hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmhs...@apache.org
Subject svn commit: r1445918 [27/29] - in /hbase/branches/hbase-7290: ./ bin/ conf/ dev-support/ hbase-client/ hbase-common/ hbase-common/src/main/java/org/apache/hadoop/hbase/ hbase-common/src/main/java/org/apache/hadoop/hbase/io/compress/ hbase-common/src/ma...
Date Wed, 13 Feb 2013 20:58:32 GMT
Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java Wed Feb 13 20:58:23 2013
@@ -38,6 +38,8 @@ import org.apache.hadoop.hbase.client.Pu
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
+import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
+import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.security.AccessDeniedException;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;
@@ -46,6 +48,8 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import com.google.protobuf.BlockingRpcChannel;
+
 @Category(LargeTests.class)
 public class TestAccessControlFilter {
   private static Log LOG = LogFactory.getLog(TestAccessControlFilter.class);
@@ -93,14 +97,14 @@ public class TestAccessControlFilter {
       public Object run() throws Exception {
         HTable aclmeta = new HTable(TEST_UTIL.getConfiguration(),
             AccessControlLists.ACL_TABLE_NAME);
-        AccessControllerProtocol acls = aclmeta.coprocessorProxy(
-            AccessControllerProtocol.class, Bytes.toBytes("testtable"));
-        UserPermission perm = new UserPermission(Bytes.toBytes(READER.getShortName()), 
-                                                 TABLE, null, Permission.Action.READ);
-        acls.grant(perm);
-        perm = new UserPermission(Bytes.toBytes(LIMITED.getShortName()), 
-                                  TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ);
-        acls.grant(perm);
+        byte[] table = Bytes.toBytes("testtable");
+        BlockingRpcChannel service = aclmeta.coprocessorService(table);
+        AccessControlService.BlockingInterface protocol =
+          AccessControlService.newBlockingStub(service);
+        ProtobufUtil.grant(protocol, READER.getShortName(),
+          TABLE, null, null, Permission.Action.READ);
+        ProtobufUtil.grant(protocol, LIMITED.getShortName(),
+          TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ);
         return null;
       }
     });

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Wed Feb 13 20:58:23 2013
@@ -23,19 +23,26 @@ import static org.junit.Assert.assertTru
 import static org.junit.Assert.fail;
 
 import java.io.IOException;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.Map;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileStatus;
+import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hbase.Coprocessor;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.HTableDescriptor;
+import org.apache.hadoop.hbase.KeyValue;
 import org.apache.hadoop.hbase.LargeTests;
 import org.apache.hadoop.hbase.ServerName;
-import org.apache.hadoop.hbase.UnknownRowLockException;
 import org.apache.hadoop.hbase.client.Append;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.Get;
@@ -51,14 +58,19 @@ import org.apache.hadoop.hbase.coprocess
 import org.apache.hadoop.hbase.coprocessor.ObserverContext;
 import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
 import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
+import org.apache.hadoop.hbase.io.hfile.CacheConfig;
+import org.apache.hadoop.hbase.io.hfile.HFile;
+import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles;
 import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
+import org.apache.hadoop.hbase.protobuf.RequestConverter;
 import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
 import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest;
 import org.apache.hadoop.hbase.regionserver.HRegion;
 import org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost;
 import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;
+import org.apache.hadoop.hbase.regionserver.ScanType;
 import org.apache.hadoop.hbase.security.AccessDeniedException;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.Permission.Action;
@@ -68,7 +80,6 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-import com.google.common.collect.Lists;
 import com.google.protobuf.BlockingRpcChannel;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.ServiceException;
@@ -146,34 +157,38 @@ public class TestAccessController {
     htd.setOwner(USER_OWNER);
     admin.createTable(htd);
 
-    // initilize access control
-    HTable meta = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    BlockingRpcChannel service = meta.coprocessorService(TEST_TABLE);
-    AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-
     HRegion region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0);
     RegionCoprocessorHost rcpHost = region.getCoprocessorHost();
     RCP_ENV = rcpHost.createEnvironment(AccessController.class, ACCESS_CONTROLLER,
       Coprocessor.PRIORITY_HIGHEST, 1, conf);
 
-    protocol.grant(null, newGrantRequest(USER_ADMIN.getShortName(),
+    // initilize access control
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+
+      protocol.grant(null, RequestConverter.buildGrantRequest(USER_ADMIN.getShortName(),
         null, null, null,
         AccessControlProtos.Permission.Action.ADMIN,
         AccessControlProtos.Permission.Action.CREATE,
         AccessControlProtos.Permission.Action.READ,
         AccessControlProtos.Permission.Action.WRITE));
 
-    protocol.grant(null, newGrantRequest(USER_RW.getShortName(),
+      protocol.grant(null, RequestConverter.buildGrantRequest(USER_RW.getShortName(),
         TEST_TABLE, TEST_FAMILY, null,
         AccessControlProtos.Permission.Action.READ,
         AccessControlProtos.Permission.Action.WRITE));
 
-    protocol.grant(null, newGrantRequest(USER_RO.getShortName(), TEST_TABLE,
+      protocol.grant(null, RequestConverter.buildGrantRequest(USER_RO.getShortName(), TEST_TABLE,
         TEST_FAMILY, null, AccessControlProtos.Permission.Action.READ));
 
-    protocol.grant(null, newGrantRequest(USER_CREATE.getShortName(),
+      protocol.grant(null, RequestConverter.buildGrantRequest(USER_CREATE.getShortName(),
         TEST_TABLE, null, null, AccessControlProtos.Permission.Action.CREATE));
+    } finally {
+      acl.close();
+    }
   }
 
   @AfterClass
@@ -181,32 +196,6 @@ public class TestAccessController {
     TEST_UTIL.shutdownMiniCluster();
   }
 
-  private static AccessControlProtos.GrantRequest newGrantRequest(
-      String username, byte[] table, byte[] family, byte[] qualifier,
-      AccessControlProtos.Permission.Action... actions) {
-    AccessControlProtos.Permission.Builder permissionBuilder =
-        AccessControlProtos.Permission.newBuilder();
-    for (AccessControlProtos.Permission.Action a : actions) {
-      permissionBuilder.addAction(a);
-    }
-    if (table != null) {
-      permissionBuilder.setTable(ByteString.copyFrom(table));
-    }
-    if (family != null) {
-      permissionBuilder.setFamily(ByteString.copyFrom(family));
-    }
-    if (qualifier != null) {
-      permissionBuilder.setQualifier(ByteString.copyFrom(qualifier));
-    }
-
-    return AccessControlProtos.GrantRequest.newBuilder()
-        .setPermission(
-            AccessControlProtos.UserPermission.newBuilder()
-                .setUser(ByteString.copyFromUtf8(username))
-                .setPermission(permissionBuilder.build())
-        ).build();
-  }
-
   public void verifyAllowed(User user, PrivilegedExceptionAction... actions) throws Exception {
     for (PrivilegedExceptionAction action : actions) {
       try {
@@ -228,28 +217,47 @@ public class TestAccessController {
       try {
         user.runAs(action);
         fail("Expected AccessDeniedException for user '" + user.getShortName() + "'");
-      } catch (RetriesExhaustedWithDetailsException e) {
-        // in case of batch operations, and put, the client assembles a
-        // RetriesExhaustedWithDetailsException instead of throwing an
-        // AccessDeniedException
+      } catch (IOException e) {
         boolean isAccessDeniedException = false;
-        for (Throwable ex : e.getCauses()) {
-          if (ex instanceof ServiceException) {
-            ServiceException se = (ServiceException)ex;
-            if (se.getCause() != null && se.getCause() instanceof AccessDeniedException) {
+        if(e instanceof RetriesExhaustedWithDetailsException) {
+          // in case of batch operations, and put, the client assembles a
+          // RetriesExhaustedWithDetailsException instead of throwing an
+          // AccessDeniedException
+          for(Throwable ex : ((RetriesExhaustedWithDetailsException) e).getCauses()) {
+            if (ex instanceof AccessDeniedException) {
               isAccessDeniedException = true;
               break;
             }
-          } else if (ex instanceof AccessDeniedException) {
-            isAccessDeniedException = true;
-            break;
           }
         }
+        else {
+          // For doBulkLoad calls AccessDeniedException
+          // is buried in the stack trace
+          Throwable ex = e;
+          do {
+            if (ex instanceof AccessDeniedException) {
+              isAccessDeniedException = true;
+              break;
+            }
+          } while((ex = ex.getCause()) != null);
+        }
         if (!isAccessDeniedException) {
           fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'");
         }
-      } catch (AccessDeniedException ade) {
-        // expected result
+      } catch (UndeclaredThrowableException ute) {
+        // TODO why we get a PrivilegedActionException, which is unexpected?
+        Throwable ex = ute.getUndeclaredThrowable();
+        if (ex instanceof PrivilegedActionException) {
+          ex = ((PrivilegedActionException) ex).getException();
+        }
+        if (ex instanceof ServiceException) {
+          ServiceException se = (ServiceException)ex;
+          if (se.getCause() != null && se.getCause() instanceof AccessDeniedException) {
+            // expected result
+            return;
+          }
+        }
+        fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'");
       }
     }
   }
@@ -395,8 +403,13 @@ public class TestAccessController {
 
