sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kal...@apache.org
Subject [4/9] sentry git commit: SENTRY-1475: Integrate Sentry with Solr 7 authorization framework. (Hrishikesh Gadre, reviewed by Kalyan Kumar Kalvagadda)
Date Mon, 13 Nov 2017 14:38:08 GMT
http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java
deleted file mode 100644
index aea44f7..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureAdminHandlersTest.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.solr.handler.admin;
-
-import java.util.Map;
-
-import org.apache.solr.handler.RequestHandlerBase;
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.request.SolrRequestHandler;
-import org.apache.solr.response.SolrQueryResponse;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class SecureAdminHandlersTest extends SentryTestBase {
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    // ensure SentrySingletonTestInstance is initialized
-    SentrySingletonTestInstance.getInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  @Test
-  public void testAllAdminHandlersSecured() throws Exception {
-    int numFound = 0;
-    for (Map.Entry<String, SolrRequestHandler> entry : core.getRequestHandlers().entrySet() ) {
-      // see note about ShowFileRequestHandler below
-      if (entry.getKey().startsWith("/admin/") && !(entry.getValue() instanceof ShowFileRequestHandler)) {
-         assertTrue(entry.getValue().getClass().getEnclosingClass().equals(SecureAdminHandlers.class));
-         ++numFound;
-      }
-    }
-    assertTrue(numFound > 0);
-  }
-
-  @Test
-  public void testSecureAdminHandlers() throws Exception {
-    verifyLuke();
-    verifyMBeans();
-    verifyPlugins();
-    verifyThreads();
-    verifyProperties();
-    verifyLogging();
-    verifyFile();
-  }
-
-  private void verifyAuthorized(RequestHandlerBase handler, String collection, String user) throws Exception {
-    SolrQueryRequest req = getRequest();
-    prepareCollAndUser(core, req, collection, user, false);
-    // just ensure we don't get an unauthorized exception
-    try {
-      handler.handleRequestBody(req, new SolrQueryResponse());
-    } catch (SolrException ex) {
-      assertFalse(ex.code() == SolrException.ErrorCode.UNAUTHORIZED.code);
-    } catch (Throwable t) {
-      // okay, we only want to verify we didn't get an Unauthorized exception,
-      // going to treat each handler as a black box.
-    }
-  }
-
-  private void verifyUnauthorized(RequestHandlerBase handler,
-      String collection, String user, boolean shouldFailAdmin) throws Exception {
-    String exMsgContains = "User " + user + " does not have privileges for " + (shouldFailAdmin?"admin":collection);
-    SolrQueryRequest req = getRequest();
-    prepareCollAndUser(core, req, collection, user, false);
-    try {
-      handler.handleRequestBody(req, new SolrQueryResponse());
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      assertTrue(ex.getMessage().contains(exMsgContains));
-    }
-  }
-
-  private void verifyQueryAccess(RequestHandlerBase handler, boolean checkCollection) throws Exception {
-    verifyAuthorized(handler, "collection1", "junit");
-    verifyAuthorized(handler, "queryCollection", "junit");
-    if (checkCollection) {
-      verifyUnauthorized(handler, "bogusCollection", "junit", false);
-      verifyUnauthorized(handler, "updateCollection", "junit", false);
-    } else {
-      verifyUnauthorized(handler, "collection1", "bogusUser", true);
-    }
-  }
-
-  private void verifyQueryAccess(String path, boolean checkCollection) throws Exception {
-    RequestHandlerBase handler =
-      (RequestHandlerBase)core.getRequestHandlers().get(path);
-    verifyQueryAccess(handler, checkCollection);
-  }
-
-  private void verifyQueryUpdateAccess(String path, boolean checkCollection) throws Exception {
-    RequestHandlerBase handler =
-      (RequestHandlerBase)core.getRequestHandlers().get(path);
-    verifyAuthorized(handler, "collection1", "junit");
-    verifyUnauthorized(handler, "collection1", "bogusUser", true);
-    if (checkCollection) {
-      verifyUnauthorized(handler, "queryCollection", "junit", false);
-      verifyUnauthorized(handler, "bogusCollection", "junit", false);
-      verifyUnauthorized(handler, "updateCollection", "junit", false);
-    }
-  }
-
-  private void verifyLuke() throws Exception {
-    verifyQueryAccess("/admin/luke", true);
-  }
-
-  private void verifyMBeans() throws Exception {
-    verifyQueryAccess("/admin/mbeans", true);
-  }
-
-  private void verifyPlugins() throws Exception {
-    verifyQueryAccess("/admin/plugins", true);
-  }
-
-  private void verifyThreads() throws Exception {
-    verifyQueryAccess("/admin/threads", false);
-  }
-
-  private void verifyProperties() throws Exception {
-    verifyQueryAccess("/admin/properties", false);
-  }
-
-  private void verifyLogging() throws Exception {
-    verifyQueryUpdateAccess("/admin/logging", false);
-  }
-
-  private void verifyFile() throws Exception {
-    // file handler is built-in for backwards compatibility reasons.  Thus,
-    // handler will not be secure, so let's create one to test.
-    String path = "/admin/file";
-    RequestHandlerBase handler = (RequestHandlerBase)core.getRequestHandlers().get(path);
-    assertFalse(handler instanceof SecureAdminHandlers.SecureShowFileRequestHandler);
-    handler = new SecureAdminHandlers.SecureShowFileRequestHandler();
-    verifyQueryAccess(handler, true);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java
deleted file mode 100644
index 218302e..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCollectionsHandlerTest.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.solr.handler.admin;
-
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.common.params.CoreAdminParams;
-import org.apache.solr.common.params.CollectionParams.CollectionAction;
-import org.apache.solr.common.params.ModifiableSolrParams;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class SecureCollectionsHandlerTest extends SentryTestBase {
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    // ensure SentrySingletonTestInstance is initialized
-    SentrySingletonTestInstance.getInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private SolrQueryRequest getCollectionsRequest(String collection, String user,
-      CollectionAction action) throws Exception {
-    SolrQueryRequest req = getRequest();
-    prepareCollAndUser(core, req, collection, user, false);
-    ModifiableSolrParams modParams = new ModifiableSolrParams(req.getParams());
-    modParams.set(CoreAdminParams.ACTION, action.name());
-    modParams.set("name", collection);
-    modParams.set("collection", collection);
-    req.setParams(modParams);
-    return req;
-  }
-
-  private void verifyUpdateAccess(CollectionAction action) throws Exception {
-    CollectionsHandler handler = new SecureCollectionsHandler(h.getCoreContainer());
-    verifyAuthorized(handler, getCollectionsRequest("collection1", "junit", action));
-    verifyAuthorized(handler, getCollectionsRequest("updateCollection", "junit", action));
-    verifyUnauthorized(handler, getCollectionsRequest("queryCollection", "junit", action), "queryCollection", "junit");
-    verifyUnauthorized(handler, getCollectionsRequest("bogusCollection", "junit", action), "bogusCollection", "junit");
-  }
-
-  @Test
-  public void testSecureCollectionsHandler() throws Exception {
-    for (CollectionAction action : CollectionAction.values()) {
-      verifyUpdateAccess(action);
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
deleted file mode 100644
index f93fb65..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.solr.handler.admin;
-
-import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-
-import net.sf.cglib.proxy.Enhancer;
-import net.sf.cglib.proxy.MethodInterceptor;
-import net.sf.cglib.proxy.MethodProxy;
-
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.params.CoreAdminParams;
-import org.apache.solr.common.params.ModifiableSolrParams;
-import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
-import org.apache.solr.core.CoreContainer;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class SecureCoreAdminHandlerTest extends SentryTestBase {
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-
-  public final static List<CoreAdminAction> QUERY_ACTIONS = Arrays.asList(
-      CoreAdminAction.STATUS,
-      CoreAdminAction.REQUESTSTATUS);
-  public final static List<CoreAdminAction> UPDATE_ACTIONS = Arrays.asList(
-      CoreAdminAction.LOAD,
-      CoreAdminAction.UNLOAD,
-      CoreAdminAction.CREATE,
-      CoreAdminAction.PERSIST,
-      CoreAdminAction.SWAP,
-      CoreAdminAction.RENAME,
-      CoreAdminAction.MERGEINDEXES,
-      CoreAdminAction.SPLIT,
-      CoreAdminAction.PREPRECOVERY,
-      CoreAdminAction.REQUESTRECOVERY,
-      CoreAdminAction.REQUESTSYNCSHARD,
-      CoreAdminAction.CREATEALIAS,
-      CoreAdminAction.DELETEALIAS,
-      CoreAdminAction.REQUESTAPPLYUPDATES,
-      CoreAdminAction.REQUESTBUFFERUPDATES,
-      CoreAdminAction.LOAD_ON_STARTUP,
-      CoreAdminAction.TRANSIENT,
-      CoreAdminAction.OVERSEEROP,
-      // RELOAD needs to go last, because our bogus calls leaves things in a bad state for later calls.
-      // We could handle this more cleanly at the cost of a lot more creating and deleting cores.
-      CoreAdminAction.RELOAD
-      );
-
-  // These actions require that the collection is specified on the request.
-  public final static List<CoreAdminAction> REQUIRES_COLLECTION = Arrays.asList(
-      CoreAdminAction.CREATE
-      );
-
-  // actions which don't check the actual collection
-  public final static List<CoreAdminAction> NO_CHECK_COLLECTIONS = Arrays.asList(
-      CoreAdminAction.STATUS,
-      CoreAdminAction.REQUESTSTATUS,
-      CoreAdminAction.LOAD,
-      CoreAdminAction.PERSIST,
-      CoreAdminAction.CREATEALIAS,
-      CoreAdminAction.DELETEALIAS,
-      CoreAdminAction.LOAD_ON_STARTUP,
-      CoreAdminAction.REQUESTBUFFERUPDATES,
-      CoreAdminAction.OVERSEEROP,
-      CoreAdminAction.TRANSIENT
-      );
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    // ensure the SentrySingletonTestInstance is initialized
-    SentrySingletonTestInstance.getInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private SolrQueryRequest getCoreAdminRequest(String collection, String user,
-      CoreAdminAction action) throws Exception {
-    SolrQueryRequest req = getRequest();
-    prepareCollAndUser(core, req, collection, user, false);
-    ModifiableSolrParams modParams = new ModifiableSolrParams(req.getParams());
-    modParams.set(CoreAdminParams.ACTION, action.name());
-    modParams.set(CoreAdminParams.COLLECTION, "");
-    modParams.set(CoreAdminParams.CORE, "");
-    modParams.set(CoreAdminParams.NAME, "");
-    for (SolrCore core : h.getCoreContainer().getCores()) {
-      if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) {
-        modParams.set(CoreAdminParams.CORE, core.getName());
-        modParams.set(CoreAdminParams.NAME, core.getName());
-        break;
-      }
-    }
-    if (REQUIRES_COLLECTION.contains(action)) {
-      modParams.set(CoreAdminParams.COLLECTION, collection);
-      modParams.set(CoreAdminParams.CORE, core.getName());
-      modParams.set(CoreAdminParams.NAME, core.getName());
-    }
-    req.setParams(modParams);
-    return req;
-  }
-
-  private void verifyQueryAccess(CoreAdminAction action, boolean checkCollection) throws Exception {
-    CoreContainer cc = getCleanCoreContainer(action);
-    CoreAdminHandler handler = new SecureCoreAdminHandler(cc);
-    verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action));
-    verifyAuthorized(handler, getCoreAdminRequest("queryCollection", "junit", action));
-    if (!checkCollection) {
-      verifyAuthorized(handler, getCoreAdminRequest("bogusCollection", "junit", action));
-      verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action));
-    } else {
-      verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "junit", action), "bogusCollection", "junit");
-      verifyUnauthorized(handler, getCoreAdminRequest("updateCollection", "junit", action), "updateCollection", "junit");
-    }
-  }
-
-  private void verifyUpdateAccess(CoreAdminAction action, boolean checkCollection) throws Exception {
-    CoreContainer cc = getCleanCoreContainer(action);
-    CoreAdminHandler handler = new SecureCoreAdminHandler(cc);
-    verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action));
-    verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action));
-    verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "bogusUser", action), "bogusCollection", "bogusUser", true);
-    if (checkCollection) {
-      verifyUnauthorized(handler, getCoreAdminRequest("queryCollection", "junit", action), "queryCollection", "junit");
-    }
-  }
-
-  private CoreContainer getZkAwareCoreContainer(final CoreContainer cc) {
-    Enhancer e = new Enhancer();
-    e.setClassLoader(cc.getClass().getClassLoader());
-    e.setSuperclass(CoreContainer.class);
-    e.setCallback(new MethodInterceptor() {
-      public Object intercept(Object obj, Method method, Object [] args, MethodProxy proxy) throws Throwable {
-        if (method.getName().equals("isZooKeeperAware")) {
-          return Boolean.TRUE;
-        }
-        return method.invoke(cc, args);
-      }
-    });
-    return (CoreContainer)e.create();
-  }
-
-  private CoreContainer getCleanCoreContainer(CoreAdminAction action) {
-    // Ensure CoreContainer is empty
-    for (String coreName : h.getCoreContainer().getCoreNames()) {
-      h.getCoreContainer().unload(coreName);
-    }
-    for (Map.Entry entry : h.getCoreContainer().getCoreInitFailures().entrySet()) {
-      String coreName = entry.getKey().toString();
-      h.getCoreContainer().unload(coreName);
-    }
-    // actions that require the collection attempt to read the collection off the CloudDescriptor, which is only
-    // present when the CoreContainer is ZkAware.
-    return REQUIRES_COLLECTION.contains(action) ? getZkAwareCoreContainer(h.getCoreContainer()) : h.getCoreContainer();
-  }
-
-  @Test
-  public void testSecureAdminHandler() throws Exception {
-    for (CoreAdminAction action : QUERY_ACTIONS) {
-      verifyQueryAccess(action, !NO_CHECK_COLLECTIONS.contains(action));
-    }
-    for (CoreAdminAction action : UPDATE_ACTIONS) {
-      verifyUpdateAccess(action, !NO_CHECK_COLLECTIONS.contains(action));
-    }
-  }
-
-  @Test
-  public void testAllActionsChecked() throws Exception {
-    for (CoreAdminAction action : CoreAdminAction.values()) {
-      assertTrue(QUERY_ACTIONS.contains(action) || UPDATE_ACTIONS.contains(action));
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java
deleted file mode 100644
index 54784f4..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureInfoHandlerTest.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.solr.handler.admin;
-
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class SecureInfoHandlerTest extends SentryTestBase {
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig-secureadmin.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    SentrySingletonTestInstance.getInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private SolrQueryRequest getInfoRequest(String collection, String user, String path)
-      throws Exception {
-    SolrQueryRequest req = getRequest();
-    prepareCollAndUser(core, req, collection, user, false);
-    req.getContext().put("path", path);
-    return req;
-  }
-
-  @Test
-  public void testSecureInfoHandlers() throws Exception {
-    verifyThreadDumpHandler();
-    verifyPropertiesHandler();
-    verifyLoggingHandler();
-    verifySystemInfoHandler();
-  }
-
-  private void verifyQueryAccess(String path) throws Exception {
-    InfoHandler handler = new SecureInfoHandler(h.getCoreContainer());
-    verifyAuthorized(handler, getInfoRequest("collection1", "junit", path));
-    verifyAuthorized(handler, getInfoRequest("queryCollection", "junit", path));
-    verifyUnauthorized(handler, getInfoRequest("bogusCollection", "bogusUser", path), "bogusCollection", "bogusUser", true);
-    verifyUnauthorized(handler, getInfoRequest("updateCollection", "updateOnlyAdmin", path), "updateCollection", "updateOnlyAdmin", true);
-  }
-
-  private void verifyQueryUpdateAccess(String path) throws Exception {
-    InfoHandler handler = new SecureInfoHandler(h.getCoreContainer());
-    verifyAuthorized(handler, getInfoRequest("collection1", "junit", path));
-    verifyUnauthorized(handler, getInfoRequest("queryCollection", "queryOnlyAdmin", path), "queryCollection", "queryOnlyAdmin", true);
-    verifyUnauthorized(handler, getInfoRequest("bogusCollection", "bogusUser", path), "bogusCollection", "bogusUser", true);
-    verifyUnauthorized(handler, getInfoRequest("updateCollection", "updateOnlyAdmin", path), "updateCollection", "updateOnlyAdmin", true);
-  }
-
-  private void verifyThreadDumpHandler() throws Exception {
-    verifyQueryAccess("info/threads");
-  }
-
-  private void verifyPropertiesHandler() throws Exception {
-    verifyQueryAccess("info/properties");
-  }
-
-  private void verifyLoggingHandler() throws Exception {
-    verifyQueryUpdateAccess("info/logging");
-  }
-
-  private void verifySystemInfoHandler() throws Exception {
-    verifyQueryAccess("info/system");
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java
deleted file mode 100644
index 1f44628..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryDocAuthorizationComponentTest.java
+++ /dev/null
@@ -1,265 +0,0 @@
-package org.apache.solr.handler.component;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.solr.common.params.ModifiableSolrParams;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.params.SolrParams;
-import org.apache.solr.common.util.NamedList;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.sentry.SentryIndexAuthorizationSingleton;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.apache.solr.request.SolrQueryRequest;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * Test for QueryIndexAuthorizationComponent
- */
-public class QueryDocAuthorizationComponentTest extends SentryTestBase {
-  private static SolrCore core;
-  private static SentryIndexAuthorizationSingleton sentryInstance;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, null);
-    core = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private String getClause(String authField, String value) {
-    StringBuilder builder = new StringBuilder();
-    builder.append(" {!raw f=").append(authField)
-      .append(" v=").append(value).append("}");
-    return builder.toString();
-  }
-
-  private ResponseBuilder getResponseBuilder() {
-    SolrQueryRequest request = getRequest();
-    return new ResponseBuilder(request, null, null);
-  }
-
-  private ResponseBuilder runComponent(String user, NamedList args, SolrParams params)
-  throws Exception {
-    ResponseBuilder builder = getResponseBuilder();
-    prepareCollAndUser(core, builder.req, "collection1", user);
-
-    if (params != null) {
-      builder.req.setParams(params);
-    } else {
-      builder.req.setParams(new ModifiableSolrParams());
-    }
-
-    QueryDocAuthorizationComponent component =
-      new QueryDocAuthorizationComponent(sentryInstance);
-    component.init(args);
-    component.prepare(builder);
-    return builder;
-  }
-
-  // Clauses are treated as OR, so order does not matter.
-  private void assertEqualClausesOrderIndependent(String expected, String actual) {
-    Set<String> expectedSet = new HashSet<String>(Arrays.asList(expected.split("}")));
-    Set<String> actualSet = new HashSet<String>(Arrays.asList(actual.split("}")));
-    assertEquals(expectedSet, actualSet);
-  }
-
-  private void checkParams(String[] expected, ResponseBuilder builder) {
-    final String fieldName = "fq";
-    final String [] params = builder.req.getParams().getParams(fieldName);
-    if (expected == null) {
-      assertEquals(null, params);
-    } else {
-      assertNotNull(params);
-      assertEquals(expected.length, params.length);
-      for (int i = 0; i < params.length; ++i) {
-        assertEqualClausesOrderIndependent(expected[ i ], params[ i ]);
-      }
-    }
-  }
-
-  @Test
-  public void testSimple() throws Exception {
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    ResponseBuilder builder = runComponent("junit", args, null);
-
-    String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role");
-    checkParams(new String[] {expect}, builder);
-  }
-
-  @Test
-  public void testEnabled() throws Exception {
-    // Test empty args
-    NamedList args = new NamedList();
-    ResponseBuilder builder = runComponent("junit", args, null);
-    checkParams(null, builder);
-
-    // Test enabled false
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "false");
-    builder = runComponent("junit", args, null);
-    checkParams(null, builder);
-  }
-
-  @Test
-  public void testAuthFieldNonDefault() throws Exception {
-    String authField = "nonDefaultAuthField";
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    args.add(QueryDocAuthorizationComponent.AUTH_FIELD_PROP, authField);
-    ResponseBuilder builder = runComponent("junit", args, null);
-
-    String expect = getClause(authField, "junit_role");
-    checkParams(new String[] {expect}, builder);
-  }
-
-  @Test
-  public void testSuperUser() throws Exception {
-    String superUser = (System.getProperty("solr.authorization.superuser", "solr"));
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    ResponseBuilder builder = runComponent(superUser, args, null);
-    prepareCollAndUser(core, builder.req, "collection1", superUser);
-
-    checkParams(null, builder);
-  }
-
-  @Test
-  public void testExistingFilterQuery() throws Exception {
-    ModifiableSolrParams newParams = new ModifiableSolrParams();
-    String existingFq = "bogusField:(bogusUser)";
-    newParams.add("fq", existingFq);
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    ResponseBuilder builder = runComponent("junit", args, newParams);
-
-    String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role");
-    checkParams(new String[] {existingFq, expect} , builder);
-  }
-
-  /**
-   * Test a request from a user coming from an empty group.
-   * This request should be rejected because otherwise document-level
-   * filtering will be skipped.
