diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index b2a4736..4ab81a6 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -22,10 +22,8 @@ import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -41,6 +39,7 @@ import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.HRegionInfo;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.TableName;
@@ -64,8 +63,6 @@ import org.apache.hadoop.hbase.filter.RegexStringComparator;
import org.apache.hadoop.hbase.master.MasterServices;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
-import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos;
import org.apache.hadoop.hbase.regionserver.BloomType;
import org.apache.hadoop.hbase.regionserver.InternalScanner;
import org.apache.hadoop.hbase.regionserver.Region;
@@ -77,11 +74,6 @@ import org.apache.hadoop.io.Text;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import com.google.common.collect.Lists;
-import com.google.protobuf.ByteString;
-import com.google.protobuf.CodedInputStream;
-import com.google.protobuf.Message;
-import com.google.protobuf.RpcController;
-import com.google.protobuf.ServiceException;
/**
* Maintains lists of permission grants to users and groups to allow for
@@ -442,12 +434,12 @@ public class AccessControlLists {
static ListMultimap getTablePermissions(Configuration conf,
TableName tableName) throws IOException {
- return getPermissions(conf, tableName != null ? tableName.getName() : null);
+ return getPermissions(conf, tableName != null ? tableName.getName() : null, null);
}
static ListMultimap getNamespacePermissions(Configuration conf,
String namespace) throws IOException {
- return getPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace)));
+ return getPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace)), null);
}
/**
@@ -460,24 +452,33 @@ public class AccessControlLists {
*
*/
static ListMultimap getPermissions(Configuration conf,
- byte[] entryName) throws IOException {
+ byte[] entryName, Table t) throws IOException {
if (entryName == null) entryName = ACL_GLOBAL_NAME;
// for normal user tables, we just read the table row from _acl_
ListMultimap perms = ArrayListMultimap.create();
- // TODO: Pass in a Connection rather than create one each time.
- try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- Get get = new Get(entryName);
- get.addFamily(ACL_LIST_FAMILY);
- Result row = table.get(get);
- if (!row.isEmpty()) {
- perms = parsePermissions(entryName, row);
- } else {
- LOG.info("No permissions found in " + ACL_TABLE_NAME + " for acl entry "
- + Bytes.toString(entryName));
+ Get get = new Get(entryName);
+ get.addFamily(ACL_LIST_FAMILY);
+ Result row = null;
+ if (t == null) {
+ // TODO: Pass in a Connection rather than create one each time.
+ try (Connection connection = ConnectionFactory.createConnection(conf)) {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ row = table.get(get);
}
}
+ } else {
+ try {
+ row = t.get(get);
+ } finally {
+ t.close();
+ }
+ }
+ if (!row.isEmpty()) {
+ perms = parsePermissions(entryName, row);
+ } else {
+ LOG.info("No permissions found in " + ACL_TABLE_NAME + " for acl entry "
+ + Bytes.toString(entryName));
}
return perms;
@@ -501,7 +502,7 @@ public class AccessControlLists {
Configuration conf, byte[] entryName)
throws IOException {
ListMultimap allPerms = getPermissions(
- conf, entryName);
+ conf, entryName, null);
List perms = new ArrayList();
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 1163c44..35313d9 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -272,7 +272,8 @@ public class AccessController extends BaseMasterAndRegionObserver
for (byte[] entry: entries) {
try {
ListMultimap perms =
- AccessControlLists.getPermissions(conf, entry);
+ AccessControlLists.getPermissions(conf, entry,
+ regionEnv.getTable(e.getRegion().getRegionInfo().getTable()));
byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf);
zkw.writeToZookeeper(entry, serialized);
} catch (IOException ex) {