Examples with AccessControlList org.apache.hadoop.security.authorize.AccessControlList used on opensource projects

Search in sources :

Example 21 with AccessControlList

use of org.apache.hadoop.security.authorize.AccessControlList in project hadoop by apache.

the class DeprecatedQueueConfigurationParser method getQueueAcls.

/**
   * Parse ACLs for the queue from the configuration.
   */
private Map<String, AccessControlList> getQueueAcls(String name, Configuration conf) {
    HashMap<String, AccessControlList> map = new HashMap<String, AccessControlList>();
    for (QueueACL qAcl : QueueACL.values()) {
        String aclKey = toFullPropertyName(name, qAcl.getAclName());
        map.put(aclKey, new AccessControlList(conf.get(aclKey, "*")));
    }
    return map;
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) HashMap(java.util.HashMap)

Example 22 with AccessControlList

use of org.apache.hadoop.security.authorize.AccessControlList in project hadoop by apache.

the class ConfiguredYarnAuthorizer method checkPermissionInternal.

private boolean checkPermissionInternal(AccessType accessType, PrivilegedEntity target, UserGroupInformation user) {
    boolean ret = false;
    Map<AccessType, AccessControlList> acls = allAcls.get(target);
    if (acls != null) {
        AccessControlList list = acls.get(accessType);
        if (list != null) {
            ret = list.isUserAllowed(user);
        }
    }
    // recursively look up the queue to see if parent queue has the permission.
    if (target.getType() == EntityType.QUEUE && !ret) {
        String queueName = target.getName();
        if (!queueName.contains(".")) {
            return ret;
        }
        String parentQueueName = queueName.substring(0, queueName.lastIndexOf("."));
        return checkPermissionInternal(accessType, new PrivilegedEntity(target.getType(), parentQueueName), user);
    }
    return ret;
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList)

Example 23 with AccessControlList

use of org.apache.hadoop.security.authorize.AccessControlList in project hadoop by apache.

the class ApplicationACLsManager method addApplication.

public void addApplication(ApplicationId appId, Map<ApplicationAccessType, String> acls) {
    Map<ApplicationAccessType, AccessControlList> finalMap = new HashMap<ApplicationAccessType, AccessControlList>(acls.size());
    for (Entry<ApplicationAccessType, String> acl : acls.entrySet()) {
        finalMap.put(acl.getKey(), new AccessControlList(acl.getValue()));
    }
    this.applicationACLS.put(appId, finalMap);
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) ApplicationAccessType(org.apache.hadoop.yarn.api.records.ApplicationAccessType)

Example 24 with AccessControlList

use of org.apache.hadoop.security.authorize.AccessControlList in project hbase by apache.

the class TestHttpServer method testAuthorizationOfDefaultServlets.

/**
   * Verify the administrator access for /logs, /stacks, /conf, /logLevel and
   * /metrics servlets.
   * 
   * @throws Exception
   */
@Test
@Ignore
public void testAuthorizationOfDefaultServlets() throws Exception {
    Configuration conf = new Configuration();
    conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
    conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_INSTRUMENTATION_REQUIRES_ADMIN, true);
    conf.set(HttpServer.FILTER_INITIALIZERS_PROPERTY, DummyFilterInitializer.class.getName());
    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING, MyGroupsProvider.class.getName());
    Groups.getUserToGroupsMappingService(conf);
    MyGroupsProvider.clearMapping();
    MyGroupsProvider.mapping.put("userA", Arrays.asList("groupA"));
    MyGroupsProvider.mapping.put("userB", Arrays.asList("groupB"));
    MyGroupsProvider.mapping.put("userC", Arrays.asList("groupC"));
    MyGroupsProvider.mapping.put("userD", Arrays.asList("groupD"));
    MyGroupsProvider.mapping.put("userE", Arrays.asList("groupE"));
    HttpServer myServer = new HttpServer.Builder().setName("test").addEndpoint(new URI("http://localhost:0")).setFindPort(true).setConf(conf).setACL(new AccessControlList("userA,userB groupC,groupD")).build();
    myServer.setAttribute(HttpServer.CONF_CONTEXT_ATTRIBUTE, conf);
    myServer.start();
    String serverURL = "http://" + NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
    for (String servlet : new String[] { "conf", "logs", "stacks", "logLevel", "metrics" }) {
        for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
            assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL + servlet, user));
        }
        assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode(serverURL + servlet, "userE"));
    }
    myServer.stop();
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) Configuration(org.apache.hadoop.conf.Configuration) URI(java.net.URI) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 25 with AccessControlList

use of org.apache.hadoop.security.authorize.AccessControlList in project hbase by apache.

the class TestHttpServer method testHasAdministratorAccess.

@Test
public void testHasAdministratorAccess() throws Exception {
    Configuration conf = new Configuration();
    conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false);
    ServletContext context = Mockito.mock(ServletContext.class);
    Mockito.when(context.getAttribute(HttpServer.CONF_CONTEXT_ATTRIBUTE)).thenReturn(conf);
    Mockito.when(context.getAttribute(HttpServer.ADMINS_ACL)).thenReturn(null);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRemoteUser()).thenReturn(null);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    //authorization OFF
    Assert.assertTrue(HttpServer.hasAdministratorAccess(context, request, response));
    //authorization ON & user NULL
    response = Mockito.mock(HttpServletResponse.class);
    conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
    Assert.assertFalse(HttpServer.hasAdministratorAccess(context, request, response));
    Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
    //authorization ON & user NOT NULL & ACLs NULL
    response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getRemoteUser()).thenReturn("foo");
    Assert.assertTrue(HttpServer.hasAdministratorAccess(context, request, response));
    //authorization ON & user NOT NULL & ACLs NOT NULL & user not in ACLs
    response = Mockito.mock(HttpServletResponse.class);
    AccessControlList acls = Mockito.mock(AccessControlList.class);
    Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
    Mockito.when(context.getAttribute(HttpServer.ADMINS_ACL)).thenReturn(acls);
    Assert.assertFalse(HttpServer.hasAdministratorAccess(context, request, response));
    Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
    //authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
    response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(true);
    Mockito.when(context.getAttribute(HttpServer.ADMINS_ACL)).thenReturn(acls);
    Assert.assertTrue(HttpServer.hasAdministratorAccess(context, request, response));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) Configuration(org.apache.hadoop.conf.Configuration) ServletContext(javax.servlet.ServletContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Aggregations

AccessControlList (org.apache.hadoop.security.authorize.AccessControlList)62 Configuration (org.apache.hadoop.conf.Configuration)20 HashMap (java.util.HashMap)18 Test (org.junit.Test)15 JobACL (org.apache.hadoop.mapreduce.JobACL)10 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)10 ServletContext (javax.servlet.ServletContext)5 ApplicationClientProtocol (org.apache.hadoop.yarn.api.ApplicationClientProtocol)5 GetApplicationReportRequest (org.apache.hadoop.yarn.api.protocolrecords.GetApplicationReportRequest)5 KillApplicationRequest (org.apache.hadoop.yarn.api.protocolrecords.KillApplicationRequest)5 ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)5 IOException (java.io.IOException)4 URI (java.net.URI)4 ArrayList (java.util.ArrayList)4 Map (java.util.Map)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 ApplicationAccessType (org.apache.hadoop.yarn.api.records.ApplicationAccessType)4 QueueACL (org.apache.hadoop.yarn.api.records.QueueACL)3 AccessType (org.apache.hadoop.yarn.security.AccessType)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial