Java Code Examples for org.apache.hadoop.security.UserGroupInformation#createProxyUser()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#createProxyUser() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hbase   File: ConnectionCache.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Get the cached connection for the current user.
 * If none or timed out, create a new one.
 */
ConnectionInfo getCurrentConnection() throws IOException {
  String userName = getEffectiveUser();
  ConnectionInfo connInfo = connections.get(userName);
  if (connInfo == null || !connInfo.updateAccessTime()) {
    Lock lock = locker.acquireLock(userName);
    try {
      connInfo = connections.get(userName);
      if (connInfo == null) {
        UserGroupInformation ugi = realUser;
        if (!userName.equals(realUserName)) {
          ugi = UserGroupInformation.createProxyUser(userName, realUser);
        }
        User user = userProvider.create(ugi);
        Connection conn = ConnectionFactory.createConnection(conf, user);
        connInfo = new ConnectionInfo(conn, userName);
        connections.put(userName, connInfo);
      }
    } finally {
      lock.unlock();
    }
  }
  return connInfo;
}
 
Example 2
Source Project: attic-apex-core   File: ApexCli.java    License: Apache License 2.0 6 votes vote down vote up
public static void main(final String[] args) throws Exception
{
  LoggerUtil.setupMDC("client");
  final ApexCli shell = new ApexCli();
  shell.preImpersonationInit(args);
  String hadoopUserName = System.getenv("HADOOP_USER_NAME");
  if (UserGroupInformation.isSecurityEnabled()
      && StringUtils.isNotBlank(hadoopUserName)
      && !hadoopUserName.equals(UserGroupInformation.getLoginUser().getUserName())) {
    LOG.info("You ({}) are running as user {}", UserGroupInformation.getLoginUser().getUserName(), hadoopUserName);
    UserGroupInformation ugi = UserGroupInformation.createProxyUser(hadoopUserName, UserGroupInformation.getLoginUser());
    ugi.doAs(new PrivilegedExceptionAction<Void>()
    {
      @Override
      public Void run() throws Exception
      {
        shell.mainHelper();
        return null;
      }
    });
  } else {
    shell.mainHelper();
  }
}
 
Example 3
/**
 * Get the username encoded in the token identifier
 * 
 * @return the username or owner
 */
@Override
public UserGroupInformation getUser() {
  if ( (owner == null) || (owner.toString().isEmpty())) {
    return null;
  }
  final UserGroupInformation realUgi;
  final UserGroupInformation ugi;
  if ((realUser == null) || (realUser.toString().isEmpty())
      || realUser.equals(owner)) {
    ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
  } else {
    realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
    ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
  }
  realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
  return ugi;
}
 
Example 4
Source Project: hadoop   File: ProtoUtil.java    License: Apache License 2.0 6 votes vote down vote up
public static UserGroupInformation getUgi(UserInformationProto userInfo) {
  UserGroupInformation ugi = null;
  String effectiveUser = userInfo.hasEffectiveUser() ? userInfo
      .getEffectiveUser() : null;
  String realUser = userInfo.hasRealUser() ? userInfo.getRealUser() : null;
  if (effectiveUser != null) {
    if (realUser != null) {
      UserGroupInformation realUserUgi = UserGroupInformation
          .createRemoteUser(realUser);
      ugi = UserGroupInformation
          .createProxyUser(effectiveUser, realUserUgi);
    } else {
      ugi = org.apache.hadoop.security.UserGroupInformation
          .createRemoteUser(effectiveUser);
    }
  }
  return ugi;
}
 
Example 5
public static UserGroupInformation getUGI(final Configuration configuration) throws IOException {
  String user = getBlurUser(configuration);
  UserGroupInformation userGroupInformation;
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  if (user.equals(currentUser.getUserName())) {
    userGroupInformation = currentUser;
  } else {
    if (BlurHiveOutputFormat.isBlurUserAsProxy(configuration)) {
      userGroupInformation = UserGroupInformation.createProxyUser(user, currentUser);
    } else {
      userGroupInformation = UserGroupInformation.createRemoteUser(user);
    }
  }
  return userGroupInformation;
}
 
Example 6
Source Project: kite   File: KerberosUtil.java    License: Apache License 2.0 5 votes vote down vote up
public static UserGroupInformation proxyAs(String username,
                                           UserGroupInformation login) {
  Preconditions.checkArgument(username != null && !username.isEmpty(),
      "Invalid username: " + String.valueOf(username));
  Preconditions.checkArgument(login != null,
      "Cannot proxy without an authenticated user");

  // hadoop impersonation works with or without kerberos security
  return UserGroupInformation.createProxyUser(username, login);
}
 
Example 7
/**
 * Create a proxied user based on the explicit user name, taking other
 * parameters necessary from properties file.
 *
 * @throws IOException
 */
@Override
public synchronized UserGroupInformation getProxiedUser(String userToProxy)
    throws HadoopSecurityManagerException {

  if (userToProxy == null) {
    throw new HadoopSecurityManagerException("userToProxy can't be null");
  }

  UserGroupInformation ugi = userUgiMap.get(userToProxy);
  if (ugi == null) {
    logger.info("proxy user " + userToProxy
        + " not exist. Creating new proxy user");
    if (shouldProxy) {
      try {
        ugi =
            UserGroupInformation.createProxyUser(userToProxy,
                UserGroupInformation.getLoginUser());
      } catch (IOException e) {
        e.printStackTrace();
        throw new HadoopSecurityManagerException(
            "Failed to create proxy user", e);
      }
    } else {
      ugi = UserGroupInformation.createRemoteUser(userToProxy);
    }
    userUgiMap.putIfAbsent(userToProxy, ugi);
  }
  return ugi;
}
 
Example 8
Source Project: azkaban-plugins   File: SecurityUtils.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a proxied user based on the explicit user name, taking other
 * parameters necessary from properties file.
 */
public static synchronized UserGroupInformation getProxiedUser(
    String toProxy, Properties prop, Logger log, Configuration conf)
    throws IOException {

  if (conf == null) {
    throw new IllegalArgumentException("conf can't be null");
  }
  UserGroupInformation.setConfiguration(conf);

  if (toProxy == null) {
    throw new IllegalArgumentException("toProxy can't be null");
  }

  if (loginUser == null) {
    log.info("No login user. Creating login user");
    String keytab = verifySecureProperty(prop, PROXY_KEYTAB_LOCATION, log);
    String proxyUser = verifySecureProperty(prop, PROXY_USER, log);
    UserGroupInformation.loginUserFromKeytab(proxyUser, keytab);
    loginUser = UserGroupInformation.getLoginUser();
    log.info("Logged in with user " + loginUser);
  } else {
    log.info("loginUser (" + loginUser + ") already created, refreshing tgt.");
    loginUser.checkTGTAndReloginFromKeytab();
  }

  return UserGroupInformation.createProxyUser(toProxy, loginUser);
}
 
Example 9
Source Project: hbase   File: RESTServletContainer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * This container is used only if authentication and
 * impersonation is enabled. The remote request user is used
 * as a proxy user for impersonation in invoking any REST service.
 */
@Override
public void service(final HttpServletRequest request,
    final HttpServletResponse response) throws ServletException, IOException {
  final String doAsUserFromQuery = request.getParameter("doAs");
  RESTServlet servlet = RESTServlet.getInstance();
  if (doAsUserFromQuery != null) {
    Configuration conf = servlet.getConfiguration();
    if (!servlet.supportsProxyuser()) {
      throw new ServletException("Support for proxyuser is not configured");
    }
    // Authenticated remote user is attempting to do 'doAs' proxy user.
    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
    // create and attempt to authorize a proxy user (the client is attempting
    // to do proxy user)
    ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);
    // validate the proxy user authorization
    try {
      ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
    } catch(AuthorizationException e) {
      throw new ServletException(e.getMessage());
    }
    servlet.setEffectiveUser(doAsUserFromQuery);
  } else {
    String effectiveUser = request.getRemoteUser();
    servlet.setEffectiveUser(effectiveUser);
  }
  super.service(request, response);
}
 
Example 10
Source Project: hadoop   File: TestSaslRPC.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public UserGroupInformation getUser() {
  if (realUser.toString().isEmpty()) {
    return UserGroupInformation.createRemoteUser(tokenid.toString());
  } else {
    UserGroupInformation realUgi = UserGroupInformation
        .createRemoteUser(realUser.toString());
    return UserGroupInformation
        .createProxyUser(tokenid.toString(), realUgi);
  }
}
 
Example 11
Source Project: big-c   File: Server.java    License: Apache License 2.0 4 votes vote down vote up
/** Reads the connection context following the connection header
 * @param dis - DataInputStream from which to read the header 
 * @throws WrappedRpcServerException - if the header cannot be
 *         deserialized, or the user is not authorized
 */ 
private void processConnectionContext(DataInputStream dis)
    throws WrappedRpcServerException {
  // allow only one connection context during a session
  if (connectionContextRead) {
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_INVALID_RPC_HEADER,
        "Connection context already processed");
  }
  connectionContext = decodeProtobufFromStream(
      IpcConnectionContextProto.newBuilder(), dis);
  protocolName = connectionContext.hasProtocol() ? connectionContext
      .getProtocol() : null;

  UserGroupInformation protocolUser = ProtoUtil.getUgi(connectionContext);
  if (saslServer == null) {
    user = protocolUser;
  } else {
    // user is authenticated
    user.setAuthenticationMethod(authMethod);
    //Now we check if this is a proxy user case. If the protocol user is
    //different from the 'user', it is a proxy user scenario. However, 
    //this is not allowed if user authenticated with DIGEST.
    if ((protocolUser != null)
        && (!protocolUser.getUserName().equals(user.getUserName()))) {
      if (authMethod == AuthMethod.TOKEN) {
        // Not allowed to doAs if token authentication is used
        throw new WrappedRpcServerException(
            RpcErrorCodeProto.FATAL_UNAUTHORIZED,
            new AccessControlException("Authenticated user (" + user
                + ") doesn't match what the client claims to be ("
                + protocolUser + ")"));
      } else {
        // Effective user can be different from authenticated user
        // for simple auth or kerberos auth
        // The user is the real user. Now we create a proxy user
        UserGroupInformation realUser = user;
        user = UserGroupInformation.createProxyUser(protocolUser
            .getUserName(), realUser);
      }
    }
  }
  authorizeConnection();
  // don't set until after authz because connection isn't established
  connectionContextRead = true;
}
 
Example 12
Source Project: atlas   File: SSLAndKerberosTest.java    License: Apache License 2.0 4 votes vote down vote up
public void setUp() throws Exception {
    jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
    providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri();

    String persistDir = TestUtils.getTempDirectory();

    setupKDCAndPrincipals();
    setupCredentials();

    // client will actually only leverage subset of these properties
    final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);

    persistSSLClientConfiguration(configuration);

    TestUtils.writeConfiguration(configuration, persistDir + File.separator +
        ApplicationProperties.APPLICATION_PROPERTIES);

    String confLocation = System.getProperty("atlas.conf");
    URL url;
    if (confLocation == null) {
        url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES);
    } else {
        url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL();
    }
    configuration.load(url);
    configuration.setProperty(TLS_ENABLED, true);
    configuration.setProperty("atlas.authentication.method.kerberos", "true");
    configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
    configuration.setProperty("atlas.authentication.principal","dgi/[email protected]"+kdc.getRealm());

    configuration.setProperty("atlas.authentication.method.file", "false");
    configuration.setProperty("atlas.authentication.method.trustedproxy", "false");
    configuration.setProperty("atlas.authentication.method.kerberos", "true");
    configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/[email protected]" + kdc.getRealm());
    configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
    configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
            "RULE:[1:[email protected]$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");

    configuration.setProperty("atlas.authentication.method.file", "true");
    configuration.setProperty("atlas.authentication.method.file.filename", persistDir
            + "/users-credentials");
    configuration.setProperty("atlas.auth.policy.file",persistDir
            + "/policy-store.txt" );
    TestUtils.writeConfiguration(configuration, persistDir + File.separator +
      "atlas-application.properties");

    setupUserCredential(persistDir);
    setUpPolicyStore(persistDir);

    subject = loginTestUser();
    UserGroupInformation.loginUserFromSubject(subject);
    UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
        "testUser",
        UserGroupInformation.getLoginUser());

    // save original setting
    originalConf = System.getProperty("atlas.conf");
    System.setProperty("atlas.conf", persistDir);

    originalHomeDir = System.getProperty("atlas.home");
    System.setProperty("atlas.home", TestUtils.getTargetDirectory());

    dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
        @Override
        public AtlasClient run() throws Exception {
            return new AtlasClient(configuration, DGI_URL);
        }
    });


    secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
        @Override
        public PropertiesConfiguration getConfiguration() {
            return configuration;
        }
    };
    secureEmbeddedServer.getServer().start();
}
 
Example 13
Source Project: hadoop   File: FileSystemAccessService.java    License: Apache License 2.0 4 votes vote down vote up
protected UserGroupInformation getUGI(String user) throws IOException {
  return UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
}
 
Example 14
@Override
public UserGroupInformation load(Key key) throws Exception {
  return UserGroupInformation.createProxyUser(key.proxyUserName, key.loginUser);
}
 
Example 15
Source Project: big-c   File: FileSystemAccessService.java    License: Apache License 2.0 4 votes vote down vote up
protected UserGroupInformation getUGI(String user) throws IOException {
  return UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
}
 
Example 16
@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request,
    HttpServletResponse response) throws IOException, ServletException {
  final HttpServletRequest lowerCaseRequest = toLowerCase(request);
  String doAsUser = lowerCaseRequest.getParameter(DO_AS);

  if (doAsUser != null && !doAsUser.equals(request.getRemoteUser())) {
    LOG.debug("doAsUser = {}, RemoteUser = {} , RemoteAddress = {} ",
        doAsUser, request.getRemoteUser(), request.getRemoteAddr());
    UserGroupInformation requestUgi = (request.getUserPrincipal() != null) ?
        UserGroupInformation.createRemoteUser(request.getRemoteUser())
        : null;
    if (requestUgi != null) {
      requestUgi = UserGroupInformation.createProxyUser(doAsUser,
          requestUgi);
      try {
        ProxyUsers.authorize(requestUgi, request.getRemoteAddr());

        final UserGroupInformation ugiF = requestUgi;
        request = new HttpServletRequestWrapper(request) {
          @Override
          public String getRemoteUser() {
            return ugiF.getShortUserName();
          }

          @Override
          public Principal getUserPrincipal() {
            return new Principal() {
              @Override
              public String getName() {
                return ugiF.getUserName();
              }
            };
          }
        };
        LOG.debug("Proxy user Authentication successful");
      } catch (AuthorizationException ex) {
        HttpExceptionUtils.createServletExceptionResponse(response,
            HttpServletResponse.SC_FORBIDDEN, ex);
        LOG.warn("Proxy user Authentication exception", ex);
        return;
      }
    }
  }
  super.doFilter(filterChain, request, response);
}
 
Example 17
Source Project: hadoop   File: TestWebHdfsUrl.java    License: Apache License 2.0 4 votes vote down vote up
@Test(timeout=60000)
public void testSecureProxyAuthParamsInUrl() throws IOException {
  Configuration conf = new Configuration();
  // fake turning on security so api thinks it should use tokens
  SecurityUtil.setAuthenticationMethod(KERBEROS, conf);
  UserGroupInformation.setConfiguration(conf);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser("test-user");
  ugi.setAuthenticationMethod(KERBEROS);
  ugi = UserGroupInformation.createProxyUser("test-proxy-user", ugi);
  UserGroupInformation.setLoginUser(ugi);

  WebHdfsFileSystem webhdfs = getWebHdfsFileSystem(ugi, conf);
  Path fsPath = new Path("/");
  String tokenString = webhdfs.getDelegationToken().encodeToUrlString();

  // send real+effective
  URL getTokenUrl = webhdfs.toUrl(GetOpParam.Op.GETDELEGATIONTOKEN, fsPath);
  checkQueryParams(
      new String[]{
          GetOpParam.Op.GETDELEGATIONTOKEN.toQueryString(),
          new UserParam(ugi.getRealUser().getShortUserName()).toString(),
          new DoAsParam(ugi.getShortUserName()).toString()
      },
      getTokenUrl);

  // send real+effective
  URL renewTokenUrl = webhdfs.toUrl(PutOpParam.Op.RENEWDELEGATIONTOKEN,
      fsPath, new TokenArgumentParam(tokenString));
  checkQueryParams(
      new String[]{
          PutOpParam.Op.RENEWDELEGATIONTOKEN.toQueryString(),
          new UserParam(ugi.getRealUser().getShortUserName()).toString(),
          new DoAsParam(ugi.getShortUserName()).toString(),
          new TokenArgumentParam(tokenString).toString(),
      },
      renewTokenUrl);

  // send token
  URL cancelTokenUrl = webhdfs.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN,
      fsPath, new TokenArgumentParam(tokenString));
  checkQueryParams(
      new String[]{
          PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(),
          new UserParam(ugi.getRealUser().getShortUserName()).toString(),
          new DoAsParam(ugi.getShortUserName()).toString(),
          new TokenArgumentParam(tokenString).toString(),
      },
      cancelTokenUrl);
  
  // send token
  URL fileStatusUrl = webhdfs.toUrl(GetOpParam.Op.GETFILESTATUS, fsPath);
  checkQueryParams(
      new String[]{
          GetOpParam.Op.GETFILESTATUS.toQueryString(),
          new DelegationParam(tokenString).toString()
      },
      fileStatusUrl);

  // wipe out internal token to simulate auth always required
  webhdfs.setDelegationToken(null);
  
  // send real+effective
  cancelTokenUrl = webhdfs.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN,
      fsPath, new TokenArgumentParam(tokenString));
  checkQueryParams(
      new String[]{
          PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(),
          new UserParam(ugi.getRealUser().getShortUserName()).toString(),
          new DoAsParam(ugi.getShortUserName()).toString(),
          new TokenArgumentParam(tokenString).toString()
      },
      cancelTokenUrl);
  
  // send real+effective
  fileStatusUrl = webhdfs.toUrl(GetOpParam.Op.GETFILESTATUS, fsPath);
  checkQueryParams(
      new String[]{
          GetOpParam.Op.GETFILESTATUS.toQueryString(),
          new UserParam(ugi.getRealUser().getShortUserName()).toString(),
          new DoAsParam(ugi.getShortUserName()).toString()
      },
      fileStatusUrl);    
}
 
Example 18
Source Project: hadoop   File: Server.java    License: Apache License 2.0 4 votes vote down vote up
/** Reads the connection context following the connection header
 * @param dis - DataInputStream from which to read the header 
 * @throws WrappedRpcServerException - if the header cannot be
 *         deserialized, or the user is not authorized
 */ 
private void processConnectionContext(DataInputStream dis)
    throws WrappedRpcServerException {
  // allow only one connection context during a session
  if (connectionContextRead) {
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_INVALID_RPC_HEADER,
        "Connection context already processed");
  }
  connectionContext = decodeProtobufFromStream(
      IpcConnectionContextProto.newBuilder(), dis);
  protocolName = connectionContext.hasProtocol() ? connectionContext
      .getProtocol() : null;