   @Test
   public void testMove() throws Exception {
+    Map<HRegionInfo, ServerName> regions;
     HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
-    Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+    try {
+      regions = table.getRegionLocations();
+    } finally {
+      table.close();
+    }
     final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
     final ServerName server = TEST_UTIL.getHBaseCluster().getRegionServer(0).getServerName();
     PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -413,8 +426,13 @@ public class TestAccessController {
 
   @Test
   public void testAssign() throws Exception {
+    Map<HRegionInfo, ServerName> regions;
     HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
-    Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+    try {
+      regions = table.getRegionLocations();
+    } finally {
+      table.close();
+    }
     final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
 
     PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -431,8 +449,13 @@ public class TestAccessController {
 
   @Test
   public void testUnassign() throws Exception {
+    Map<HRegionInfo, ServerName> regions;
     HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
-    Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+    try {
+      regions = table.getRegionLocations();
+    } finally {
+      table.close();
+    }
     final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
 
     PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -550,7 +573,8 @@ public class TestAccessController {
   public void testCompact() throws Exception {
     PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
-        ACCESS_CONTROLLER.preCompact(ObserverContext.createAndPrepare(RCP_ENV, null), null, null);
+        ACCESS_CONTROLLER.preCompact(ObserverContext.createAndPrepare(RCP_ENV, null), null, null,
+          ScanType.MINOR_COMPACT);
         return null;
       }
     };
@@ -590,7 +614,11 @@ public class TestAccessController {
         Get g = new Get(Bytes.toBytes("random_row"));
         g.addFamily(TEST_FAMILY);
         HTable t = new HTable(conf, TEST_TABLE);
-        t.get(g);
+        try {
+          t.get(g);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -603,14 +631,18 @@ public class TestAccessController {
         s.addFamily(TEST_FAMILY);
 
         HTable table = new HTable(conf, TEST_TABLE);
-        ResultScanner scanner = table.getScanner(s);
         try {
-          for (Result r = scanner.next(); r != null; r = scanner.next()) {
-            // do nothing
+          ResultScanner scanner = table.getScanner(s);
+          try {
+            for (Result r = scanner.next(); r != null; r = scanner.next()) {
+              // do nothing
+            }
+          } catch (IOException e) {
+          } finally {
+            scanner.close();
           }
-        } catch (IOException e) {
         } finally {
-          scanner.close();
+          table.close();
         }
         return null;
       }
@@ -627,7 +659,11 @@ public class TestAccessController {
         Put p = new Put(Bytes.toBytes("random_row"));
         p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
         HTable t = new HTable(conf, TEST_TABLE);
-        t.put(p);
+        try {
+          t.put(p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -639,7 +675,11 @@ public class TestAccessController {
         Delete d = new Delete(Bytes.toBytes("random_row"));
         d.deleteFamily(TEST_FAMILY);
         HTable t = new HTable(conf, TEST_TABLE);
-        t.delete(d);
+        try {
+          t.delete(d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -651,7 +691,11 @@ public class TestAccessController {
         Increment inc = new Increment(Bytes.toBytes("random_row"));
         inc.addColumn(TEST_FAMILY, Bytes.toBytes("Qualifier"), 1);
         HTable t = new HTable(conf, TEST_TABLE);
-        t.increment(inc);
+        try {
+          t.increment(inc);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -665,10 +709,13 @@ public class TestAccessController {
       public Object run() throws Exception {
         Delete d = new Delete(Bytes.toBytes("random_row"));
         d.deleteFamily(TEST_FAMILY);
-
         HTable t = new HTable(conf, TEST_TABLE);
-        t.checkAndDelete(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
-          Bytes.toBytes("test_value"), d);
+        try {
+          t.checkAndDelete(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
+            Bytes.toBytes("test_value"), d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -679,10 +726,13 @@ public class TestAccessController {
       public Object run() throws Exception {
         Put p = new Put(Bytes.toBytes("random_row"));
         p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
-
         HTable t = new HTable(conf, TEST_TABLE);
-        t.checkAndPut(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
-          Bytes.toBytes("test_value"), p);
+        try {
+          t.checkAndPut(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
+           Bytes.toBytes("test_value"), p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -690,13 +740,129 @@ public class TestAccessController {
   }
 
   @Test
+  public void testBulkLoad() throws Exception {
+    FileSystem fs = TEST_UTIL.getTestFileSystem();
+    final Path dir = TEST_UTIL.getDataTestDir("testBulkLoad");
+    fs.mkdirs(dir);
+    //need to make it globally writable
+    //so users creating HFiles have write permissions
+    fs.setPermission(dir, FsPermission.valueOf("-rwxrwxrwx"));
+
+    PrivilegedExceptionAction bulkLoadAction = new PrivilegedExceptionAction() {
+      public Object run() throws Exception {
+        int numRows = 3;
+
+        //Making the assumption that the test table won't split between the range
+        byte[][][] hfileRanges = {{{(byte)0}, {(byte)9}}};
+
+        Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));
+        new BulkLoadHelper(bulkLoadBasePath)
+            .bulkLoadHFile(TEST_TABLE, TEST_FAMILY, Bytes.toBytes("q"), hfileRanges, numRows);
+
+        return null;
+      }
+    };
+    verifyWrite(bulkLoadAction);
+
+    // Reinit after the bulk upload
+    TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE);
+    TEST_UTIL.getHBaseAdmin().enableTable(TEST_TABLE);
+  }
+
+  public class BulkLoadHelper {
+    private final FileSystem fs;
+    private final Path loadPath;
+    private final Configuration conf;
+
+    public BulkLoadHelper(Path loadPath) throws IOException {
+      fs = TEST_UTIL.getTestFileSystem();
+      conf = TEST_UTIL.getConfiguration();
+      loadPath = loadPath.makeQualified(fs);
+      this.loadPath = loadPath;
+    }
+
+    private void createHFile(Path path,
+        byte[] family, byte[] qualifier,
+        byte[] startKey, byte[] endKey, int numRows) throws IOException {
+
+      HFile.Writer writer = null;
+      long now = System.currentTimeMillis();
+      try {
+        writer = HFile.getWriterFactory(conf, new CacheConfig(conf))
+            .withPath(fs, path)
+            .withComparator(KeyValue.KEY_COMPARATOR)
+            .create();
+        // subtract 2 since numRows doesn't include boundary keys
+        for (byte[] key : Bytes.iterateOnSplits(startKey, endKey, true, numRows-2)) {
+          KeyValue kv = new KeyValue(key, family, qualifier, now, key);
+          writer.append(kv);
+        }
+      } finally {
+        if(writer != null)
+          writer.close();
+      }
+    }
+
+    private void bulkLoadHFile(
+        byte[] tableName,
+        byte[] family,
+        byte[] qualifier,
+        byte[][][] hfileRanges,
+        int numRowsPerRange) throws Exception {
+
+      Path familyDir = new Path(loadPath, Bytes.toString(family));
+      fs.mkdirs(familyDir);
+      int hfileIdx = 0;
+      for (byte[][] range : hfileRanges) {
+        byte[] from = range[0];
+        byte[] to = range[1];
+        createHFile(new Path(familyDir, "hfile_"+(hfileIdx++)),
+            family, qualifier, from, to, numRowsPerRange);
+      }
+      //set global read so RegionServer can move it
+      setPermission(loadPath, FsPermission.valueOf("-rwxrwxrwx"));
+
+      HTable table = new HTable(conf, tableName);
+      try {
+        TEST_UTIL.waitTableAvailable(tableName, 30000);
+        LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf);
+        loader.doBulkLoad(loadPath, table);
+      } finally {
+        table.close();
+      }
+    }
+
+    public void setPermission(Path dir, FsPermission perm) throws IOException {
+      if(!fs.getFileStatus(dir).isDir()) {
+        fs.setPermission(dir,perm);
+      }
+      else {
+        for(FileStatus el : fs.listStatus(dir)) {
+          fs.setPermission(el.getPath(), perm);
+          setPermission(el.getPath() , perm);
+        }
+      }
+    }
+  }
+
+  @Test
   public void testAppend() throws Exception {
 
     PrivilegedExceptionAction appendAction = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
-        Append append = new Append(TEST_TABLE);
-        append.add(TEST_FAMILY, Bytes.toBytes("qualifier"), Bytes.toBytes("value"));
-        ACCESS_CONTROLLER.preAppend(ObserverContext.createAndPrepare(RCP_ENV, null), append);
+        byte[] row = Bytes.toBytes("random_row");
+        byte[] qualifier = Bytes.toBytes("q");
+        Put put = new Put(row);
+        put.add(TEST_FAMILY, qualifier, Bytes.toBytes(1));
+        Append append = new Append(row);
+        append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2));
+        HTable t = new HTable(conf, TEST_TABLE);
+        try {
+          t.put(put);
+          t.append(append);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -711,10 +877,15 @@ public class TestAccessController {
     PrivilegedExceptionAction grantAction = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
         HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-        AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-          TEST_TABLE);
-        protocol.grant(new UserPermission(Bytes.toBytes(USER_RO.getShortName()), TEST_TABLE,
-            TEST_FAMILY, (byte[]) null, Action.READ));
+        try {
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+          AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+          ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE,
+            TEST_FAMILY, null, Action.READ);
+        } finally {
+          acl.close();
+        }
         return null;
       }
     };
@@ -722,10 +893,15 @@ public class TestAccessController {
     PrivilegedExceptionAction revokeAction = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
         HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-        AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-          TEST_TABLE);
-        protocol.revoke(new UserPermission(Bytes.toBytes(USER_RO.getShortName()), TEST_TABLE,
-            TEST_FAMILY, (byte[]) null, Action.READ));
+        try {
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+          AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+          ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE,
+            TEST_FAMILY, null, Action.READ);
+        } finally {
+          acl.close();
+        }
         return null;
       }
     };
@@ -733,9 +909,14 @@ public class TestAccessController {
     PrivilegedExceptionAction getPermissionsAction = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
         HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-        AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-          TEST_TABLE);
-        protocol.getUserPermissions(TEST_TABLE);
+        try {
+          BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+          AccessControlService.BlockingInterface protocol =
+            AccessControlService.newBlockingStub(service);
+          ProtobufUtil.getUserPermissions(protocol, TEST_TABLE);
+        } finally {
+          acl.close();
+        }
         return null;
       }
     };
@@ -774,11 +955,6 @@ public class TestAccessController {
     User gblUser = User
         .createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
 
-    // perms only stored against the first region
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-      tableName);
-
     // prepare actions:
     PrivilegedExceptionAction putActionAll = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
@@ -786,7 +962,11 @@ public class TestAccessController {
         p.add(family1, qualifier, Bytes.toBytes("v1"));
         p.add(family2, qualifier, Bytes.toBytes("v2"));
         HTable t = new HTable(conf, tableName);
-        t.put(p);
+        try {
+          t.put(p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -795,7 +975,11 @@ public class TestAccessController {
         Put p = new Put(Bytes.toBytes("a"));
         p.add(family1, qualifier, Bytes.toBytes("v1"));
         HTable t = new HTable(conf, tableName);
-        t.put(p);
+        try {
+          t.put(p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -804,7 +988,11 @@ public class TestAccessController {
         Put p = new Put(Bytes.toBytes("a"));
         p.add(family2, qualifier, Bytes.toBytes("v2"));
         HTable t = new HTable(conf, tableName);
-        t.put(p);
+        try {
+          t.put(p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -814,7 +1002,11 @@ public class TestAccessController {
         g.addFamily(family1);
         g.addFamily(family2);
         HTable t = new HTable(conf, tableName);
-        t.get(g);
+        try {
+          t.get(g);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -823,7 +1015,11 @@ public class TestAccessController {
         Get g = new Get(Bytes.toBytes("random_row"));
         g.addFamily(family1);
         HTable t = new HTable(conf, tableName);
-        t.get(g);
+        try {
+          t.get(g);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -832,7 +1028,11 @@ public class TestAccessController {
         Get g = new Get(Bytes.toBytes("random_row"));
         g.addFamily(family2);
         HTable t = new HTable(conf, tableName);
-        t.get(g);
+        try {
+          t.get(g);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -842,7 +1042,11 @@ public class TestAccessController {
         d.deleteFamily(family1);
         d.deleteFamily(family2);
         HTable t = new HTable(conf, tableName);
-        t.delete(d);
+        try {
+          t.delete(d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -851,7 +1055,11 @@ public class TestAccessController {
         Delete d = new Delete(Bytes.toBytes("random_row"));
         d.deleteFamily(family1);
         HTable t = new HTable(conf, tableName);
-        t.delete(d);
+        try {
+          t.delete(d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -860,7 +1068,11 @@ public class TestAccessController {
         Delete d = new Delete(Bytes.toBytes("random_row"));
         d.deleteFamily(family2);
         HTable t = new HTable(conf, tableName);
-        t.delete(d);
+        try {
+          t.delete(d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -875,10 +1087,18 @@ public class TestAccessController {
     verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // grant table read permission
-    protocol.grant(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, null,
-        Permission.Action.READ));
-    protocol
-        .grant(new UserPermission(Bytes.toBytes(gblUser.getShortName()), Permission.Action.READ));
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, tblUser.getShortName(),
+        tableName, null, null, Permission.Action.READ);
+      ProtobufUtil.grant(protocol, gblUser.getShortName(),
+        null, null, null, Permission.Action.READ);
+    } finally {
+      acl.close();
+    }
 
     Thread.sleep(100);
     // check
@@ -891,10 +1111,19 @@ public class TestAccessController {
     verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // grant table write permission
-    protocol.grant(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, null,
-        Permission.Action.WRITE));
-    protocol.grant(new UserPermission(Bytes.toBytes(gblUser.getShortName()),
-        Permission.Action.WRITE));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, tblUser.getShortName(),
+        tableName, null, null, Permission.Action.WRITE);
+      ProtobufUtil.grant(protocol, gblUser.getShortName(),
+        null, null, null, Permission.Action.WRITE);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyDenied(tblUser, getActionAll, getAction1, getAction2);
@@ -906,10 +1135,19 @@ public class TestAccessController {
     verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // revoke table permission
-    protocol.grant(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, null,
-        Permission.Action.READ, Permission.Action.WRITE));
-    protocol.revoke(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, null));
-    protocol.revoke(new UserPermission(Bytes.toBytes(gblUser.getShortName())));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null,
+        Permission.Action.READ, Permission.Action.WRITE);
+      ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, null, null);
+      ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyDenied(tblUser, getActionAll, getAction1, getAction2);
@@ -921,10 +1159,18 @@ public class TestAccessController {
     verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // grant column family read permission
-    protocol.grant(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, family1,
-        Permission.Action.READ));
-    protocol
-        .grant(new UserPermission(Bytes.toBytes(gblUser.getShortName()), Permission.Action.READ));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, tblUser.getShortName(),
+        tableName, family1, null, Permission.Action.READ);
+      ProtobufUtil.grant(protocol, gblUser.getShortName(),
+        null, null, null, Permission.Action.READ);
+    } finally {
+      acl.close();
+    }
 
     Thread.sleep(100);
 
@@ -939,10 +1185,19 @@ public class TestAccessController {
     verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // grant column family write permission
-    protocol.grant(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, family2,
-        Permission.Action.WRITE));
-    protocol.grant(new UserPermission(Bytes.toBytes(gblUser.getShortName()),
-        Permission.Action.WRITE));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, tblUser.getShortName(),
+        tableName, family2, null, Permission.Action.WRITE);
+      ProtobufUtil.grant(protocol, gblUser.getShortName(),
+        null, null, null, Permission.Action.WRITE);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     // READ from family1, WRITE to family2 are allowed
@@ -957,8 +1212,16 @@ public class TestAccessController {
     verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
 
     // revoke column family permission
-    protocol.revoke(new UserPermission(Bytes.toBytes(tblUser.getShortName()), tableName, family2));
-    protocol.revoke(new UserPermission(Bytes.toBytes(gblUser.getShortName())));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, family2, null);
+      ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+    } finally {
+      acl.close();
+    }
 
     Thread.sleep(100);
 
@@ -991,7 +1254,6 @@ public class TestAccessController {
 
     // create table
     HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
-
     if (admin.tableExists(tableName)) {
       admin.disableTable(tableName);
       admin.deleteTable(tableName);
@@ -1004,16 +1266,16 @@ public class TestAccessController {
     // create temp users
     User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
 
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-      tableName);
-
     PrivilegedExceptionAction getQualifierAction = new PrivilegedExceptionAction() {
       public Object run() throws Exception {
         Get g = new Get(Bytes.toBytes("random_row"));
         g.addColumn(family1, qualifier);
         HTable t = new HTable(conf, tableName);
-        t.get(g);
+        try {
+          t.get(g);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -1022,7 +1284,11 @@ public class TestAccessController {
         Put p = new Put(Bytes.toBytes("random_row"));
         p.add(family1, qualifier, Bytes.toBytes("v1"));
         HTable t = new HTable(conf, tableName);
-        t.put(p);
+        try {
+          t.put(p);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
@@ -1032,18 +1298,42 @@ public class TestAccessController {
         d.deleteColumn(family1, qualifier);
         // d.deleteFamily(family1);
         HTable t = new HTable(conf, tableName);
-        t.delete(d);
+        try {
+          t.delete(d);
+        } finally {
+          t.close();
+        }
         return null;
       }
     };
 
-    protocol.revoke(new UserPermission(Bytes.toBytes(user.getShortName()), tableName, family1));
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, null);
+    } finally {
+      acl.close();
+    }
+
+    Thread.sleep(100);
+
     verifyDenied(user, getQualifierAction);
     verifyDenied(user, putQualifierAction);
     verifyDenied(user, deleteQualifierAction);
 
-    protocol.grant(new UserPermission(Bytes.toBytes(user.getShortName()), tableName, family1,
-        qualifier, Permission.Action.READ));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, user.getShortName(),
+        tableName, family1, qualifier, Permission.Action.READ);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyAllowed(user, getQualifierAction);
@@ -1052,8 +1342,17 @@ public class TestAccessController {
 
     // only grant write permission
     // TODO: comment this portion after HBASE-3583
-    protocol.grant(new UserPermission(Bytes.toBytes(user.getShortName()), tableName, family1,
-        qualifier, Permission.Action.WRITE));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, user.getShortName(),
+        tableName, family1, qualifier, Permission.Action.WRITE);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyDenied(user, getQualifierAction);
@@ -1061,8 +1360,18 @@ public class TestAccessController {
     verifyAllowed(user, deleteQualifierAction);
 
     // grant both read and write permission.
-    protocol.grant(new UserPermission(Bytes.toBytes(user.getShortName()), tableName, family1,
-        qualifier, Permission.Action.READ, Permission.Action.WRITE));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, user.getShortName(),
+        tableName, family1, qualifier,
+          Permission.Action.READ, Permission.Action.WRITE);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyAllowed(user, getQualifierAction);
@@ -1070,8 +1379,17 @@ public class TestAccessController {
     verifyAllowed(user, deleteQualifierAction);
 
     // revoke family level permission won't impact column level.
-    protocol.revoke(new UserPermission(Bytes.toBytes(user.getShortName()), tableName, family1,
-        qualifier));
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.revoke(protocol, user.getShortName(),
+        tableName, family1, qualifier);
+    } finally {
+      acl.close();
+    }
+
     Thread.sleep(100);
 
     verifyDenied(user, getQualifierAction);
@@ -1089,7 +1407,6 @@ public class TestAccessController {
     final byte[] family1 = Bytes.toBytes("f1");
     final byte[] family2 = Bytes.toBytes("f2");
     final byte[] qualifier = Bytes.toBytes("q");
-    final byte[] user = Bytes.toBytes("user");
 
     // create table
     HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
@@ -1103,50 +1420,85 @@ public class TestAccessController {
     htd.setOwner(USER_OWNER);
     admin.createTable(htd);
 
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    AccessControllerProtocol protocol = acl.coprocessorProxy(AccessControllerProtocol.class,
-      tableName);
+    List<UserPermission> perms;
 
-    List<UserPermission> perms = protocol.getUserPermissions(tableName);
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+    } finally {
+      acl.close();
+    }
 
-    UserPermission ownerperm = new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName,
-        null, Action.values());
+    UserPermission ownerperm = new UserPermission(
+      Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
     assertTrue("Owner should have all permissions on table",
       hasFoundUserPermission(ownerperm, perms));
 
-    UserPermission up = new UserPermission(user, tableName, family1, qualifier,
-        Permission.Action.READ);
+    User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
+    byte[] userName = Bytes.toBytes(user.getShortName());
+
+    UserPermission up = new UserPermission(userName,
+      tableName, family1, qualifier, Permission.Action.READ);
     assertFalse("User should not be granted permission: " + up.toString(),
       hasFoundUserPermission(up, perms));
 
     // grant read permission
-    UserPermission upToSet = new UserPermission(user, tableName, family1, qualifier,
-        Permission.Action.READ);
-    protocol.grant(upToSet);
-    perms = protocol.getUserPermissions(tableName);
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, user.getShortName(),
+        tableName, family1, qualifier, Permission.Action.READ);
+      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+    } finally {
+      acl.close();
+    }
 
-    UserPermission upToVerify = new UserPermission(user, tableName, family1, qualifier,
-        Permission.Action.READ);
+    UserPermission upToVerify = new UserPermission(
+      userName, tableName, family1, qualifier, Permission.Action.READ);
     assertTrue("User should be granted permission: " + upToVerify.toString(),
       hasFoundUserPermission(upToVerify, perms));
 
-    upToVerify = new UserPermission(user, tableName, family1, qualifier, Permission.Action.WRITE);
+    upToVerify = new UserPermission(
+      userName, tableName, family1, qualifier, Permission.Action.WRITE);
     assertFalse("User should not be granted permission: " + upToVerify.toString(),
       hasFoundUserPermission(upToVerify, perms));
 
     // grant read+write
-    upToSet = new UserPermission(user, tableName, family1, qualifier, Permission.Action.WRITE,
-        Permission.Action.READ);
-    protocol.grant(upToSet);
-    perms = protocol.getUserPermissions(tableName);
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.grant(protocol, user.getShortName(),
+        tableName, family1, qualifier,
+          Permission.Action.WRITE, Permission.Action.READ);
+      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+    } finally {
+      acl.close();
+    }
 
-    upToVerify = new UserPermission(user, tableName, family1, qualifier, Permission.Action.WRITE,
-        Permission.Action.READ);
+    upToVerify = new UserPermission(userName, tableName, family1,
+      qualifier, Permission.Action.WRITE, Permission.Action.READ);
     assertTrue("User should be granted permission: " + upToVerify.toString(),
       hasFoundUserPermission(upToVerify, perms));
 
-    protocol.revoke(upToSet);
-    perms = protocol.getUserPermissions(tableName);
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, qualifier,
+        Permission.Action.WRITE, Permission.Action.READ);
+      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+    } finally {
+      acl.close();
+    }
+
     assertFalse("User should not be granted permission: " + upToVerify.toString(),
       hasFoundUserPermission(upToVerify, perms));
 
@@ -1156,9 +1508,19 @@ public class TestAccessController {
     User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
     htd.setOwner(newOwner);
     admin.modifyTable(tableName, htd);
-    perms = protocol.getUserPermissions(tableName);
-    UserPermission newOwnerperm = new UserPermission(Bytes.toBytes(newOwner.getName()), tableName,
-        null, Action.values());
+
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(tableName);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+    } finally {
+      acl.close();
+    }
+
+    UserPermission newOwnerperm = new UserPermission(
+      Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
     assertTrue("New owner should have all permissions on table",
       hasFoundUserPermission(newOwnerperm, perms));
 
@@ -1166,6 +1528,24 @@ public class TestAccessController {
     admin.deleteTable(tableName);
   }
 
+  @Test
+  public void testGlobalPermissionList() throws Exception {
+    List<UserPermission> perms;
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(service);
+      perms = ProtobufUtil.getUserPermissions(protocol, null);
+    } finally {
+      acl.close();
+    }
+    UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
+      AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"));
+    assertTrue("Only user admin has permission on table _acl_ per setup",
+      perms.size() == 1 && hasFoundUserPermission(adminPerm, perms));
+  }
+
   /** global operations */
   private void verifyGlobal(PrivilegedExceptionAction<?> action) throws Exception {
     verifyAllowed(action, SUPERUSER);
@@ -1174,25 +1554,27 @@ public class TestAccessController {
   }
 
   public void checkGlobalPerms(Permission.Action... actions) throws IOException {
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
-    AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(channel);
-
     Permission[] perms = new Permission[actions.length];
     for (int i = 0; i < actions.length; i++) {
       perms[i] = new Permission(actions[i]);
     }
-
     CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder();
     for (Action a : actions) {
       request.addPermission(AccessControlProtos.Permission.newBuilder()
           .addAction(ProtobufUtil.toPermissionAction(a)).build());
     }
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
     try {
-      protocol.checkPermissions(null, request.build());
-    } catch (ServiceException se) {
-      ProtobufUtil.toIOException(se);
+      BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(channel);
+      try {
+        protocol.checkPermissions(null, request.build());
+      } catch (ServiceException se) {
+        ProtobufUtil.toIOException(se);
+      }
+    } finally {
+      acl.close();
     }
   }
 
@@ -1207,41 +1589,26 @@ public class TestAccessController {
   }
 
   public void checkTablePerms(byte[] table, Permission... perms) throws IOException {
-    HTable acl = new HTable(conf, table);
-    AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0]));
     CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder();
     for (Permission p : perms) {
       request.addPermission(ProtobufUtil.toPermission(p));
     }
+    HTable acl = new HTable(conf, table);
     try {
-      protocol.checkPermissions(null, request.build());
-    } catch (ServiceException se) {
-      ProtobufUtil.toIOException(se);
-    }
-  }
-
-  public void grant(AccessControlService.BlockingInterface protocol, User user,
-      byte[] t, byte[] f, byte[] q, Permission.Action... actions)
-      throws ServiceException {
-    List<AccessControlProtos.Permission.Action> permActions =
-        Lists.newArrayListWithCapacity(actions.length);
-    for (Action a : actions) {
-      permActions.add(ProtobufUtil.toPermissionAction(a));
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0]));
+      try {
+        protocol.checkPermissions(null, request.build());
+      } catch (ServiceException se) {
+        ProtobufUtil.toIOException(se);
+      }
+    } finally {
+      acl.close();
     }
-    AccessControlProtos.GrantRequest request =
-        newGrantRequest(user.getShortName(), t, f, q, permActions.toArray(
-            new AccessControlProtos.Permission.Action[actions.length]));
-    protocol.grant(null, request);
   }
 
   @Test
   public void testCheckPermissions() throws Exception {
-    final HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
-    AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(channel);
-
     // --------------------------------------
     // test global permissions
     PrivilegedExceptionAction<Void> globalAdmin = new PrivilegedExceptionAction<Void>() {
@@ -1275,9 +1642,20 @@ public class TestAccessController {
     User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);
     User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
 
-    grant(protocol, userTable, TEST_TABLE, null, null, Permission.Action.READ);
-    grant(protocol, userColumn, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
-    grant(protocol, userQualifier, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    try {
+      BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(channel);
+      ProtobufUtil.grant(protocol, userTable.getShortName(),
+        TEST_TABLE, null, null, Permission.Action.READ);
+      ProtobufUtil.grant(protocol, userColumn.getShortName(),
+        TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
+      ProtobufUtil.grant(protocol, userQualifier.getShortName(),
+        TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+    } finally {
+      acl.close();
+    }
 
     PrivilegedExceptionAction<Void> tableRead = new PrivilegedExceptionAction<Void>() {
       @Override
@@ -1362,19 +1740,26 @@ public class TestAccessController {
 
     // --------------------------------------
     // check for wrong table region
+    CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder()
+      .addPermission(AccessControlProtos.Permission.newBuilder()
+        .setTable(ByteString.copyFrom(TEST_TABLE))
+        .addAction(AccessControlProtos.Permission.Action.CREATE)
+      ).build();
+    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
     try {
-      CheckPermissionsRequest checkRequest =
-          CheckPermissionsRequest.newBuilder().addPermission(
-              AccessControlProtos.Permission.newBuilder()
-                  .setTable(ByteString.copyFrom(TEST_TABLE)).addAction(AccessControlProtos.Permission.Action.CREATE)
-          ).build();
-      // but ask for TablePermissions for TEST_TABLE
-      protocol.checkPermissions(null, checkRequest);
-      fail("this should have thrown CoprocessorException");
-    } catch (ServiceException ex) {
-      // expected
+      BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+      AccessControlService.BlockingInterface protocol =
+        AccessControlService.newBlockingStub(channel);
+      try {
+        // but ask for TablePermissions for TEST_TABLE
+        protocol.checkPermissions(null, checkRequest);
+        fail("this should have thrown CoprocessorException");
+      } catch (ServiceException ex) {
+        // expected
+      }
+    } finally {
+      acl.close();
     }
-
   }
 
   @Test

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java Wed Feb 13 20:58:23 2013
@@ -24,19 +24,21 @@ import static org.junit.Assert.assertNot
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
+import java.io.DataOutput;
 import java.io.DataOutputStream;
+import java.io.IOException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.Abortable;
+import org.apache.hadoop.hbase.DeserializationException;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.LargeTests;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
@@ -45,6 +47,7 @@ import org.apache.hadoop.hbase.client.Pu
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
+import org.apache.hadoop.io.Text;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -104,6 +107,56 @@ public class TestTablePermissions {
     UTIL.shutdownMiniCluster();
   }
 
+
+  /**
+   * Test we can read permissions serialized with Writables.
+   * @throws DeserializationException
+   */
+  @Test
+  public void testMigration() throws DeserializationException {
+    Configuration conf = UTIL.getConfiguration();
+    ListMultimap<String,TablePermission> permissions = createPermissions();
+    byte [] bytes = writePermissionsAsBytes(permissions, conf);
+    AccessControlLists.readPermissions(bytes, conf);
+  }
+
+  /**
+   * Writes a set of permissions as {@link org.apache.hadoop.io.Writable} instances                                                                                                                     
+   * and returns the resulting byte array.  Used to verify we can read stuff written
+   * with Writable.
+   */
+  public static byte[] writePermissionsAsBytes(ListMultimap<String,? extends Permission> perms,
+      Configuration conf) {
+    try {
+       ByteArrayOutputStream bos = new ByteArrayOutputStream();
+       writePermissions(new DataOutputStream(bos), perms, conf);
+       return bos.toByteArray();
+    } catch (IOException ioe) {
+      // shouldn't happen here
+      throw new RuntimeException("Error serializing permissions", ioe);
+    }
+  }
+
+  /**
+   * Writes a set of permissions as {@link org.apache.hadoop.io.Writable} instances
+   * to the given output stream.
+   * @param out
+   * @param perms
+   * @param conf
+   * @throws IOException
+  */
+  public static void writePermissions(DataOutput out,                                                                                                                                                   
+      ListMultimap<String,? extends Permission> perms, Configuration conf)
+  throws IOException {
+    Set<String> keys = perms.keySet();
+    out.writeInt(keys.size());
+    for (String key : keys) {
+      Text.writeString(out, key);
+      HbaseObjectWritableFor96Migration.writeObject(out, perms.get(key), List.class, conf);
+    }
+  }
+
+
   @Test
   public void testBasicWrite() throws Exception {
     Configuration conf = UTIL.getConfiguration();
@@ -243,6 +296,16 @@ public class TestTablePermissions {
   @Test
   public void testSerialization() throws Exception {
     Configuration conf = UTIL.getConfiguration();
+    ListMultimap<String,TablePermission> permissions = createPermissions();
+    byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf);
+
+    ListMultimap<String,TablePermission> copy =
+        AccessControlLists.readPermissions(permsData, conf);
+
+    checkMultimapEqual(permissions, copy);
+  }
+
+  private ListMultimap<String,TablePermission> createPermissions() {
     ListMultimap<String,TablePermission> permissions = ArrayListMultimap.create();
     permissions.put("george", new TablePermission(TEST_TABLE, null,
         TablePermission.Action.READ));
@@ -252,13 +315,7 @@ public class TestTablePermissions {
         TablePermission.Action.READ));
     permissions.put("hubert", new TablePermission(TEST_TABLE2, null,
         TablePermission.Action.READ, TablePermission.Action.WRITE));
-
-    byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf);
-
-    ListMultimap<String,TablePermission> copy =
-        AccessControlLists.readPermissions(permsData, conf);
-
-    checkMultimapEqual(permissions, copy);
+    return permissions;
   }
 
   public void checkMultimapEqual(ListMultimap<String,TablePermission> first,

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java Wed Feb 13 20:58:23 2013
@@ -21,27 +21,55 @@ package org.apache.hadoop.hbase.security
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.io.IOException;
+import java.net.InetSocketAddress;
 import java.security.PrivilegedExceptionAction;
-import java.util.UUID;
+import java.util.concurrent.ConcurrentMap;
 
+import com.google.protobuf.RpcController;
+import com.google.protobuf.ServiceException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.ClusterId;
+import org.apache.hadoop.hbase.IpcProtocol;
+import org.apache.hadoop.hbase.Coprocessor;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
-import org.apache.hadoop.hbase.LargeTests;
-import org.apache.hadoop.hbase.client.HTable;
-import org.apache.hadoop.hbase.coprocessor.BaseEndpointCoprocessor;
-import org.apache.hadoop.hbase.ipc.CoprocessorProtocol;
-import org.apache.hadoop.hbase.ipc.HBaseRPC;
+import org.apache.hadoop.hbase.MediumTests;
+import org.apache.hadoop.hbase.Server;
+import org.apache.hadoop.hbase.ServerName;
+import org.apache.hadoop.hbase.catalog.CatalogTracker;
+import org.apache.hadoop.hbase.client.HTableInterface;
+import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
+import org.apache.hadoop.hbase.ipc.BlockingRpcCallback;
+import org.apache.hadoop.hbase.ipc.HBaseClientRPC;
 import org.apache.hadoop.hbase.ipc.HBaseServer;
+import org.apache.hadoop.hbase.ipc.HBaseServerRPC;
+import org.apache.hadoop.hbase.ipc.ProtobufRpcClientEngine;
 import org.apache.hadoop.hbase.ipc.RequestContext;
 import org.apache.hadoop.hbase.ipc.RpcServer;
-import org.apache.hadoop.hbase.regionserver.HRegionServer;
+import org.apache.hadoop.hbase.ipc.ServerRpcController;
+import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos;
+import org.apache.hadoop.hbase.regionserver.HRegion;
+import org.apache.hadoop.hbase.regionserver.RegionServerServices;
+import org.apache.hadoop.hbase.security.KerberosInfo;
+import org.apache.hadoop.hbase.security.TokenInfo;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;
+import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
+import org.apache.hadoop.hbase.util.MockRegionServerServices;
+import org.apache.hadoop.hbase.util.Sleeper;
+import org.apache.hadoop.hbase.util.Strings;
+import org.apache.hadoop.hbase.util.Threads;
 import org.apache.hadoop.hbase.util.Writables;
+import org.apache.hadoop.hbase.zookeeper.ZKClusterId;
+import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
+import org.apache.hadoop.net.DNS;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.SecretManager;
 import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenIdentifier;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -50,48 +78,247 @@ import org.junit.experimental.categories
 /**
  * Tests for authentication token creation and usage
  */
-@Category(LargeTests.class)
+@Category(MediumTests.class)
 public class TestTokenAuthentication {
-  public static interface IdentityProtocol extends CoprocessorProtocol {
-    public String whoami();
-    public String getAuthMethod();
-  }
-
-  public static class IdentityCoprocessor extends BaseEndpointCoprocessor
-      implements IdentityProtocol {
-    public String whoami() {
-      return RequestContext.getRequestUserName();
-    }
-
-    public String getAuthMethod() {
-      UserGroupInformation ugi = null;
-      User user = RequestContext.getRequestUser();
-      if (user != null) {
-        ugi = user.getUGI();
-      }
-      if (ugi != null) {
-        return ugi.getAuthenticationMethod().toString();
+  private static Log LOG = LogFactory.getLog(TestTokenAuthentication.class);
+
+  @KerberosInfo(
+      serverPrincipal = "hbase.test.kerberos.principal")
+  @TokenInfo("HBASE_AUTH_TOKEN")
+  private static interface BlockingAuthenticationService
+  extends AuthenticationProtos.AuthenticationService.BlockingInterface, IpcProtocol {
+  }
+
+  /**
+   * Basic server process for RPC authentication testing
+   */
+  private static class TokenServer extends TokenProvider
+      implements BlockingAuthenticationService, Runnable, Server {
+
+    private static Log LOG = LogFactory.getLog(TokenServer.class);
+
+    private Configuration conf;
+    private RpcServer rpcServer;
+    private InetSocketAddress isa;
+    private ZooKeeperWatcher zookeeper;
+    private Sleeper sleeper;
+    private boolean started = false;
+    private boolean aborted = false;
+    private boolean stopped = false;
+    private long startcode;
+    private AuthenticationProtos.AuthenticationService.BlockingInterface blockingService;
+
+    public TokenServer(Configuration conf) throws IOException {
+      this.conf = conf;
+      this.startcode = EnvironmentEdgeManager.currentTimeMillis();
+
+      // Server to handle client requests.
+      String hostname = Strings.domainNamePointerToHostName(
+          DNS.getDefaultHost("default", "default"));
+      int port = 0;
+      // Creation of an ISA will force a resolve.
+      InetSocketAddress initialIsa = new InetSocketAddress(hostname, port);
+      if (initialIsa.getAddress() == null) {
+        throw new IllegalArgumentException("Failed resolve of " + initialIsa);
       }
+
+      this.rpcServer = HBaseServerRPC.getServer(TokenServer.class, this,
+          new Class<?>[]{AuthenticationProtos.AuthenticationService.Interface.class},
+          initialIsa.getHostName(), // BindAddress is IP we got for this server.
+          initialIsa.getPort(),
+          3, // handlers
+          1, // meta handlers (not used)
+          true,
+          this.conf, HConstants.QOS_THRESHOLD);
+      // Set our address.
+      this.isa = this.rpcServer.getListenerAddress();
+      this.sleeper = new Sleeper(1000, this);
+    }
+
+    @Override
+    public Configuration getConfiguration() {
+      return conf;
+    }
+
+    @Override
+    public CatalogTracker getCatalogTracker() {
       return null;
     }
+
+    @Override
+    public ZooKeeperWatcher getZooKeeper() {
+      return zookeeper;
+    }
+
+    @Override
+    public boolean isAborted() {
+      return aborted;
+    }
+
+    @Override
+    public ServerName getServerName() {
+      return new ServerName(isa.getHostName(), isa.getPort(), startcode);
+    }
+
+    @Override
+    public void abort(String reason, Throwable error) {
+      LOG.fatal("Aborting on: "+reason, error);
+      this.aborted = true;
+      this.stopped = true;
+      sleeper.skipSleepCycle();
+    }
+
+    private void initialize() throws IOException {
+      // ZK configuration must _not_ have hbase.security.authentication or it will require SASL auth
+      Configuration zkConf = new Configuration(conf);
+      zkConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
+      this.zookeeper = new ZooKeeperWatcher(zkConf, TokenServer.class.getSimpleName(),
+          this, true);
+      this.rpcServer.start();
+
+      // mock RegionServerServices to provide to coprocessor environment
+      final RegionServerServices mockServices = new MockRegionServerServices() {
+        @Override
+        public RpcServer getRpcServer() { return rpcServer; }
+      };
+
+      // mock up coprocessor environment
+      super.start(new RegionCoprocessorEnvironment() {
+        @Override
+        public HRegion getRegion() { return null; }
+
+        @Override
+        public RegionServerServices getRegionServerServices() {
+          return mockServices;
+        }
+
+        @Override
+        public ConcurrentMap<String, Object> getSharedData() { return null; }
+
+        @Override
+        public int getVersion() { return 0; }
+
+        @Override
+        public String getHBaseVersion() { return null; }
+
+        @Override
+        public Coprocessor getInstance() { return null; }
+
+        @Override
+        public int getPriority() { return 0; }
+
+        @Override
+        public int getLoadSequence() { return 0; }
+
+        @Override
+        public Configuration getConfiguration() { return conf; }
+
+        @Override
+        public HTableInterface getTable(byte[] tableName) throws IOException { return null; }
+      });
+
+      started = true;
+    }
+
+    public void run() {
+      try {
+        initialize();
+        while (!stopped) {
+          this.sleeper.sleep();
+        }
+      } catch (Exception e) {
+        abort(e.getMessage(), e);
+      }
+      this.rpcServer.stop();
+    }
+
+    public boolean isStarted() {
+      return started;
+    }
+
+    @Override
+    public void stop(String reason) {
+      LOG.info("Stopping due to: "+reason);
+      this.stopped = true;
+      sleeper.skipSleepCycle();
+    }
+
+    @Override
+    public boolean isStopped() {
+      return stopped;
+    }
+
+    public InetSocketAddress getAddress() {
+      return isa;
+    }
+
+    public SecretManager<? extends TokenIdentifier> getSecretManager() {
+      return ((HBaseServer)rpcServer).getSecretManager();
+    }
+
+    @Override
+    public AuthenticationProtos.TokenResponse getAuthenticationToken(
+        RpcController controller, AuthenticationProtos.TokenRequest request)
+      throws ServiceException {
+      LOG.debug("Authentication token request from "+RequestContext.getRequestUserName());
+      // ignore passed in controller -- it's always null
+      ServerRpcController serverController = new ServerRpcController();
+      BlockingRpcCallback<AuthenticationProtos.TokenResponse> callback =
+          new BlockingRpcCallback<AuthenticationProtos.TokenResponse>();
+      getAuthenticationToken(serverController, request, callback);
+      try {
+        serverController.checkFailed();
+        return callback.get();
+      } catch (IOException ioe) {
+        throw new ServiceException(ioe);
+      }
+    }
+
+    @Override
+    public AuthenticationProtos.WhoAmIResponse whoami(
+        RpcController controller, AuthenticationProtos.WhoAmIRequest request)
+      throws ServiceException {
+      LOG.debug("whoami() request from "+RequestContext.getRequestUserName());
+      // ignore passed in controller -- it's always null
+      ServerRpcController serverController = new ServerRpcController();
+      BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse> callback =
+          new BlockingRpcCallback<AuthenticationProtos.WhoAmIResponse>();
+      whoami(serverController, request, callback);
+      try {
+        serverController.checkFailed();
+        return callback.get();
+      } catch (IOException ioe) {
+        throw new ServiceException(ioe);
+      }
+    }
   }
 
+
   private static HBaseTestingUtility TEST_UTIL;
+  private static TokenServer server;
+  private static Thread serverThread;
   private static AuthenticationTokenSecretManager secretManager;
+  private static ClusterId clusterId = new ClusterId();
 
   @BeforeClass
   public static void setupBeforeClass() throws Exception {
     TEST_UTIL = new HBaseTestingUtility();
+    TEST_UTIL.startMiniZKCluster();
+    // security settings only added after startup so that ZK does not require SASL
     Configuration conf = TEST_UTIL.getConfiguration();
-    conf.set("hbase.coprocessor.region.classes",
-        IdentityCoprocessor.class.getName());
-    TEST_UTIL.startMiniCluster();
-    HRegionServer rs = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0);
-    secretManager = new AuthenticationTokenSecretManager(conf, rs.getZooKeeper(),
-        rs.getServerName().toString(), 
-        conf.getLong("hbase.auth.key.update.interval", 24*60*60*1000), 
-        conf.getLong("hbase.auth.token.max.lifetime", 7*24*60*60*1000));
-    secretManager.start(); 
+    conf.set("hadoop.security.authentication", "kerberos");
+    conf.set("hbase.security.authentication", "kerberos");
+    server = new TokenServer(conf);
+    serverThread = new Thread(server);
+    Threads.setDaemonThreadRunning(serverThread,
+        "TokenServer:"+server.getServerName().toString());
+    // wait for startup
+    while (!server.isStarted() && !server.isStopped()) {
+      Thread.sleep(10);
+    }
+
+    ZKClusterId.setClusterId(server.getZooKeeper(), clusterId);
+    secretManager = (AuthenticationTokenSecretManager)server.getSecretManager();
     while(secretManager.getCurrentKey() == null) {
       Thread.sleep(1);
     }
@@ -99,7 +326,9 @@ public class TestTokenAuthentication {
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
-    TEST_UTIL.shutdownMiniCluster();
+    server.stop("Test complete");
+    Threads.shutdown(serverThread);
+    TEST_UTIL.shutdownMiniZKCluster();
   }
 
   @Test
@@ -116,7 +345,7 @@ public class TestTokenAuthentication {
         Bytes.equals(token.getPassword(), passwd));
   }
 
-  // @Test - Disable due to kerberos requirement
+  @Test
   public void testTokenAuthentication() throws Exception {
     UserGroupInformation testuser =
         UserGroupInformation.createUserForTesting("testuser", new String[]{"testgroup"});
@@ -124,23 +353,36 @@ public class TestTokenAuthentication {
     testuser.setAuthenticationMethod(
         UserGroupInformation.AuthenticationMethod.TOKEN);
     final Configuration conf = TEST_UTIL.getConfiguration();
-    conf.set("hadoop.security.authentication", "kerberos");
-    conf.set("randomkey", UUID.randomUUID().toString());
-    testuser.setConfiguration(conf);
+    UserGroupInformation.setConfiguration(conf);
     Token<AuthenticationTokenIdentifier> token =
         secretManager.generateToken("testuser");
+    LOG.debug("Got token: " + token.toString());
     testuser.addToken(token);
 
     // verify the server authenticates us as this token user
     testuser.doAs(new PrivilegedExceptionAction<Object>() {
       public Object run() throws Exception {
-        HTable table = new HTable(conf, ".META.");
-        IdentityProtocol prot = table.coprocessorProxy(
-            IdentityProtocol.class, HConstants.EMPTY_START_ROW);
-        String myname = prot.whoami();
-        assertEquals("testuser", myname);
-        String authMethod = prot.getAuthMethod();
-        assertEquals("TOKEN", authMethod);
+        Configuration c = server.getConfiguration();
+        c.set(HConstants.CLUSTER_ID, clusterId.toString());
+        ProtobufRpcClientEngine rpcClient =
+            new ProtobufRpcClientEngine(c);
+        try {
+          AuthenticationProtos.AuthenticationService.BlockingInterface proxy =
+              HBaseClientRPC.waitForProxy(rpcClient, BlockingAuthenticationService.class,
+                  server.getAddress(), c,
+                  HConstants.DEFAULT_HBASE_CLIENT_RPC_MAXATTEMPTS,
+                  HConstants.DEFAULT_HBASE_RPC_TIMEOUT,
+                  HConstants.DEFAULT_HBASE_RPC_TIMEOUT);
+
+          AuthenticationProtos.WhoAmIResponse response =
+              proxy.whoami(null, AuthenticationProtos.WhoAmIRequest.getDefaultInstance());
+          String myname = response.getUsername();
+          assertEquals("testuser", myname);
+          String authMethod = response.getAuthMethod();
+          assertEquals("TOKEN", authMethod);
+        } finally {
+          rpcClient.close();
+        }
         return null;
       }
     });

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftServerCmdLine.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftServerCmdLine.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftServerCmdLine.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftServerCmdLine.java Wed Feb 13 20:58:23 2013
@@ -32,6 +32,9 @@ import org.apache.hadoop.hbase.HBaseTest
 import org.apache.hadoop.hbase.LargeTests;
 import org.apache.hadoop.hbase.thrift.ThriftServerRunner.ImplType;
 import org.apache.hadoop.hbase.thrift.generated.Hbase;
+import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
+import org.apache.hadoop.hbase.util.EnvironmentEdgeManagerTestHelper;
+import org.apache.hadoop.hbase.util.IncrementingEnvironmentEdge;
 import org.apache.hadoop.hbase.util.Threads;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TCompactProtocol;
@@ -115,11 +118,15 @@ public class TestThriftServerCmdLine {
   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
     TEST_UTIL.startMiniCluster();
+    //ensure that server time increments every time we do an operation, otherwise
+    //successive puts having the same timestamp will override each other
+    EnvironmentEdgeManagerTestHelper.injectEdge(new IncrementingEnvironmentEdge());
   }
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
     TEST_UTIL.shutdownMiniCluster();
+    EnvironmentEdgeManager.reset();
   }
 
   private void startCmdLineThread(final String[] args) {
@@ -142,7 +149,7 @@ public class TestThriftServerCmdLine {
     cmdLineThread.start();
   }
 
-  @Test(timeout=60 * 1000)
+  @Test(timeout=120 * 1000)
   public void testRunThriftServer() throws Exception {
     List<String> args = new ArrayList<String>();
     if (implType != null) {

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java Wed Feb 13 20:58:23 2013
@@ -31,7 +31,9 @@ import org.apache.hadoop.hbase.PleaseHol
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.io.compress.Compression;
 import org.apache.hadoop.hbase.io.encoding.DataBlockEncoding;
+import org.apache.hadoop.hbase.regionserver.BloomType;
 import org.apache.hadoop.hbase.regionserver.StoreFile;
+import org.apache.hadoop.hbase.util.test.LoadTestDataGenerator;
 
 /**
  * A command-line utility that reads, writes, and verifies data. Unlike
@@ -67,7 +69,7 @@ public class LoadTestTool extends Abstra
       "<verify_percent>[:<#threads=" + DEFAULT_NUM_THREADS + ">]";
 
   private static final String OPT_USAGE_BLOOM = "Bloom filter type, one of " +
-      Arrays.toString(StoreFile.BloomType.values());
+      Arrays.toString(BloomType.values());
 
   private static final String OPT_USAGE_COMPRESSION = "Compression type, " +
       "one of " + Arrays.toString(Compression.Algorithm.values());
@@ -115,11 +117,11 @@ public class LoadTestTool extends Abstra
   private DataBlockEncoding dataBlockEncodingAlgo;
   private boolean encodeInCacheOnly;
   private Compression.Algorithm compressAlgo;
-  private StoreFile.BloomType bloomType;
+  private BloomType bloomType;
 
   // Writer options
   private int numWriterThreads = DEFAULT_NUM_THREADS;
-  private long minColsPerKey, maxColsPerKey;
+  private int minColsPerKey, maxColsPerKey;
   private int minColDataSize, maxColDataSize;
   private boolean isMultiPut;
 
@@ -260,7 +262,7 @@ public class LoadTestTool extends Abstra
 
       int colIndex = 0;
       minColsPerKey = 1;
-      maxColsPerKey = 2 * Long.parseLong(writeOpts[colIndex++]);
+      maxColsPerKey = 2 * Integer.parseInt(writeOpts[colIndex++]);
       int avgColDataSize =
           parseInt(writeOpts[colIndex++], 1, Integer.MAX_VALUE);
       minColDataSize = avgColDataSize / 2;
@@ -317,7 +319,7 @@ public class LoadTestTool extends Abstra
 
     String bloomStr = cmd.getOptionValue(OPT_BLOOM);
     bloomType = bloomStr == null ? null :
-        StoreFile.BloomType.valueOf(bloomStr);
+        BloomType.valueOf(bloomStr);
   }
 
   public void initTestTable() throws IOException {
@@ -342,16 +344,16 @@ public class LoadTestTool extends Abstra
       initTestTable();
     }
 
+    LoadTestDataGenerator dataGen = new MultiThreadedAction.DefaultDataGenerator(
+        minColDataSize, maxColDataSize, minColsPerKey, maxColsPerKey, COLUMN_FAMILY);
+
     if (isWrite) {
-      writerThreads = new MultiThreadedWriter(conf, tableName, COLUMN_FAMILY);
+      writerThreads = new MultiThreadedWriter(dataGen, conf, tableName);
       writerThreads.setMultiPut(isMultiPut);
-      writerThreads.setColumnsPerKey(minColsPerKey, maxColsPerKey);
-      writerThreads.setDataSize(minColDataSize, maxColDataSize);
     }
 
     if (isRead) {
-      readerThreads = new MultiThreadedReader(conf, tableName, COLUMN_FAMILY,
-          verifyPercent);
+      readerThreads = new MultiThreadedReader(dataGen, conf, tableName, verifyPercent);
       readerThreads.setMaxErrors(maxReadErrors);
       readerThreads.setKeyWindow(keyWindow);
     }

Modified: hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MockRegionServerServices.java
URL: http://svn.apache.org/viewvc/hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MockRegionServerServices.java?rev=1445918&r1=1445917&r2=1445918&view=diff
==============================================================================
--- hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MockRegionServerServices.java (original)
+++ hbase/branches/hbase-7290/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MockRegionServerServices.java Wed Feb 13 20:58:23 2013
@@ -25,6 +25,7 @@ import java.util.concurrent.ConcurrentSk
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.ServerName;
 import org.apache.hadoop.hbase.catalog.CatalogTracker;
 import org.apache.hadoop.hbase.fs.HFileSystem;
@@ -36,7 +37,6 @@ import org.apache.hadoop.hbase.regionser
 import org.apache.hadoop.hbase.regionserver.RegionServerAccounting;
 import org.apache.hadoop.hbase.regionserver.RegionServerServices;
 import org.apache.hadoop.hbase.regionserver.wal.HLog;
-import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
 import org.apache.zookeeper.KeeperException;
 
@@ -49,10 +49,19 @@ public class MockRegionServerServices im
   private final ConcurrentSkipListMap<byte[], Boolean> rit = 
     new ConcurrentSkipListMap<byte[], Boolean>(Bytes.BYTES_COMPARATOR);
   private HFileSystem hfs = null;
+  private ZooKeeperWatcher zkw = null;
+
+  public MockRegionServerServices(ZooKeeperWatcher zkw){
+    this.zkw = zkw;
+  }
+
+  public MockRegionServerServices(){
+    this(null);
+  }
 
   @Override
-  public boolean removeFromOnlineRegions(String encodedRegionName, ServerName destination) {
-    return this.regions.remove(encodedRegionName) != null;
+  public boolean removeFromOnlineRegions(HRegion r, ServerName destination) {
+    return this.regions.remove(r.getRegionInfo().getEncodedName()) != null;
   }
 
   @Override
@@ -81,11 +90,6 @@ public class MockRegionServerServices im
   }
 
   @Override
-  public HLog getWAL() {
-    return null;
-  }
-
-  @Override
   public RpcServer getRpcServer() {
     return null;
   }
@@ -112,7 +116,7 @@ public class MockRegionServerServices im
 
   @Override
   public ZooKeeperWatcher getZooKeeper() {
-    return null;
+    return zkw;
   }
   
   public RegionServerAccounting getRegionServerAccounting() {
@@ -162,4 +166,10 @@ public class MockRegionServerServices im
   public Leases getLeases() {
     return null;
   }
+
+  @Override
+  public HLog getWAL(HRegionInfo regionInfo) throws IOException {
+    // TODO Auto-generated method stub
+    return null;
+  }
 }



Mime
View raw message