cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eev...@apache.org
Subject svn commit: r1005080 - in /cassandra/trunk/src/java/org/apache/cassandra: avro/CassandraServer.java service/ClientState.java thrift/CassandraServer.java
Date Wed, 06 Oct 2010 15:19:13 GMT
Author: eevans
Date: Wed Oct  6 15:19:13 2010
New Revision: 1005080

URL: http://svn.apache.org/viewvc?rev=1005080&view=rev
Log:
refactor ClientState and RPC for CF authorizations

Patch by eevans; reviewed by Stu Hood for CASSANDRA-1554

Modified:
    cassandra/trunk/src/java/org/apache/cassandra/avro/CassandraServer.java
    cassandra/trunk/src/java/org/apache/cassandra/service/ClientState.java
    cassandra/trunk/src/java/org/apache/cassandra/thrift/CassandraServer.java

Modified: cassandra/trunk/src/java/org/apache/cassandra/avro/CassandraServer.java
URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/avro/CassandraServer.java?rev=1005080&r1=1005079&r2=1005080&view=diff
==============================================================================
--- cassandra/trunk/src/java/org/apache/cassandra/avro/CassandraServer.java (original)
+++ cassandra/trunk/src/java/org/apache/cassandra/avro/CassandraServer.java Wed Oct  6 15:19:13
2010
@@ -823,7 +823,7 @@ public class CassandraServer implements 
     {
         try
         {
-            state().hasKeyspaceAccess(perm);
+            state().hasColumnFamilyListAccess(perm);
         }
         catch (org.apache.cassandra.thrift.InvalidRequestException e)
         {
@@ -1040,7 +1040,7 @@ public class CassandraServer implements 
 
         try
         {
-            state().hasKeyspaceAccess(Permission.WRITE);
+            state().hasColumnFamilyAccess((String)columnFamily, Permission.WRITE);
             schedule();
             StorageProxy.truncateBlocking(state().getKeyspace(), columnFamily.toString());
         }
@@ -1073,7 +1073,7 @@ public class CassandraServer implements 
         String keyspace = state().getKeyspace();
         try
         {
-            state().hasKeyspaceAccess(Permission.READ);
+            state().hasColumnFamilyAccess(column_parent.column_family.toString(), Permission.READ);
         }
         catch (org.apache.cassandra.thrift.InvalidRequestException thriftE)
         {
@@ -1139,7 +1139,7 @@ public class CassandraServer implements 
 
         try
         {
-            state().hasKeyspaceAccess(Permission.READ);
+            state().hasColumnFamilyAccess(column_parent.column_family.toString(), Permission.READ);
         }
         catch (org.apache.cassandra.thrift.InvalidRequestException thriftE)
         {

Modified: cassandra/trunk/src/java/org/apache/cassandra/service/ClientState.java
URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/service/ClientState.java?rev=1005080&r1=1005079&r2=1005080&view=diff
==============================================================================
--- cassandra/trunk/src/java/org/apache/cassandra/service/ClientState.java (original)
+++ cassandra/trunk/src/java/org/apache/cassandra/service/ClientState.java Wed Oct  6 15:19:13
2010
@@ -26,7 +26,6 @@ import org.slf4j.LoggerFactory;
 import org.apache.cassandra.auth.AuthenticatedUser;
 import org.apache.cassandra.auth.Permission;
 import org.apache.cassandra.auth.Resources;
-import org.apache.cassandra.config.Config.RequestSchedulerId;
 import org.apache.cassandra.config.DatabaseDescriptor;
 import org.apache.cassandra.thrift.AuthenticationException;
 import org.apache.cassandra.thrift.InvalidRequestException;
@@ -42,8 +41,6 @@ public class ClientState
     // Current user for the session
     private AuthenticatedUser user;
     private String keyspace;
-    private Set<Permission> keyspaceAccess;
-    private List<Object> resource = new ArrayList<Object>();
 
     /**
      * Construct a new, empty ClientState: can be reused after logout() or reset().
@@ -52,26 +49,7 @@ public class ClientState
     {
         reset();
     }
-
-    /**
-     * Called when the keyspace or user have changed.
-     */
-    private void updateKeyspaceAccess()
-    {
-        if (user == null || keyspace == null)
-            // user is not logged in or keyspace is not set
-            keyspaceAccess = null;
-        else
-        {
-            // authorize the user for the current keyspace
-            resource.clear();
-            resource.add(Resources.ROOT);
-            resource.add(Resources.KEYSPACES);
-            resource.add(keyspace);
-            keyspaceAccess = DatabaseDescriptor.getAuthority().authorize(user, resource);
-        }
-    }
-
+    
     public String getKeyspace()
     {
         return keyspace;
@@ -80,7 +58,6 @@ public class ClientState
     public void setKeyspace(String ks)
     {
         keyspace = ks;
-        updateKeyspaceAccess();
     }
 
     public String getSchedulingValue()
@@ -101,7 +78,6 @@ public class ClientState
         if (logger.isDebugEnabled())
             logger.debug("logged in: {}", user);
         this.user = user;
-        updateKeyspaceAccess();
     }
 
     public void logout()
@@ -115,8 +91,6 @@ public class ClientState
     {
         user = DatabaseDescriptor.getAuthenticator().defaultUser();
         keyspace = null;
-        keyspaceAccess = null;
-        resource.clear();
     }
 
     /**
@@ -124,25 +98,54 @@ public class ClientState
      */
     public void hasKeyspaceListAccess(Permission perm) throws InvalidRequestException
     {
-        if (user == null)
-            throw new InvalidRequestException("You have not logged in");
+        validateLogin();
+        
         List<Object> resource = Arrays.<Object>asList(Resources.ROOT, Resources.KEYSPACES);
         Set<Permission> perms = DatabaseDescriptor.getAuthority().authorize(user, resource);
 
         hasAccess(user, perms, perm, resource);
     }
-
+    
     /**
-     * Confirms that the client thread has the given Permission in the context of the current
Keyspace.
+     * Confirms that the client thread has the given Permission for the ColumnFamily list
of
+     * the current keyspace.
      */
-    public void hasKeyspaceAccess(Permission perm) throws InvalidRequestException
+    public void hasColumnFamilyListAccess(Permission perm) throws InvalidRequestException
+    {
+        validateLogin();
+        validateKeyspace();
+        
+        List<Object> resource = Arrays.<Object>asList(Resources.ROOT, Resources.KEYSPACES,
keyspace);
+        Set<Permission> perms = DatabaseDescriptor.getAuthority().authorize(user, resource);
+        
+        hasAccess(user, perms, perm, resource);
+    }
+    
+    /**
+     * Confirms that the client thread has the given Permission in the context of the given
+     * ColumnFamily and the current keyspace.
+     */
+    public void hasColumnFamilyAccess(String columnFamily, Permission perm) throws InvalidRequestException
+    {
+        validateLogin();
+        validateKeyspace();
+        
+        List<Object> resource = Arrays.<Object>asList(Resources.ROOT, Resources.KEYSPACES,
keyspace, columnFamily);
+        Set<Permission> perms = DatabaseDescriptor.getAuthority().authorize(user, resource);
+        
+        hasAccess(user, perms, perm, resource);
+    }
+
+    private void validateLogin() throws InvalidRequestException
     {
         if (user == null)
             throw new InvalidRequestException("You have not logged in");
-        if (keyspaceAccess == null)
+    }
+    
+    private void validateKeyspace() throws InvalidRequestException
+    {
+        if (keyspace == null)
             throw new InvalidRequestException("You have not set a keyspace for this session");
-
-        hasAccess(user, keyspaceAccess, perm, resource);
     }
 
     private static void hasAccess(AuthenticatedUser user, Set<Permission> perms, Permission
perm, List<Object> resource) throws InvalidRequestException

Modified: cassandra/trunk/src/java/org/apache/cassandra/thrift/CassandraServer.java
URL: http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/thrift/CassandraServer.java?rev=1005080&r1=1005079&r2=1005080&view=diff
==============================================================================
--- cassandra/trunk/src/java/org/apache/cassandra/thrift/CassandraServer.java (original)
+++ cassandra/trunk/src/java/org/apache/cassandra/thrift/CassandraServer.java Wed Oct  6 15:19:13
2010
@@ -257,7 +257,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("get_slice");
         
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
         return multigetSliceInternal(state().getKeyspace(), Collections.singletonList(key),
column_parent, predicate, consistency_level).get(key);
     }
     
@@ -267,7 +267,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("multiget_slice");
 
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
 
         return multigetSliceInternal(state().getKeyspace(), keys, column_parent, predicate,
consistency_level);
     }
@@ -306,7 +306,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("get");
 
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_path.column_family, Permission.READ);
         String keyspace = state().getKeyspace();
 
         ThriftValidation.validateColumnPath(keyspace, column_path);
@@ -334,7 +334,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("get_count");
 
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
 
         return get_slice(key, column_parent, predicate, consistency_level).size();
     }
@@ -345,7 +345,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("multiget_count");
 
