Repository: accumulo Updated Branches: refs/heads/master f9e630466 -> 693d5be1a
ACCUMULO-4498 Remove vestigial security permission stuffs Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/693d5be1 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/693d5be1 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/693d5be1 Branch: refs/heads/master Commit: 693d5be1a60877f704bc48d87965fe0262d3b922 Parents: f9e6304 Author: Christopher Tubbs <ctubb...@apache.org> Authored: Wed Oct 12 18:12:34 2016 -0400 Committer: Christopher Tubbs <ctubb...@apache.org> Committed: Wed Oct 12 18:12:34 2016 -0400 ---------------------------------------------------------------------- .../accumulo/core/client/impl/Namespaces.java | 7 ------- .../apache/accumulo/core/client/impl/Tables.java | 6 ------ .../core/client/impl/ThriftTransportPool.java | 7 ------- .../file/streams/BoundedRangeFileInputStream.java | 16 +--------------- .../accumulo/fate/zookeeper/ZooReaderWriter.java | 7 ------- .../server/conf/ServerConfigurationFactory.java | 16 ---------------- .../accumulo/server/security/SystemCredentials.java | 11 ----------- .../apache/accumulo/server/tables/TableManager.java | 6 ------ 8 files changed, 1 insertion(+), 75 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/core/src/main/java/org/apache/accumulo/core/client/impl/Namespaces.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/Namespaces.java b/core/src/main/java/org/apache/accumulo/core/client/impl/Namespaces.java index 51c7b2d..4eda3db 100644 --- a/core/src/main/java/org/apache/accumulo/core/client/impl/Namespaces.java +++ b/core/src/main/java/org/apache/accumulo/core/client/impl/Namespaces.java @@ -18,7 +18,6 @@ package org.apache.accumulo.core.client.impl; import static java.nio.charset.StandardCharsets.UTF_8; -import java.security.SecurityPermission; import java.util.LinkedList; import java.util.List; import java.util.Map.Entry; @@ -73,18 +72,12 @@ public class Namespaces { } }; - private static SecurityPermission TABLES_PERMISSION = new SecurityPermission("tablesPermission"); - public static final String DEFAULT_NAMESPACE_ID = "+default"; public static final String DEFAULT_NAMESPACE = ""; public static final String ACCUMULO_NAMESPACE_ID = "+accumulo"; public static final String ACCUMULO_NAMESPACE = "accumulo"; private static ZooCache getZooCache(Instance instance) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(TABLES_PERMISSION); - } return new ZooCacheFactory().getZooCache(instance.getZooKeepers(), instance.getZooKeepersSessionTimeOut()); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java index 9f869ff..87ad88d 100644 --- a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java +++ b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java @@ -19,7 +19,6 @@ package org.apache.accumulo.core.client.impl; import static com.google.common.base.Preconditions.checkArgument; import static java.nio.charset.StandardCharsets.UTF_8; -import java.security.SecurityPermission; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -45,14 +44,9 @@ public class Tables { public static final String VALID_NAME_REGEX = "^(\\w+\\.)?(\\w+)$"; - private static final SecurityPermission TABLES_PERMISSION = new SecurityPermission("tablesPermission"); private static final AtomicLong cacheResetCount = new AtomicLong(0); private static ZooCache getZooCache(Instance instance) { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(TABLES_PERMISSION); - } return new ZooCacheFactory().getZooCache(instance.getZooKeepers(), instance.getZooKeepersSessionTimeOut()); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/core/src/main/java/org/apache/accumulo/core/client/impl/ThriftTransportPool.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/ThriftTransportPool.java b/core/src/main/java/org/apache/accumulo/core/client/impl/ThriftTransportPool.java index d9bd4e8..f3ef127 100644 --- a/core/src/main/java/org/apache/accumulo/core/client/impl/ThriftTransportPool.java +++ b/core/src/main/java/org/apache/accumulo/core/client/impl/ThriftTransportPool.java @@ -16,7 +16,6 @@ */ package org.apache.accumulo.core.client.impl; -import java.security.SecurityPermission; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -43,7 +42,6 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.net.HostAndPort; public class ThriftTransportPool { - private static SecurityPermission TRANSPORT_POOL_PERMISSION = new SecurityPermission("transportPoolPermission"); private static final Random random = new Random(); private long killTime = 1000 * 3; @@ -593,11 +591,6 @@ public class ThriftTransportPool { private static final AtomicBoolean daemonStarted = new AtomicBoolean(false); public static ThriftTransportPool getInstance() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(TRANSPORT_POOL_PERMISSION); - } - if (daemonStarted.compareAndSet(false, true)) { CountDownLatch closerExitLatch = new CountDownLatch(1); new Daemon(new Closer(instance, closerExitLatch), "Thrift Connection Pool Checker").start(); http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/core/src/main/java/org/apache/accumulo/core/file/streams/BoundedRangeFileInputStream.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/file/streams/BoundedRangeFileInputStream.java b/core/src/main/java/org/apache/accumulo/core/file/streams/BoundedRangeFileInputStream.java index a033ad4..95ef4ea 100644 --- a/core/src/main/java/org/apache/accumulo/core/file/streams/BoundedRangeFileInputStream.java +++ b/core/src/main/java/org/apache/accumulo/core/file/streams/BoundedRangeFileInputStream.java @@ -18,9 +18,6 @@ package org.apache.accumulo.core.file.streams; import java.io.IOException; import java.io.InputStream; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import org.apache.hadoop.fs.Seekable; @@ -94,18 +91,7 @@ public class BoundedRangeFileInputStream extends InputStream { throw new IOException("Stream closed"); } ((Seekable) in).seek(pos); - try { - ret = AccessController.doPrivileged(new PrivilegedExceptionAction<Integer>() { - @Override - public Integer run() throws IOException { - int ret = 0; - ret = in.read(b, off, n); - return ret; - } - }); - } catch (PrivilegedActionException e) { - throw (IOException) e.getException(); - } + ret = in.read(b, off, n); } if (ret < 0) { end = pos; http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooReaderWriter.java ---------------------------------------------------------------------- diff --git a/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooReaderWriter.java b/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooReaderWriter.java index e7ba7d5..6baa57e 100644 --- a/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooReaderWriter.java +++ b/fate/src/main/java/org/apache/accumulo/fate/zookeeper/ZooReaderWriter.java @@ -16,7 +16,6 @@ */ package org.apache.accumulo.fate.zookeeper; -import java.security.SecurityPermission; import java.util.Arrays; import java.util.List; @@ -35,8 +34,6 @@ import org.slf4j.LoggerFactory; public class ZooReaderWriter extends ZooReader implements IZooReaderWriter { private static final Logger log = LoggerFactory.getLogger(ZooReaderWriter.class); - private static SecurityPermission ZOOWRITER_PERMISSION = new SecurityPermission("zookeeperWriterPermission"); - private static ZooReaderWriter instance = null; private final String scheme; private final byte[] auth; @@ -44,10 +41,6 @@ public class ZooReaderWriter extends ZooReader implements IZooReaderWriter { @Override public ZooKeeper getZooKeeper() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(ZOOWRITER_PERMISSION); - } return getSession(keepers, timeout, scheme, auth); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java b/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java index 5cea8b5..464dbdd 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java +++ b/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java @@ -16,7 +16,6 @@ */ package org.apache.accumulo.server.conf; -import java.security.SecurityPermission; import java.util.HashMap; import java.util.Map; @@ -56,15 +55,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { } } - private static final SecurityPermission CONFIGURATION_PERMISSION = new SecurityPermission("configurationPermission"); - private static final SecurityManager SM = System.getSecurityManager(); - - private static void checkPermissions() { - if (SM != null) { - SM.checkPermission(CONFIGURATION_PERMISSION); - } - } - static boolean removeCachedTableConfiguration(String instanceId, String tableId) { synchronized (tableConfigs) { return tableConfigs.get(instanceId).remove(tableId) != null; @@ -119,7 +109,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { public synchronized SiteConfiguration getSiteConfiguration() { if (siteConfig == null) { - checkPermissions(); siteConfig = SiteConfiguration.getInstance(getDefaultConfiguration()); } return siteConfig; @@ -127,7 +116,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { public synchronized DefaultConfiguration getDefaultConfiguration() { if (defaultConfig == null) { - checkPermissions(); defaultConfig = DefaultConfiguration.getInstance(); } return defaultConfig; @@ -136,7 +124,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { @Override public synchronized AccumuloConfiguration getConfiguration() { if (systemConfig == null) { - checkPermissions(); systemConfig = new ZooConfigurationFactory().getInstance(instance, zcf, getSiteConfiguration()); } return systemConfig; @@ -144,7 +131,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { @Override public TableConfiguration getTableConfiguration(String tableId) { - checkPermissions(); TableConfiguration conf; synchronized (tableConfigs) { conf = tableConfigs.get(instanceID).get(tableId); @@ -181,7 +167,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { } public NamespaceConfiguration getNamespaceConfigurationForTable(String tableId) { - checkPermissions(); NamespaceConfiguration conf; synchronized (tableParentConfigs) { conf = tableParentConfigs.get(instanceID).get(tableId); @@ -201,7 +186,6 @@ public class ServerConfigurationFactory extends ServerConfiguration { @Override public NamespaceConfiguration getNamespaceConfiguration(String namespaceId) { - checkPermissions(); NamespaceConfiguration conf; // can't hold the lock during the construction and validation of the config, // which may result in creating multiple objects for the same id, but that's ok. http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/server/base/src/main/java/org/apache/accumulo/server/security/SystemCredentials.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SystemCredentials.java b/server/base/src/main/java/org/apache/accumulo/server/security/SystemCredentials.java index 161e15e..2510f67 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/SystemCredentials.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/SystemCredentials.java @@ -23,7 +23,6 @@ import java.io.DataOutputStream; import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.SecurityPermission; import java.util.Base64; import java.util.Map.Entry; @@ -46,8 +45,6 @@ import org.apache.hadoop.io.Writable; */ public final class SystemCredentials extends Credentials { - private static final SecurityPermission SYSTEM_CREDENTIALS_PERMISSION = new SecurityPermission("systemCredentialsPermission"); - private static final String SYSTEM_PRINCIPAL = "!SYSTEM"; private final TCredentials AS_THRIFT; @@ -57,15 +54,7 @@ public final class SystemCredentials extends Credentials { AS_THRIFT = super.toThrift(instance); } - private static void check_permission() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(SYSTEM_CREDENTIALS_PERMISSION); - } - } - public static SystemCredentials get(Instance instance) { - check_permission(); String principal = SYSTEM_PRINCIPAL; AccumuloConfiguration conf = SiteConfiguration.getInstance(); if (conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { http://git-wip-us.apache.org/repos/asf/accumulo/blob/693d5be1/server/base/src/main/java/org/apache/accumulo/server/tables/TableManager.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/tables/TableManager.java b/server/base/src/main/java/org/apache/accumulo/server/tables/TableManager.java index 0b23061..61ea682 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/tables/TableManager.java +++ b/server/base/src/main/java/org/apache/accumulo/server/tables/TableManager.java @@ -18,7 +18,6 @@ package org.apache.accumulo.server.tables; import static java.nio.charset.StandardCharsets.UTF_8; -import java.security.SecurityPermission; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; @@ -49,7 +48,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class TableManager { - private static SecurityPermission TABLE_MANAGER_PERMISSION = new SecurityPermission("tableManagerPermission"); private static final Logger log = LoggerFactory.getLogger(TableManager.class); private static final Set<TableObserver> observers = Collections.synchronizedSet(new HashSet<TableObserver>()); @@ -91,10 +89,6 @@ public class TableManager { } public synchronized static TableManager getInstance() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(TABLE_MANAGER_PERMISSION); - } if (tableManager == null) tableManager = new TableManager(); return tableManager;
