Search in sources :

Example 1 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class AuthEnforceRewriterTest method test.

@Test
public void test() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ClassWithoutAuthEnforce.class));
    classLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceWithFields.class));
    // Need to invoke the method on the object created from the rewritten class in the classloader since trying to
    // cast it here to DummyAuthEnforce will fail since the object is created from a class which was loaded from a
    // different classloader.
    Class<?> cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceAnnotations.class.getName());
    Object rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    // tests a valid AuthEnforce annotation which has single action
    testRewrite(getMethod(cls, "testSingleAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // tests a valid AuthEnforce annotation which has multiple action
    testRewrite(getMethod(cls, "testMultipleAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that the class rewrite did not affect other non annotated methods
    testRewrite(getMethod(cls, "testNoAuthEnforceAnnotation", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that the class rewrite works for method whose signature does not specify throws exception
    testRewrite(getMethod(cls, "testMethodWithoutException", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    testRewrite(getMethod(cls, "testNameAnnotationPref", NamespaceId.class, String.class), rewrittenObject, NamespaceId.DEFAULT, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT, "dataset");
    testRewrite(getMethod(cls, "testMultipleParts", String.class, String.class), rewrittenObject, new DatasetId("ns", "dataset"), ExceptionAccessEnforcer.ExpectedException.class, "ns", "dataset");
    testRewrite(getMethod(cls, "testQueryPathParamAnnotations", String.class, String.class), rewrittenObject, new DatasetId("ns", "dataset"), ExceptionAccessEnforcer.ExpectedException.class, "ns", "dataset");
    testRewrite(getMethod(cls, "testMultipleAnnotationsPref", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that class rewriting does not happen for classes which does not have AuthEnforce annotation on its method
    cls = classLoader.loadClass(DummyAuthEnforce.ClassWithoutAuthEnforce.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "methodWithoutAuthEnforce", NamespaceId.class), rewrittenObject, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotated method in another inner class and needs the
    // invokeSetters to called independently for this
    cls = classLoader.loadClass(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testSomeOtherAction", NamespaceId.class), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    // test that class rewriting works for a valid annotation with field instances
    cls = classLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceWithFields.class.getName());
    rewrittenObject = loadRewritten(classLoader, DummyAuthEnforce.class.getName(), cls.getName());
    invokeSetters(cls, rewrittenObject);
    testRewrite(getMethod(cls, "testNoParameters"), rewrittenObject, ExceptionAccessEnforcer.ExpectedException.class);
    testRewrite(getMethod(cls, "testParaNameSameAsField", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    testRewrite(getMethod(cls, "testParaPreference", InstanceId.class), rewrittenObject, new InstanceId("i1"), ExceptionAccessEnforcer.ExpectedException.class, new InstanceId("i1"));
    testRewrite(getMethod(cls, "testThisClassPreference", NamespaceId.class), rewrittenObject, new NamespaceId("ns"), ExceptionAccessEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
}
Also used : ByteCodeClassLoader(io.cdap.cdap.internal.asm.ByteCodeClassLoader) InstanceId(io.cdap.cdap.proto.id.InstanceId) DatasetId(io.cdap.cdap.proto.id.DatasetId) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Test(org.junit.Test)

Example 2 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAccessRecorder.

@Test
public void testDatasetAccessRecorder() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    TestAccessEnforcer authEnforcer = new TestAccessEnforcer(EnumSet.allOf(StandardPermission.class));
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    accessRecorder.clear();
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    accessRecorder.clear();
    testDatasetAccessRecord(accessRecorder, createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
Also used : ByteCodeClassLoader(io.cdap.cdap.internal.asm.ByteCodeClassLoader) TopLevelDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDataset) Dataset(io.cdap.cdap.api.dataset.Dataset) TopLevelDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDataset) TopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DelegatingDataset(io.cdap.cdap.data2.dataset2.customds.DelegatingDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelDirectDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset) TopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) CustomDatasetApp(io.cdap.cdap.data2.dataset2.customds.CustomDatasetApp) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) CustomOperations(io.cdap.cdap.data2.dataset2.customds.CustomOperations) TopLevelDirectDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) Test(org.junit.Test)

Example 3 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testDatasetAuthorization.

@Test
public void testDatasetAuthorization() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    classLoader.addClass(rewrite(TopLevelDataset.class));
    classLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
    classLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    // Test no access
    TestAccessEnforcer authEnforcer = new TestAccessEnforcer(EnumSet.noneOf(StandardPermission.class));
    testNoAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    Dataset delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testNoAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testNoAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test read only access
    authEnforcer = new TestAccessEnforcer(EnumSet.of(StandardPermission.GET));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testReadOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
    // Test write only access
    authEnforcer = new TestAccessEnforcer(EnumSet.of(StandardPermission.UPDATE));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DefaultTopLevelExtendsDataset.class.getName(), classLoader));
    delegate = createDataset(accessRecorder, authEnforcer, TopLevelDataset.class.getName(), classLoader);
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, DelegatingDataset.class.getName(), classLoader, new Class<?>[] { CustomOperations.class }, new Object[] { delegate }));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), classLoader));
    testWriteOnlyAccess(createDataset(accessRecorder, authEnforcer, CustomDatasetApp.InnerDataset.class.getName(), classLoader, new Class<?>[] { CustomDatasetApp.class }, new Object[] { new CustomDatasetApp() }));
}
Also used : ByteCodeClassLoader(io.cdap.cdap.internal.asm.ByteCodeClassLoader) TopLevelDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDataset) Dataset(io.cdap.cdap.api.dataset.Dataset) TopLevelDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDataset) TopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DelegatingDataset(io.cdap.cdap.data2.dataset2.customds.DelegatingDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) TopLevelDirectDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset) TopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelExtendsDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) CustomDatasetApp(io.cdap.cdap.data2.dataset2.customds.CustomDatasetApp) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) CustomOperations(io.cdap.cdap.data2.dataset2.customds.CustomOperations) TopLevelDirectDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset) DefaultTopLevelExtendsDataset(io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset) Test(org.junit.Test)

Example 4 with ByteCodeClassLoader

use of io.cdap.cdap.internal.asm.ByteCodeClassLoader in project cdap by caskdata.

the class DatasetClassRewriterTest method testConstructorDefaultAnnotation.

@Test
public void testConstructorDefaultAnnotation() throws Exception {
    ByteCodeClassLoader classLoader = new ByteCodeClassLoader(getClass().getClassLoader());
    classLoader.addClass(rewrite(TopLevelDirectDataset.class));
    InMemoryAccessRecorder accessRecorder = new InMemoryAccessRecorder();
    AuthorizationRecorder authorizationRecorder = new AuthorizationRecorder();
    // Test constructor no default
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], null);
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), accessRecorder.getAuditRecorded());
    Assert.assertEquals(1, authorizationRecorder.getGrantedPermissions().size());
    // Expects the enforcer still get called
    Assert.assertNull(authorizationRecorder.getGrantedPermissions().get(0));
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new GrantedPermission(DATASET_ID, StandardPermission.GET)), authorizationRecorder.getGrantedPermissions());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default WriteOnly
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], WriteOnly.class);
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.WRITE), accessRecorder.getAuditRecorded());
    Assert.assertEquals(ImmutableList.of(new GrantedPermission(DATASET_ID, StandardPermission.UPDATE)), authorizationRecorder.getGrantedPermissions());
    accessRecorder.clear();
    authorizationRecorder.clear();
    // Test constructor default ReadWrite
    createDataset(accessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), classLoader, new Class<?>[0], new Object[0], ReadWrite.class);
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getLineageRecorded());
    Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), accessRecorder.getAuditRecorded());
    Assert.assertTrue(ImmutableSet.of(new GrantedPermission(DATASET_ID, StandardPermission.GET), new GrantedPermission(DATASET_ID, StandardPermission.UPDATE)).containsAll(authorizationRecorder.getGrantedPermissions()));
}
Also used : ByteCodeClassLoader(io.cdap.cdap.internal.asm.ByteCodeClassLoader) TopLevelDirectDataset(io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset) GrantedPermission(io.cdap.cdap.proto.security.GrantedPermission) Test(org.junit.Test)

Aggregations

ByteCodeClassLoader (io.cdap.cdap.internal.asm.ByteCodeClassLoader)4 Test (org.junit.Test)4 TopLevelDirectDataset (io.cdap.cdap.data2.dataset2.customds.TopLevelDirectDataset)3 Dataset (io.cdap.cdap.api.dataset.Dataset)2 CustomDatasetApp (io.cdap.cdap.data2.dataset2.customds.CustomDatasetApp)2 CustomOperations (io.cdap.cdap.data2.dataset2.customds.CustomOperations)2 DefaultTopLevelExtendsDataset (io.cdap.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset)2 DelegatingDataset (io.cdap.cdap.data2.dataset2.customds.DelegatingDataset)2 TopLevelDataset (io.cdap.cdap.data2.dataset2.customds.TopLevelDataset)2 TopLevelExtendsDataset (io.cdap.cdap.data2.dataset2.customds.TopLevelExtendsDataset)2 StandardPermission (io.cdap.cdap.proto.security.StandardPermission)2 DatasetId (io.cdap.cdap.proto.id.DatasetId)1 InstanceId (io.cdap.cdap.proto.id.InstanceId)1 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)1 GrantedPermission (io.cdap.cdap.proto.security.GrantedPermission)1