@Override public boolean hasTablePermission(final String principal, final String table, final TablePermission perm) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(perm != null, "perm is null"); try { return execute(client -> client.hasTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, perm.getId())); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
@Override public void grantTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { executeVoid(client -> client.grantTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId())); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
@Override public void revokeTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { executeVoid(client -> client.revokeTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId())); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
} catch (AccumuloSecurityException e) { updateAuthorizationFailures(Collections.singletonMap(new KeyExtent(tableId, null, null), SecurityErrorCode.valueOf(e.getSecurityErrorCode().name()))); } catch (TableDeletedException | TableNotFoundException | TableOfflineException e) { updateUnknownErrors(e.getMessage(), e);
/** * If this method throws an exception, then its possible the mutation is still being actively * processed. Therefore if code chooses to continue after seeing an exception it should take * this into consideration. * * @return status of a conditional mutation */ public Status getStatus() throws AccumuloException, AccumuloSecurityException { if (status == null) { if (exception instanceof AccumuloException) throw new AccumuloException(exception); if (exception instanceof AccumuloSecurityException) { AccumuloSecurityException ase = (AccumuloSecurityException) exception; throw new AccumuloSecurityException(ase.getUser(), SecurityErrorCode.valueOf(ase.getSecurityErrorCode().name()), ase.getTableInfo(), ase); } else throw new AccumuloException(exception); } return status; }
private void expectPermissionDenied(AccumuloSecurityException sec) { assertEquals(sec.getSecurityErrorCode().getClass(), SecurityErrorCode.class); switch (sec.getSecurityErrorCode()) { case PERMISSION_DENIED: break; default: fail(); } }
@Override public boolean hasTablePermission(final String principal, final String table, final TablePermission perm) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(perm != null, "perm is null"); try { return execute(new ClientExecReturn<Boolean,ClientService.Client>() { @Override public Boolean execute(ClientService.Client client) throws Exception { return client.hasTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, perm.getId()); } }); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
@Override public void grantTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { execute(new ClientExec<ClientService.Client>() { @Override public void execute(ClientService.Client client) throws Exception { client.grantTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId()); } }); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
@Override public void revokeTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { execute(new ClientExec<ClientService.Client>() { @Override public void execute(ClientService.Client client) throws Exception { client.revokeTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId()); } }); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
private void handleAccumuloSecurityException(AccumuloSecurityException e) throws org.apache.accumulo.proxy.thrift.TableNotFoundException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException { if (e.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) throw new org.apache.accumulo.proxy.thrift.TableNotFoundException(e.toString()); throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(e.toString()); }
} catch (AccumuloSecurityException e) { updateAuthorizationFailures(Collections.singletonMap(new KeyExtent(tableId, null, null), SecurityErrorCode.valueOf(e.getSecurityErrorCode().name()))); } catch (TableDeletedException e) { updateUnknownErrors(e.getMessage(), e);
@Test public void testDestroyTokenBeforeRPC() throws Exception { AuthenticationToken token = getUser(0).getToken(); Connector userConnector = inst.getConnector(username, token); Scanner scanner = userConnector.createScanner(MetadataTable.NAME, Authorizations.EMPTY); assertFalse(token.isDestroyed()); token.destroy(); assertTrue(token.isDestroyed()); try { Iterator<Entry<Key,Value>> iter = scanner.iterator(); while (iter.hasNext()) fail(); fail(); } catch (Exception e) { assertTrue(e instanceof RuntimeException); assertTrue(e.getCause() instanceof AccumuloSecurityException); assertTrue(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode() .equals(SecurityErrorCode.TOKEN_EXPIRED)); } }
/** * If this method throws an exception, then its possible the mutation is still being actively * processed. Therefore if code chooses to continue after seeing an exception it should take * this into consideration. * * @return status of a conditional mutation */ public Status getStatus() throws AccumuloException, AccumuloSecurityException { if (status == null) { if (exception instanceof AccumuloException) throw new AccumuloException(exception); if (exception instanceof AccumuloSecurityException) { AccumuloSecurityException ase = (AccumuloSecurityException) exception; throw new AccumuloSecurityException(ase.getUser(), SecurityErrorCode.valueOf(ase.getSecurityErrorCode().name()), ase.getTableInfo(), ase); } else throw new AccumuloException(exception); } return status; }
public static void renameTable(Connector conn, State state, Environment env, String oldName, String newName, boolean hasPermission, boolean tableExists) throws AccumuloSecurityException, AccumuloException, TableExistsException { try { conn.tableOperations().rename(oldName, newName); } catch (AccumuloSecurityException ae) { if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) { if (hasPermission) throw new AccumuloException("Got a security exception when I should have had permission.", ae); else return; } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) { if (WalkingSecurity.get(state, env).userPassTransient(conn.whoami())) return; } throw new AccumuloException("Got unexpected ae error code", ae); } catch (TableNotFoundException tnfe) { if (tableExists) throw new TableExistsException(null, oldName, "Got a TableNotFoundException but it should exist", tnfe); else return; } WalkingSecurity.get(state, env).setTableName(newName); if (!hasPermission) throw new AccumuloException("Didn't get Security Exception when we should have"); } }
@Test public void testConnectorWithDestroyedToken() throws Exception { AuthenticationToken token = getUser(0).getToken(); assertFalse(token.isDestroyed()); token.destroy(); assertTrue(token.isDestroyed()); try { inst.getConnector("non_existent_user", token); fail(); } catch (AccumuloSecurityException e) { assertTrue(e.getSecurityErrorCode().equals(SecurityErrorCode.TOKEN_EXPIRED)); } }
result = conn.securityOperations().authenticateUser(target, new PasswordToken(password)); } catch (AccumuloSecurityException ae) { switch (ae.getSecurityErrorCode()) { case PERMISSION_DENIED: if (exists && hasPermission)
@Test public void testCreateExistingUser() throws Exception { ClusterUser user0 = getUser(0); Connector conn = getConnector(); Set<String> currentUsers = conn.securityOperations().listLocalUsers(); // Ensure that the user exists if (!currentUsers.contains(user0.getPrincipal())) { PasswordToken token = null; if (!getCluster().getClientConfig().hasSasl()) { token = new PasswordToken(user0.getPassword()); } conn.securityOperations().createLocalUser(user0.getPrincipal(), token); } try { conn.securityOperations().createLocalUser(user0.getPrincipal(), new PasswordToken("better_fail")); fail("Creating a user that already exists should throw an exception"); } catch (AccumuloSecurityException e) { assertTrue("Expected USER_EXISTS error", SecurityErrorCode.USER_EXISTS == e.getSecurityErrorCode()); String msg = e.getMessage(); assertTrue("Error message didn't contain principal: '" + msg + "'", msg.contains(user0.getPrincipal())); } }
conn.securityOperations().createLocalUser(tableUserName, tabUserPass); } catch (AccumuloSecurityException ae) { switch (ae.getSecurityErrorCode()) { case PERMISSION_DENIED: if (hasPermission)
conn.securityOperations().dropLocalUser(tableUserName); } catch (AccumuloSecurityException ae) { switch (ae.getSecurityErrorCode()) { case PERMISSION_DENIED: if (hasPermission)
conn.tableOperations().create(tableName); } catch (AccumuloSecurityException ae) { if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) { if (hasPermission) throw new AccumuloException("Got a security exception when I should have had permission.",