Search in sources :

Example 1 with ByteCodeClassLoader

use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testConstructorDefaultAnnotation.

@Test
public void testConstructorDefaultAnnotation() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    AuthorizationRecorder authorizationRecorder = new AuthorizationRecorder();
    // Test constructor no default
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], null);
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getAuditRecorded());
    Assert.assertEquals(1, authorizationRecorder.getPrivileges().size());
    // Expects the enforcer still get called
    Assert.assertNull(authorizationRecorder.getPrivileges().get(0));
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.READ)), authorizationRecorder.getPrivileges());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default WriteOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], WriteOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.WRITE)), authorizationRecorder.getPrivileges());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadWrite
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadWrite.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getAuditRecorded());
    Assert.assertTrue(ImmutableSet.of(new Privilege(DATASET_ID, Action.READ), new Privilege(DATASET_ID, Action.WRITE)).containsAll(authorizationRecorder.getPrivileges()));
}
Also used : ByteCodeClassLoader(co.cask.cdap.internal.asm.ByteCodeClassLoader) TopLevelDirectDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset) Privilege(co.cask.cdap.proto.security.Privilege) Test(org.junit.Test)

Example 2 with ByteCodeClassLoader

use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class AuthEnforceRewriterTest method test.

@Test
public void test() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassWithoutAuthEnforce.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceWithFields.class));
    // Need to invoke the method on the object created from the rewritten class in the classloader since trying to
    // cast it here to DummyAuthEnforce will fail since the object is created from a class which was loaded from a
    // different classloader.
    Class<?> cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceAnnotations.class.getName());
    Object rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    // tests a valid AuthEnforce annotation which has single action
    testRewrite(getMethod(cls, "testSingleAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // tests a valid AuthEnforce annotation which has multiple action
    testRewrite(getMethod(cls, "testMultipleAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that the class rewrite did not affect other non annotated methods
    testRewrite(getMethod(cls, "testNoAuthEnforceAnnotation", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that the class rewrite works for method whose signature does not specify throws exception
    testRewrite(getMethod(cls, "testMethodWithoutException", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // tests that class rewriting does not happen if an interface has a method with AuthEnforce
    cls = classLoader.loadClass(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "interfaceMethodWithAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that class rewriting does not happen for classes which does not have AuthEnforce annotation on its method
    cls = classLoader.loadClass(DummyAuthEnforce.ClassWithoutAuthEnforce.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "methodWithoutAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotated method in another inner class and needs the
    // invokeSetters to called independently for this
    cls = classLoader.loadClass(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testSomeOtherAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotation with field instances
    cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceWithFields.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testNoParameters"), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class);
    testRewrite(getMethod(cls, "testParaNameSameAsField", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    testRewrite(getMethod(cls, "testParaPreference", InstanceId.class), rewrittenObject, new InstanceId("i1"), ExceptionAuthorizationEnforcer.ExpectedException.class, new InstanceId("i1"));
    testRewrite(getMethod(cls, "testThisClassPreference", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
}
Also used : ByteCodeClassLoader(co.cask.cdap.internal.asm.ByteCodeClassLoader) InstanceId(co.cask.cdap.proto.id.InstanceId) NamespaceId(co.cask.cdap.proto.id.NamespaceId) Test(org.junit.Test)

Example 3 with ByteCodeClassLoader

use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAccessRecorder.

@Test
public void testDatasetAccessRecorder() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    TestAuthorizationEnforcer authEnforcer = new TestAuthorizationEnforcer(EnumSet.allOf(Action.class));
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    accessRecorder.clear();
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
Also used : ByteCodeClassLoader(co.cask.cdap.internal.asm.ByteCodeClassLoader) Action(co.cask.cdap.proto.security.Action) TopLevelDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDataset) TopLevelDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDataset) DelegatingDataset(co.cask.cdap.data2.dataset2.customds.DelegatingDataset) TopLevelDirectDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset) Dataset(co.cask.cdap.api.dataset.Dataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset) CustomDatasetApp(co.cask.cdap.data2.dataset2.customds.CustomDatasetApp) CustomOperations(co.cask.cdap.data2.dataset2.customds.CustomOperations) TopLevelDirectDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) Test(org.junit.Test)

Example 4 with ByteCodeClassLoader

use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAuthorization.

@Test
public void testDatasetAuthorization() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    // Test no access
    TestAuthorizationEnforcer authEnforcer = new TestAuthorizationEnforcer(EnumSet.noneOf(Action.class));
    testNoAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testNoAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test read only access
    authEnforcer = new TestAuthorizationEnforcer(EnumSet.of(Action.READ));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test write only access
    authEnforcer = new TestAuthorizationEnforcer(EnumSet.of(Action.WRITE));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
Also used : ByteCodeClassLoader(co.cask.cdap.internal.asm.ByteCodeClassLoader) Action(co.cask.cdap.proto.security.Action) TopLevelDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDataset) TopLevelDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDataset) DelegatingDataset(co.cask.cdap.data2.dataset2.customds.DelegatingDataset) TopLevelDirectDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset) Dataset(co.cask.cdap.api.dataset.Dataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset) CustomDatasetApp(co.cask.cdap.data2.dataset2.customds.CustomDatasetApp) CustomOperations(co.cask.cdap.data2.dataset2.customds.CustomOperations) TopLevelDirectDataset(co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset) DefaultTopLevelExtendsDataset(co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) Test(org.junit.Test)

Aggregations

ByteCodeClassLoader (co.cask.cdap.internal.asm.ByteCodeClassLoader)4 Test (org.junit.Test)4 TopLevelDirectDataset (co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset)3 Dataset (co.cask.cdap.api.dataset.Dataset)2 CustomDatasetApp (co.cask.cdap.data2.dataset2.customds.CustomDatasetApp)2 CustomOperations (co.cask.cdap.data2.dataset2.customds.CustomOperations)2 DefaultTopLevelExtendsDataset (co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset)2 DelegatingDataset (co.cask.cdap.data2.dataset2.customds.DelegatingDataset)2 TopLevelDataset (co.cask.cdap.data2.dataset2.customds.TopLevelDataset)2 TopLevelExtendsDataset (co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset)2 Action (co.cask.cdap.proto.security.Action)2 InstanceId (co.cask.cdap.proto.id.InstanceId)1 NamespaceId (co.cask.cdap.proto.id.NamespaceId)1 Privilege (co.cask.cdap.proto.security.Privilege)1