List of usage examples for org.apache.hadoop.security AccessControlException AccessControlException
public AccessControlException()
From source file:com.cloudera.hadoop.hdfs.nfs.nfs4.handlers.TestOperationRequestHandler.java
License:Apache License
@Test public void testAccessControlException() throws Exception { OperationRequestHandler<SAVEFHRequest, SAVEFHResponse> handler = new OperationRequestHandler<SAVEFHRequest, SAVEFHResponse>() { @Override//from w w w. j a v a 2s .co m protected SAVEFHResponse createResponse() { return new SAVEFHResponse(); } @Override protected SAVEFHResponse doHandle(HDFSState hdfsState, Session session, SAVEFHRequest request) throws NFS4Exception, IOException, UnsupportedOperationException { throw new AccessControlException(); } }; SAVEFHResponse response = handler.handle(hdfsState, session, null); Assert.assertEquals(NFS4ERR_PERM, response.getStatus()); }
From source file:org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.java
License:Apache License
@Override public void grantAccess(GrantRevokeRequest request) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); }/*from www . j a v a 2 s.c o m*/ String url = _utils.getUrlForGrantAccess(_baseUrl, _serviceName); Response response = _client.target(url).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE).get(); int httpResponseCode = response == null ? -1 : response.getStatus(); switch (httpResponseCode) { case -1: LOG.warn("Unexpected: Null response from policy server while grating access! Returning null!"); throw new Exception("unknown error!"); case 200: LOG.debug("grantAccess() suceeded: HTTP status=" + httpResponseCode); break; case 401: throw new AccessControlException(); default: String body = response.readEntity(String.class); String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url); LOG.warn(message); throw new Exception("HTTP status: " + httpResponseCode); } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } }
From source file:org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.java
License:Apache License
@Override public void revokeAccess(GrantRevokeRequest request) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); }/*from w ww . j a v a 2 s .c o m*/ String url = _utils.getUrlForRevokeAccess(_baseUrl, _serviceName); Response response = _client.target(url).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId) .request(MediaType.APPLICATION_JSON_TYPE).get(); int httpResponseCode = response == null ? -1 : response.getStatus(); switch (httpResponseCode) { case -1: LOG.warn("Unexpected: Null response from policy server while grating access! Returning null!"); throw new Exception("unknown error!"); case 200: LOG.debug("grantAccess() suceeded: HTTP status=" + httpResponseCode); break; case 401: throw new AccessControlException(); default: String body = response.readEntity(String.class); String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]", httpResponseCode, body, url); LOG.warn(message); throw new Exception("HTTP status: " + httpResponseCode); } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } }
From source file:org.apache.ranger.admin.client.RangerAdminRESTClient.java
License:Apache License
@Override public void grantAccess(final GrantRevokeRequest request) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); }/*w w w. j a va 2 s. com*/ ClientResponse response = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); if (isSecureMode) { PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() { public ClientResponse run() { WebResource secureWebResource = createWebResource( RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .post(ClientResponse.class, restClient.toJson(request)); }; }; if (LOG.isDebugEnabled()) { LOG.debug("grantAccess as user " + user); } response = user.doAs(action); } else { WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .post(ClientResponse.class, restClient.toJson(request)); } if (response != null && response.getStatus() != 200) { RESTResponse resp = RESTResponse.fromClientResponse(response); LOG.error("grantAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : "")); if (response.getStatus() == 401) { throw new AccessControlException(); } throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage()); } else if (response == null) { throw new Exception("unknown error during grantAccess. serviceName=" + serviceName); } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")"); } }
From source file:org.apache.ranger.admin.client.RangerAdminRESTClient.java
License:Apache License
@Override public void revokeAccess(final GrantRevokeRequest request) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + request + ")"); }//w ww .j a va 2 s.c o m ClientResponse response = null; UserGroupInformation user = MiscUtil.getUGILoginUser(); boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled(); if (isSecureMode) { PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() { public ClientResponse run() { WebResource secureWebResource = createWebResource( RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceName) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .post(ClientResponse.class, restClient.toJson(request)); }; }; if (LOG.isDebugEnabled()) { LOG.debug("revokeAccess as user " + user); } response = user.doAs(action); } else { WebResource webResource = createWebResource( RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceName) .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId); response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE) .post(ClientResponse.class, restClient.toJson(request)); } if (response != null && response.getStatus() != 200) { RESTResponse resp = RESTResponse.fromClientResponse(response); LOG.error("revokeAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : "")); if (response.getStatus() == 401) { throw new AccessControlException(); } throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage()); } else if (response == null) { throw new Exception("unknown error. revokeAccess(). serviceName=" + serviceName); } if (LOG.isDebugEnabled()) { LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + request + ")"); } }