-   */
-  @Test
-  public void testEmptyGroup() throws Exception {
-    String user = "bogusUser";
-    try {
-      NamedList args = new NamedList();
-      args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-      ResponseBuilder builder = runComponent(user, args, null);
-
-      checkParams(null, builder);
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      assertTrue(ex.getMessage().contains(
-        user + " rejected because user is not associated with any roles"));
-    }
-  }
-
-  /**
-   * Test a request from a user coming from an empty role.
-   * This request should be rejected because otherwise document-level
-   * filtering will be skipped.
-   */
-  @Test
-  public void testEmptyRole() throws Exception {
-    String user = "undefinedRoleUser";
-    try {
-      NamedList args = new NamedList();
-      args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-      ResponseBuilder builder = runComponent(user, args, null);
-
-      checkParams(null, builder);
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      assertTrue(ex.getMessage().contains(
-        user + " rejected because user is not associated with any roles"));
-    }
-  }
-
-  @Test
-  public void testMultipleRoles() throws Exception {
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    ResponseBuilder builder = runComponent("multiGroupUser", args, null);
-
-    String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "queryOnlyAdmin_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "updateOnlyAdmin_role");
-    checkParams(new String[] {expect}, builder);
-  }
-
-  @Test
-  public void testAllRolesToken() throws Exception {
-    // test no arg
-    NamedList args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    ResponseBuilder builder = runComponent("junit", args, null);
-    String expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role");
-    checkParams(new String[] {expect}, builder);
-
-    // test empty string arg
-    args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    args.add(QueryDocAuthorizationComponent.ALL_ROLES_TOKEN_PROP, "");
-    builder = runComponent("junit", args, null);
-    expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role");
-    checkParams(new String[] {expect}, builder);
-
-    String allRolesToken = "specialAllRolesToken";
-    args = new NamedList();
-    args.add(QueryDocAuthorizationComponent.ENABLED_PROP, "true");
-    args.add(QueryDocAuthorizationComponent.ALL_ROLES_TOKEN_PROP, allRolesToken);
-
-    // test valid single group
-    builder = runComponent("junit", args, null);
-    expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, allRolesToken);
-    checkParams(new String[] {expect}, builder);
-
-    // test valid multiple group
-    builder = runComponent("multiGroupUser", args, null);
-    expect = getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "junit_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "queryOnlyAdmin_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, "updateOnlyAdmin_role")
-      + getClause(QueryDocAuthorizationComponent.DEFAULT_AUTH_FIELD, allRolesToken);
-    checkParams(new String[] {expect}, builder);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java
deleted file mode 100644
index a1f3760..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/component/QueryIndexAuthorizationComponentTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-package org.apache.solr.handler.component;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.sentry.SentryIndexAuthorizationSingleton;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.apache.solr.request.SolrQueryRequest;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * Test for QueryIndexAuthorizationComponent
- */
-public class QueryIndexAuthorizationComponentTest extends SentryTestBase {
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-  private static SentryIndexAuthorizationSingleton sentryInstance;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private void doExpectUnauthorized(SearchComponent component,
-      ResponseBuilder rb, String msgContains) throws Exception {
-    try {
-      component.prepare(rb);
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      assertTrue(ex.getMessage().contains(msgContains));
-    }
-  }
-
-  private void doExpectComponentUnauthorized(SearchComponent component,
-      String collection, String user) throws Exception {
-    ResponseBuilder responseBuilder = getResponseBuilder();
-    prepareCollAndUser(core, responseBuilder.req, collection, user);
-    doExpectUnauthorized(component, responseBuilder,
-      "User " + user + " does not have privileges for " + collection);
-  }
-
-  private ResponseBuilder getResponseBuilder() {
-    SolrQueryRequest request = getRequest();
-    return new ResponseBuilder(request, null, null);
-  }
-
-  /**
-   * Test the QueryIndexAuthorizationComponent on a collection that
-   * the user has ALL access
-   */
-  @Test
-  public void testQueryComponentAccessAll() throws Exception {
-    ResponseBuilder responseBuilder = getResponseBuilder();
-    prepareCollAndUser(core, responseBuilder.req, "collection1", "junit");
-    QueryIndexAuthorizationComponent query = new QueryIndexAuthorizationComponent(sentryInstance);
-    query.prepare(responseBuilder);
-  }
-
-  /**
-   * Test the QueryIndexAuthorizationComponent on a collection that
-   * the user has QUERY only access
-   */
-  @Test
-  public void testQueryComponentAccessQuery() throws Exception {
-    ResponseBuilder responseBuilder = getResponseBuilder();
-    prepareCollAndUser(core, responseBuilder.req, "queryCollection", "junit");
-    QueryIndexAuthorizationComponent query = new QueryIndexAuthorizationComponent(sentryInstance);
-    query.prepare(responseBuilder);
-  }
-
-  /**
-   * Test the QueryIndexAuthorizationComponent on a collection that
-   * the user has UPDATE only access
-   */
-  @Test
-  public void testQueryComponentAccessUpdate() throws Exception {
-    doExpectComponentUnauthorized(new QueryIndexAuthorizationComponent(sentryInstance),
-      "updateCollection", "junit");
-  }
-
-  /**
-   * Test the QueryIndexAuthorizationComponent on a collection that
-   * the user has no access
-   */
-  @Test
-  public void testQueryComponentAccessNone() throws Exception {
-    doExpectComponentUnauthorized(new QueryIndexAuthorizationComponent(sentryInstance),
-      "noAccessCollection", "junit");
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java
deleted file mode 100644
index c294cf3..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryIndexAuthorizationSingletonTest.java
+++ /dev/null
@@ -1,256 +0,0 @@
-package org.apache.solr.sentry;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.lang.reflect.Constructor;
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.Set;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.sentry.core.model.search.SearchModelAction;
-import org.apache.sentry.core.common.exception.SentryGroupNotFoundException;
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.params.ModifiableSolrParams;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.request.LocalSolrQueryRequest;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.request.SolrQueryRequestBase;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import com.google.common.collect.ImmutableSet;
-
-/**
- * Test for SentryIndexAuthorizationSingleton
- */
-public class SentryIndexAuthorizationSingletonTest extends SentryTestBase {
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-  private static SentryIndexAuthorizationSingleton sentryInstance;
-
-  private static final String OPERATION_NAME = "myOperation";
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-    sentryInstance = SentrySingletonTestInstance.getInstance().getSentryInstance();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  /**
-   * Expect an unauthorized SolrException with a message that contains
-   * msgContains.
