List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testRollover() throws Throwable { // bob should have permission to rollover final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); return null; }/* www . ja v a 2s.c o m*/ }); // "eve" should not have permission to rollover final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi2, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to rollover final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi3, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGetKeys() throws Throwable { // bob should have permission to get keys final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); return null; }/* w w w. j a va 2 s . com*/ }); // "eve" should not have permission to get keys final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi2, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should have permission to get keys final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi3, KMSOp.GET_KEYS, "newkey1", "127.0.0.1"); return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGetMetadata() throws Throwable { // bob should have permission to get the metadata final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); return null; }//from www .j a v a 2s.c om }); // "eve" should not have permission to get the metadata final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi2, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should have permission to get the metadata final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi3, KMSOp.GET_METADATA, "newkey1", "127.0.0.1"); return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testGenerateEEK() throws Throwable { // bob should have permission to generate EEK final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); return null; }//from w w w . jav a 2s .c om }); // "eve" should not have permission to generate EEK final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi2, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to generate EEK final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi3, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.kms.ranger.RangerKmsAuthorizerTest.java
License:Apache License
@org.junit.Test public void testDecryptEEK() throws Throwable { // bob should have permission to generate EEK final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob"); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); return null; }/*from w w w . j a v a 2 s . c o m*/ }); // "eve" should not have permission to decrypt EEK final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve"); ugi2.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi2, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); // the IT group should not have permission to decrypt EEK final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi3.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try { KMSWebApp.getACLs().assertAccess(Type.DECRYPT_EEK, ugi3, KMSOp.DECRYPT_EEK, "newkey1", "127.0.0.1"); Assert.fail("Failure expected"); } catch (AuthorizationException ex) { // expected } return null; } }); }
From source file:org.apache.coheigea.bigdata.solr.ranger.RangerSolrCloudTest.java
License:Apache License
private void performQuery(String user, String group, boolean exceptionExpected) throws Exception { final CloudSolrClient cloudSolrClient = server.getSolrClient(); cloudSolrClient.setDefaultCollection("docs"); ModifiableSolrParams params = new ModifiableSolrParams(); params.set("q", "*"); final QueryRequest queryRequest = new QueryRequest(params); queryRequest.setBasicAuthCredentials(user, "SolrRocks"); try {/* w w w. j a v a2s . com*/ if (group != null) { UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cloudSolrClient.request(queryRequest); return null; } }); } else { cloudSolrClient.request(queryRequest); } } catch (Exception ex) { if (!exceptionExpected) { throw ex; } return; } Assert.assertFalse(exceptionExpected); }
From source file:org.apache.coheigea.bigdata.solr.ranger.SolrAuthorizationMockTest.java
License:Apache License
private void performTest(final int expectedStatus, String user, String group, RequestType requestType, String ipAddress) throws Exception { Map<String, Object> requestParameters = new HashMap<>(); requestParameters.put("userPrincipal", user); requestParameters.put("collectionRequests", "docs"); requestParameters.put("requestType", requestType); if (ipAddress != null) { requestParameters.put("ipAddress", ipAddress); }//from w w w. j a va 2 s.c o m final AuthorizationContext context = new MockAuthorizationContext(requestParameters); if (group != null) { UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { AuthorizationResponse authResp = plugin.authorize(context); Assert.assertEquals(expectedStatus, authResp.statusCode); return null; } }); } else { AuthorizationResponse authResp = plugin.authorize(context); Assert.assertEquals(expectedStatus, authResp.statusCode); } }
From source file:org.apache.coheigea.bigdata.storm.StormTest.java
License:Apache License
@org.junit.Test public void testStorm() throws Exception { final TopologyBuilder builder = new TopologyBuilder(); builder.setSpout("words", new WordSpout()); builder.setBolt("counter", new WordCounterBolt()).shuffleGrouping("words"); final Config conf = new Config(); conf.setDebug(true);/* ww w .j a va2s . com*/ final LocalCluster cluster = new LocalCluster(); UserGroupInformation ugi = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cluster.submitTopology("word-count", conf, builder.createTopology()); return null; } }); Utils.sleep(10000); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { cluster.killTopology("word-count"); return null; } }); cluster.shutdown(); }
From source file:org.apache.drill.exec.ops.OperatorContextImpl.java
License:Apache License
public <RESULT> ListenableFuture<RESULT> runCallableAs(final UserGroupInformation proxyUgi, final Callable<RESULT> callable) { synchronized (this) { if (delegatePool == null) { delegatePool = MoreExecutors.listeningDecorator(executor); }// w ww . j ava2s. c o m } return delegatePool.submit(new Callable<RESULT>() { @Override public RESULT call() throws Exception { final Thread currentThread = Thread.currentThread(); final String originalThreadName = currentThread.getName(); currentThread.setName(proxyUgi.getUserName() + ":task-delegate-thread"); final RESULT result; try { result = proxyUgi.doAs(new PrivilegedExceptionAction<RESULT>() { @Override public RESULT run() throws Exception { return callable.call(); } }); } finally { currentThread.setName(originalThreadName); } return result; } }); }
From source file:org.apache.drill.exec.physical.impl.ImplCreator.java
License:Apache License
/** Create RootExec and its children (RecordBatches) for given FragmentRoot */ private RootExec getRootExec(final FragmentRoot root, final FragmentContext context) throws ExecutionSetupException { final List<RecordBatch> childRecordBatches = getChildren(root, context); if (context.isImpersonationEnabled()) { final UserGroupInformation proxyUgi = ImpersonationUtil.createProxyUgi(root.getUserName(), context.getQueryUserName()); try {//from w ww .j av a2 s. co m return proxyUgi.doAs(new PrivilegedExceptionAction<RootExec>() { @Override public RootExec run() throws Exception { return ((RootCreator<PhysicalOperator>) getOpCreator(root, context)).getRoot(context, root, childRecordBatches); } }); } catch (InterruptedException | IOException e) { final String errMsg = String.format("Failed to create RootExec for operator with id '%d'", root.getOperatorId()); logger.error(errMsg, e); throw new ExecutionSetupException(errMsg, e); } } else { return ((RootCreator<PhysicalOperator>) getOpCreator(root, context)).getRoot(context, root, childRecordBatches); } }