hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anoopsamj...@apache.org
Subject hbase git commit: HBASE-12346 Scan's default auths behavior under Visibility labels.(Jerry He)
Date Fri, 21 Nov 2014 08:00:21 GMT
Repository: hbase
Updated Branches:
  refs/heads/master c5690b1be -> 83f9f39e2


HBASE-12346 Scan's default auths behavior under Visibility labels.(Jerry He)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/83f9f39e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/83f9f39e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/83f9f39e

Branch: refs/heads/master
Commit: 83f9f39e2aae0bd53771f20d197f8bea92dfb0f0
Parents: c5690b1
Author: anoopsjohn <anoop.s.john@intel.com>
Authored: Fri Nov 21 13:29:42 2014 +0530
Committer: anoopsjohn <anoop.s.john@intel.com>
Committed: Fri Nov 21 13:29:42 2014 +0530

----------------------------------------------------------------------
 .../visibility/DefaultScanLabelGenerator.java   |  93 --------
 .../DefinedSetFilterScanLabelGenerator.java     |  94 +++++++++
 .../FeedUserAuthScanLabelGenerator.java         |  70 +++++++
 .../security/visibility/VisibilityUtils.java    |  13 +-
 .../TestDefaultScanLabelGeneratorStack.java     | 210 +++++++++++++++++++
 .../TestEnforcingScanLabelGenerator.java        |   2 +-
 6 files changed, 385 insertions(+), 97 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
deleted file mode 100644
index f4bf87e..0000000
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hbase.security.visibility;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hbase.classification.InterfaceAudience;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.hbase.security.User;
-
-/**
- * This is the default implementation for ScanLabelGenerator. It will extract labels passed
via
- * Scan#authorizations and cross check against the global auths set for the user. The labels
for which
- * user is not authenticated will be dropped even if it is passed via Scan Authorizations.
- */
-@InterfaceAudience.Private
-public class DefaultScanLabelGenerator implements ScanLabelGenerator {
-
-  private static final Log LOG = LogFactory.getLog(DefaultScanLabelGenerator.class);
-  
-  private Configuration conf;
-  
-  private VisibilityLabelsCache labelsCache;
-  
-  public DefaultScanLabelGenerator() {
-    this.labelsCache = VisibilityLabelsCache.get();
-  }
-
-  @Override
-  public void setConf(Configuration conf) {
-    this.conf = conf;
-  }
-
-  @Override
-  public Configuration getConf() {
-    return this.conf;
-  }
-
-  @Override
-  public List<String> getLabels(User user, Authorizations authorizations) {
-    if (authorizations != null) {
-      List<String> labels = authorizations.getLabels();
-      String userName = user.getShortName();
-      List<String> auths = this.labelsCache.getAuths(userName);
-      return dropLabelsNotInUserAuths(labels, auths, userName);
-    }
-    return null;
-  }
-
-  private List<String> dropLabelsNotInUserAuths(List<String> labels, List<String>
auths,
-      String userName) {
-    List<String> droppedLabels = new ArrayList<String>();
-    List<String> passedLabels = new ArrayList<String>(labels.size());
-    for (String label : labels) {
-      if (auths.contains(label)) {
-        passedLabels.add(label);
-      } else {
-        droppedLabels.add(label);
-      }
-    }
-    if (!droppedLabels.isEmpty()) {
-      StringBuilder sb = new StringBuilder();
-      sb.append("Dropping invalid authorizations requested by user ");
-      sb.append(userName);
-      sb.append(": [ ");
-      for (String label: droppedLabels) {
-        sb.append(label);
-        sb.append(' ');
-      }
-      sb.append(']');
-      LOG.warn(sb.toString());
-    }
-    return passedLabels;
-  }
-}

http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefinedSetFilterScanLabelGenerator.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefinedSetFilterScanLabelGenerator.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefinedSetFilterScanLabelGenerator.java
new file mode 100644
index 0000000..a42def0
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefinedSetFilterScanLabelGenerator.java
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.visibility;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.hbase.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.security.User;
+
+/**
+ * This is an implementation for ScanLabelGenerator.
+ * It will extract labels from passed in authorizations and cross check
+ * against the set of predefined authorization labels for given user.
+ * The labels for which the user is not authorized will be dropped.