-   */
-  private void doExpectUnauthorized(SolrQueryRequest request,
-      Set<SearchModelAction> actions, String msgContains) throws Exception {
-    doExpectUnauthorized(sentryInstance, request, actions, msgContains);
-  }
-
-  private void doExpectUnauthorized(SentryIndexAuthorizationSingleton singleton, SolrQueryRequest request,
-      Set<SearchModelAction> actions, String msgContains) throws Exception {
-    try {
-      singleton.authorizeCollectionAction(request, actions, OPERATION_NAME);
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      assertTrue(ex.getMessage().contains(msgContains));
-    }
-  }
-
-  private void doExpectExceptionWithoutGroup(SentryIndexAuthorizationSingleton singleton,
-      SolrQueryRequest request, Set<SearchModelAction> actions)
-      throws Exception {
-    try {
-      singleton.authorizeCollectionAction(request, actions, OPERATION_NAME);
-      Assert.fail("Expected SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException ex) {
-      // excepted exception, do nothing
-    }
-  }
-
-  @Test
-  public void testNoBinding() throws Exception {
-    // Use reflection to construct a non-singleton version of SentryIndexAuthorizationSingleton
-    // in order to get an instance without a binding
-    Constructor ctor =
-      SentryIndexAuthorizationSingleton.class.getDeclaredConstructor(String.class);
-    ctor.setAccessible(true);
-    SentryIndexAuthorizationSingleton nonSingleton =
-      (SentryIndexAuthorizationSingleton)ctor.newInstance("");
-    doExpectUnauthorized(nonSingleton, null, null, "binding");
-
-    // test getUserName
-    try {
-      nonSingleton.getUserName(null);
-      Assert.fail("Expected Solr exception");
-    } catch (SolrException ex) {
-      assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-    }
-
-    Collection<String> groups = nonSingleton.getRoles("junit");
-    assertEquals(null, groups);
-  }
-
-  @Test
-  public void testNoHttpRequest() throws Exception {
-    SolrQueryRequest request = getRequest();
-    doExpectUnauthorized(request, null, "HttpServletRequest");
-  }
-
- @Test
-  public void testNullUserName() throws Exception {
-    SolrQueryRequest request = getRequest();
-    prepareCollAndUser(core, request, "collection1", null);
-    doExpectExceptionWithoutGroup(sentryInstance, request, EnumSet.of(SearchModelAction.ALL));
-  }
-
-  @Test
-  public void testEmptySuperUser() throws Exception {
-    System.setProperty("solr.authorization.superuser", "");
-    SolrQueryRequest request = getRequest();
-    prepareCollAndUser(core, request, "collection1", "solr");
-    doExpectExceptionWithoutGroup(sentryInstance, request, EnumSet.of(SearchModelAction.ALL));
-  }
-
-  /**
-   * User name matches super user, should have access otherwise
-   */
-  @Test
-  public void testSuperUserAccess() throws Exception {
-    System.setProperty("solr.authorization.superuser", "junit");
-    SolrQueryRequest request = getRequest();
-    prepareCollAndUser(core, request, "collection1", "junit");
-
-    sentryInstance.authorizeCollectionAction(
-      request, EnumSet.of(SearchModelAction.ALL), OPERATION_NAME);
-  }
-
-  /**
-   * User name matches super user, should not have access otherwise
-   */
-  @Test
-  public void testSuperUserNoAccess() throws Exception {
-    System.setProperty("solr.authorization.superuser", "junit");
-    SolrQueryRequest request = getRequest();
-    prepareCollAndUser(core, request, "bogusCollection", "junit");
-
-    sentryInstance.authorizeCollectionAction(
-      request, EnumSet.of(SearchModelAction.ALL), OPERATION_NAME);
-  }
-
-  /**
-   * Test getting the user name.
-   */
-  @Test
-  public void testUserName() throws Exception {
-    SolrQueryRequest request = null;
-    try {
-      // no http request
-      request = new SolrQueryRequestBase( core, new ModifiableSolrParams() ) {};
-      try {
-        sentryInstance.getUserName(request);
-        Assert.fail("Expected SolrException");
-      } catch (SolrException ex) {
-        assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-      }
-
-      // no http request, but LocalSolrQueryRequest
-      LocalSolrQueryRequest localRequest = null;
-      try {
-        localRequest = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
-        String superUser = (System.getProperty("solr.authorization.superuser", "solr"));
-        String localName = sentryInstance.getUserName(localRequest);
-        assertEquals(superUser, localName);
-      } finally {
-        if (localRequest != null) {
-          localRequest.close();
-        }
-      }
-
-      // null userName
-      SolrQueryRequest sqr = getRequest();
-      prepareCollAndUser(core, sqr, "collection", null, true);
-      String nullName = sentryInstance.getUserName(sqr);
-      assertEquals(null, nullName);
-
-      // standard userName
-      String userName = "foobar";
-      prepareCollAndUser(core, sqr, "collection", userName, true);
-      String returnedName = sentryInstance.getUserName(sqr);
-      assertEquals(userName, returnedName);
-    } finally {
-      if (request != null) {
-        request.close();
-      }
-    }
-  }
-
-  /**
-   * Test getting the roles from user name
-   */
-  @Test
-  public void testGetRoles() throws Exception {
-    Collection<String> emptyCollection = ImmutableSet.<String>of();
-
-    // null user
-    try {
-      sentryInstance.getRoles(null);
-      Assert.fail("Excepted SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-
-    // no group
-    try {
-      sentryInstance.getRoles("withoutGroupUser");
-      Assert.fail("Excepted SentryGroupNotFoundException");
-    } catch (SentryGroupNotFoundException e) {
-    }
-
-    // no role
-    Collection<String> roles = sentryInstance.getRoles("undefinedRoleUser");
-    assertTrue(CollectionUtils.isEqualCollection(emptyCollection, roles));
-
-    // single member
-    Collection<String> singleRole = ImmutableSet.<String>of("junit_role");
-    roles = sentryInstance.getRoles("junit");
-    assertTrue(CollectionUtils.isEqualCollection(singleRole, roles));
-
-    // multiple members
-    Collection<String> multipleRoles = ImmutableSet.<String>of("junit_role", "queryOnlyAdmin_role", "updateOnlyAdmin_role");
-    roles = sentryInstance.getRoles("multiGroupUser");
-    assertTrue(CollectionUtils.isEqualCollection(multipleRoles, roles));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java
deleted file mode 100644
index 579f791..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentrySingletonTestInstance.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.solr.sentry;
-
-import java.io.File;
-import java.lang.reflect.Constructor;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.solr.SolrTestCaseJ4;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.commons.codec.Charsets;
-
-/**
- * Provides SentryIndexAuthorizationSingleton instance for use with
- * sentry-related unit tests.  In the unit tests, the primary
- * SentryIndexAuthorizationSingleton will be initialized without a sentry-site,
- * thus Sentry checking will not occur.  The SentryIndexAuthorizationSingleton
- * provided by getInstance in this class will be properly initialized for Sentry checking.
- *
- * NOTE: this is a hack, as there are multiple "singletons".  It may be cleaner
- * to just force the Sentry related tests to run in their own JVMs, so they
- * will always have the properly-initialized SentryIndexAuthorizationSingleton.
