryDetails.addRow("Major&nbsp;Compaction", total.majors.num, total.majors.fail,
-        total.majors.num != 0 ? (total.majors.queueTime / total.majors.num) : null, majorQueueStdDev,
-        total.majors.num != 0 ? (total.majors.elapsed / total.majors.num) : null, majorStdDev, total.majors.elapsed);
-    opHistoryDetails.addRow("Minor&nbsp;Compaction", total.minors.num, total.minors.fail,
-        total.minors.num != 0 ? (total.minors.queueTime / total.minors.num) : null, minorQueueStdDev,
-        total.minors.num != 0 ? (total.minors.elapsed / total.minors.num) : null, minorStdDev, total.minors.elapsed);
+    opHistoryDetails.addRow("Major&nbsp;Compaction", total.majors.num, total.majors.fail, total.majors.num != 0 ? (total.majors.queueTime / total.majors.num)
+        : null, majorQueueStdDev, total.majors.num != 0 ? (total.majors.elapsed / total.majors.num) : null, majorStdDev, total.majors.elapsed);
+    opHistoryDetails.addRow("Minor&nbsp;Compaction", total.minors.num, total.minors.fail, total.minors.num != 0 ? (total.minors.queueTime / total.minors.num)
+        : null, minorQueueStdDev, total.minors.num != 0 ? (total.minors.elapsed / total.minors.num) : null, minorStdDev, total.minors.elapsed);
     opHistoryDetails.generate(req, sb);
   }
   

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TablesServlet.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TablesServlet.java b/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TablesServlet.java
index 127989c..85d17ff 100644
--- a/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TablesServlet.java
+++ b/server/src/main/java/org/apache/accumulo/server/monitor/servlets/TablesServlet.java
@@ -47,7 +47,7 @@ import org.apache.accumulo.server.monitor.util.celltypes.DurationType;
 import org.apache.accumulo.server.monitor.util.celltypes.NumberType;
 import org.apache.accumulo.server.monitor.util.celltypes.TableLinkType;
 import org.apache.accumulo.server.monitor.util.celltypes.TableStateType;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.hadoop.io.Text;
 
 public class TablesServlet extends BasicServlet {
@@ -151,8 +151,8 @@ public class TablesServlet extends BasicServlet {
       locs.add(instance.getRootTabletLocation());
     } else {
       String systemTableName = MetadataTable.ID.equals(tableId) ? RootTable.NAME : MetadataTable.NAME;
-      MetaDataTableScanner scanner = new MetaDataTableScanner(instance, SecurityConstants.getSystemCredentials(), new Range(KeyExtent.getMetadataEntry(
-          new Text(tableId), new Text()), KeyExtent.getMetadataEntry(new Text(tableId), null)), systemTableName);
+      MetaDataTableScanner scanner = new MetaDataTableScanner(instance, SystemCredentials.get().getAsThrift(), new Range(KeyExtent.getMetadataEntry(new Text(
+          tableId), new Text()), KeyExtent.getMetadataEntry(new Text(tableId), null)), systemTableName);
       
       while (scanner.hasNext()) {
         TabletLocationState state = scanner.next();

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/problems/ProblemReport.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/problems/ProblemReport.java b/server/src/main/java/org/apache/accumulo/server/problems/ProblemReport.java
index a34de9f..530ef76 100644
--- a/server/src/main/java/org/apache/accumulo/server/problems/ProblemReport.java
+++ b/server/src/main/java/org/apache/accumulo/server/problems/ProblemReport.java
@@ -34,7 +34,7 @@ import org.apache.accumulo.core.zookeeper.ZooUtil;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
 import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeMissingPolicy;
 import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
 import org.apache.hadoop.io.Text;
@@ -125,13 +125,13 @@ public class ProblemReport {
   void removeFromMetadataTable() throws Exception {
     Mutation m = new Mutation(new Text("~err_" + tableName));
     m.putDelete(new Text(problemType.name()), new Text(resource));
-    MetadataTableUtil.getMetadataTable(SecurityConstants.getSystemCredentials()).update(m);
+    MetadataTableUtil.getMetadataTable(SystemCredentials.get().getAsThrift()).update(m);
   }
   
   void saveToMetadataTable() throws Exception {
     Mutation m = new Mutation(new Text("~err_" + tableName));
     m.put(new Text(problemType.name()), new Text(resource), new Value(encode()));
-    MetadataTableUtil.getMetadataTable(SecurityConstants.getSystemCredentials()).update(m);
+    MetadataTableUtil.getMetadataTable(SystemCredentials.get().getAsThrift()).update(m);
   }
   
   void removeFromZooKeeper() throws Exception {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/problems/ProblemReports.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/problems/ProblemReports.java b/server/src/main/java/org/apache/accumulo/server/problems/ProblemReports.java
index 5b82621..5422e90 100644
--- a/server/src/main/java/org/apache/accumulo/server/problems/ProblemReports.java
+++ b/server/src/main/java/org/apache/accumulo/server/problems/ProblemReports.java
@@ -47,7 +47,7 @@ import org.apache.accumulo.core.util.NamingThreadFactory;
 import org.apache.accumulo.core.zookeeper.ZooUtil;
 import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
 import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.security.SecurityConstants;
+import org.apache.accumulo.server.security.SystemCredentials;
 import org.apache.accumulo.server.util.MetadataTableUtil;
 import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
 import org.apache.commons.collections.map.LRUMap;
@@ -155,7 +155,7 @@ public class ProblemReports implements Iterable<ProblemReport> {
       return;
     }
     
-    Connector connector = HdfsZooInstance.getInstance().getConnector(SecurityConstants.getSystemPrincipal(), SecurityConstants.getSystemToken());
+    Connector connector = HdfsZooInstance.getInstance().getConnector(SystemCredentials.get().getPrincipal(), SystemCredentials.get().getToken());
     Scanner scanner = connector.createScanner(MetadataTable.NAME, Authorizations.EMPTY);
     scanner.addScanIterator(new IteratorSetting(1, "keys-only", SortedKeyIterator.class));
     
@@ -174,7 +174,7 @@ public class ProblemReports implements Iterable<ProblemReport> {
     }
     
     if (hasProblems)
-      MetadataTableUtil.getMetadataTable(SecurityConstants.getSystemCredentials()).update(delMut);
+      MetadataTableUtil.getMetadataTable(SystemCredentials.get().getAsThrift()).update(delMut);
   }
   
   public Iterator<ProblemReport> iterator(final String table) {
@@ -210,7 +210,7 @@ public class ProblemReports implements Iterable<ProblemReport> {
           if (iter2 == null) {
             try {
               if ((table == null || !table.equals(MetadataTable.ID)) && iter1Count == 0) {
-                Connector connector = HdfsZooInstance.getInstance().getConnector(SecurityConstants.getSystemPrincipal(), SecurityConstants.getSystemToken());
+                Connector connector = HdfsZooInstance.getInstance().getConnector(SystemCredentials.get().getPrincipal(), SystemCredentials.get().getToken());
                 Scanner scanner = connector.createScanner(MetadataTable.NAME, Authorizations.EMPTY);
                 
                 scanner.setTimeout(3, TimeUnit.SECONDS);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index 125915b..a74f584 100644
--- a/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -92,7 +92,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
   
   // Is INFO the right level to check? Do we even need that check?
   private static boolean shouldAudit(TCredentials credentials) {
-    return !credentials.getPrincipal().equals(SecurityConstants.SYSTEM_PRINCIPAL);
+    return !SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName());
   }
   
   /*

http://git-wip-us.apache.org/repos/asf/accumulo/blob/a943f323/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java b/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java
deleted file mode 100644
index 5c42a69..0000000
--- a/server/src/main/java/org/apache/accumulo/server/security/SecurityConstants.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.accumulo.server.security;
-
-import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecurityPermission;
-import java.util.Map.Entry;
-
-import org.apache.accumulo.core.Constants;
-import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
-import org.apache.accumulo.core.client.security.tokens.PasswordToken;
-import org.apache.accumulo.core.conf.Property;
-import org.apache.accumulo.core.security.CredentialHelper;
-import org.apache.accumulo.core.security.thrift.TCredentials;
-import org.apache.accumulo.server.ServerConstants;
-import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.conf.ServerConfiguration;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Logger;
-
-public class SecurityConstants {
-  private static SecurityPermission SYSTEM_CREDENTIALS_PERMISSION = new SecurityPermission("systemCredentialsPermission");
-  static Logger log = Logger.getLogger(SecurityConstants.class);
-  
-  public static final String SYSTEM_PRINCIPAL = "!SYSTEM";
-  private static final AuthenticationToken SYSTEM_TOKEN = makeSystemPassword();
-  private static final TCredentials systemCredentials = CredentialHelper.createSquelchError(SYSTEM_PRINCIPAL, SYSTEM_TOKEN, HdfsZooInstance.getInstance()
-      .getInstanceID());
-  public static byte[] confChecksum = null;
-  
-  public static AuthenticationToken getSystemToken() {
-    return SYSTEM_TOKEN;
-  }
-  
-  public static TCredentials getSystemCredentials() {
-    SecurityManager sm = System.getSecurityManager();
-    if (sm != null) {
-      sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION);
-    }
-    return systemCredentials;
-  }
-  
-  public static String getSystemPrincipal() {
-    return SYSTEM_PRINCIPAL;
-  }
-  
-  private static AuthenticationToken makeSystemPassword() {
-    int wireVersion = ServerConstants.WIRE_VERSION;
-    byte[] inst = HdfsZooInstance.getInstance().getInstanceID().getBytes(Constants.UTF8);
-    try {
-      confChecksum = getSystemConfigChecksum();
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException("Failed to compute configuration checksum", e);
-    }
-    
-    ByteArrayOutputStream bytes = new ByteArrayOutputStream(3 * (Integer.SIZE / Byte.SIZE) + inst.length + confChecksum.length);
-    DataOutputStream out = new DataOutputStream(bytes);
-    try {
-      out.write(wireVersion * -1);
-      out.write(inst.length);
-      out.write(inst);
-      out.write(confChecksum.length);
-      out.write(confChecksum);
-    } catch (IOException e) {
-      throw new RuntimeException(e); // this is impossible with
-      // ByteArrayOutputStream; crash hard
-      // if this happens
-    }
-    return new PasswordToken(Base64.encodeBase64(bytes.toByteArray()));
-  }
-  
-  private static byte[] getSystemConfigChecksum() throws NoSuchAlgorithmException {
-    if (confChecksum == null) {
-      MessageDigest md = MessageDigest.getInstance(Constants.PW_HASH_ALGORITHM);
-      
-      // seed the config with the version and instance id, so at least
-      // it's not empty
-      md.update(ServerConstants.WIRE_VERSION.toString().getBytes(Constants.UTF8));
-      md.update(HdfsZooInstance.getInstance().getInstanceID().getBytes(Constants.UTF8));
-      
-      for (Entry<String,String> entry : ServerConfiguration.getSiteConfiguration()) {
-        // only include instance properties
-        if (entry.getKey().startsWith(Property.INSTANCE_PREFIX.toString())) {
-          md.update(entry.getKey().getBytes(Constants.UTF8));
-          md.update(entry.getValue().getBytes(Constants.UTF8));
-        }
-      }
-      
-      confChecksum = md.digest();
-    }
-    return confChecksum;
-  }
-}


Mime
View raw message