Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-6176. Add a couple package private methods to AccessTokenHandler for testing. Contributed by Kan Zhang 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@802224 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Tsz-wo Sze 2009-08-07 21:40:01 +00:00
parent 09d826ebed
commit 5fe6906f2a
3 changed files with 68 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.txt
View File

@ -489,6 +489,9 @@ Trunk (unreleased changes)
(gkesavan) (gkesavan)
HADOOP-6169. Removing deprecated method calls in TFile. (hong tang via mahadev) HADOOP-6169. Removing deprecated method calls in TFile. (hong tang via mahadev)
HADOOP-6176. Add a couple package private methods to AccessTokenHandler
for testing. (Kan Zhang via szetszwo)
OPTIMIZATIONS OPTIMIZATIONS

26
src/java/org/apache/hadoop/security/AccessTokenHandler.java
View File

@ -60,7 +60,7 @@ public class AccessTokenHandler {
* sync'ed their access keys with NN at least once during each interval. * sync'ed their access keys with NN at least once during each interval.
*/ */
private final long keyUpdateInterval; private final long keyUpdateInterval;
private final long tokenLifetime; private long tokenLifetime;
private long serialNo = new SecureRandom().nextLong(); private long serialNo = new SecureRandom().nextLong();
private KeyGenerator keyGen; private KeyGenerator keyGen;
private AccessKey currentKey; private AccessKey currentKey;
@ -203,7 +203,7 @@ public class AccessTokenHandler {
} }
/** Check if token is well formed */ /** Check if token is well formed */
private synchronized Boolean verifyToken(long keyID, AccessToken token) private synchronized boolean verifyToken(long keyID, AccessToken token)
throws IOException { throws IOException {
AccessKey key = allKeys.get(keyID); AccessKey key = allKeys.get(keyID);
if (key == null) { if (key == null) {
@ -252,7 +252,7 @@ public class AccessTokenHandler {
} }
/** Check if access should be allowed. userID is not checked if null */ /** Check if access should be allowed. userID is not checked if null */
public Boolean checkAccess(AccessToken token, String userID, long blockID, public boolean checkAccess(AccessToken token, String userID, long blockID,
AccessMode mode) throws IOException { AccessMode mode) throws IOException {
long oExpiry = 0; long oExpiry = 0;
long oKeyID = 0; long oKeyID = 0;
@ -282,8 +282,26 @@ public class AccessTokenHandler {
+ blockID + ", access mode=" + mode + ", keyID=" + oKeyID); + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
} }
return (userID == null || userID.equals(oUserID)) && oBlockID == blockID return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
&& System.currentTimeMillis() < oExpiry && oModes.contains(mode) && !isExpired(oExpiry) && oModes.contains(mode)
&& verifyToken(oKeyID, token); && verifyToken(oKeyID, token);
} }
private static boolean isExpired(long expiryDate) {
return System.currentTimeMillis() > expiryDate;
}
/** check if a token is expired. for unit test only.
* return true when token is expired, false otherwise */
static boolean isTokenExpired(AccessToken token) throws IOException {
ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
.getBytes());
DataInputStream in = new DataInputStream(buf);
long expiryDate = WritableUtils.readVLong(in);
return isExpired(expiryDate);
}
/** set token lifetime. for unit test only */
synchronized void setTokenLifetime(long tokenLifetime) {
this.tokenLifetime = tokenLifetime;
}
} }

43
src/test/core/org/apache/hadoop/security/SecurityTestUtil.java Normal file
View File

@ -0,0 +1,43 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security;
import java.io.IOException;
/** Utilities for security tests */
public class SecurityTestUtil {
/**
* check if an access token is expired. return true when token is expired,
* false otherwise
*/
public static boolean isAccessTokenExpired(AccessToken token)
throws IOException {
return AccessTokenHandler.isTokenExpired(token);
}
/**
* set access token lifetime.
*/
public static void setAccessTokenLifetime(AccessTokenHandler handler,
long tokenLifetime) {
handler.setTokenLifetime(tokenLifetime);
}
}