Reverting commit 1001067 while related HDFS and MR JIRAs are tested (HADOOP-6951).

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1001127 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -247,9 +247,6 @@ Trunk (unreleased changes)
     HADOOP-6940. RawLocalFileSystem's markSupported method misnamed markSupport.
     (Tom White via eli).
 
-    HADOOP-6951. Distinct minicluster services (e.g. NN and JT) overwrite each
-    other's service policies. (Aaron T. Myers via tomwhite)
-
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

src/java/org/apache/hadoop/ipc/Server.java

@@ -60,7 +60,6 @@ import javax.security.sasl.SaslServer;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.io.BytesWritable;
@@ -79,7 +78,6 @@ import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.ProxyUsers;
 import org.apache.hadoop.security.authorize.AuthorizationException;
-import org.apache.hadoop.security.authorize.PolicyProvider;
 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.security.token.SecretManager;
@@ -184,7 +182,6 @@ public abstract class Server {
   
   private Configuration conf;
   private SecretManager<TokenIdentifier> secretManager;
-  private ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
 
   private int maxQueueSize;
   private final int maxRespSize;
@@ -242,22 +239,6 @@ public abstract class Server {
     return rpcMetrics;
   }
 
-  /**
-   * Refresh the service authorization ACL for the service handled by this server.
-   */
-  public void refreshServiceAcl(Configuration conf, PolicyProvider provider) {
-    serviceAuthorizationManager.refresh(conf, provider);
-  }
-
-  /**
-   * Returns a handle to the serviceAuthorizationManager (required in tests)
-   * @return instance of ServiceAuthorizationManager for this server
-   */
-  @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
-  public ServiceAuthorizationManager getServiceAuthorizationManager() {
-    return serviceAuthorizationManager;
-  }
-
   /** A call queued for handling. */
   private static class Call {
     private int id;                               // the client's call id
@@ -1671,7 +1652,7 @@ public abstract class Server {
         throw new AuthorizationException("Unknown protocol: " + 
                                          connection.getProtocol());
       }
-      serviceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
+      ServiceAuthorizationManager.authorize(user, protocol, getConf(), hostname);
     }
   }
   

src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java

@@ -20,7 +20,6 @@ package org.apache.hadoop.security.authorize;
 import java.io.IOException;
 import java.util.IdentityHashMap;
 import java.util.Map;
-import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -44,7 +43,7 @@ public class ServiceAuthorizationManager {
   private static final Log LOG = LogFactory
   .getLog(ServiceAuthorizationManager.class);
 
-  private Map<Class<?>, AccessControlList> protocolToAcl =
+  private static Map<Class<?>, AccessControlList> protocolToAcl =
     new IdentityHashMap<Class<?>, AccessControlList>();
   
   /**
@@ -74,7 +73,7 @@ public class ServiceAuthorizationManager {
    * @param hostname fully qualified domain name of the client
    * @throws AuthorizationException on authorization failure
    */
-  public void authorize(UserGroupInformation user, 
+  public static void authorize(UserGroupInformation user, 
                                Class<?> protocol,
                                Configuration conf,
                                String hostname
@@ -130,7 +129,7 @@ public class ServiceAuthorizationManager {
     AUDITLOG.info(AUTHZ_SUCCESSFULL_FOR + user + " for protocol="+protocol);
   }
 
-  public synchronized void refresh(Configuration conf,
+  public static synchronized void refresh(Configuration conf,
                                           PolicyProvider provider) {
     // Get the system property 'hadoop.policy.file'
     String policyFile = 
@@ -159,9 +158,4 @@ public class ServiceAuthorizationManager {
     // Flip to the newly parsed permissions
     protocolToAcl = newAcls;
   }
-
-  // Package-protected for use in tests.
-  Set<Class<?>> getProtocolsWithAcls() {
-    return protocolToAcl.keySet();
-  }
 }

src/test/core/org/apache/hadoop/ipc/TestRPC.java

@@ -41,6 +41,7 @@ import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.PolicyProvider;
 import org.apache.hadoop.security.authorize.Service;
+import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.AccessControlException;
 
 import static org.mockito.Mockito.*;
@@ -363,11 +364,11 @@ public class TestRPC extends TestCase {
   }
   
   private void doRPCs(Configuration conf, boolean expectFailure) throws Exception {
+    ServiceAuthorizationManager.refresh(conf, new TestPolicyProvider());
+    
     Server server = RPC.getServer(TestProtocol.class,
                                   new TestImpl(), ADDRESS, 0, 5, true, conf, null);
 
-    server.refreshServiceAcl(conf, new TestPolicyProvider());
-
     TestProtocol proxy = null;
 
     server.start();