hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From st...@apache.org
Subject svn commit: r1344486 - in /hbase/trunk/hbase-server/src: main/java/org/apache/hadoop/hbase/security/access/AccessController.java test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Date Wed, 30 May 2012 22:28:29 GMT
Author: stack
Date: Wed May 30 22:28:29 2012
New Revision: 1344486

URL: http://svn.apache.org/viewvc?rev=1344486&view=rev
Log:
HBASE-6062 preCheckAndPut/Delete() checks for READ when also a WRITE is performed

Modified:
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
    hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1344486&r1=1344485&r2=1344486&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
(original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
Wed May 30 22:28:29 2012
@@ -842,8 +842,9 @@ public class AccessController extends Ba
       final CompareFilter.CompareOp compareOp,
       final WritableByteArrayComparable comparator, final Put put,
       final boolean result) throws IOException {
-    requirePermission(TablePermission.Action.READ, c.getEnvironment(),
-        Arrays.asList(new byte[][]{family}));
+    Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+    requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+    requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
     return result;
   }
 
@@ -853,8 +854,9 @@ public class AccessController extends Ba
       final CompareFilter.CompareOp compareOp,
       final WritableByteArrayComparable comparator, final Delete delete,
       final boolean result) throws IOException {
-    requirePermission(TablePermission.Action.READ, c.getEnvironment(),
-        Arrays.asList( new byte[][] {family}));
+    Collection<byte[]> familyMap = Arrays.asList(new byte[][]{family});
+    requirePermission(TablePermission.Action.READ, c.getEnvironment(), familyMap);
+    requirePermission(TablePermission.Action.WRITE, c.getEnvironment(), familyMap);
     return result;
   }
 

Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1344486&r1=1344485&r2=1344486&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
(original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Wed May 30 22:28:29 2012
@@ -539,6 +539,18 @@ public class TestAccessController {
     verifyAllowed(USER_RO, action);
   }
 
+  private void verifyReadWrite(PrivilegedExceptionAction action) throws Exception {
+    // should be denied
+    verifyDenied(USER_NONE, action);
+    verifyDenied(USER_RO, action);
+
+    // should be allowed
+    verifyAllowed(SUPERUSER, action);
+    verifyAllowed(USER_ADMIN, action);
+    verifyAllowed(USER_OWNER, action);
+    verifyAllowed(USER_RW, action);
+  }
+
   @Test
   public void testRead() throws Exception {
     // get action
@@ -616,6 +628,39 @@ public class TestAccessController {
   }
 
   @Test
+  public void testReadWrite() throws Exception {
+    // action for checkAndDelete
+    PrivilegedExceptionAction checkAndDeleteAction = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        Delete d = new Delete(Bytes.toBytes("random_row"));
+        d.deleteFamily(TEST_FAMILY);
+
+        HTable t = new HTable(conf, TEST_TABLE);
+        t.checkAndDelete(Bytes.toBytes("random_row"), 
+                         TEST_FAMILY, Bytes.toBytes("q"),
+                         Bytes.toBytes("test_value"), d);
+        return null;
+      }
+    };
+    verifyReadWrite(checkAndDeleteAction);
+
+    // action for checkAndPut()
+    PrivilegedExceptionAction checkAndPut = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        Put p = new Put(Bytes.toBytes("random_row"));
+        p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
+
+        HTable t = new HTable(conf, TEST_TABLE);
+        t.checkAndPut(Bytes.toBytes("random_row"), 
+                      TEST_FAMILY, Bytes.toBytes("q"),
+                      Bytes.toBytes("test_value"), p);
+        return null;
+      }
+    };
+    verifyReadWrite(checkAndPut);
+  }
+
+  @Test
   public void testGrantRevoke() throws Exception {
     final byte[] tableName = Bytes.toBytes("TempTable");
     final byte[] family1 = Bytes.toBytes("f1");



Mime
View raw message