List of usage examples for org.apache.hadoop.security UserGroupInformation createUserForTesting
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
From source file:org.apache.accumulo.core.client.impl.ThriftTransportKeyTest.java
License:Apache License
@Test public void testConnectionCaching() throws IOException, InterruptedException { UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", new String[0]); final KerberosToken token = EasyMock.createMock(KerberosToken.class); final ClientConfiguration clientConf = ClientConfiguration.loadDefault(); // The primary is the first component of the principal final String primary = "accumulo"; clientConf.withSasl(true, primary);/* w w w. j av a 2s . co m*/ // A first instance of the SASL cnxn params SaslConnectionParams saslParams1 = user1.doAs(new PrivilegedExceptionAction<SaslConnectionParams>() { @Override public SaslConnectionParams run() throws Exception { return new SaslConnectionParams(clientConf, token); } }); // A second instance of what should be the same SaslConnectionParams SaslConnectionParams saslParams2 = user1.doAs(new PrivilegedExceptionAction<SaslConnectionParams>() { @Override public SaslConnectionParams run() throws Exception { return new SaslConnectionParams(clientConf, token); } }); ThriftTransportKey ttk1 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1l, null, saslParams1), ttk2 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1l, null, saslParams2); // Should equals() and hashCode() to make sure we don't throw away thrift cnxns assertEquals(ttk1, ttk2); assertEquals(ttk1.hashCode(), ttk2.hashCode()); }
From source file:org.apache.accumulo.core.client.impl.ThriftTransportKeyTest.java
License:Apache License
@Test public void testSaslPrincipalIsSignificant() throws IOException, InterruptedException { UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", new String[0]); final KerberosToken token = EasyMock.createMock(KerberosToken.class); SaslConnectionParams saslParams1 = user1.doAs(new PrivilegedExceptionAction<SaslConnectionParams>() { @Override//from w w w.j a va 2s . c o m public SaslConnectionParams run() throws Exception { final ClientConfiguration clientConf = ClientConfiguration.loadDefault(); // The primary is the first component of the principal final String primary = "accumulo"; clientConf.withSasl(true, primary); assertEquals("true", clientConf.get(ClientProperty.INSTANCE_RPC_SASL_ENABLED)); return new SaslConnectionParams(clientConf, token); } }); UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", new String[0]); SaslConnectionParams saslParams2 = user2.doAs(new PrivilegedExceptionAction<SaslConnectionParams>() { @Override public SaslConnectionParams run() throws Exception { final ClientConfiguration clientConf = ClientConfiguration.loadDefault(); // The primary is the first component of the principal final String primary = "accumulo"; clientConf.withSasl(true, primary); assertEquals("true", clientConf.get(ClientProperty.INSTANCE_RPC_SASL_ENABLED)); return new SaslConnectionParams(clientConf, token); } }); ThriftTransportKey ttk1 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1l, null, saslParams1), ttk2 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1l, null, saslParams2); assertNotEquals(ttk1, ttk2); assertNotEquals(ttk1.hashCode(), ttk2.hashCode()); }
From source file:org.apache.accumulo.core.clientImpl.ThriftTransportKeyTest.java
License:Apache License
@Test public void testConnectionCaching() throws IOException, InterruptedException { UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", new String[0]); final KerberosToken token = EasyMock.createMock(KerberosToken.class); // A first instance of the SASL cnxn params SaslConnectionParams saslParams1 = user1 .doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token)); // A second instance of what should be the same SaslConnectionParams SaslConnectionParams saslParams2 = user1 .doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token)); ThriftTransportKey ttk1 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1L, null, saslParams1),//from w ww . j a v a2 s . c o m ttk2 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1L, null, saslParams2); // Should equals() and hashCode() to make sure we don't throw away thrift cnxns assertEquals(ttk1, ttk2); assertEquals(ttk1.hashCode(), ttk2.hashCode()); }
From source file:org.apache.accumulo.core.clientImpl.ThriftTransportKeyTest.java
License:Apache License
@Test public void testSaslPrincipalIsSignificant() throws IOException, InterruptedException { UserGroupInformation user1 = UserGroupInformation.createUserForTesting("user1", new String[0]); final KerberosToken token = EasyMock.createMock(KerberosToken.class); SaslConnectionParams saslParams1 = user1 .doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token)); UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", new String[0]); SaslConnectionParams saslParams2 = user2 .doAs((PrivilegedExceptionAction<SaslConnectionParams>) () -> createSaslParams(token)); ThriftTransportKey ttk1 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1L, null, saslParams1),// w w w .ja v a 2s . c o m ttk2 = new ThriftTransportKey(HostAndPort.fromParts("localhost", 9997), 1L, null, saslParams2); assertNotEquals(ttk1, ttk2); assertNotEquals(ttk1.hashCode(), ttk2.hashCode()); }
From source file:org.apache.accumulo.core.rpc.SaslConnectionParamsTest.java
License:Apache License
@Before public void setup() throws Exception { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]); username = testUser.getUserName();//from w w w. j av a 2 s . c om }
From source file:org.apache.accumulo.server.AccumuloServerContextTest.java
License:Apache License
@Before public void setup() throws Exception { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]); username = testUser.getUserName();/*from w ww . j av a 2s . com*/ }
From source file:org.apache.accumulo.server.ServerContextTest.java
License:Apache License
@Before public void setup() { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]); username = testUser.getUserName();/*from w ww . ja va 2s. c om*/ }
From source file:org.apache.accumulo.test.functional.KerberosIT.java
License:Apache License
@Test public void testDelegationToken() throws Exception { final String tableName = getUniqueNames(1)[0]; // Login as the "root" user UserGroupInformation root = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); log.info("Logged in as {}", rootUser.getPrincipal()); final int numRows = 100, numColumns = 10; // As the "root" user, open up the connection and get a delegation token final AuthenticationToken delegationToken = root.doAs(new PrivilegedExceptionAction<AuthenticationToken>() { @Override/*from ww w . ja v a2 s. c om*/ public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); conn.tableOperations().create(tableName); BatchWriter bw = conn.createBatchWriter(tableName, new BatchWriterConfig()); for (int r = 0; r < numRows; r++) { Mutation m = new Mutation(Integer.toString(r)); for (int c = 0; c < numColumns; c++) { String col = Integer.toString(c); m.put(col, col, col); } bw.addMutation(m); } bw.close(); return conn.securityOperations().getDelegationToken(new DelegationTokenConfig()); } }); // The above login with keytab doesn't have a way to logout, so make a fake user that won't have krb credentials UserGroupInformation userWithoutPrivs = UserGroupInformation.createUserForTesting("fake_user", new String[0]); int recordsSeen = userWithoutPrivs.doAs(new PrivilegedExceptionAction<Integer>() { @Override public Integer run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), delegationToken); BatchScanner bs = conn.createBatchScanner(tableName, Authorizations.EMPTY, 2); bs.setRanges(Collections.singleton(new Range())); int recordsSeen = Iterables.size(bs); bs.close(); return recordsSeen; } }); assertEquals(numRows * numColumns, recordsSeen); }
From source file:org.apache.accumulo.test.functional.KerberosIT.java
License:Apache License
@Test public void testDelegationTokenAsDifferentUser() throws Exception { // Login as the "root" user UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); log.info("Logged in as {}", rootUser.getPrincipal()); final AuthenticationToken delegationToken; try {//from www . j a va 2 s . co m delegationToken = ugi.doAs(new PrivilegedExceptionAction<AuthenticationToken>() { @Override public AuthenticationToken run() throws Exception { // As the "root" user, open up the connection and get a delegation token Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); return conn.securityOperations().getDelegationToken(new DelegationTokenConfig()); } }); } catch (UndeclaredThrowableException ex) { throw ex; } // make a fake user that won't have krb credentials UserGroupInformation userWithoutPrivs = UserGroupInformation.createUserForTesting("fake_user", new String[0]); try { // Use the delegation token to try to log in as a different user userWithoutPrivs.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { mac.getConnector("some_other_user", delegationToken); return null; } }); fail("Using a delegation token as a different user should throw an exception"); } catch (UndeclaredThrowableException e) { Throwable cause = e.getCause(); assertNotNull(cause); // We should get an AccumuloSecurityException from trying to use a delegation token for the wrong user assertTrue("Expected cause to be AccumuloSecurityException, but was " + cause.getClass(), cause instanceof AccumuloSecurityException); } }
From source file:org.apache.coheigea.bigdata.hbase.HBaseAuthorizationTest.java
License:Apache License
@org.junit.Test public void testReadTablesAsBob() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }// w w w . java2s. com UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); try { HTableDescriptor[] tableDescriptors = admin.listTables(); Assert.assertEquals(1, tableDescriptors.length); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }