List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testCreateAndDropTables() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/*from ww w .j ava 2 s. c o m*/ // Create a new table as process owner HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp2")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); admin.createTable(tableDescriptor); conn.close(); // Try to disable + delete the table as the "IT" group String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; } UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); try { admin.disableTable(TableName.valueOf("temp2")); admin.deleteTable(TableName.valueOf("temp2")); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Now disable and delete as process owner conn = ConnectionFactory.createConnection(conf); admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp2")); admin.deleteTable(TableName.valueOf("temp2")); conn.close(); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testReadRowAsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }//from w ww . ja va 2s. c o m UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Read a row Get get = new Get(Bytes.toBytes("row1")); Result result = table.get(get); byte[] valResult = result.getValue(Bytes.toBytes("colfam1"), Bytes.toBytes("col1")); Assert.assertTrue(Arrays.equals(valResult, Bytes.toBytes("val1"))); conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testReadRowAsGroupPublic() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }/* w w w .ja v a2s .c o m*/ UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "public" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Read a row try { Get get = new Get(Bytes.toBytes("row1")); table.get(get); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testReadRowFromColFam2AsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }//from ww w. jav a 2s . c o m UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Read a row Get get = new Get(Bytes.toBytes("row1")); Result result = table.get(get); byte[] valResult = result.getValue(Bytes.toBytes("colfam2"), Bytes.toBytes("col1")); Assert.assertNull(valResult); conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testWriteRowAsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }//w w w. ja va2s . c o m UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testWriteRowAsGroupPublic() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }//w ww .j av a2 s .co m UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "public" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row try { Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testWriteRowInColFam2AsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }// ww w. j a v a 2 s .co m UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row try { Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam2"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testReadRowInAnotherTable() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/* w w w . j a va2 s . c o m*/ // Create a new table as process owner HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp4")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); admin.createTable(tableDescriptor); // Write a value Put put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val1")); Table table = conn.getTable(TableName.valueOf("temp4")); table.put(put); // Read a row Get get = new Get(Bytes.toBytes("row1")); Result result = table.get(get); byte[] valResult = result.getValue(Bytes.toBytes("colfam2"), Bytes.toBytes("col1")); Assert.assertNull(valResult); conn.close(); // Now try to read the row as group "IT" - it should fail as "IT" can only read from table "temp" String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; } UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp4")); // Read a row try { Get get = new Get(Bytes.toBytes("row1")); table.get(get); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Now disable and delete as process owner conn = ConnectionFactory.createConnection(conf); admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp4")); admin.deleteTable(TableName.valueOf("temp4")); conn.close(); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testDeleteRowAsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row (as process owner) Put put = new Put(Bytes.toBytes("row5")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put);/*from w w w. j ava 2 s. c o m*/ String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; } UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); try { // Delete the new row Delete delete = new Delete(Bytes.toBytes("row5")); table.delete(delete); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Delete the new row (as process owner) Delete delete = new Delete(Bytes.toBytes("row5")); table.delete(delete); conn.close(); }
From source file:org.apache.coheigea.bigdata.hbase.ranger.HBaseRangerAuthorizationTest.java
License:Apache License
@org.junit.Test public void testTagBasedTablePolicy() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); final HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp3")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); // Try to create a "temp3" table as the "IT" group - this should fail String user = "bob"; if ("bob".equals(System.getProperty("user.name"))) { user = "alice"; }/*from www . j a v a 2 s .c om*/ // Try to create the table as the "IT" group - this should fail UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); try { admin.createTable(tableDescriptor); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Now try to create the table as the "dev" group - this should work ugi = UserGroupInformation.createUserForTesting(user, new String[] { "dev" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); admin.createTable(tableDescriptor); conn.close(); return null; } }); // Drop the table Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp3")); admin.deleteTable(TableName.valueOf("temp3")); conn.close(); }