Examples with UserGroupInformation org.apache.hadoop.security.UserGroupInformation used on opensource projects

Example 46 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hive by apache.

the class TestHadoopAuthBridge23 method testSaslWithHiveMetaStore.

@Test
public void testSaslWithHiveMetaStore() throws Exception {
    setup();
    UserGroupInformation clientUgi = UserGroupInformation.getCurrentUser();
    obtainTokenAndAddIntoUGI(clientUgi, null);
    obtainTokenAndAddIntoUGI(clientUgi, "tokenForFooTablePartition");
}

Example 47 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hive by apache.

the class TestHadoopAuthBridge23 method testMetastoreProxyUser.

@Test
public void testMetastoreProxyUser() throws Exception {
    setup();
    final String proxyUserName = "proxyUser";
    //set the configuration up such that proxyUser can act on
    //behalf of all users belonging to the group foo_bar_group (
    //a dummy group)
    String[] groupNames = new String[] { "foo_bar_group" };
    setGroupsInConf(groupNames, proxyUserName);
    final UserGroupInformation delegationTokenUser = UserGroupInformation.getCurrentUser();
    final UserGroupInformation proxyUserUgi = UserGroupInformation.createRemoteUser(proxyUserName);
    String tokenStrForm = proxyUserUgi.doAs(new PrivilegedExceptionAction<String>() {

        public String run() throws Exception {
            try {
                //foo_bar_group, the call to getDelegationTokenStr will fail
                return getDelegationTokenStr(delegationTokenUser, proxyUserUgi);
            } catch (AuthorizationException ae) {
                return null;
            }
        }
    });
    Assert.assertTrue("Expected the getDelegationToken call to fail", tokenStrForm == null);
    //set the configuration up such that proxyUser can act on
    //behalf of all users belonging to the real group(s) that the
    //user running the test belongs to
    setGroupsInConf(UserGroupInformation.getCurrentUser().getGroupNames(), proxyUserName);
    tokenStrForm = proxyUserUgi.doAs(new PrivilegedExceptionAction<String>() {

        public String run() throws Exception {
            try {
                //obtained above the call to getDelegationTokenStr will succeed
                return getDelegationTokenStr(delegationTokenUser, proxyUserUgi);
            } catch (AuthorizationException ae) {
                return null;
            }
        }
    });
    Assert.assertTrue("Expected the getDelegationToken call to not fail", tokenStrForm != null);
    Token<DelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>();
    t.decodeFromUrlString(tokenStrForm);
    //check whether the username in the token is what we expect
    DelegationTokenIdentifier d = new DelegationTokenIdentifier();
    d.readFields(new DataInputStream(new ByteArrayInputStream(t.getIdentifier())));
    Assert.assertTrue("Usernames don't match", delegationTokenUser.getShortUserName().equals(d.getUser().getShortUserName()));
}

Example 48 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hive by apache.

the class LlapTokenChecker method checkPermissions.

public static void checkPermissions(String clusterId, String userName, String appId, Object hint) throws IOException {
    if (!UserGroupInformation.isSecurityEnabled())
        return;
    Preconditions.checkNotNull(userName);
    UserGroupInformation current = UserGroupInformation.getCurrentUser();
    String kerberosName = current.hasKerberosCredentials() ? current.getShortUserName() : null;
    List<LlapTokenIdentifier> tokens = getLlapTokens(current, clusterId);
    checkPermissionsInternal(kerberosName, tokens, userName, appId, hint);
}

Example 49 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hive by apache.

the class LlapTokenChecker method getTokenInfo.

public static LlapTokenInfo getTokenInfo(String clusterId) throws IOException {
    if (!UserGroupInformation.isSecurityEnabled())
        return NO_SECURITY;
    UserGroupInformation current = UserGroupInformation.getCurrentUser();
    String kerberosName = current.hasKerberosCredentials() ? current.getShortUserName() : null;
    List<LlapTokenIdentifier> tokens = getLlapTokens(current, clusterId);
    if ((tokens == null || tokens.isEmpty()) && kerberosName == null) {
        throw new SecurityException("No tokens or kerberos for " + current);
    }
    warnMultipleTokens(tokens);
    return getTokenInfoInternal(kerberosName, tokens);
}

Example 50 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hbase by apache.

the class TestSecureIPC method testRpcFallbackToSimpleAuth.

@Test
public void testRpcFallbackToSimpleAuth() throws Exception {
    String clientUsername = "testuser";
    UserGroupInformation clientUgi = UserGroupInformation.createUserForTesting(clientUsername, new String[] { clientUsername });
    // check that the client user is insecure
    assertNotSame(ugi, clientUgi);
    assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());
    assertEquals(clientUsername, clientUgi.getUserName());
    clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
    serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, true);
    callRpcService(User.create(clientUgi));
}