+ */
+@InterfaceAudience.Private
+public class DefinedSetFilterScanLabelGenerator implements ScanLabelGenerator {
+
+  private static final Log LOG = LogFactory.getLog(DefinedSetFilterScanLabelGenerator.class);
+
+  private Configuration conf;
+
+  private VisibilityLabelsCache labelsCache;
+
+  public DefinedSetFilterScanLabelGenerator() {
+    this.labelsCache = VisibilityLabelsCache.get();
+  }
+
+  @Override
+  public void setConf(Configuration conf) {
+    this.conf = conf;
+  }
+
+  @Override
+  public Configuration getConf() {
+    return this.conf;
+  }
+
+  @Override
+  public List<String> getLabels(User user, Authorizations authorizations) {
+    if (authorizations != null) {
+      List<String> labels = authorizations.getLabels();
+      String userName = user.getShortName();
+      List<String> auths = this.labelsCache.getAuths(userName);
+      return dropLabelsNotInUserAuths(labels, auths, userName);
+    }
+    return null;
+  }
+
+  private List<String> dropLabelsNotInUserAuths(List<String> labels, List<String>
auths,
+      String userName) {
+    List<String> droppedLabels = new ArrayList<String>();
+    List<String> passedLabels = new ArrayList<String>(labels.size());
+    for (String label : labels) {
+      if (auths.contains(label)) {
+        passedLabels.add(label);
+      } else {
+        droppedLabels.add(label);
+      }
+    }
+    if (!droppedLabels.isEmpty()) {
+      StringBuilder sb = new StringBuilder();
+      sb.append("Dropping invalid authorizations requested by user ");
+      sb.append(userName);
+      sb.append(": [ ");
+      for (String label: droppedLabels) {
+        sb.append(label);
+        sb.append(' ');
+      }
+      sb.append(']');
+      LOG.warn(sb.toString());
+    }
+    return passedLabels;
+  }
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/FeedUserAuthScanLabelGenerator.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/FeedUserAuthScanLabelGenerator.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/FeedUserAuthScanLabelGenerator.java
new file mode 100644
index 0000000..3decbe8
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/FeedUserAuthScanLabelGenerator.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.visibility;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.hbase.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.security.User;
+
+/**
+ * If the passed in authorization is null, then this ScanLabelGenerator
+ * feeds the set of predefined authorization labels for the given user. That is
+ * the set defined by the admin using the VisibilityClient admin interface
+ * or the set_auths shell command.
+ * Otherwise the passed in authorization labels are returned with no change.
+ *
+ * Note: This SLG should not be used alone because it does not check
+ * the passed in authorization labels against what the user is authorized for.
+ */
+@InterfaceAudience.Private
+public class FeedUserAuthScanLabelGenerator implements ScanLabelGenerator {
+
+  private static final Log LOG = LogFactory.getLog(FeedUserAuthScanLabelGenerator.class);
+
+  private Configuration conf;
+  private VisibilityLabelsCache labelsCache;
+
+  public FeedUserAuthScanLabelGenerator() {
+    this.labelsCache = VisibilityLabelsCache.get();
+  }
+
+  @Override
+  public void setConf(Configuration conf) {
+    this.conf = conf;
+  }
+
+  @Override
+  public Configuration getConf() {
+    return this.conf;
+  }
+
+  @Override
+  public List<String> getLabels(User user, Authorizations authorizations) {
+    if (authorizations == null || authorizations.getLabels() == null
+        || authorizations.getLabels().isEmpty()) {
+      String userName = user.getShortName();
+      return this.labelsCache.getAuths(userName);
+    }
+    return authorizations.getLabels();
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
index 96185dd..0c08182 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
@@ -188,10 +188,17 @@ public class VisibilityUtils {
         }
       }
     }
-    // If the conf is not configured by default we need to have one SLG to be used
-    // ie. DefaultScanLabelGenerator
+    // If no SLG is specified in conf, by default we'll add two SLGs
+    // 1. FeedUserAuthScanLabelGenerator
+    // 2. DefinedSetFilterScanLabelGenerator
+    // This stacking will achieve the following default behavior:
+    // 1. If there is no Auths in the scan, we will obtain the global defined set for the
user
+    //    from the labels table.
