List of usage examples for org.apache.hadoop.security.authentication.server KerberosAuthenticationHandler TYPE
String TYPE
To view the source code for org.apache.hadoop.security.authentication.server KerberosAuthenticationHandler TYPE.
Click Source Link
From source file:org.apache.falcon.entity.HiveUtilTest.java
License:Apache License
@Test public void testGetHiveCredentialsWithKerberos() { StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE, KerberosAuthenticationHandler.TYPE); Cluster cluster = new Cluster(); String metaStoreUrl = "thrift://localhost:19083"; String principal = "kerberosPrincipal"; // set registry interface Interfaces interfaces = new Interfaces(); Interface registry = new Interface(); registry.setEndpoint(metaStoreUrl);/*from w w w .j av a 2 s . c o m*/ registry.setType(Interfacetype.REGISTRY); registry.setVersion("0.1"); interfaces.getInterfaces().add(registry); cluster.setInterfaces(interfaces); // set security properties org.apache.falcon.entity.v0.cluster.Properties props = new org.apache.falcon.entity.v0.cluster.Properties(); Property principal2 = new Property(); principal2.setName(SecurityUtil.HIVE_METASTORE_KERBEROS_PRINCIPAL); principal2.setValue(principal); props.getProperties().add(principal2); cluster.setProperties(props); Properties expected = new Properties(); expected.put(SecurityUtil.METASTORE_USE_THRIFT_SASL, "true"); expected.put(SecurityUtil.HIVE_METASTORE_KERBEROS_PRINCIPAL, principal); expected.put(SecurityUtil.METASTORE_PRINCIPAL, principal); expected.put(HiveUtil.METASTORE_UGI, "true"); expected.put(HiveUtil.NODE, metaStoreUrl.replace("thrift", "hcat")); expected.put(HiveUtil.METASTORE_URI, metaStoreUrl); expected.put(HiveUtil.METASTOREURIS, metaStoreUrl); Properties actual = HiveUtil.getHiveCredentials(cluster); Assert.assertTrue(actual.equals(expected)); }
From source file:org.apache.falcon.security.AuthenticationInitializationServiceTest.java
License:Apache License
@Test public void testKerberosAuthenticationWithKeytabFileDoesNotExist() { try {// ww w.jav a 2 s. c om StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE, KerberosAuthenticationHandler.TYPE); StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, "/blah/blah"); authenticationService.init(); Assert.fail("The keytab file does not exist! must have been thrown."); } catch (Exception e) { Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class); } }
From source file:org.apache.falcon.security.AuthenticationInitializationServiceTest.java
License:Apache License
@Test public void testKerberosAuthenticationWithKeytabFileIsADirectory() { try {/*from w w w. j a va2s . c o m*/ StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE, KerberosAuthenticationHandler.TYPE); StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, "/tmp/"); authenticationService.init(); Assert.fail("The keytab file cannot be a directory! must have been thrown."); } catch (Exception e) { Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class); } }
From source file:org.apache.falcon.security.AuthenticationInitializationServiceTest.java
License:Apache License
@Test public void testKerberosAuthenticationWithKeytabFileNotReadable() { File tempFile = new File(".keytabFile"); try {/* www . ja v a 2s. co m*/ assert tempFile.createNewFile(); assert tempFile.setReadable(false); StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE, KerberosAuthenticationHandler.TYPE); StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, tempFile.toString()); authenticationService.init(); Assert.fail("The keytab file is not readable! must have been thrown."); } catch (Exception e) { Assert.assertEquals(e.getCause().getClass(), IllegalArgumentException.class); } finally { assert tempFile.delete(); } }
From source file:org.apache.falcon.security.AuthenticationInitializationServiceTest.java
License:Apache License
@Test(enabled = false) public void testInitForKerberosAuthenticationMethod() throws FalconException { Mockito.when(mockLoginUser.getAuthenticationMethod()) .thenReturn(UserGroupInformation.AuthenticationMethod.KERBEROS); Mockito.when(mockLoginUser.getUserName()).thenReturn(FalconTestUtil.TEST_USER_1); Mockito.when(mockLoginUser.isFromKeytab()).thenReturn(Boolean.TRUE); StartupProperties.get().setProperty(SecurityUtil.AUTHENTICATION_TYPE, KerberosAuthenticationHandler.TYPE); StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_KEYTAB, "falcon.kerberos.keytab"); StartupProperties.get().setProperty(AuthenticationInitializationService.KERBEROS_PRINCIPAL, FalconTestUtil.TEST_USER_1); authenticationService.init();/*from w w w . j a va 2s.c o m*/ Assert.assertTrue(mockLoginUser.isFromKeytab()); Assert.assertEquals(mockLoginUser.getAuthenticationMethod().name(), KerberosAuthenticationHandler.TYPE); Assert.assertEquals(FalconTestUtil.TEST_USER_1, mockLoginUser.getUserName()); }
From source file:org.apache.falcon.security.SecurityUtil.java
License:Apache License
/** * Checks if kerberos authentication is enabled in the configuration. * * @return true if falcon.authentication.type is kerberos, false otherwise */// w w w. j a v a 2 s.c o m public static boolean isSecurityEnabled() { String authenticationType = StartupProperties.get().getProperty(AUTHENTICATION_TYPE, PseudoAuthenticationHandler.TYPE); final boolean useKerberos; if (authenticationType == null || PseudoAuthenticationHandler.TYPE.equals(authenticationType)) { useKerberos = false; } else if (KerberosAuthenticationHandler.TYPE.equals(authenticationType)) { useKerberos = true; } else { throw new IllegalArgumentException( "Invalid attribute value for " + AUTHENTICATION_TYPE + " of " + authenticationType); } return useKerberos; }
From source file:org.apache.ranger.security.web.filter.RangerKrbFilter.java
License:Apache License
/** * <p>Initializes the authentication filter and signer secret provider.</p> * It instantiates and initializes the specified {@link * AuthenticationHandler}.// www .j a va 2 s .c o m * * @param filterConfig filter configuration. * * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly. */ @Override public void init(FilterConfig filterConfig) throws ServletException { String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX); configPrefix = (configPrefix != null) ? configPrefix + "." : ""; config = getConfiguration(configPrefix, filterConfig); String authHandlerName = config.getProperty(AUTH_TYPE, null); String authHandlerClassName; if (authHandlerName == null) { throw new ServletException("Authentication type must be specified: " + PseudoAuthenticationHandler.TYPE + "|" + KerberosAuthenticationHandler.TYPE + "|<class>"); } if (StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)) { authHandlerClassName = PseudoAuthenticationHandler.class.getName(); } else if (StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)) { authHandlerClassName = KerberosAuthenticationHandler.class.getName(); } else { authHandlerClassName = authHandlerName; } validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000")) * 1000; //10 hours initializeSecretProvider(filterConfig); initializeAuthHandler(authHandlerClassName, filterConfig); cookieDomain = config.getProperty(COOKIE_DOMAIN, null); cookiePath = config.getProperty(COOKIE_PATH, null); }