Example usage for org.apache.hadoop.security AccessControlException AccessControlException

Introduction

In this page you can find the example usage for org.apache.hadoop.security AccessControlException AccessControlException.

Prototype

public AccessControlException()

Source Link

Document

Default constructor is needed for unwrapping from org.apache.hadoop.ipc.RemoteException .

Usage

From source file:com.cloudera.hadoop.hdfs.nfs.nfs4.handlers.TestOperationRequestHandler.java

License:Apache License

@Test
public void testAccessControlException() throws Exception {
    OperationRequestHandler<SAVEFHRequest, SAVEFHResponse> handler = new OperationRequestHandler<SAVEFHRequest, SAVEFHResponse>() {
        @Override//from  w  w w.  j a  v a  2s  .co  m
        protected SAVEFHResponse createResponse() {
            return new SAVEFHResponse();
        }

        @Override
        protected SAVEFHResponse doHandle(HDFSState hdfsState, Session session, SAVEFHRequest request)
                throws NFS4Exception, IOException, UnsupportedOperationException {
            throw new AccessControlException();
        }
    };
    SAVEFHResponse response = handler.handle(hdfsState, session, null);
    Assert.assertEquals(NFS4ERR_PERM, response.getStatus());
}

From source file:org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.java

License:Apache License

@Override
public void grantAccess(GrantRevokeRequest request) throws Exception {

    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
    }/*from  www  . j  a  v  a 2  s.c o  m*/

    String url = _utils.getUrlForGrantAccess(_baseUrl, _serviceName);
    Response response = _client.target(url).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
            .request(MediaType.APPLICATION_JSON_TYPE).get();
    int httpResponseCode = response == null ? -1 : response.getStatus();

    switch (httpResponseCode) {
    case -1:
        LOG.warn("Unexpected: Null response from policy server while grating access! Returning null!");
        throw new Exception("unknown error!");
    case 200:
        LOG.debug("grantAccess() suceeded: HTTP status=" + httpResponseCode);
        break;
    case 401:
        throw new AccessControlException();
    default:
        String body = response.readEntity(String.class);
        String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]",
                httpResponseCode, body, url);
        LOG.warn(message);
        throw new Exception("HTTP status: " + httpResponseCode);
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
    }
}

From source file:org.apache.ranger.admin.client.RangerAdminJersey2RESTClient.java

License:Apache License

@Override
public void revokeAccess(GrantRevokeRequest request) throws Exception {

    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
    }/*from   w ww .  j a  v a  2 s .c  o m*/

    String url = _utils.getUrlForRevokeAccess(_baseUrl, _serviceName);
    Response response = _client.target(url).queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, _pluginId)
            .request(MediaType.APPLICATION_JSON_TYPE).get();
    int httpResponseCode = response == null ? -1 : response.getStatus();

    switch (httpResponseCode) {
    case -1:
        LOG.warn("Unexpected: Null response from policy server while grating access! Returning null!");
        throw new Exception("unknown error!");
    case 200:
        LOG.debug("grantAccess() suceeded: HTTP status=" + httpResponseCode);
        break;
    case 401:
        throw new AccessControlException();
    default:
        String body = response.readEntity(String.class);
        String message = String.format("Unexpected: Received status[%d] with body[%s] form url[%s]",
                httpResponseCode, body, url);
        LOG.warn(message);
        throw new Exception("HTTP status: " + httpResponseCode);
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
    }
}

From source file:org.apache.ranger.admin.client.RangerAdminRESTClient.java

License:Apache License

@Override
public void grantAccess(final GrantRevokeRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")");
    }/*w  w  w. j  a  va 2 s. com*/

    ClientResponse response = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();

    if (isSecureMode) {
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
            public ClientResponse run() {
                WebResource secureWebResource = createWebResource(
                        RangerRESTUtils.REST_URL_SECURE_SERVICE_GRANT_ACCESS + serviceName)
                                .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
                return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                        .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                        .post(ClientResponse.class, restClient.toJson(request));
            };
        };
        if (LOG.isDebugEnabled()) {
            LOG.debug("grantAccess as user " + user);
        }
        response = user.doAs(action);
    } else {
        WebResource webResource = createWebResource(RangerRESTUtils.REST_URL_SERVICE_GRANT_ACCESS + serviceName)
                .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
        response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                .post(ClientResponse.class, restClient.toJson(request));
    }
    if (response != null && response.getStatus() != 200) {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.error("grantAccess() failed: HTTP status=" + response.getStatus() + ", message=" + resp.getMessage()
                + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));

        if (response.getStatus() == 401) {
            throw new AccessControlException();
        }

        throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
    } else if (response == null) {
        throw new Exception("unknown error during grantAccess. serviceName=" + serviceName);
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.grantAccess(" + request + ")");
    }
}

From source file:org.apache.ranger.admin.client.RangerAdminRESTClient.java

License:Apache License

@Override
public void revokeAccess(final GrantRevokeRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + request + ")");
    }//w ww .j a va  2 s.c o  m

    ClientResponse response = null;
    UserGroupInformation user = MiscUtil.getUGILoginUser();
    boolean isSecureMode = user != null && UserGroupInformation.isSecurityEnabled();

    if (isSecureMode) {
        PrivilegedAction<ClientResponse> action = new PrivilegedAction<ClientResponse>() {
            public ClientResponse run() {
                WebResource secureWebResource = createWebResource(
                        RangerRESTUtils.REST_URL_SECURE_SERVICE_REVOKE_ACCESS + serviceName)
                                .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
                return secureWebResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                        .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                        .post(ClientResponse.class, restClient.toJson(request));
            };
        };
        if (LOG.isDebugEnabled()) {
            LOG.debug("revokeAccess as user " + user);
        }
        response = user.doAs(action);
    } else {
        WebResource webResource = createWebResource(
                RangerRESTUtils.REST_URL_SERVICE_REVOKE_ACCESS + serviceName)
                        .queryParam(RangerRESTUtils.REST_PARAM_PLUGIN_ID, pluginId);
        response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                .type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
                .post(ClientResponse.class, restClient.toJson(request));
    }

    if (response != null && response.getStatus() != 200) {
        RESTResponse resp = RESTResponse.fromClientResponse(response);
        LOG.error("revokeAccess() failed: HTTP status=" + response.getStatus() + ", message="
                + resp.getMessage() + ", isSecure=" + isSecureMode + (isSecureMode ? (", user=" + user) : ""));

        if (response.getStatus() == 401) {
            throw new AccessControlException();
        }

        throw new Exception("HTTP " + response.getStatus() + " Error: " + resp.getMessage());
    } else if (response == null) {
        throw new Exception("unknown error. revokeAccess(). serviceName=" + serviceName);
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerAdminRESTClient.revokeAccess(" + request + ")");
    }
}