  UserGroupInformation protocolUser = ProtoUtil.getUgi(connectionContext);
  if (saslServer == null) {
    user = protocolUser;
  } else {
    // user is authenticated
    user.setAuthenticationMethod(authMethod);
    //Now we check if this is a proxy user case. If the protocol user is
    //different from the 'user', it is a proxy user scenario. However, 
    //this is not allowed if user authenticated with DIGEST.
    if ((protocolUser != null)
        && (!protocolUser.getUserName().equals(user.getUserName()))) {
      if (authMethod == AuthMethod.TOKEN) {
        // Not allowed to doAs if token authentication is used
        throw new WrappedRpcServerException(
            RpcErrorCodeProto.FATAL_UNAUTHORIZED,
            new AccessControlException("Authenticated user (" + user
                + ") doesn't match what the client claims to be ("
                + protocolUser + ")"));
      } else {
        // Effective user can be different from authenticated user
        // for simple auth or kerberos auth
        // The user is the real user. Now we create a proxy user
        UserGroupInformation realUser = user;
        user = UserGroupInformation.createProxyUser(protocolUser
            .getUserName(), realUser);
      }
    }
  }
  authorizeConnection();
  // don't set until after authz because connection isn't established
  connectionContextRead = true;
}
 
Example 19
@BeforeClass
public void setUp() throws Exception {
    jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
    providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri();

    String persistDir = TestUtils.getTempDirectory();

    setupKDCAndPrincipals();
    setupCredentials();

    // client will actually only leverage subset of these properties
    final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);

    persistSSLClientConfiguration(configuration);

    TestUtils.writeConfiguration(configuration, persistDir + File.separator +
        ApplicationProperties.APPLICATION_PROPERTIES);

    String confLocation = System.getProperty("atlas.conf");
    URL url;
    if (confLocation == null) {
        url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES);
    } else {
        url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL();
    }
    configuration.load(url);
    configuration.setProperty(TLS_ENABLED, true);
    configuration.setProperty("atlas.authentication.method.kerberos", "true");
    configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
    configuration.setProperty("atlas.authentication.principal","dgi/[email protected]"+kdc.getRealm());

    configuration.setProperty("atlas.authentication.method.file", "false");
    configuration.setProperty("atlas.authentication.method.kerberos", "true");
    configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/[email protected]" + kdc.getRealm());
    configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
    configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
            "RULE:[1:[email protected]$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");

    configuration.setProperty("atlas.authentication.method.file", "true");
    configuration.setProperty("atlas.authentication.method.file.filename", persistDir
            + "/users-credentials");
    configuration.setProperty("atlas.auth.policy.file",persistDir
            + "/policy-store.txt" );

    TestUtils.writeConfiguration(configuration, persistDir + File.separator +
      "atlas-application.properties");

    setupUserCredential(persistDir);
    setUpPolicyStore(persistDir);

    subject = loginTestUser();
    UserGroupInformation.loginUserFromSubject(subject);
    UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
        "testUser",
        UserGroupInformation.getLoginUser());

    // save original setting
    originalConf = System.getProperty("atlas.conf");
    System.setProperty("atlas.conf", persistDir);

    originalHomeDir = System.getProperty("atlas.home");
    System.setProperty("atlas.home", TestUtils.getTargetDirectory());

    dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
        @Override
        public AtlasClient run() throws Exception {
            return new AtlasClient(configuration, DGI_URL);
        }
    });


    secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
        @Override
        public PropertiesConfiguration getConfiguration() {
            return configuration;
        }
    };
    secureEmbeddedServer.getServer().start();
}
 
Example 20
Source Project: pxf   File: UGIProvider.java    License: Apache License 2.0 2 votes vote down vote up
/**
 * Wrapper for {@link UserGroupInformation} creation
 *
 * @param effectiveUser the name of the user that we want to impersonate
 * @param loginUser the UGI of the login user (or Kerberos principal)
 * @return a {@link UserGroupInformation} for impersonation.
 * @throws IOException
 */
UserGroupInformation createProxyUGI(String effectiveUser, UserGroupInformation loginUser) throws IOException {
    return UserGroupInformation.createProxyUser(effectiveUser, loginUser);
}