Java Code Examples for org.apache.hadoop.security.UserGroupInformation.createProxyUserForTesting()

The following are Jave code examples for showing how to use createProxyUserForTesting() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 6 votes
@Test
public void testIPRange() {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      "*");
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP_RANGE);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "10.222.0.0");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "10.221.0.0");
}
 
Example 2
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 6 votes
@Test(expected = IllegalArgumentException.class)
public void testNullIpAddress() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      "*");
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP_RANGE);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // remote address is null
  ProxyUsers.authorize(proxyUserUgi, null);
}
 
Example 3
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 6 votes
@Test
public void testIPRange() {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      "*");
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP_RANGE);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "10.222.0.0");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "10.221.0.0");
}
 
Example 4
Project: hadoop   File: TestDelegationTokenForProxyUser.java   View Source Code Vote up 6 votes
@BeforeClass
public static void setUp() throws Exception {
  config = new HdfsConfiguration();
  config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
  config.setLong(
      DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
  config.setLong(
      DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
  config.setStrings(DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER),
      "group1");
  config.setBoolean(
      DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
  configureSuperUserIPAddresses(config, REAL_USER);
  FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0");
  cluster = new MiniDFSCluster.Builder(config).build();
  cluster.waitActive();
  ProxyUsers.refreshSuperUserGroupsConfiguration(config);
  ugi = UserGroupInformation.createRemoteUser(REAL_USER);
  proxyUgi = UserGroupInformation.createProxyUserForTesting(PROXY_USER, ugi,
      GROUP_NAMES);
}
 
Example 5
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsers() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserGroupConfKey(REAL_USER_NAME),
    StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserIpConfKey(REAL_USER_NAME),
    PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a group that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, OTHER_GROUP_NAMES);
  
  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 6
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsersWithUserConf() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserUserConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);


  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a user that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
  
  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 7
Project: hadoop   File: MiniRPCBenchmark.java   View Source Code Vote up 5 votes
void connectToServerAndGetDelegationToken(
    final Configuration conf, final InetSocketAddress addr) throws IOException {
  MiniProtocol client = null;
  try {
    UserGroupInformation current = UserGroupInformation.getCurrentUser();
    UserGroupInformation proxyUserUgi = 
      UserGroupInformation.createProxyUserForTesting(
          MINI_USER, current, GROUP_NAMES);
    
    try {
      client =  proxyUserUgi.doAs(new PrivilegedExceptionAction<MiniProtocol>() {
        @Override
        public MiniProtocol run() throws IOException {
          MiniProtocol p = RPC.getProxy(MiniProtocol.class,
              MiniProtocol.versionID, addr, conf);
          Token<TestDelegationTokenIdentifier> token;
          token = p.getDelegationToken(new Text(RENEWER));
          currentUgi = UserGroupInformation.createUserForTesting(MINI_USER, 
              GROUP_NAMES);
          SecurityUtil.setTokenService(token, addr);
          currentUgi.addToken(token);
          return p;
        }
      });
    } catch (InterruptedException e) {
      Assert.fail(Arrays.toString(e.getStackTrace()));
    }
  } finally {
    RPC.stopProxy(client);
  }
}
 
Example 8
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testWildcardUser() {
  Configuration conf = new Configuration();
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserUserConfKey(REAL_USER_NAME),
    "*");
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserIpConfKey(REAL_USER_NAME),
    PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a different user (just to make sure we aren't getting spill over
  // from the other test case!)
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, OTHER_GROUP_NAMES);
  
  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 9
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testWildcardIP() {
  Configuration conf = new Configuration();
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserGroupConfKey(REAL_USER_NAME),
    StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserIpConfKey(REAL_USER_NAME),
    "*");
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From either IP should be fine
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  assertAuthorized(proxyUserUgi, "1.2.3.5");

  // Now set up an unallowed group
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, OTHER_GROUP_NAMES);
  
  // Neither IP should be OK
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 10
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsersWithProviderOverride() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      CommonConfigurationKeysPublic.HADOOP_SECURITY_IMPERSONATION_PROVIDER_CLASS,
      "org.apache.hadoop.security.authorize.TestProxyUsers$TestDummyImpersonationProvider");
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
 
  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
  .createUserForTesting(REAL_USER_NAME, SUDO_GROUP_NAMES);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
 
  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertAuthorized(proxyUserUgi, "1.2.3.5");
 
  // Now try proxying a group that's not allowed
  realUserUgi = UserGroupInformation
  .createUserForTesting(REAL_USER_NAME, GROUP_NAMES);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
 
  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 11
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsersWithCustomPrefix() throws Exception {
  Configuration conf = new Configuration(false);
  conf.set("x." + REAL_USER_NAME + ".users",
      StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  conf.set("x." + REAL_USER_NAME+ ".hosts", PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, "x");


  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a user that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 12
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
public static void loadTest(String ipString, int testRange) {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(GROUP_NAMES)));

  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      ipString
      );
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);


  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  long startTime = System.nanoTime();
  SecureRandom sr = new SecureRandom();
  for (int i=1; i < 1000000; i++){
    try {
      ProxyUsers.authorize(proxyUserUgi,  "1.2.3."+ sr.nextInt(testRange));
     } catch (AuthorizationException e) {
    }
  }
  long stopTime = System.nanoTime();
  long elapsedTime = stopTime - startTime;
  System.out.println(elapsedTime/1000000 + " ms");
}
 
Example 13
Project: hadoop-oss   File: MiniRPCBenchmark.java   View Source Code Vote up 5 votes
void connectToServerAndGetDelegationToken(
    final Configuration conf, final InetSocketAddress addr) throws IOException {
  MiniProtocol client = null;
  try {
    UserGroupInformation current = UserGroupInformation.getCurrentUser();
    UserGroupInformation proxyUserUgi = 
      UserGroupInformation.createProxyUserForTesting(
          MINI_USER, current, GROUP_NAMES);
    
    try {
      client =  proxyUserUgi.doAs(new PrivilegedExceptionAction<MiniProtocol>() {
        @Override
        public MiniProtocol run() throws IOException {
          MiniProtocol p = RPC.getProxy(MiniProtocol.class,
              MiniProtocol.versionID, addr, conf);
          Token<TestDelegationTokenIdentifier> token;
          token = p.getDelegationToken(new Text(RENEWER));
          currentUgi = UserGroupInformation.createUserForTesting(MINI_USER, 
              GROUP_NAMES);
          SecurityUtil.setTokenService(token, addr);
          currentUgi.addToken(token);
          return p;
        }
      });
    } catch (InterruptedException e) {
      Assert.fail(Arrays.toString(e.getStackTrace()));
    }
  } finally {
    RPC.stopProxy(client);
  }
}
 
Example 14
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsers() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserGroupConfKey(REAL_USER_NAME),
    StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserIpConfKey(REAL_USER_NAME),
    PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a group that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, OTHER_GROUP_NAMES);
  
  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 15
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsersWithUserConf() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserUserConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);


  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a user that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
  
  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 16
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testProxyUsersWithCustomPrefix() throws Exception {
  Configuration conf = new Configuration(false);
  conf.set("x." + REAL_USER_NAME + ".users",
      StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  conf.set("x." + REAL_USER_NAME+ ".hosts", PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, "x");


  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a user that's not allowed
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 17
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testWildcardUser() {
  Configuration conf = new Configuration();
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserUserConfKey(REAL_USER_NAME),
    "*");
  conf.set(
    DefaultImpersonationProvider.getTestProvider().
        getProxySuperuserIpConfKey(REAL_USER_NAME),
    PROXY_IP);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a user that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");

  // Now try proxying a different user (just to make sure we aren't getting spill over
  // from the other test case!)
  realUserUgi = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
  proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, OTHER_GROUP_NAMES);
  
  // From good IP
  assertAuthorized(proxyUserUgi, "1.2.3.4");
  // From bad IP
  assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
 
Example 18
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testNoHostsForUsers() throws Exception {
  Configuration conf = new Configuration(false);
  conf.set("y." + REAL_USER_NAME + ".users",
    StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, "y");

  UserGroupInformation realUserUgi = UserGroupInformation
    .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
    AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // IP doesn't matter
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
}
 
Example 19
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 4 votes
/**
 * Test the netgroups (groups in ACL rules that start with @)
 *
 * This is a  manual test because it requires:
 *   - host setup
 *   - native code compiled
 *   - specify the group mapping class
 *
 * Host setup:
 *
 * /etc/nsswitch.conf should have a line like this:
 * netgroup: files
 *
 * /etc/netgroup should be (the whole file):
 * foo_group (,proxied_user,)
 *
 * To run this test:
 *
 * export JAVA_HOME='path/to/java'
 * mvn test \
 *   -Dtest=TestProxyUsers \
 *   -DTestProxyUsersGroupMapping=$className \
 *   
 * where $className is one of the classes that provide group
 * mapping services, i.e. classes that implement
 * GroupMappingServiceProvider interface, at this time:
 *   - org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping
 *   - org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping
 *
 */

@Test
public void testNetgroups () throws IOException{

  if(!NativeCodeLoader.isNativeCodeLoaded()) {
    LOG.info("Not testing netgroups, " +
      "this test only runs when native code is compiled");
    return;
  }

  String groupMappingClassName =
    System.getProperty("TestProxyUsersGroupMapping");

  if(groupMappingClassName == null) {
    LOG.info("Not testing netgroups, no group mapping class specified, " +
      "use -DTestProxyUsersGroupMapping=$className to specify " +
      "group mapping class (must implement GroupMappingServiceProvider " +
      "interface and support netgroups)");
    return;
  }

  LOG.info("Testing netgroups using: " + groupMappingClassName);

  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_GROUP_MAPPING,
    groupMappingClassName);

  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(NETGROUP_NAMES)));
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP);
  
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
  Groups groups = Groups.getUserToGroupsMappingService(conf);

  // try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
  .createRemoteUser(REAL_USER_NAME);

  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, groups.getGroups(PROXY_USER_NAME).toArray(
          new String[groups.getGroups(PROXY_USER_NAME).size()]));

  assertAuthorized(proxyUserUgi, PROXY_IP);
}
 
Example 20
Project: hadoop   File: TestProxyUsers.java   View Source Code Vote up 4 votes
/**
 * Test the netgroups (groups in ACL rules that start with @)
 *
 * This is a  manual test because it requires:
 *   - host setup
 *   - native code compiled
 *   - specify the group mapping class
 *
 * Host setup:
 *
 * /etc/nsswitch.conf should have a line like this:
 * netgroup: files
 *
 * /etc/netgroup should be (the whole file):
 * foo_group (,proxied_user,)
 *
 * To run this test:
 *
 * export JAVA_HOME='path/to/java'
 * mvn test \
 *   -Dtest=TestProxyUsers \
 *   -DTestProxyUsersGroupMapping=$className \
 *   
 * where $className is one of the classes that provide group
 * mapping services, i.e. classes that implement
 * GroupMappingServiceProvider interface, at this time:
 *   - org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping
 *   - org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping
 *
 */

@Test
public void testNetgroups () throws IOException{

  if(!NativeCodeLoader.isNativeCodeLoaded()) {
    LOG.info("Not testing netgroups, " +
      "this test only runs when native code is compiled");
    return;
  }

  String groupMappingClassName =
    System.getProperty("TestProxyUsersGroupMapping");

  if(groupMappingClassName == null) {
    LOG.info("Not testing netgroups, no group mapping class specified, " +
      "use -DTestProxyUsersGroupMapping=$className to specify " +
      "group mapping class (must implement GroupMappingServiceProvider " +
      "interface and support netgroups)");
    return;
  }

  LOG.info("Testing netgroups using: " + groupMappingClassName);

  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_GROUP_MAPPING,
    groupMappingClassName);

  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(NETGROUP_NAMES)));
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP);
  
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
  Groups groups = Groups.getUserToGroupsMappingService(conf);

  // try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
  .createRemoteUser(REAL_USER_NAME);

  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, groups.getGroups(PROXY_USER_NAME).toArray(
          new String[groups.getGroups(PROXY_USER_NAME).size()]));

  assertAuthorized(proxyUserUgi, PROXY_IP);
}