Examples with AuthorizationException org.apache.hadoop.security.authorize.AuthorizationException used on opensource projects

Search in sources :

Example 56 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class ExceptionHandler method exceptionCaught.

static DefaultFullHttpResponse exceptionCaught(Throwable cause) {
    Exception e = cause instanceof Exception ? (Exception) cause : new Exception(cause);
    if (LOG.isTraceEnabled()) {
        LOG.trace("GOT EXCEPTION", e);
    }
    //Convert exception
    if (e instanceof ParamException) {
        final ParamException paramexception = (ParamException) e;
        e = new IllegalArgumentException("Invalid value for webhdfs parameter \"" + paramexception.getParameterName() + "\": " + e.getCause().getMessage(), e);
    } else if (e instanceof ContainerException || e instanceof SecurityException) {
        e = toCause(e);
    } else if (e instanceof RemoteException) {
        e = ((RemoteException) e).unwrapRemoteException();
    }
    //Map response status
    final HttpResponseStatus s;
    if (e instanceof SecurityException) {
        s = FORBIDDEN;
    } else if (e instanceof AuthorizationException) {
        s = FORBIDDEN;
    } else if (e instanceof FileNotFoundException) {
        s = NOT_FOUND;
    } else if (e instanceof IOException) {
        s = FORBIDDEN;
    } else if (e instanceof UnsupportedOperationException) {
        s = BAD_REQUEST;
    } else if (e instanceof IllegalArgumentException) {
        s = BAD_REQUEST;
    } else {
        LOG.warn("INTERNAL_SERVER_ERROR", e);
        s = INTERNAL_SERVER_ERROR;
    }
    final byte[] js = JsonUtil.toJsonString(e).getBytes(Charsets.UTF_8);
    DefaultFullHttpResponse resp = new DefaultFullHttpResponse(HTTP_1_1, s, Unpooled.wrappedBuffer(js));
    resp.headers().set(CONTENT_TYPE, APPLICATION_JSON_UTF8);
    resp.headers().set(CONTENT_LENGTH, js.length);
    return resp;
}
Also used : DefaultFullHttpResponse(io.netty.handler.codec.http.DefaultFullHttpResponse) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) HttpResponseStatus(io.netty.handler.codec.http.HttpResponseStatus) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) StandbyException(org.apache.hadoop.ipc.StandbyException) ContainerException(com.sun.jersey.api.container.ContainerException) IOException(java.io.IOException) RemoteException(org.apache.hadoop.ipc.RemoteException) FileNotFoundException(java.io.FileNotFoundException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) ParamException(com.sun.jersey.api.ParamException) ContainerException(com.sun.jersey.api.container.ContainerException) ParamException(com.sun.jersey.api.ParamException) RemoteException(org.apache.hadoop.ipc.RemoteException)

Example 57 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class ExceptionHandler method toResponse.

@Override
public Response toResponse(Exception e) {
    if (LOG.isTraceEnabled()) {
        LOG.trace("GOT EXCEPITION", e);
    }
    //clear content type
    response.setContentType(null);
    //Convert exception
    if (e instanceof ParamException) {
        final ParamException paramexception = (ParamException) e;
        e = new IllegalArgumentException("Invalid value for webhdfs parameter \"" + paramexception.getParameterName() + "\": " + e.getCause().getMessage(), e);
    }
    if (e instanceof ContainerException) {
        e = toCause(e);
    }
    if (e instanceof RemoteException) {
        e = ((RemoteException) e).unwrapRemoteException();
    }
    if (e instanceof SecurityException) {
        e = toCause(e);
    }
    //Map response status
    final Response.Status s;
    if (e instanceof SecurityException) {
        s = Response.Status.FORBIDDEN;
    } else if (e instanceof AuthorizationException) {
        s = Response.Status.FORBIDDEN;
    } else if (e instanceof FileNotFoundException) {
        s = Response.Status.NOT_FOUND;
    } else if (e instanceof IOException) {
        s = Response.Status.FORBIDDEN;
    } else if (e instanceof UnsupportedOperationException) {
        s = Response.Status.BAD_REQUEST;
    } else if (e instanceof IllegalArgumentException) {
        s = Response.Status.BAD_REQUEST;
    } else {
        LOG.warn("INTERNAL_SERVER_ERROR", e);
        s = Response.Status.INTERNAL_SERVER_ERROR;
    }
    final String js = JsonUtil.toJsonString(e);
    return Response.status(s).type(MediaType.APPLICATION_JSON).entity(js).build();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) ContainerException(com.sun.jersey.api.container.ContainerException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) ParamException(com.sun.jersey.api.ParamException) RemoteException(org.apache.hadoop.ipc.RemoteException)

Example 58 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project testcases by coheigea.

the class RangerKmsAuthorizerTest method testGetMetadata.

@org.junit.Test
public void testGetMetadata() throws Throwable {
    // bob should have permission to get the metadata
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to get the metadata
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi2, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
            // expected
            }
            return null;
        }
    });
    // the IT group should have permission to get the metadata
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi3, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 59 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project testcases by coheigea.

the class RangerKmsAuthorizerTest method testRollover.

@org.junit.Test
public void testRollover() throws Throwable {
    // bob should have permission to rollover
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to rollover
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi2, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
            // expected
            }
            return null;
        }
    });
    // the IT group should not have permission to rollover
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi3, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
            // expected
            }
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 60 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project testcases by coheigea.

the class RangerKmsAuthorizerTest method testCreateKeys.

@org.junit.Test
public void testCreateKeys() throws Throwable {
    // bob should have permission to create
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to create
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi2, KMSOp.CREATE_KEY, "newkey2", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
            // expected
            }
            return null;
        }
    });
    // the IT group should not have permission to create
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.CREATE, ugi3, KMSOp.CREATE_KEY, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
            // expected
            }
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)69 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)44 IOException (java.io.IOException)23 Test (org.junit.Test)21 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)14 Path (javax.ws.rs.Path)14 Produces (javax.ws.rs.Produces)14 BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)12 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)11 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)8 Consumes (javax.ws.rs.Consumes)8 POST (javax.ws.rs.POST)8 Configuration (org.apache.hadoop.conf.Configuration)6 RemoteException (org.apache.hadoop.ipc.RemoteException)6 NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)4 PUT (javax.ws.rs.PUT)4 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)4 Token (org.apache.hadoop.security.token.Token)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial