Examples with ByteCodeClassLoader io.cdap.cdap.internal.asm.ByteCodeClassLoader used on opensource projects

Example 1 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class AuthEnforceRewriterTest method test.

@Test
public void test() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassWithoutAuthEnforce.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceWithFields.class));
    // Need to invoke the method on the object created from the rewritten class in the classloader since trying to
    // cast it here to DummyAuthEnforce will fail since the object is created from a class which was loaded from a
    // different classloader.
    Class<?> cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceAnnotations.class.getName());
    Object rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    // tests a valid AuthEnforce annotation which has single action
    testRewrite(getMethod(cls, "testSingleAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // tests a valid AuthEnforce annotation which has multiple action
    testRewrite(getMethod(cls, "testMultipleAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that the class rewrite did not affect other non annotated methods
    testRewrite(getMethod(cls, "testNoAuthEnforceAnnotation", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that the class rewrite works for method whose signature does not specify throws exception
    testRewrite(getMethod(cls, "testMethodWithoutException", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    testRewrite(getMethod(cls, "testNameAnnotationPref", NamespaceId.class, String.class), rewrittenObject, NamespaceId.DEFAULT, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT, "dataset");
    testRewrite(getMethod(cls, "testMultipleParts", String.class, String.class), rewrittenObject, new DatasetId("ns", "dataset"), ExceptionAccessEnforcer.ExpectedException.class, "ns", "dataset");
    testRewrite(getMethod(cls, "testQueryPathParamAnnotations", String.class, String.class), rewrittenObject, new DatasetId("ns", "dataset"), ExceptionAccessEnforcer.ExpectedException.class, "ns", "dataset");
    testRewrite(getMethod(cls, "testMultipleAnnotationsPref", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that class rewriting does not happen for classes which does not have AuthEnforce annotation on its method
    cls = classLoader.loadClass(DummyAuthEnforce.ClassWithoutAuthEnforce.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "methodWithoutAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotated method in another inner class and needs the
    // invokeSetters to called independently for this
    cls = classLoader.loadClass(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testSomeOtherAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotation with field instances
    cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceWithFields.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testNoParameters"), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class);
    testRewrite(getMethod(cls, "testParaNameSameAsField", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    testRewrite(getMethod(cls, "testParaPreference", InstanceId.class), rewrittenObject, new InstanceId("i1"), ExceptionAccessEnforcer.ExpectedException.class, new InstanceId("i1"));
    testRewrite(getMethod(cls, "testThisClassPreference", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
}

Example 2 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAccessRecorder.

@Test
public void testDatasetAccessRecorder() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    TestAccessEnforcer authEnforcer = new TestAccessEnforcer(EnumSet.allOf(StandardPermission.class));
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    accessRecorder.clear();
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}

Example 3 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAuthorization.

@Test
public void testDatasetAuthorization() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    // Test no access
    TestAccessEnforcer authEnforcer = new TestAccessEnforcer(EnumSet.noneOf(StandardPermission.class));
    testNoAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testNoAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test read only access
    authEnforcer = new TestAccessEnforcer(EnumSet.of(StandardPermission.GET));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test write only access
    authEnforcer = new TestAccessEnforcer(EnumSet.of(StandardPermission.UPDATE));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}

Example 4 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testConstructorDefaultAnnotation.

@Test
public void testConstructorDefaultAnnotation() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    AuthorizationRecorder authorizationRecorder = new AuthorizationRecorder();
    // Test constructor no default
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], null);
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getAuditRecorded());
    Assert.assertEquals(1, authorizationRecorder.getGrantedPermissions().size());
    // Expects the enforcer still get called
    Assert.assertNull(authorizationRecorder.getGrantedPermissions().get(0));
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new GrantedPermission(DATASET_ID, StandardPermission.GET)), authorizationRecorder.getGrantedPermissions());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default WriteOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], WriteOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new GrantedPermission(DATASET_ID, StandardPermission.UPDATE)), authorizationRecorder.getGrantedPermissions());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadWrite
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadWrite.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getAuditRecorded());
    Assert.assertTrue(ImmutableSet.of(new GrantedPermission(DATASET_ID, StandardPermission.GET), new GrantedPermission(DATASET_ID, StandardPermission.UPDATE)).containsAll(authorizationRecorder.getGrantedPermissions()));
}