@Override public void initializeSecurity(TCredentials credentials, String principal, byte[] token) throws AccumuloSecurityException { try { // remove old settings from zookeeper first, if any IZooReaderWriter zoo = ZooReaderWriter.getInstance(); synchronized (zooCache) { zooCache.clear(); if (zoo.exists(ZKUserPath)) { zoo.recursiveDelete(ZKUserPath, NodeMissingPolicy.SKIP); log.info("Removed " + ZKUserPath + "/" + " from zookeeper"); } // prep parent node of users with root username zoo.putPersistentData(ZKUserPath, principal.getBytes(UTF_8), NodeExistsPolicy.FAIL); constructUser(principal, ZKSecurityTool.createPass(token)); } } catch (KeeperException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } }
@Override public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; if (userExists(principal)) { try { synchronized (zooCache) { zooCache.clear(ZKUserPath + "/" + principal); ZooReaderWriter.getInstance() .putPrivatePersistentData( ZKUserPath + "/" + principal, ZKSecurityTool.createPass(pt.getPassword()), NodeExistsPolicy.OVERWRITE); } } catch (KeeperException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } } else throw new AccumuloSecurityException( principal, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist }
@Override public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; byte[] pass; String zpath = ZKUserPath + "/" + principal; pass = zooCache.get(zpath); boolean result = ZKSecurityTool.checkPass(pt.getPassword(), pass); if (!result) { zooCache.clear(zpath); pass = zooCache.get(zpath); result = ZKSecurityTool.checkPass(pt.getPassword(), pass); } return result; }
@Override public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { try { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; constructUser(principal, ZKSecurityTool.createPass(pt.getPassword())); } catch (KeeperException e) { if (e.code().equals(KeeperException.Code.NODEEXISTS)) throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_EXISTS, e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } }