Examples with AuthorizationException org.apache.hadoop.security.authorize.AuthorizationException used on opensource projects

Search in sources :

Example 26 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class NameNodeRpcServer method refreshServiceAcl.

// RefreshAuthorizationPolicyProtocol
@Override
public void refreshServiceAcl() throws IOException {
    checkNNStartup();
    if (!serviceAuthEnabled) {
        throw new AuthorizationException("Service Level Authorization not enabled!");
    }
    this.clientRpcServer.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider());
    if (this.serviceRpcServer != null) {
        this.serviceRpcServer.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider());
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) HDFSPolicyProvider(org.apache.hadoop.hdfs.HDFSPolicyProvider) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)

Example 27 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project ranger by apache.

the class RangerKmsAuthorizerTest method testGenerateEEK.

@Test
public void testGenerateEEK() throws Throwable {
    if (!UNRESTRICTED_POLICIES_INSTALLED) {
        return;
    }
    // bob should have permission to generate EEK
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to generate EEK
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi2, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
    // the IT group should not have permission to generate EEK
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.GENERATE_EEK, ugi3, KMSOp.GENERATE_EEK, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 28 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project ranger by apache.

the class RangerKmsAuthorizerTest method testGetMetadata.

@Test
public void testGetMetadata() throws Throwable {
    if (!UNRESTRICTED_POLICIES_INSTALLED) {
        return;
    }
    // bob should have permission to get the metadata
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to get the metadata
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi2, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
    // the IT group should have permission to get the metadata
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_METADATA, ugi3, KMSOp.GET_METADATA, "newkey1", "127.0.0.1");
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 29 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project ranger by apache.

the class RangerKmsAuthorizerTest method testRollover.

@Test
public void testRollover() throws Throwable {
    if (!UNRESTRICTED_POLICIES_INSTALLED) {
        return;
    }
    // bob should have permission to rollover
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to rollover
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi2, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
    // the IT group should not have permission to rollover
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.ROLLOVER, ugi3, KMSOp.ROLL_NEW_VERSION, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 30 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project ranger by apache.

the class RangerKmsAuthorizerTest method testGetKeys.

@Test
public void testGetKeys() throws Throwable {
    if (!UNRESTRICTED_POLICIES_INSTALLED) {
        return;
    }
    // bob should have permission to get keys
    final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("bob");
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi, KMSOp.GET_KEYS, "newkey1", "127.0.0.1");
            return null;
        }
    });
    // "eve" should not have permission to get keys
    final UserGroupInformation ugi2 = UserGroupInformation.createRemoteUser("eve");
    ugi2.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try {
                KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi2, KMSOp.GET_KEYS, "newkey1", "127.0.0.1");
                Assert.fail("Failure expected");
            } catch (AuthorizationException ex) {
                LOG.error(ex);
            }
            return null;
        }
    });
    // the IT group should have permission to get keys
    final UserGroupInformation ugi3 = UserGroupInformation.createUserForTesting("alice", new String[] { "IT" });
    ugi3.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            KMSWebApp.getACLs().assertAccess(Type.GET_KEYS, ugi3, KMSOp.GET_KEYS, "newkey1", "127.0.0.1");
            return null;
        }
    });
}
Also used : AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Aggregations

AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)67 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)42 IOException (java.io.IOException)22 Test (org.junit.Test)21 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)14 Path (javax.ws.rs.Path)14 Produces (javax.ws.rs.Produces)14 BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)12 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)11 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)8 Consumes (javax.ws.rs.Consumes)8 POST (javax.ws.rs.POST)8 Configuration (org.apache.hadoop.conf.Configuration)6 RemoteException (org.apache.hadoop.ipc.RemoteException)6 NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 PUT (javax.ws.rs.PUT)4 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)4 Token (org.apache.hadoop.security.token.Token)4 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial