Return-Path: 
 <common-commits-return-11758-apmail-hadoop-common-commits-archive=hadoop.apache.org@hadoop.apache.org>
Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org
Received: (qmail 31435 invoked from network); 24 Sep 2010 20:49:22 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 24 Sep 2010 20:49:22 -0000
Received: (qmail 82969 invoked by uid 500); 24 Sep 2010 20:49:21 -0000
Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org
Received: (qmail 82902 invoked by uid 500); 24 Sep 2010 20:49:20 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 82798 invoked by uid 99); 24 Sep 2010 20:49:20 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Sep 2010 20:49:20 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Sep 2010 20:49:20 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 31EC92388A41; Fri, 24 Sep 2010 20:49:00 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1001067 - in /hadoop/common/trunk: CHANGES.txt
 src/java/org/apache/hadoop/ipc/Server.java
 src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
 src/test/core/org/apache/hadoop/ipc/TestRPC.java
Date: Fri, 24 Sep 2010 20:49:00 -0000
To: common-commits@hadoop.apache.org
From: tomwhite@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20100924204900.31EC92388A41@eris.apache.org>

Author: tomwhite
Date: Fri Sep 24 20:48:59 2010
New Revision: 1001067

URL: http://svn.apache.org/viewvc?rev=1001067&view=rev
Log:
HADOOP-6951. Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies. Contributed by Aaron T. Myers

Modified:
    hadoop/common/trunk/CHANGES.txt
    hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java
    hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
    hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java

Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=1001067&r1=1001066&r2=1001067&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Sep 24 20:48:59 2010
@@ -247,6 +247,9 @@ Trunk (unreleased changes)
     HADOOP-6940. RawLocalFileSystem's markSupported method misnamed markSupport.
     (Tom White via eli).
 
+    HADOOP-6951. Distinct minicluster services (e.g. NN and JT) overwrite each
+    other's service policies. (Aaron T. Myers via tomwhite)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java?rev=1001067&r1=1001066&r2=1001067&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/ipc/Server.java Fri Sep 24 20:48:59 2010
@@ -60,6 +60,7 @@ import javax.security.sasl.SaslServer;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.io.BytesWritable;
@@ -78,6 +79,7 @@ import org.apache.hadoop.security.UserGr
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.ProxyUsers;
 import org.apache.hadoop.security.authorize.AuthorizationException;
+import org.apache.hadoop.security.authorize.PolicyProvider;
 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.security.token.SecretManager;
@@ -182,6 +184,7 @@ public abstract class Server {
   
   private Configuration conf;
   private SecretManager<TokenIdentifier> secretManager;
+  private ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
 
   private int maxQueueSize;
   private final int maxRespSize;
@@ -239,6 +242,22 @@ public abstract class Server {
     return rpcMetrics;
   }
 
+  /**
+   * Refresh the service authorization ACL for the service handled by this server.
+   */
+  public void refreshServiceAcl(Configuration conf, PolicyProvider provider) {
+    serviceAuthorizationManager.refresh(conf, provider);
+  }
+
+  /**
+   * Returns a handle to the serviceAuthorizationManager (required in tests)
+   * @return instance of ServiceAuthorizationManager for this server
+   */
+  @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
+  public ServiceAuthorizationManager getServiceAuthorizationManager() {
+    return serviceAuthorizationManager;
+  }
+
   /** A call queued for handling. */
   private static class Call {
     private int id;                               // the client's call id
@@ -1652,7 +1671,7 @@ public abstract class Server {
         throw new AuthorizationException("Unknown protocol: " + 
                                          connection.getProtocol());
       }
-      ServiceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
+      serviceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
     }
   }
   

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1001067&r1=1001066&r2=1001067&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java Fri Sep 24 20:48:59 2010
@@ -20,6 +20,7 @@ package org.apache.hadoop.security.autho
 import java.io.IOException;
 import java.util.IdentityHashMap;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -43,7 +44,7 @@ public class ServiceAuthorizationManager
   private static final Log LOG = LogFactory
   .getLog(ServiceAuthorizationManager.class);
 
-  private static Map<Class<?>, AccessControlList> protocolToAcl =
+  private Map<Class<?>, AccessControlList> protocolToAcl =
     new IdentityHashMap<Class<?>, AccessControlList>();
   
   /**
@@ -73,7 +74,7 @@ public class ServiceAuthorizationManager
    * @param hostname fully qualified domain name of the client
    * @throws AuthorizationException on authorization failure
    */
-  public static void authorize(UserGroupInformation user, 
+  public void authorize(UserGroupInformation user, 
                                Class<?> protocol,
                                Configuration conf,
                                String hostname
@@ -129,7 +130,7 @@ public class ServiceAuthorizationManager
     AUDITLOG.info(AUTHZ_SUCCESSFULL_FOR + user + " for protocol="+protocol);
   }
 
-  public static synchronized void refresh(Configuration conf,
+  public synchronized void refresh(Configuration conf,
                                           PolicyProvider provider) {
     // Get the system property 'hadoop.policy.file'
     String policyFile = 
@@ -158,4 +159,9 @@ public class ServiceAuthorizationManager
     // Flip to the newly parsed permissions
     protocolToAcl = newAcls;
   }
+
+  // Package-protected for use in tests.
+  Set<Class<?>> getProtocolsWithAcls() {
+    return protocolToAcl.keySet();
+  }
 }

Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java?rev=1001067&r1=1001066&r2=1001067&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java (original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/ipc/TestRPC.java Fri Sep 24 20:48:59 2010
@@ -41,7 +41,6 @@ import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.PolicyProvider;
 import org.apache.hadoop.security.authorize.Service;
-import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.AccessControlException;
 
 import static org.mockito.Mockito.*;
@@ -364,11 +363,11 @@ public class TestRPC extends TestCase {
   }
   
   private void doRPCs(Configuration conf, boolean expectFailure) throws Exception {
-    ServiceAuthorizationManager.refresh(conf, new TestPolicyProvider());
-    
     Server server = RPC.getServer(TestProtocol.class,
                                   new TestImpl(), ADDRESS, 0, 5, true, conf, null);
 
+    server.refreshServiceAcl(conf, new TestPolicyProvider());
+
     TestProtocol proxy = null;
 
     server.start();