Examples with PasswordToken org.apache.accumulo.core.client.security.tokens.PasswordToken used on opensource projects

Example 66 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class CredentialsTest method roundtripThrift.

@Test
public void roundtripThrift() throws DestroyFailedException {
    Credentials creds = new Credentials("test", new PasswordToken("testing"));
    TCredentials tCreds = creds.toThrift(inst);
    Credentials roundtrip = Credentials.fromThrift(tCreds);
    assertEquals("Roundtrip through thirft changed credentials equality", creds, roundtrip);
}

Example 67 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class CredentialsTest method testToThrift.

@Test
public void testToThrift() throws DestroyFailedException {
    // verify thrift serialization
    Credentials creds = new Credentials("test", new PasswordToken("testing"));
    TCredentials tCreds = creds.toThrift(inst);
    assertEquals("test", tCreds.getPrincipal());
    assertEquals(PasswordToken.class.getName(), tCreds.getTokenClassName());
    assertArrayEquals(AuthenticationTokenSerializer.serialize(new PasswordToken("testing")), tCreds.getToken());
    // verify that we can't serialize if it's destroyed
    creds.getToken().destroy();
    try {
        creds.toThrift(inst);
        fail();
    } catch (Exception e) {
        assertTrue(e instanceof RuntimeException);
        assertTrue(e.getCause() instanceof AccumuloSecurityException);
        assertTrue(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode().equals(SecurityErrorCode.TOKEN_EXPIRED));
    }
}

Example 68 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class AccumuloReplicaSystem method replicate.

@Override
public Status replicate(final Path p, final Status status, final ReplicationTarget target, final ReplicaSystemHelper helper) {
    final Instance localInstance = HdfsZooInstance.getInstance();
    final AccumuloConfiguration localConf = new ServerConfigurationFactory(localInstance).getSystemConfiguration();
    log.debug("Replication RPC timeout is {}", localConf.get(Property.REPLICATION_RPC_TIMEOUT.getKey()));
    final String principal = getPrincipal(localConf, target);
    final File keytab;
    final String password;
    if (localConf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
        String keytabPath = getKeytab(localConf, target);
        keytab = new File(keytabPath);
        if (!keytab.exists() || !keytab.isFile()) {
            log.error("{} is not a regular file. Cannot login to replicate", keytabPath);
            return status;
        }
        password = null;
    } else {
        keytab = null;
        password = getPassword(localConf, target);
    }
    if (null != keytab) {
        try {
            final UserGroupInformation accumuloUgi = UserGroupInformation.getCurrentUser();
            // Get a UGI with the principal + keytab
            UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab.getAbsolutePath());
            // Run inside a doAs to avoid nuking the Tserver's user
            return ugi.doAs(new PrivilegedAction<Status>() {

                @Override
                public Status run() {
                    KerberosToken token;
                    try {
                        // Do *not* replace the current user
                        token = new KerberosToken(principal, keytab);
                    } catch (IOException e) {
                        log.error("Failed to create KerberosToken", e);
                        return status;
                    }
                    ClientContext peerContext = getContextForPeer(localConf, target, principal, token);
                    return _replicate(p, status, target, helper, localConf, peerContext, accumuloUgi);
                }
            });
        } catch (IOException e) {
            // Can't log in, can't replicate
            log.error("Failed to perform local login", e);
            return status;
        }
    } else {
        // Simple case: make a password token, context and then replicate
        PasswordToken token = new PasswordToken(password);
        ClientContext peerContext = getContextForPeer(localConf, target, principal, token);
        return _replicate(p, status, target, helper, localConf, peerContext, null);
    }
}

Example 69 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class Shell method execCommand.

public void execCommand(String input, boolean ignoreAuthTimeout, boolean echoPrompt) throws IOException {
    audit.log(Level.INFO, getDefaultPrompt() + input);
    if (echoPrompt) {
        reader.print(getDefaultPrompt());
        reader.println(input);
    }
    if (input.startsWith(COMMENT_PREFIX)) {
        return;
    }
    String[] fields;
    try {
        fields = new QuotedStringTokenizer(input).getTokens();
    } catch (BadArgumentException e) {
        printException(e);
        ++exitCode;
        return;
    }
    if (fields.length == 0)
        return;
    String command = fields[0];
    fields = fields.length > 1 ? Arrays.copyOfRange(fields, 1, fields.length) : new String[] {};
    Command sc = null;
    if (command.length() > 0) {
        try {
            // Obtain the command from the command table
            sc = commandFactory.get(command);
            if (sc == null) {
                reader.println(String.format("Unknown command \"%s\".  Enter \"help\" for a list possible commands.", command));
                reader.flush();
                return;
            }
            long duration = System.nanoTime() - lastUserActivity;
            if (!(sc instanceof ExitCommand) && !ignoreAuthTimeout && (duration < 0 || duration > authTimeout)) {
                reader.println("Shell has been idle for too long. Please re-authenticate.");
                boolean authFailed = true;
                do {
                    String pwd = readMaskedLine("Enter current password for '" + connector.whoami() + "': ", '*');
                    if (pwd == null) {
                        reader.println();
                        return;
                    }
                    try {
                        authFailed = !connector.securityOperations().authenticateUser(connector.whoami(), new PasswordToken(pwd));
                    } catch (Exception e) {
                        ++exitCode;
                        printException(e);
                    }
                    if (authFailed)
                        reader.print("Invalid password. ");
                } while (authFailed);
                lastUserActivity = System.nanoTime();
            }
            // Get the options from the command on how to parse the string
            Options parseOpts = sc.getOptionsWithHelp();
            // Parse the string using the given options
            CommandLine cl = new BasicParser().parse(parseOpts, fields);
            int actualArgLen = cl.getArgs().length;
            int expectedArgLen = sc.numArgs();
            if (cl.hasOption(helpOption)) {
                // Display help if asked to; otherwise execute the command
                sc.printHelp(this);
            } else if (expectedArgLen != NO_FIXED_ARG_LENGTH_CHECK && actualArgLen != expectedArgLen) {
                ++exitCode;
                // Check for valid number of fixed arguments (if not
                // negative; negative means it is not checked, for
                // vararg-like commands)
                printException(new IllegalArgumentException(String.format("Expected %d argument%s. There %s %d.", expectedArgLen, expectedArgLen == 1 ? "" : "s", actualArgLen == 1 ? "was" : "were", actualArgLen)));
                sc.printHelp(this);
            } else {
                int tmpCode = sc.execute(input, cl, this);
                exitCode += tmpCode;
                reader.flush();
            }
        } catch (ConstraintViolationException e) {
            ++exitCode;
            printConstraintViolationException(e);
        } catch (TableNotFoundException e) {
            ++exitCode;
            if (getTableName().equals(e.getTableName()))
                setTableName("");
            printException(e);
        } catch (ParseException e) {
            // option when the user is asking for help
            if (!(e instanceof MissingOptionException && (Arrays.asList(fields).contains("-" + helpOption) || Arrays.asList(fields).contains("--" + helpLongOption)))) {
                ++exitCode;
                printException(e);
            }
            if (sc != null)
                sc.printHelp(this);
        } catch (UserInterruptException e) {
            ++exitCode;
        } catch (Exception e) {
            ++exitCode;
            printException(e);
        }
    } else {
        ++exitCode;
        printException(new BadArgumentException("Unrecognized empty command", command, -1));
    }
    reader.flush();
}

Example 70 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class ReplicationProcessorTest method peerTypeExtractionFromConfiguration.

@Test
public void peerTypeExtractionFromConfiguration() {
    Instance inst = EasyMock.createMock(Instance.class);
    VolumeManager fs = EasyMock.createMock(VolumeManager.class);
    Credentials creds = new Credentials("foo", new PasswordToken("bar"));
    ClientContext context = new ClientContext(inst, creds, ClientConfiguration.create());
    Map<String, String> data = new HashMap<>();
    String peerName = "peer";
    String configuration = "java.lang.String,foo";
    data.put(Property.REPLICATION_PEERS + peerName, configuration);
    ConfigurationCopy conf = new ConfigurationCopy(data);
    ReplicationProcessor proc = new ReplicationProcessor(context, conf, fs);
    Assert.assertEquals(configuration, proc.getPeerType(peerName));
}