+    // 2. If there is Auths in the scan, we will examine the passed in Auths and filter out
the
+    //    labels that the user is not entitled to. Then use the resulting label set.
     if (slgs.isEmpty()) {
-      slgs.add(ReflectionUtils.newInstance(DefaultScanLabelGenerator.class, conf));
+      slgs.add(ReflectionUtils.newInstance(FeedUserAuthScanLabelGenerator.class, conf));
+      slgs.add(ReflectionUtils.newInstance(DefinedSetFilterScanLabelGenerator.class, conf));
     }
     return slgs;
   }

http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java
new file mode 100644
index 0000000..df2a61c
--- /dev/null
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java
@@ -0,0 +1,210 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security.visibility;
+
+import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertNull;
+
+import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.Cell;
+import org.apache.hadoop.hbase.CellScanner;
+import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Get;
+import org.apache.hadoop.hbase.client.HTable;
+import org.apache.hadoop.hbase.client.Put;
+import org.apache.hadoop.hbase.client.Result;
+import org.apache.hadoop.hbase.client.ResultScanner;
+import org.apache.hadoop.hbase.client.Scan;
+import org.apache.hadoop.hbase.client.Table;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.testclassification.MediumTests;
+import org.apache.hadoop.hbase.testclassification.SecurityTests;
+import org.apache.hadoop.hbase.util.Bytes;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+@Category({SecurityTests.class, MediumTests.class})
+public class TestDefaultScanLabelGeneratorStack {
+
+  public static final String CONFIDENTIAL = "confidential";
+  private static final String SECRET = "secret";
+  public static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
+  private static final byte[] ROW_1 = Bytes.toBytes("row1");
+  private final static byte[] CF = Bytes.toBytes("f");
+  private final static byte[] Q1 = Bytes.toBytes("q1");
+  private final static byte[] Q2 = Bytes.toBytes("q2");
+  private final static byte[] Q3 = Bytes.toBytes("q3");
+  private final static byte[] value1 = Bytes.toBytes("value1");
+  private final static byte[] value2 = Bytes.toBytes("value2");
+  private final static byte[] value3 = Bytes.toBytes("value3");
+  public static Configuration conf;
+
+  @Rule
+  public final TestName TEST_NAME = new TestName();
+  public static User SUPERUSER;
+  public static User TESTUSER;
+
+  @BeforeClass
+  public static void setupBeforeClass() throws Exception {
+    // setup configuration
+    conf = TEST_UTIL.getConfiguration();
+    VisibilityTestUtil.enableVisiblityLabels(conf);
+    // Not setting any SLG class. This means to use the default behavior.
+    conf.set("hbase.superuser", "admin");
+    TEST_UTIL.startMiniCluster(1);
+    SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
+    TESTUSER = User.createUserForTesting(conf, "test", new String[] { });
+
+    // Wait for the labels table to become available
+    TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
+
+    // Set up for the test
+    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
+      public Void run() throws Exception {
+        try {
+          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
+        } catch (Throwable t) {
+          throw new IOException(t);
+        }
+        return null;
+      }
+    });
+  }
+
+  @Test
+  public void testDefaultScanLabelGeneratorStack() throws Exception {
+    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
+
+    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
+      public Void run() throws Exception {
+        Table table = TEST_UTIL.createTable(tableName, CF);
+        try {
+          Put put = new Put(ROW_1);
+          put.add(CF, Q1, HConstants.LATEST_TIMESTAMP, value1);
+          put.setCellVisibility(new CellVisibility(SECRET));
+          table.put(put);
+          put = new Put(ROW_1);
+          put.add(CF, Q2, HConstants.LATEST_TIMESTAMP, value2);
+          put.setCellVisibility(new CellVisibility(CONFIDENTIAL));
+          table.put(put);
+          put = new Put(ROW_1);
+          put.add(CF, Q3, HConstants.LATEST_TIMESTAMP, value3);
+          table.put(put);
+          return null;
+        } finally {
+          table.close();
+        }
+      }
+    });
+
+    TESTUSER.runAs(new PrivilegedExceptionAction<Void>() {
+      public Void run() throws Exception {
+        Table table = new HTable(conf, tableName);
+        try {
+          // Test scan with no auth attribute
+          Scan s = new Scan();
+          ResultScanner scanner = table.getScanner(s);
+          Result[] next = scanner.next(1);
+
+          assertTrue(next.length == 1);
+          CellScanner cellScanner = next[0].cellScanner();
+          cellScanner.advance();
+          Cell current = cellScanner.current();
+          // test user can see value2 (CONFIDENTIAL) and value3 (no label)
+          assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(),
+              current.getRowLength(), ROW_1, 0, ROW_1.length));
+          assertTrue(Bytes.equals(current.getQualifier(), Q2));
+          assertTrue(Bytes.equals(current.getValue(), value2));
+          cellScanner.advance();
+          current = cellScanner.current();
+          // test user can see value2 (CONFIDENTIAL) and value3 (no label)
+          assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(),
+              current.getRowLength(), ROW_1, 0, ROW_1.length));
+          assertTrue(Bytes.equals(current.getQualifier(), Q3));
+          assertTrue(Bytes.equals(current.getValue(), value3));
+
+          // Test scan with correct auth attribute for test user
+          Scan s1 = new Scan();
+          // test user is entitled to 'CONFIDENTIAL'.
+          // If we set both labels in the scan, 'SECRET' will be dropped by the SLGs.
+          s1.setAuthorizations(new Authorizations(new String[] { SECRET, CONFIDENTIAL }));
+          ResultScanner scanner1 = table.getScanner(s1);
+          Result[] next1 = scanner1.next(1);
+
+          assertTrue(next1.length == 1);
+          CellScanner cellScanner1 = next1[0].cellScanner();
+          cellScanner1.advance();
+          Cell current1 = cellScanner1.current();
+          // test user can see value2 (CONFIDENTIAL) and value3 (no label)
+          assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(),
+            current1.getRowLength(), ROW_1, 0, ROW_1.length));
+          assertTrue(Bytes.equals(current1.getQualifier(), Q2));
+          assertTrue(Bytes.equals(current1.getValue(), value2));
+          cellScanner1.advance();
+          current1 = cellScanner1.current();
+          // test user can see value2 (CONFIDENTIAL) and value3 (no label)
+          assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(),
+            current1.getRowLength(), ROW_1, 0, ROW_1.length));
+          assertTrue(Bytes.equals(current1.getQualifier(), Q3));
+          assertTrue(Bytes.equals(current1.getValue(), value3));
+
+          // Test scan with incorrect auth attribute for test user
+          Scan s2 = new Scan();
+          // test user is entitled to 'CONFIDENTIAL'.
+          // If we set 'SECRET', it will be dropped by the SLGs.
+          s2.setAuthorizations(new Authorizations(new String[] { SECRET }));
+          ResultScanner scanner2 = table.getScanner(s2);
+          Result next2 = scanner2.next();
+          CellScanner cellScanner2 = next2.cellScanner();
+          cellScanner2.advance();
+          Cell current2 = cellScanner2.current();
+          // This scan will only see value3 (no label)
+          assertTrue(Bytes.equals(current2.getRowArray(), current2.getRowOffset(),
+            current2.getRowLength(), ROW_1, 0, ROW_1.length));
+          assertTrue(Bytes.equals(current2.getQualifier(), Q3));
+          assertTrue(Bytes.equals(current2.getValue(), value3));
+
+          assertFalse(cellScanner2.advance());
+
+
+          return null;
+        } finally {
+          table.close();
+        }
+      }
+    });
+
+  }
+
+  @AfterClass
+  public static void tearDownAfterClass() throws Exception {
+    TEST_UTIL.shutdownMiniCluster();
+  }
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/83f9f39e/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
index c1e2d1e..916f730 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
@@ -68,7 +68,7 @@ public class TestEnforcingScanLabelGenerator {
     // setup configuration
     conf = TEST_UTIL.getConfiguration();
     VisibilityTestUtil.enableVisiblityLabels(conf);
-    String classes = DefaultScanLabelGenerator.class.getCanonicalName() + " , "
+    String classes = DefinedSetFilterScanLabelGenerator.class.getCanonicalName() + " , "
         + EnforcingScanLabelGenerator.class.getCanonicalName();
     conf.setStrings(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, classes);
     conf.set("hbase.superuser", "admin");


Mime
View raw message