Examples with SystemPermission org.apache.accumulo.core.security.SystemPermission used on opensource projects

Search in sources :

Example 11 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKSecurityTool method convertSystemPermissions.

public static byte[] convertSystemPermissions(Set<SystemPermission> systempermissions) {
    ByteArrayOutputStream bytes = new ByteArrayOutputStream(systempermissions.size());
    DataOutputStream out = new DataOutputStream(bytes);
    try {
        for (SystemPermission sp : systempermissions) out.writeByte(sp.getId());
    } catch (IOException e) {
        log.error("{}", e.getMessage(), e);
        // this is impossible with ByteArrayOutputStream; crash hard if this happens
        throw new RuntimeException(e);
    }
    return bytes.toByteArray();
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) DataOutputStream(java.io.DataOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException)

Example 12 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKSecurityTool method convertSystemPermissions.

public static Set<SystemPermission> convertSystemPermissions(byte[] systempermissions) {
    ByteArrayInputStream bytes = new ByteArrayInputStream(systempermissions);
    DataInputStream in = new DataInputStream(bytes);
    Set<SystemPermission> toReturn = new HashSet<>();
    try {
        while (in.available() > 0) toReturn.add(SystemPermission.getPermissionById(in.readByte()));
    } catch (IOException e) {
        log.error("User database is corrupt; error converting system permissions", e);
        toReturn.clear();
    }
    return toReturn;
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) ByteArrayInputStream(java.io.ByteArrayInputStream) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) HashSet(java.util.HashSet)

Example 13 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class PermissionsIT method systemPermissionsTest.

@Test
public void systemPermissionsTest() throws Exception {
    ClusterUser testUser = getUser(0), rootUser = getAdminUser();
    // verify that the test is being run by root
    Connector c = getConnector();
    verifyHasOnlyTheseSystemPermissions(c, c.whoami(), SystemPermission.values());
    // create the test user
    String principal = testUser.getPrincipal();
    AuthenticationToken token = testUser.getToken();
    PasswordToken passwordToken = null;
    if (token instanceof PasswordToken) {
        passwordToken = (PasswordToken) token;
    }
    loginAs(rootUser);
    c.securityOperations().createLocalUser(principal, passwordToken);
    loginAs(testUser);
    Connector test_user_conn = c.getInstance().getConnector(principal, token);
    loginAs(rootUser);
    verifyHasNoSystemPermissions(c, principal, SystemPermission.values());
    // test each permission
    for (SystemPermission perm : SystemPermission.values()) {
        log.debug("Verifying the {} permission", perm);
        // test permission before and after granting it
        String tableNamePrefix = getUniqueNames(1)[0];
        testMissingSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm);
        loginAs(rootUser);
        c.securityOperations().grantSystemPermission(principal, perm);
        verifyHasOnlyTheseSystemPermissions(c, principal, perm);
        testGrantedSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm);
        loginAs(rootUser);
        c.securityOperations().revokeSystemPermission(principal, perm);
        verifyHasNoSystemPermissions(c, principal, perm);
    }
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) Connector(org.apache.accumulo.core.client.Connector) PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) AuthenticationToken(org.apache.accumulo.core.client.security.tokens.AuthenticationToken) ClusterUser(org.apache.accumulo.cluster.ClusterUser) Test(org.junit.Test)

Example 14 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class KerberosIT method testUserPrivilegesThroughGrant.

@Test
public void testUserPrivilegesThroughGrant() throws Exception {
    String user1 = testName.getMethodName();
    final File user1Keytab = new File(kdc.getKeytabDir(), user1 + ".keytab");
    if (user1Keytab.exists() && !user1Keytab.delete()) {
        log.warn("Unable to delete {}", user1Keytab);
    }
    // Create some new users
    kdc.createPrincipal(user1Keytab, user1);
    final String qualifiedUser1 = kdc.qualifyUser(user1);
    // Log in as user1
    UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user1, user1Keytab.getAbsolutePath());
    log.info("Logged in as {}", user1);
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            // Indirectly creates this user when we use it
            Connector conn = mac.getConnector(qualifiedUser1, new KerberosToken());
            log.info("Created connector as {}", qualifiedUser1);
            // The new user should have no system permissions
            for (SystemPermission perm : SystemPermission.values()) {
                assertFalse(conn.securityOperations().hasSystemPermission(qualifiedUser1, perm));
            }
            return null;
        }
    });
    ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken());
            conn.securityOperations().grantSystemPermission(qualifiedUser1, SystemPermission.CREATE_TABLE);
            return null;
        }
    });
    // Switch back to the original user
    ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user1, user1Keytab.getAbsolutePath());
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            Connector conn = mac.getConnector(qualifiedUser1, new KerberosToken());
            // Shouldn't throw an exception since we granted the create table permission
            final String table = testName.getMethodName() + "_user_table";
            conn.tableOperations().create(table);
            // Make sure we can actually use the table we made
            BatchWriter bw = conn.createBatchWriter(table, new BatchWriterConfig());
            Mutation m = new Mutation("a");
            m.put("b", "c", "d");
            bw.addMutation(m);
            bw.close();
            conn.tableOperations().compact(table, new CompactionConfig().setWait(true).setFlush(true));
            return null;
        }
    });
}
Also used : Connector(org.apache.accumulo.core.client.Connector) KerberosToken(org.apache.accumulo.core.client.security.tokens.KerberosToken) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) TableExistsException(org.apache.accumulo.core.client.TableExistsException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) SystemPermission(org.apache.accumulo.core.security.SystemPermission) CompactionConfig(org.apache.accumulo.core.client.admin.CompactionConfig) BatchWriterConfig(org.apache.accumulo.core.client.BatchWriterConfig) BatchWriter(org.apache.accumulo.core.client.BatchWriter) Mutation(org.apache.accumulo.core.data.Mutation) File(java.io.File) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Aggregations

SystemPermission (org.apache.accumulo.core.security.SystemPermission)14 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 Connector (org.apache.accumulo.core.client.Connector)5 Test (org.junit.Test)5 File (java.io.File)4 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 TableExistsException (org.apache.accumulo.core.client.TableExistsException)4 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)4 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)4 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)4 KeeperException (org.apache.zookeeper.KeeperException)4 TreeSet (java.util.TreeSet)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 Set (java.util.Set)2 BatchWriter (org.apache.accumulo.core.client.BatchWriter)2 BatchWriterConfig (org.apache.accumulo.core.client.BatchWriterConfig)2 CompactionConfig (org.apache.accumulo.core.client.admin.CompactionConfig)2 Mutation (org.apache.accumulo.core.data.Mutation)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial