accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ktur...@apache.org
Subject [accumulo] branch 1.8 updated: ACCUMULO-4799 removed redundant auth check (#386)
Date Tue, 20 Feb 2018 16:15:27 GMT
This is an automated email from the ASF dual-hosted git repository.

kturner pushed a commit to branch 1.8
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/1.8 by this push:
     new 87190cc  ACCUMULO-4799 removed redundant auth check (#386)
87190cc is described below

commit 87190cc7564cfc25631f20de1cdd3e36215b79ef
Author: Keith Turner <keith@deenlo.com>
AuthorDate: Tue Feb 20 11:15:22 2018 -0500

    ACCUMULO-4799 removed redundant auth check (#386)
---
 .../org/apache/accumulo/server/security/SecurityOperation.java     | 7 ++++---
 .../src/main/java/org/apache/accumulo/tserver/TabletServer.java    | 4 ++--
 .../main/java/org/apache/accumulo/tserver/TservConstraintEnv.java  | 2 +-
 .../java/org/apache/accumulo/tserver/TservConstraintEnvTest.java   | 4 ++--
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index c4edc96..49d01e4 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -269,9 +269,10 @@ public class SecurityOperation {
     return getUserAuthorizations(credentials, credentials.getPrincipal());
   }
 
-  public boolean userHasAuthorizations(TCredentials credentials, List<ByteBuffer> list)
throws ThriftSecurityException {
-    authenticate(credentials);
-
+  /**
+   * Check if an already authenticated user has specified authorizations.
+   */
+  public boolean authenticatedUserHasAuthorizations(TCredentials credentials, List<ByteBuffer>
list) throws ThriftSecurityException {
     if (isSystemUser(credentials)) {
       // system user doesn't need record-level authorizations for the tables it reads (for
now)
       return list.isEmpty();
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index 98a538e..cf555ac 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -486,7 +486,7 @@ public class TabletServer extends AccumuloServerContext implements Runnable
{
       if (!security.canScan(credentials, tableId, namespaceId, range, columns, ssiList, ssio,
authorizations))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
 
-      if (!security.userHasAuthorizations(credentials, authorizations))
+      if (!security.authenticatedUserHasAuthorizations(credentials, authorizations))
         throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
 
       final KeyExtent extent = new KeyExtent(textent);
@@ -657,7 +657,7 @@ public class TabletServer extends AccumuloServerContext implements Runnable
{
       }
 
       try {
-        if (!security.userHasAuthorizations(credentials, authorizations))
+        if (!security.authenticatedUserHasAuthorizations(credentials, authorizations))
           throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
       } catch (ThriftSecurityException tse) {
         log.error("{} is not authorized", credentials.getPrincipal(), tse);
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
b/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
index fc371c9..a6a0d65 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TservConstraintEnv.java
@@ -72,7 +72,7 @@ public class TservConstraintEnv implements Environment {
       @Override
       public boolean contains(ByteSequence auth) {
         try {
-          return security.userHasAuthorizations(credentials,
+          return security.authenticatedUserHasAuthorizations(credentials,
               Collections.<ByteBuffer> singletonList(ByteBuffer.wrap(auth.getBackingArray(),
auth.offset(), auth.length())));
         } catch (ThriftSecurityException e) {
           throw new RuntimeException(e);
diff --git a/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
b/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
index a84e890..fff2a84 100644
--- a/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
+++ b/server/tserver/src/test/java/org/apache/accumulo/tserver/TservConstraintEnvTest.java
@@ -44,8 +44,8 @@ public class TservConstraintEnvTest {
     ByteSequence bs = new ArrayByteSequence("foo".getBytes());
     List<ByteBuffer> bbList = Collections.<ByteBuffer> singletonList(ByteBuffer.wrap(bs.getBackingArray(),
bs.offset(), bs.length()));
 
-    expect(security.userHasAuthorizations(goodCred, bbList)).andReturn(true);
-    expect(security.userHasAuthorizations(badCred, bbList)).andReturn(false);
+    expect(security.authenticatedUserHasAuthorizations(goodCred, bbList)).andReturn(true);
+    expect(security.authenticatedUserHasAuthorizations(badCred, bbList)).andReturn(false);
     replay(security);
 
     assertTrue(new TservConstraintEnv(security, goodCred).getAuthorizationsContainer().contains(bs));

-- 
To stop receiving notification emails like this one, please contact
kturner@apache.org.

Mime
View raw message