Example 6 with TCompactProtocol
use of org.apache.thrift.protocol.TCompactProtocol in project accumulo by apache.
the class KerberosProxyIT method testProxyClient.
@Test
public void testProxyClient() throws Exception {
ClusterUser rootUser = kdc.getRootUser();
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
TSocket socket = new TSocket(hostname, proxyPort);
log.info("Connecting to proxy with server primary '{}' running on {}", proxyPrimary, hostname);
TSaslClientTransport transport = new TSaslClientTransport("GSSAPI", null, proxyPrimary, hostname, Collections.singletonMap("javax.security.sasl.qop", "auth"), null, socket);
final UGIAssumingTransport ugiTransport = new UGIAssumingTransport(transport, ugi);
// UGI transport will perform the doAs for us
ugiTransport.open();
AccumuloProxy.Client.Factory factory = new AccumuloProxy.Client.Factory();
Client client = factory.getClient(new TCompactProtocol(ugiTransport), new TCompactProtocol(ugiTransport));
// Will fail if the proxy can impersonate the client
ByteBuffer login = client.login(rootUser.getPrincipal(), Collections.<String, String>emptyMap());
// For all of the below actions, the proxy user doesn't have permission to do any of them, but the client user does.
// The fact that any of them actually run tells us that impersonation is working.
// Create a table
String table = "table";
if (!client.tableExists(login, table)) {
client.createTable(login, table, true, TimeType.MILLIS);
}
// Write two records to the table
String writer = client.createWriter(login, table, new WriterOptions());
Map<ByteBuffer, List<ColumnUpdate>> updates = new HashMap<>();
ColumnUpdate update = new ColumnUpdate(ByteBuffer.wrap("cf1".getBytes(UTF_8)), ByteBuffer.wrap("cq1".getBytes(UTF_8)));
update.setValue(ByteBuffer.wrap("value1".getBytes(UTF_8)));
updates.put(ByteBuffer.wrap("row1".getBytes(UTF_8)), Collections.singletonList(update));
update = new ColumnUpdate(ByteBuffer.wrap("cf2".getBytes(UTF_8)), ByteBuffer.wrap("cq2".getBytes(UTF_8)));
update.setValue(ByteBuffer.wrap("value2".getBytes(UTF_8)));
updates.put(ByteBuffer.wrap("row2".getBytes(UTF_8)), Collections.singletonList(update));
client.update(writer, updates);
// Flush and close the writer
client.flush(writer);
client.closeWriter(writer);
// Open a scanner to the table
String scanner = client.createScanner(login, table, new ScanOptions());
ScanResult results = client.nextK(scanner, 10);
assertEquals(2, results.getResults().size());
// Check the first key-value
KeyValue kv = results.getResults().get(0);
Key k = kv.key;
ByteBuffer v = kv.value;
assertEquals(ByteBuffer.wrap("row1".getBytes(UTF_8)), k.row);
assertEquals(ByteBuffer.wrap("cf1".getBytes(UTF_8)), k.colFamily);
assertEquals(ByteBuffer.wrap("cq1".getBytes(UTF_8)), k.colQualifier);
assertEquals(ByteBuffer.wrap(new byte[0]), k.colVisibility);
assertEquals(ByteBuffer.wrap("value1".getBytes(UTF_8)), v);
// And then the second
kv = results.getResults().get(1);
k = kv.key;
v = kv.value;
assertEquals(ByteBuffer.wrap("row2".getBytes(UTF_8)), k.row);
assertEquals(ByteBuffer.wrap("cf2".getBytes(UTF_8)), k.colFamily);
assertEquals(ByteBuffer.wrap("cq2".getBytes(UTF_8)), k.colQualifier);
assertEquals(ByteBuffer.wrap(new byte[0]), k.colVisibility);
assertEquals(ByteBuffer.wrap("value2".getBytes(UTF_8)), v);
// Close the scanner
client.closeScanner(scanner);
ugiTransport.close();
}
Also used :
AccumuloProxy(org.apache.accumulo.proxy.thrift.AccumuloProxy)
ScanResult(org.apache.accumulo.proxy.thrift.ScanResult)
ColumnUpdate(org.apache.accumulo.proxy.thrift.ColumnUpdate)
KeyValue(org.apache.accumulo.proxy.thrift.KeyValue)
HashMap(java.util.HashMap)
LoggerFactory(org.slf4j.LoggerFactory)
TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
ByteBuffer(java.nio.ByteBuffer)
UGIAssumingTransport(org.apache.accumulo.core.rpc.UGIAssumingTransport)
WriterOptions(org.apache.accumulo.proxy.thrift.WriterOptions)
ClusterUser(org.apache.accumulo.cluster.ClusterUser)
List(java.util.List)
ScanOptions(org.apache.accumulo.proxy.thrift.ScanOptions)
Client(org.apache.accumulo.proxy.thrift.AccumuloProxy.Client)
Key(org.apache.accumulo.proxy.thrift.Key)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
TSocket(org.apache.thrift.transport.TSocket)
Test(org.junit.Test)
Example 7 with TCompactProtocol
use of org.apache.thrift.protocol.TCompactProtocol in project accumulo by apache.
the class KerberosProxyIT method testDisallowedClientForImpersonation.
@Test
public void testDisallowedClientForImpersonation() throws Exception {
String user = testName.getMethodName();
File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
kdc.createPrincipal(keytab, user);
// Login as the new user
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, keytab.getAbsolutePath());
log.info("Logged in as {}", ugi);
// Expect an AccumuloSecurityException
thrown.expect(AccumuloSecurityException.class);
// Error msg would look like:
//
// org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user Principal in credentials object should match kerberos
// principal.
// Expected 'proxy/hw10447.local@EXAMPLE.COM' but was 'testDisallowedClientForImpersonation@EXAMPLE.COM' - Username or Password is Invalid)
thrown.expect(new ThriftExceptionMatchesPattern(".*Error BAD_CREDENTIALS.*"));
thrown.expect(new ThriftExceptionMatchesPattern(".*Expected '" + proxyPrincipal + "' but was '" + kdc.qualifyUser(user) + "'.*"));
TSocket socket = new TSocket(hostname, proxyPort);
log.info("Connecting to proxy with server primary '{}' running on {}", proxyPrimary, hostname);
// Should fail to open the tran
TSaslClientTransport transport = new TSaslClientTransport("GSSAPI", null, proxyPrimary, hostname, Collections.singletonMap("javax.security.sasl.qop", "auth"), null, socket);
final UGIAssumingTransport ugiTransport = new UGIAssumingTransport(transport, ugi);
// UGI transport will perform the doAs for us
ugiTransport.open();
AccumuloProxy.Client.Factory factory = new AccumuloProxy.Client.Factory();
Client client = factory.getClient(new TCompactProtocol(ugiTransport), new TCompactProtocol(ugiTransport));
// Will fail because the proxy can't impersonate this user (per the site configuration)
try {
client.login(kdc.qualifyUser(user), Collections.<String, String>emptyMap());
} finally {
if (null != ugiTransport) {
ugiTransport.close();
}
}
}
Also used :
UGIAssumingTransport(org.apache.accumulo.core.rpc.UGIAssumingTransport)
AccumuloProxy(org.apache.accumulo.proxy.thrift.AccumuloProxy)
LoggerFactory(org.slf4j.LoggerFactory)
TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport)
Client(org.apache.accumulo.proxy.thrift.AccumuloProxy.Client)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
File(java.io.File)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
TSocket(org.apache.thrift.transport.TSocket)
Test(org.junit.Test)
Example 8 with TCompactProtocol
use of org.apache.thrift.protocol.TCompactProtocol in project accumulo by apache.
the class KerberosProxyIT method testMismatchPrincipals.
@Test
public void testMismatchPrincipals() throws Exception {
ClusterUser rootUser = kdc.getRootUser();
// Should get an AccumuloSecurityException and the given message
thrown.expect(AccumuloSecurityException.class);
thrown.expect(new ThriftExceptionMatchesPattern(ProxyServer.RPC_ACCUMULO_PRINCIPAL_MISMATCH_MSG));
// Make a new user
String user = testName.getMethodName();
File keytab = new File(kdc.getKeytabDir(), user + ".keytab");
kdc.createPrincipal(keytab, user);
// Login as the new user
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, keytab.getAbsolutePath());
log.info("Logged in as {}", ugi);
TSocket socket = new TSocket(hostname, proxyPort);
log.info("Connecting to proxy with server primary '{}' running on {}", proxyPrimary, hostname);
// Should fail to open the tran
TSaslClientTransport transport = new TSaslClientTransport("GSSAPI", null, proxyPrimary, hostname, Collections.singletonMap("javax.security.sasl.qop", "auth"), null, socket);
final UGIAssumingTransport ugiTransport = new UGIAssumingTransport(transport, ugi);
// UGI transport will perform the doAs for us
ugiTransport.open();
AccumuloProxy.Client.Factory factory = new AccumuloProxy.Client.Factory();
Client client = factory.getClient(new TCompactProtocol(ugiTransport), new TCompactProtocol(ugiTransport));
// Accumulo should let this through -- we need to rely on the proxy to dump me before talking to accumulo
try {
client.login(rootUser.getPrincipal(), Collections.<String, String>emptyMap());
} finally {
if (null != ugiTransport) {
ugiTransport.close();
}
}
}
Also used :
AccumuloProxy(org.apache.accumulo.proxy.thrift.AccumuloProxy)
LoggerFactory(org.slf4j.LoggerFactory)
TSaslClientTransport(org.apache.thrift.transport.TSaslClientTransport)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
UGIAssumingTransport(org.apache.accumulo.core.rpc.UGIAssumingTransport)
ClusterUser(org.apache.accumulo.cluster.ClusterUser)
Client(org.apache.accumulo.proxy.thrift.AccumuloProxy.Client)
File(java.io.File)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
TSocket(org.apache.thrift.transport.TSocket)
Test(org.junit.Test)
Example 9 with TCompactProtocol
use of org.apache.thrift.protocol.TCompactProtocol in project mlib by myshzzx.
the class CommonTest1 method client.
@Test
public void client() throws Exception {
TTransport transport;
try {
transport = new TFramedTransport(new TSocket("localhost", 19090));
TProtocol protocol = new TCompactProtocol(transport);
TService1.Client client = new TService1.Client(protocol);
transport.open();
while (true) {
try {
System.out.println(client.getStr("mysh", null));
Thread.sleep(1000);
} catch (Exception e) {
}
}
// transport.close();
} catch (TTransportException e) {
e.printStackTrace();
} catch (TException e) {
e.printStackTrace();
}
}
Also used :
TException(org.apache.thrift.TException)
TProtocol(org.apache.thrift.protocol.TProtocol)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
TException(org.apache.thrift.TException)
Test(org.junit.Test)
Example 10 with TCompactProtocol
use of org.apache.thrift.protocol.TCompactProtocol in project sw360portal by sw360.
the class TestAttachmentClient method main.
public static void main(String[] args) {
try {
THttpClient thriftClient = new THttpClient("http://127.0.0.1:8080/attachmentservice/thrift");
TProtocol protocol = new TCompactProtocol(thriftClient);
AttachmentService.Iface client = new AttachmentService.Client(protocol);
} catch (Exception e) {
assert (false);
}
}
Also used :
TProtocol(org.apache.thrift.protocol.TProtocol)
THttpClient(org.apache.thrift.transport.THttpClient)
TCompactProtocol(org.apache.thrift.protocol.TCompactProtocol)
THttpClient(org.apache.thrift.transport.THttpClient)
AttachmentService(org.eclipse.sw360.datahandler.thrift.attachments.AttachmentService)
TException(org.apache.thrift.TException)
IOException(java.io.IOException)
Aggregations
TCompactProtocol (org.apache.thrift.protocol.TCompactProtocol)54
TProtocol (org.apache.thrift.protocol.TProtocol)38
THttpClient (org.apache.thrift.transport.THttpClient)18
TSocket (org.apache.thrift.transport.TSocket)18
TException (org.apache.thrift.TException)15
TTransport (org.apache.thrift.transport.TTransport)11
TFramedTransport (org.apache.thrift.transport.TFramedTransport)9
IOException (java.io.IOException)8
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)7
TBinaryProtocol (org.apache.thrift.protocol.TBinaryProtocol)7
TIOStreamTransport (org.apache.thrift.transport.TIOStreamTransport)7
TTransportException (org.apache.thrift.transport.TTransportException)5
TFramedTransport (org.apache.thrift.transport.layered.TFramedTransport)5
Test (org.junit.Test)5
LoginException (javax.security.auth.login.LoginException)4
Hello (org.tech.model.Hello)4
URI (java.net.URI)3
ArrayList (java.util.ArrayList)3
UGIAssumingTransport (org.apache.accumulo.core.rpc.UGIAssumingTransport)3
AccumuloProxy (org.apache.accumulo.proxy.thrift.AccumuloProxy)3