- */
-public class SentrySingletonTestInstance {
-  private static final Logger LOGGER = LoggerFactory.getLogger(SentrySingletonTestInstance.class);
-
-  private static SentrySingletonTestInstance INSTANCE = new SentrySingletonTestInstance();
-  private SentryIndexAuthorizationSingleton sentryInstance;
-  private File sentrySite;
-
-  private void addPropertyToSentry(StringBuilder builder, String name, String value) {
-    builder.append("<property>\n");
-    builder.append("<name>").append(name).append("</name>\n");
-    builder.append("<value>").append(value).append("</value>\n");
-    builder.append("</property>\n");
-  }
-
-  public void setupSentry() throws Exception {
-    sentrySite = File.createTempFile("sentry-site", "xml");
-    File authProviderDir = SolrTestCaseJ4.getFile("sentry-handlers/sentry");
-    sentrySite.deleteOnExit();
-
-    // need to write sentry-site at execution time because we don't know
-    // the location of sentry.solr.provider.resource beforehand
-    StringBuilder sentrySiteData = new StringBuilder();
-    sentrySiteData.append("<configuration>\n");
-    addPropertyToSentry(sentrySiteData, "sentry.provider",
-      "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider");
-    addPropertyToSentry(sentrySiteData, "sentry.solr.provider.resource",
-       new File(authProviderDir.toString(), "test-authz-provider.ini").toURI().toURL().toString());
-    sentrySiteData.append("</configuration>\n");
-    FileUtils.writeStringToFile(sentrySite,sentrySiteData.toString(), Charsets.UTF_8.toString());
-  }
-
-  private SentrySingletonTestInstance() {
-    try {
-      setupSentry();
-      Constructor ctor =
-        SentryIndexAuthorizationSingleton.class.getDeclaredConstructor(String.class);
-      ctor.setAccessible(true);
-      sentryInstance =
-        (SentryIndexAuthorizationSingleton)ctor.newInstance(sentrySite.toURI().toURL().toString().substring("file:".length()));
-      // ensure all SecureAdminHandlers use this instance
-      SecureRequestHandlerUtil.testOverride = sentryInstance;
-    } catch (Exception ex) {
-      LOGGER.error("Unable to create SentrySingletonTestInstance", ex);
-    }
-  }
-
-  public static SentrySingletonTestInstance getInstance() {
-    return INSTANCE;
-  }
-
-  public SentryIndexAuthorizationSingleton getSentryInstance() {
-    return sentryInstance;
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
deleted file mode 100644
index e1a1ba8..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
+++ /dev/null
@@ -1,187 +0,0 @@
-package org.apache.solr.sentry;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.solr.SolrTestCaseJ4;
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.params.ModifiableSolrParams;
-import org.apache.solr.core.CoreDescriptor;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.handler.RequestHandlerBase;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.request.SolrQueryRequestBase;
-import org.apache.solr.request.SolrRequestHandler;
-import org.apache.solr.response.SolrQueryResponse;
-import org.easymock.EasyMock;
-import org.easymock.IExpectationSetters;
-
-import java.lang.reflect.Field;
-
-import org.junit.Assert;
-
-import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.USER_NAME;
-import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.DO_AS_USER_NAME;
-
-/**
- * Base class for Sentry tests
- */
-public abstract class SentryTestBase extends SolrTestCaseJ4 {
-
-  private SolrQueryRequest request;
-
-  public void setUp(SolrCore core) throws Exception {
-    super.setUp();
-    request = new SolrQueryRequestBase( core, new ModifiableSolrParams() ) { };
-  }
-
-  @Override
-  public void tearDown() throws Exception {
-    super.tearDown();
-    request.close();
-  }
-
-  public static SolrCore createCore(String solrconfig, String schema) throws Exception {
-    initCore(solrconfig, schema, "sentry-handlers/solr");
-    return h.getCoreContainer().getCore("collection1");
-  }
-
-  public static void closeCore(SolrCore coreToClose, CloudDescriptor cloudDescriptor)
-      throws Exception {
-    if (cloudDescriptor != null) {
-      CoreDescriptor coreDescriptor = coreToClose.getCoreDescriptor();
-      Field cloudDescField = CoreDescriptor.class.getDeclaredField("cloudDesc");
-      cloudDescField.setAccessible(true);
-      cloudDescField.set(coreDescriptor, cloudDescriptor);
-    }
-    coreToClose.close();
-  }
-
-  protected SolrQueryRequest getRequest() {
-    return request;
-  }
-
-  protected SolrQueryRequest prepareCollAndUser(SolrCore core, SolrQueryRequest request,
-      String collection, String user) throws Exception {
-    return prepareCollAndUser(core, request, collection, user, true);
-  }
-
-  protected SolrQueryRequest prepareCollAndUser(SolrCore core, SolrQueryRequest request,
-      String collection, String user, boolean onlyOnce) throws Exception {
-    CloudDescriptor mCloudDescriptor = EasyMock.createMock(CloudDescriptor.class);
-    IExpectationSetters getCollNameExpect = EasyMock.expect(mCloudDescriptor.getCollectionName()).andReturn(collection);
-    getCollNameExpect.anyTimes();
-    IExpectationSetters getShardIdExpect = EasyMock.expect(mCloudDescriptor.getShardId()).andReturn("shard1");
-    getShardIdExpect.anyTimes();
-    EasyMock.replay(mCloudDescriptor);
-    CoreDescriptor coreDescriptor = core.getCoreDescriptor();
-    Field cloudDescField = CoreDescriptor.class.getDeclaredField("cloudDesc");
-    cloudDescField.setAccessible(true);
-    cloudDescField.set(coreDescriptor, mCloudDescriptor);
-
-    HttpServletRequest httpServletRequest = EasyMock.createMock(HttpServletRequest.class);
-    IExpectationSetters getAttributeUserExpect =
-        EasyMock.expect(httpServletRequest.getAttribute(USER_NAME)).andReturn(user);
-    if (!onlyOnce) {
-      getAttributeUserExpect.anyTimes();
-    }
-    IExpectationSetters getAttributeDoAsUserExpect =
-        EasyMock.expect(httpServletRequest.getAttribute(DO_AS_USER_NAME)).andReturn(null);
-    if (!onlyOnce) {
-      getAttributeDoAsUserExpect.anyTimes();
-    }
-    EasyMock.replay(httpServletRequest);
-    request.getContext().put("httpRequest", httpServletRequest);
-    return request;
-  }
-
-  private void verifyAuthorized(SolrRequestHandler handler,
-      RequestHandlerBase handlerBase, SolrQueryRequest req) throws Exception {
-    assert((handler == null && handlerBase != null)
-        || (handler != null && handlerBase == null));
-    SolrQueryResponse rsp = new SolrQueryResponse();
-    // just ensure we don't get an unauthorized exception
-    try {
-      if (handler != null) {
-        handler.handleRequest(req, rsp);
-      } else {
-        handlerBase.handleRequestBody(req, rsp);
-      }
-    } catch (SolrException ex) {
-      assertFalse(ex.code() == SolrException.ErrorCode.UNAUTHORIZED.code);
-    } catch (Exception ex) {
-      // okay, we only want to verify we didn't get an Unauthorized exception,
-      // going to treat each handler as a black box.
-    }
-  }
-
-  protected void verifyAuthorized(RequestHandlerBase handlerBase,
-      SolrQueryRequest req) throws Exception {
-    verifyAuthorized(null, handlerBase, req);
-  }
-
-
-  protected void verifyAuthorized(SolrRequestHandler handler,
-      SolrQueryRequest req) throws Exception {
-    verifyAuthorized(handler, null, req);
-  }
-
-  protected void verifyUnauthorized(SolrRequestHandler handler,
-      RequestHandlerBase handlerBase, SolrQueryRequest req, String collection, String user, boolean shouldFailAdmin)
-          throws Exception {
-    assert((handler == null && handlerBase != null)
-        || (handler != null && handlerBase == null));
-    String exMsgContains = "User " + user + " does not have privileges for " + (shouldFailAdmin?"admin":collection);
-    SolrQueryResponse rsp = new SolrQueryResponse();
-    try {
-      if (handler!= null) {
-        handler.handleRequest(req, rsp);
-        if (rsp.getException() != null) {
-          throw rsp.getException();
-        }
-      } else {
-        handlerBase.handleRequestBody(req, rsp);
-        if (rsp.getException() != null) {
-          throw rsp.getException();
-        }
-      }
-      Assert.fail("Expected SolrException");
-    } catch (SolrException ex) {
-      assertEquals(SolrException.ErrorCode.UNAUTHORIZED.code, ex.code());
-      assertTrue(ex.getMessage().contains(exMsgContains));
-    } catch (Exception ex) {
-      Assert.fail("Expected SolrException");
-    }
-  }
-
-  protected void verifyUnauthorized(RequestHandlerBase handlerBase,
-      SolrQueryRequest req, String collection, String user, boolean shouldFailAdmin) throws Exception {
-    verifyUnauthorized(null, handlerBase, req, collection, user, shouldFailAdmin);
-  }
-
-  protected void verifyUnauthorized(RequestHandlerBase handlerBase,
-      SolrQueryRequest req, String collection, String user) throws Exception {
-    verifyUnauthorized(null, handlerBase, req, collection, user, false);
-  }
-
-  protected void verifyUnauthorized(SolrRequestHandler handler,
-      SolrQueryRequest req, String collection, String user) throws Exception {
-    verifyUnauthorized(handler, null, req, collection, user, false);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java
deleted file mode 100644
index 630ca7c..0000000
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/update/processor/UpdateIndexAuthorizationProcessorTest.java
+++ /dev/null
@@ -1,193 +0,0 @@
-package org.apache.solr.update.processor;
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.TreeSet;
-
-import org.apache.commons.lang.mutable.MutableInt;
-import org.apache.solr.cloud.CloudDescriptor;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.params.MapSolrParams;
-import org.apache.solr.core.SolrCore;
-import org.apache.solr.request.SolrQueryRequest;
-import org.apache.solr.request.SolrQueryRequestBase;
-import org.apache.solr.sentry.SentrySingletonTestInstance;
-import org.apache.solr.sentry.SentryTestBase;
-import org.apache.solr.update.AddUpdateCommand;
-import org.apache.solr.update.CommitUpdateCommand;
-import org.apache.solr.update.DeleteUpdateCommand;
-import org.apache.solr.update.MergeIndexesCommand;
-import org.apache.solr.update.RollbackUpdateCommand;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * Test for UpdateIndexAuthorizationProcessor
- */
-public class UpdateIndexAuthorizationProcessorTest extends SentryTestBase {
-
-  private List<String> methodNames = Arrays.asList("processAdd", "processDelete",
-    "processMergeIndexes","processCommit", "processRollback", "finish");
-
-  private static SolrCore core;
-  private static CloudDescriptor cloudDescriptor;
-
-  @BeforeClass
-  public static void beforeClass() throws Exception {
-    core = createCore("solrconfig.xml", "schema-minimal.xml");
-    // store the CloudDescriptor, because we will overwrite it with a mock
-    // and restore it later
-    cloudDescriptor = core.getCoreDescriptor().getCloudDescriptor();
-  }
-
-  @AfterClass
-  public static void afterClass() throws Exception {
-    closeCore(core, cloudDescriptor);
-    core = null;
-    cloudDescriptor = null;
-  }
-
-  @Override
-  public void setUp() throws Exception {
-    super.setUp(core);
-  }
-
-  private void verifyAuthorized(String collection, String user) throws Exception {
-    SolrQueryRequestBase req = new SolrQueryRequestBase(core, new MapSolrParams(new HashMap())) {};
-    getProcessor(collection, user).processAdd(new AddUpdateCommand(req));
-    getProcessor(collection, user).processDelete(new DeleteUpdateCommand(req));
-    DeleteUpdateCommand deleteByQueryCommand = new DeleteUpdateCommand(req);
-    deleteByQueryCommand.setQuery("*:*");
-    getProcessor(collection, user).processDelete(deleteByQueryCommand);
-    getProcessor(collection, user).processMergeIndexes(new MergeIndexesCommand(null, req));
-    getProcessor(collection, user).processCommit(new CommitUpdateCommand(req, false));
-    getProcessor(collection, user).processRollback(new RollbackUpdateCommand(req));
-    getProcessor(collection, user).finish();
-  }
-
-  private void verifyUnauthorizedException(SolrException ex, String exMsgContains, MutableInt numExceptions) {
-    assertEquals(ex.code(), SolrException.ErrorCode.UNAUTHORIZED.code);
-    assertTrue(ex.getMessage().contains(exMsgContains));
-    numExceptions.add(1);
-  }
-
-  private void verifyUnauthorized(String collection, String user) throws Exception {
-    MutableInt numExceptions = new MutableInt(0);
-    String contains = "User " + user + " does not have privileges for " + collection;
-    SolrQueryRequestBase req = new SolrQueryRequestBase(core, new MapSolrParams(new HashMap())) {};
-
-    try {
-      getProcessor(collection, user).processAdd(new AddUpdateCommand(req));
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-    try {
-      getProcessor(collection, user).processDelete(new DeleteUpdateCommand(req));
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-    try {
-      getProcessor(collection, user).processMergeIndexes(new MergeIndexesCommand(null, req));
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-    try {
-      getProcessor(collection, user).processCommit(new CommitUpdateCommand(req, false));
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-    try {
-      getProcessor(collection, user).processRollback(new RollbackUpdateCommand(req));
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-    try {
-      getProcessor(collection, user).finish();
-    } catch(SolrException ex) {
-      verifyUnauthorizedException(ex, contains, numExceptions);
-    }
-
-    assertEquals(methodNames.size(), numExceptions.intValue());
-  }
-
-  private UpdateIndexAuthorizationProcessor getProcessor(String collection, String user)
-      throws Exception {
-    SolrQueryRequest request = getRequest();
-    prepareCollAndUser(core, request, collection, user);
-    return new UpdateIndexAuthorizationProcessor(
-      SentrySingletonTestInstance.getInstance().getSentryInstance(), request, null);
-  }
-
- /**
-  * Test the UpdateIndexAuthorizationComponent on a collection that
-  * the user has ALL access
-  */
-  @Test
-  public void testUpdateComponentAccessAll() throws Exception {
-    verifyAuthorized("collection1", "junit");
-  }
-
- /**
-  * Test the UpdateIndexAuthorizationComponent on a collection that
-  * the user has UPDATE only access
-  */
-  @Test
-  public void testUpdateComponentAccessUpdate() throws Exception {
-    verifyAuthorized("updateCollection", "junit");
-  }
-
- /**
-  * Test the UpdateIndexAuthorizationComponent on a collection that
-  * the user has QUERY only access
-  */
-  @Test
-  public void testUpdateComponentAccessQuery() throws Exception {
-    verifyUnauthorized("queryCollection", "junit");
-  }
-
- /**
-  * Test the UpdateIndexAuthorizationComponent on a collection that
-  * the user has no access
-  */
-  @Test
-  public void testUpdateComponentAccessNone() throws Exception {
-    verifyUnauthorized("noAccessCollection", "junit");
-  }
-
-  /**
-   * Ensure no new methods have been added to base class that are not invoking
-   * Sentry
-   */
-  @Test
-  public void testAllMethodsChecked() throws Exception {
-    Method [] methods = UpdateRequestProcessor.class.getDeclaredMethods();
-    TreeSet<String> foundNames = new TreeSet<String>();
-    for (Method method : methods) {
-      if (Modifier.isPublic(method.getModifiers())) {
-        foundNames.add(method.getName());
-      }
-    }
-    assertEquals(methodNames.size(), foundNames.size());
-    assertTrue(foundNames.containsAll(methodNames));
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/e62fa28d/sentry-tests/sentry-tests-solr/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-solr/pom.xml b/sentry-tests/sentry-tests-solr/pom.xml
index 311e441..723fa9d 100644
--- a/sentry-tests/sentry-tests-solr/pom.xml
+++ b/sentry-tests/sentry-tests-solr/pom.xml
@@ -28,49 +28,141 @@ limitations under the License.