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
         String keyspace = state().getKeyspace();
 
         Map<byte[], Integer> counts = new HashMap<byte[], Integer>();
@@ -363,7 +363,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("insert");
 
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.WRITE);
 
         ThriftValidation.validateKey(key);
         ThriftValidation.validateColumnParent(state().getKeyspace(), column_parent);
@@ -386,8 +386,8 @@ public class CassandraServer implements 
     {
         if (logger.isDebugEnabled())
             logger.debug("batch_mutate");
-
-        state().hasKeyspaceAccess(Permission.WRITE);
+        
+        List<String> cfamsSeen = new ArrayList<String>();
 
         List<RowMutation> rowMutations = new ArrayList<RowMutation>();
         for (Map.Entry<byte[], Map<String, List<Mutation>>> mutationEntry:
mutation_map.entrySet())
@@ -399,6 +399,13 @@ public class CassandraServer implements 
             for (Map.Entry<String, List<Mutation>> columnFamilyMutations : columnFamilyToMutations.entrySet())
             {
                 String cfName = columnFamilyMutations.getKey();
+                
+                // Avoid unneeded authorizations
+                if (!(cfamsSeen.contains(cfName)))
+                {
+                    state().hasColumnFamilyAccess(cfName, Permission.WRITE);
+                    cfamsSeen.add(cfName);
+                }
 
                 for (Mutation mutation : columnFamilyMutations.getValue())
                 {
@@ -417,7 +424,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("remove");
 
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyAccess(column_path.column_family, Permission.WRITE);
 
         ThriftValidation.validateKey(key);
         ThriftValidation.validateColumnPathOrParent(state().getKeyspace(), column_path);
@@ -472,7 +479,7 @@ public class CassandraServer implements 
             logger.debug("range_slice");
 
         String keyspace = state().getKeyspace();
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
 
         ThriftValidation.validateColumnParent(keyspace, column_parent);
         ThriftValidation.validatePredicate(keyspace, column_parent, predicate);
@@ -535,7 +542,7 @@ public class CassandraServer implements 
         if (logger.isDebugEnabled())
             logger.debug("scan");
 
-        state().hasKeyspaceAccess(Permission.READ);
+        state().hasColumnFamilyAccess(column_parent.column_family, Permission.READ);
         String keyspace = state().getKeyspace();
         ThriftValidation.validateColumnParent(keyspace, column_parent);
         ThriftValidation.validatePredicate(keyspace, column_parent, column_predicate);
@@ -689,7 +696,7 @@ public class CassandraServer implements 
 
     public String system_add_column_family(CfDef cf_def) throws InvalidRequestException,
TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         try
         {
             applyMigrationOnStage(new AddColumnFamily(convertToCFMetaData(cf_def)));
@@ -711,7 +718,7 @@ public class CassandraServer implements 
 
     public String system_drop_column_family(String column_family) throws InvalidRequestException,
TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         
         try
         {
@@ -734,7 +741,7 @@ public class CassandraServer implements 
 
     public String system_rename_column_family(String old_name, String new_name) throws InvalidRequestException,
TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         
         try
         {
@@ -834,7 +841,7 @@ public class CassandraServer implements 
 
     public String system_rename_keyspace(String old_name, String new_name) throws InvalidRequestException,
TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         
         try
         {
@@ -858,7 +865,7 @@ public class CassandraServer implements 
     /** update an existing keyspace, but do not allow column family modifications. */
     public String system_update_keyspace(KsDef ks_def) throws InvalidRequestException, TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         
         if (ks_def.getCf_defs() != null && ks_def.getCf_defs().size() > 0)
             throw new InvalidRequestException("Keyspace update must not contain any column
family definitions.");
@@ -896,7 +903,7 @@ public class CassandraServer implements 
 
     public String system_update_column_family(CfDef cf_def) throws InvalidRequestException,
TException
     {
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyListAccess(Permission.WRITE);
         
         if (cf_def.keyspace == null || cf_def.name == null)
             throw new InvalidRequestException("Keyspace and CF name must be set.");
@@ -956,7 +963,7 @@ public class CassandraServer implements 
     public void truncate(String cfname) throws InvalidRequestException, UnavailableException,
TException
     {
         logger.debug("truncating {} in {}", cfname, state().getKeyspace());
-        state().hasKeyspaceAccess(Permission.WRITE);
+        state().hasColumnFamilyAccess(cfname, Permission.WRITE);
         try
         {
             schedule();



Mime
View raw message