Search in sources :

Example 1 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project druid by druid-io.

the class KerberosJettyHttpClientProvider method get.

@Override
public HttpClient get() {
    final HttpClient httpClient = delegateProvider.get();
    httpClient.getAuthenticationStore().addAuthentication(new Authentication() {

        @Override
        public boolean matches(String type, URI uri, String realm) {
            return true;
        }

        @Override
        public Result authenticate(final Request request, ContentResponse response, Authentication.HeaderInfo headerInfo, Attributes context) {
            return new Result() {

                @Override
                public URI getURI() {
                    return request.getURI();
                }

                @Override
                public void apply(Request request) {
                    try {
                        // No need to set cookies as they are handled by Jetty Http Client itself.
                        URI uri = request.getURI();
                        if (DruidKerberosUtil.needToSendCredentials(httpClient.getCookieStore(), uri)) {
                            log.debug("No Auth Cookie found for URI[%s]. Existing Cookies[%s] Authenticating... ", uri, httpClient.getCookieStore().getCookies());
                            final String host = request.getHost();
                            DruidKerberosUtil.authenticateIfRequired(config);
                            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
                            String challenge = currentUser.doAs(new PrivilegedExceptionAction<String>() {

                                @Override
                                public String run() throws Exception {
                                    return DruidKerberosUtil.kerberosChallenge(host);
                                }
                            });
                            request.getHeaders().add(HttpHeaders.Names.AUTHORIZATION, "Negotiate " + challenge);
                        } else {
                            log.debug("Found Auth Cookie found for URI[%s].", uri);
                        }
                    } catch (Throwable e) {
                        Throwables.propagate(e);
                    }
                }
            };
        }
    });
    return httpClient;
}
Also used : ContentResponse(org.eclipse.jetty.client.api.ContentResponse) Request(org.eclipse.jetty.client.api.Request) Attributes(org.eclipse.jetty.util.Attributes) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URI(java.net.URI) Authentication(org.eclipse.jetty.client.api.Authentication) HttpClient(org.eclipse.jetty.client.HttpClient) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 2 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method testVisibilityLabelsWithDeleteFamily.

@Test
public void testVisibilityLabelsWithDeleteFamily() throws Exception {
    setAuths();
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    try (Table table = createTableAndWriteDataWithLabels(tableName, SECRET, CONFIDENTIAL + "|" + TOPSECRET)) {
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row2);
                    d.setCellVisibility(new CellVisibility(TOPSECRET + "|" + CONFIDENTIAL));
                    d.addFamily(fam);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        TEST_UTIL.getAdmin().flush(tableName);
        Scan s = new Scan();
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL));
        ResultScanner scanner = table.getScanner(s);
        Result[] next = scanner.next(3);
        assertTrue(next.length == 1);
        CellScanner cellScanner = next[0].cellScanner();
        cellScanner.advance();
        Cell current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
    }
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) CellScanner(org.apache.hadoop.hbase.CellScanner) Result(org.apache.hadoop.hbase.client.Result) TableName(org.apache.hadoop.hbase.TableName) Scan(org.apache.hadoop.hbase.client.Scan) Cell(org.apache.hadoop.hbase.Cell) Test(org.junit.Test)

Example 3 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method testVisibilityLabelsWithDeleteColumnsWithNoMatchVisExpWithMultipleVersionsNoTimestamp.