   <artifactId>sentry-tests-solr</artifactId>
   <name>Sentry Solr Tests</name>
   <description>end to end tests for sentry-solr integration</description>
+  <properties>
+    <!-- Harmonize the jetty version with the SOLR version -->
+    <jettyVersion>9.3.20.v20170531</jettyVersion>
+  </properties>
 
   <dependencies>
     <dependency>
       <groupId>org.apache.sentry</groupId>
       <artifactId>sentry-binding-solr</artifactId>
-      <type>test-jar</type>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.sentry</groupId>
+          <artifactId>sentry-provider-db</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hive</groupId>
+          <artifactId>hive-shims</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hive</groupId>
+          <artifactId>hive-service</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
-      <groupId>org.apache.solr</groupId>
-      <artifactId>solr-test-framework</artifactId>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-provider-db</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.sentry</groupId>
+          <artifactId>sentry-core-common</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-util</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hive</groupId>
+          <artifactId>hive-beeline</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>com.codahale.metrics</groupId>
+          <artifactId>metrics-core</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>com.codahale.metrics</groupId>
+          <artifactId>metrics-jvm</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>com.codahale.metrics</groupId>
+          <artifactId>metrics-servlets</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hadoop</groupId>
+          <artifactId>hadoop-mapreduce-client-jobclient</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hive</groupId>
+          <artifactId>hive-metastore</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hive</groupId>
+          <artifactId>hive-common</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.hive</groupId>
+      <artifactId>hive-metastore</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.hbase</groupId>
+          <artifactId>hbase-client</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.hive</groupId>
+      <artifactId>hive-common</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.eclipse.jetty.orbit</groupId>
+          <artifactId>javax.servlet</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>solr-sentry-handlers</artifactId>
+      <artifactId>sentry-core-common</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.hive.shims</groupId>
+          <artifactId>hive-shims-0.23</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-provider-db</artifactId>
+      <artifactId>solr-sentry-handlers</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.apache.solr</groupId>
-      <artifactId>solr-solrj</artifactId>
+      <artifactId>solr-test-framework</artifactId>
     </dependency>
-    <!--
-    Solr is using old Jetty 6.1.26 and Sentry is using more recent Jetty.
-    Since the test combines Solr and Sentry in the same JVM, here we need to specify
-    dependency on Jetty 6.1.26, otherwise Solr e2e tests tests are not working properly.
-    -->
     <dependency>
-      <groupId>org.mortbay.jetty</groupId>
-      <artifactId>jetty-util</artifactId>
-      <version>6.1.26</version>
+      <groupId>org.apache.solr</groupId>
+      <artifactId>solr-solrj</artifactId>
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-server</artifactId>
-      <version>8.1.10.v20130312</version>
+      <version>${jettyVersion}</version>
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-servlet</artifactId>
-      <version>8.1.10.v20130312</version>
+      <version>${jettyVersion}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-util</artifactId>
+      <version>${jettyVersion}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.hadoop</groupId>
@@ -80,37 +172,86 @@ limitations under the License.
           <groupId>javax.servlet</groupId>
           <artifactId>servlet-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.mortbay.jetty</groupId>
+          <artifactId>jetty</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.mortbay.jetty</groupId>
+          <artifactId>jetty-util</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
-      <groupId>org.apache.hadoop</groupId>
-      <artifactId>hadoop-minicluster</artifactId>
+      <groupId>org.apache.hive</groupId>
+      <artifactId>hive-service</artifactId>
+      <version>${hive.version}</version>
       <exclusions>
         <exclusion>
           <groupId>javax.servlet</groupId>
           <artifactId>servlet-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty.aggregate</groupId>
+          <artifactId>jetty-all</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
-      <groupId>org.datanucleus</groupId>
-      <artifactId>datanucleus-core</artifactId>
-      <version>${datanucleus-core.version}</version>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-http</artifactId>
+      <version>${jettyVersion}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+      <version>${slf4j.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-log4j12</artifactId>
+      <version>${slf4j.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>io.dropwizard.metrics</groupId>
+      <artifactId>metrics-core</artifactId>
+      <version>3.2.2</version>
     </dependency>
     <dependency>
-      <groupId>org.datanucleus</groupId>
-      <artifactId>datanucleus-api-jdo</artifactId>
-      <version>${datanucleus-api-jdo.version}</version>
+      <groupId>io.dropwizard.metrics</groupId>
+      <artifactId>metrics-jvm</artifactId>
+      <version>3.2.2</version>
     </dependency>
     <dependency>
-      <groupId>org.datanucleus</groupId>
-      <artifactId>datanucleus-rdbms</artifactId>
-      <version>${datanucleus-rdbms.version}</version>
+      <groupId>io.dropwizard.metrics</groupId>
+      <artifactId>metrics-servlets</artifactId>
+      <version>3.2.2</version>
     </dependency>
     <dependency>
-      <groupId>org.datanucleus</groupId>
-      <artifactId>javax.jdo</artifactId>
-      <version>${datanucleus-jdo.version}</version>
+      <groupId>io.dropwizard.metrics</groupId>
+      <artifactId>metrics-ganglia</artifactId>
+      <version>3.2.2</version>
+    </dependency>
+    <dependency>
+      <groupId>io.dropwizard.metrics</groupId>
+      <artifactId>metrics-graphite</artifactId>
+      <version>3.2.2</version>
+    </dependency>
+    <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>javax.servlet-api</artifactId>
+      <version>3.1.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.hadoop</groupId>
+      <artifactId>hadoop-mapreduce-client-core</artifactId>
+      <version>${hadoop.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.hadoop</groupId>
+          <artifactId>hadoop-yarn-common</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
   </dependencies>
   <build>
@@ -119,7 +260,15 @@ limitations under the License.
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
         <configuration>
-            <reuseForks>false</reuseForks>
+          <reuseForks>false</reuseForks>
+          <!-- Currently SOLR E2E tests don't work if restarted after the failure -->
+          <rerunFailingTestsCount>0</rerunFailingTestsCount>
+          <systemPropertyVariables>
+            <test.solr.allowed.securerandom>NativePRNG</test.solr.allowed.securerandom>
+            <!-- Solr test framework randomizes the locale configuration which sometimes
+                 result in test failures due to derby initialization errors -->
+            <tests.locale>en-US</tests.locale>
+          </systemPropertyVariables>
         </configuration>
       </plugin>
     </plugins>


Mime
View raw message