use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.
the class DatasetClassRewriterTest method testConstructorDefaultAnnotation.
@Test
public void testConstructorDefaultAnnotation() throws Exception {
ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
classLoader.addClass(rewrite(TopLevelDirectDataset.class));
InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
AuthorizationRecorder authorizationRecorder = new AuthorizationRecorder();
// Test constructor no default
createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], null);
Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getLineageRecorded());
Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getAuditRecorded());
Assert.assertEquals(1, authorizationRecorder.getPrivileges().size());
// Expects the enforcer still get called
Assert.assertNull(authorizationRecorder.getPrivileges().get(0));
accessRecorder.clear();
authorizationRecorder.clear();
// Test constructor default ReadOnly
createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadOnly.class);
Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getLineageRecorded());
Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getAuditRecorded());
Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.READ)), authorizationRecorder.getPrivileges());
accessRecorder.clear();
authorizationRecorder.clear();
// Test constructor default WriteOnly
createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], WriteOnly.class);
Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getLineageRecorded());
Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getAuditRecorded());
Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.WRITE)), authorizationRecorder.getPrivileges());
accessRecorder.clear();
authorizationRecorder.clear();
// Test constructor default ReadWrite
createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadWrite.class);
Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getLineageRecorded());
Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getAuditRecorded());
Assert.assertTrue(ImmutableSet.of(new Privilege(DATASET_ID, Action.READ), new Privilege(DATASET_ID, Action.WRITE)).containsAll(authorizationRecorder.getPrivileges()));
}
use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.
the class AuthEnforceRewriterTest method test.
@Test
public void test() throws Exception {
ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceAnnotations.class));
classLoader.addClass(rewrite(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class));
classLoader.addClass(rewrite(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class));
classLoader.addClass(rewrite(DummyAuthEnforce.ClassWithoutAuthEnforce.class));
classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceWithFields.class));
// Need to invoke the method on the object created from the rewritten class in the classloader since trying to
// cast it here to DummyAuthEnforce will fail since the object is created from a class which was loaded from a
// different classloader.
Class<?> cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceAnnotations.class.getName());
Object rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
invokeSetters(cls, rewrittenObject);
// tests a valid AuthEnforce annotation which has single action
testRewrite(getMethod(cls, "testSingleAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
// tests a valid AuthEnforce annotation which has multiple action
testRewrite(getMethod(cls, "testMultipleAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
// test that the class rewrite did not affect other non annotated methods
testRewrite(getMethod(cls, "testNoAuthEnforceAnnotation", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
// test that the class rewrite works for method whose signature does not specify throws exception
testRewrite(getMethod(cls, "testMethodWithoutException", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
// tests that class rewriting does not happen if an interface has a method with AuthEnforce
cls = classLoader.loadClass(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class.getName());
rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
invokeSetters(cls, rewrittenObject);
testRewrite(getMethod(cls, "interfaceMethodWithAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
// test that class rewriting does not happen for classes which does not have AuthEnforce annotation on its method
cls = classLoader.loadClass(DummyAuthEnforce.ClassWithoutAuthEnforce.class.getName());
rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
invokeSetters(cls, rewrittenObject);
testRewrite(getMethod(cls, "methodWithoutAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
// test that class rewriting works for a valid annotated method in another inner class and needs the
// invokeSetters to called independently for this
cls = classLoader.loadClass(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class.getName());
rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
invokeSetters(cls, rewrittenObject);
testRewrite(getMethod(cls, "testSomeOtherAction", NamespaceId.class), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
// test that class rewriting works for a valid annotation with field instances
cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceWithFields.class.getName());
rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
invokeSetters(cls, rewrittenObject);
testRewrite(getMethod(cls, "testNoParameters"), rewrittenObject, ExceptionAuthorizationEnforcer.ExpectedException.class);
testRewrite(getMethod(cls, "testParaNameSameAsField", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
testRewrite(getMethod(cls, "testParaPreference", InstanceId.class), rewrittenObject, new InstanceId("i1"), ExceptionAuthorizationEnforcer.ExpectedException.class, new InstanceId("i1"));
testRewrite(getMethod(cls, "testThisClassPreference", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
}
use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.
the class DatasetClassRewriterTest method testDatasetAccessRecorder.
@Test
public void testDatasetAccessRecorder() throws Exception {
ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
classLoader.addClass(rewrite(TopLevelDirectDataset.class));
classLoader.addClass(rewrite(TopLevelDataset.class));
classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
TestAuthorizationEnforcer authEnforcer = new TestAuthorizationEnforcer(EnumSet.allOf(Action.class));
testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
accessRecorder.clear();
testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
accessRecorder.clear();
Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
accessRecorder.clear();
testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
accessRecorder.clear();
testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
use of co.cask.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.
the class DatasetClassRewriterTest method testDatasetAuthorization.
@Test
public void testDatasetAuthorization() throws Exception {
ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
classLoader.addClass(rewrite(TopLevelDirectDataset.class));
classLoader.addClass(rewrite(TopLevelDataset.class));
classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
// Test no access
TestAuthorizationEnforcer authEnforcer = new TestAuthorizationEnforcer(EnumSet.noneOf(Action.class));
testNoAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
testNoAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
testNoAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
// Test read only access
authEnforcer = new TestAuthorizationEnforcer(EnumSet.of(Action.READ));
testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
// Test write only access
authEnforcer = new TestAuthorizationEnforcer(EnumSet.of(Action.WRITE));
testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
Aggregations