@Test
public void testVisibilityLabelsWithDeleteColumnsWithNoMatchVisExpWithMultipleVersionsNoTimestamp() throws Exception {
    setAuths();
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    try (Table table = doPuts(tableName)) {
        TEST_UTIL.getAdmin().flush(tableName);
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(CONFIDENTIAL));
                    d.addColumns(fam, qual);
                    table.delete(d);
                    d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(SECRET));
                    d.addColumns(fam, qual);
                    table.delete(d);
                    d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility("(" + PRIVATE + "&" + CONFIDENTIAL + ")|(" + SECRET + "&" + TOPSECRET + ")"));
                    d.addColumns(fam, qual);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        Scan s = new Scan();
        s.setMaxVersions(5);
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET));
        ResultScanner scanner = table.getScanner(s);
        Result[] next = scanner.next(3);
        assertTrue(next.length == 2);
        CellScanner cellScanner = next[0].cellScanner();
        cellScanner.advance();
        Cell current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        cellScanner = next[1].cellScanner();
        cellScanner.advance();
        current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length));
    }
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) CellScanner(org.apache.hadoop.hbase.CellScanner) Result(org.apache.hadoop.hbase.client.Result) TableName(org.apache.hadoop.hbase.TableName) Scan(org.apache.hadoop.hbase.client.Scan) Cell(org.apache.hadoop.hbase.Cell) Test(org.junit.Test)

Example 4 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method testVisibilityLabelsWithDeleteColumns.

@Test
public void testVisibilityLabelsWithDeleteColumns() throws Throwable {
    setAuths();
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    try (Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + TOPSECRET, SECRET)) {
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(TOPSECRET + "&" + SECRET));
                    d.addColumns(fam, qual);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        TEST_UTIL.getAdmin().flush(tableName);
        Scan s = new Scan();
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL));
        ResultScanner scanner = table.getScanner(s);
        Result[] next = scanner.next(3);
        assertTrue(next.length == 1);
        CellScanner cellScanner = next[0].cellScanner();
        cellScanner.advance();
        Cell current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length));
    }
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) CellScanner(org.apache.hadoop.hbase.CellScanner) Result(org.apache.hadoop.hbase.client.Result) TableName(org.apache.hadoop.hbase.TableName) Scan(org.apache.hadoop.hbase.client.Scan) Cell(org.apache.hadoop.hbase.Cell) Test(org.junit.Test)

Example 5 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method testVisibilityLabelsWithDeleteColumnExactVersion.

@Test
public void testVisibilityLabelsWithDeleteColumnExactVersion() throws Exception {
    setAuths();
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    long[] ts = new long[] { 123l, 125l };
    try (Table table = createTableAndWriteDataWithLabels(tableName, ts, CONFIDENTIAL + "|" + TOPSECRET, SECRET)) {
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(TOPSECRET + "|" + CONFIDENTIAL));
                    d.addColumn(fam, qual, 123l);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        TEST_UTIL.getAdmin().flush(tableName);
        Scan s = new Scan();
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL));
        ResultScanner scanner = table.getScanner(s);
        Result[] next = scanner.next(3);
        assertTrue(next.length == 1);
        CellScanner cellScanner = next[0].cellScanner();
        cellScanner.advance();
        Cell current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length));
    }
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) CellScanner(org.apache.hadoop.hbase.CellScanner) Result(org.apache.hadoop.hbase.client.Result) TableName(org.apache.hadoop.hbase.TableName) Scan(org.apache.hadoop.hbase.client.Scan) Cell(org.apache.hadoop.hbase.Cell) Test(org.junit.Test)

Aggregations

PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)380 IOException (java.io.IOException)192 PrivilegedActionException (java.security.PrivilegedActionException)135 Test (org.junit.Test)104 Connection (org.apache.hadoop.hbase.client.Connection)81 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)71 Table (org.apache.hadoop.hbase.client.Table)62 TableName (org.apache.hadoop.hbase.TableName)57 Result (org.apache.hadoop.hbase.client.Result)56 Scan (org.apache.hadoop.hbase.client.Scan)55 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)53 Delete (org.apache.hadoop.hbase.client.Delete)48 InterruptedIOException (java.io.InterruptedIOException)47 Cell (org.apache.hadoop.hbase.Cell)38 CellScanner (org.apache.hadoop.hbase.CellScanner)38 Configuration (org.apache.hadoop.conf.Configuration)35 File (java.io.File)33 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)33 Subject (javax.security.auth.Subject)22 URI (java.net.URI)21