Java Code Examples for org.apache.hadoop.security.SaslRpcServer.AuthMethod

The following examples show how to use org.apache.hadoop.security.SaslRpcServer.AuthMethod. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 2
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildSaslNegotiateResponse()
    throws IOException, InterruptedException {
  RpcSaslProto negotiateMessage = negotiateResponse;
  // accelerate token negotiation by sending initial challenge
  // in the negotiation response
  if (enabledAuthMethods.contains(AuthMethod.TOKEN)) {
    saslServer = createSaslServer(AuthMethod.TOKEN);
    byte[] challenge = saslServer.evaluateResponse(new byte[0]);
    RpcSaslProto.Builder negotiateBuilder =
        RpcSaslProto.newBuilder(negotiateResponse);
    negotiateBuilder.getAuthsBuilder(0)  // TOKEN is always first
        .setChallenge(ByteString.copyFrom(challenge));
    negotiateMessage = negotiateBuilder.build();
  }
  sentNegotiate = true;
  return negotiateMessage;
}
 
Example 3
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Authorize proxy users to access this server
 * @throws WrappedRpcServerException - user is not allowed to proxy
 */
private void authorizeConnection() throws WrappedRpcServerException {
  try {
    // If auth method is TOKEN, the token was obtained by the
    // real user for the effective user, therefore not required to
    // authorize real user. doAs is allowed only for simple or kerberos
    // authentication
    if (user != null && user.getRealUser() != null
        && (authMethod != AuthMethod.TOKEN)) {
      ProxyUsers.authorize(user, this.getHostAddress());
    }
    authorize(user, protocolName, getHostInetAddress());
    if (LOG.isDebugEnabled()) {
      LOG.debug("Successfully authorized " + connectionContext);
    }
    rpcMetrics.incrAuthorizationSuccesses();
  } catch (AuthorizationException ae) {
    LOG.info("Connection from " + this
        + " for protocol " + connectionContext.getProtocol()
        + " is unauthorized for user " + user);
    rpcMetrics.incrAuthorizationFailures();
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_UNAUTHORIZED, ae);
  }
}
 
Example 4
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods)
    throws IOException {
  RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder();
  if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) {
    // SIMPLE-only servers return success in response to negotiate
    negotiateBuilder.setState(SaslState.SUCCESS);
  } else {
    negotiateBuilder.setState(SaslState.NEGOTIATE);
    for (AuthMethod authMethod : authMethods) {
      SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod);      
      SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder()
          .setMethod(authMethod.toString())
          .setMechanism(saslRpcServer.mechanism);
      if (saslRpcServer.protocol != null) {
        builder.setProtocol(saslRpcServer.protocol);
      }
      if (saslRpcServer.serverId != null) {
        builder.setServerId(saslRpcServer.serverId);
      }
    }
  }
  return negotiateBuilder.build();
}
 
Example 5
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private List<AuthMethod> getAuthMethods(SecretManager<?> secretManager,
                                           Configuration conf) {
  AuthenticationMethod confAuthenticationMethod =
      SecurityUtil.getAuthenticationMethod(conf);        
  List<AuthMethod> authMethods = new ArrayList<AuthMethod>();
  if (confAuthenticationMethod == AuthenticationMethod.TOKEN) {
    if (secretManager == null) {
      throw new IllegalArgumentException(AuthenticationMethod.TOKEN +
          " authentication requires a secret manager");
    } 
  } else if (secretManager != null) {
    LOG.debug(AuthenticationMethod.TOKEN +
        " authentication enabled for secret manager");
    // most preferred, go to the front of the line!
    authMethods.add(AuthenticationMethod.TOKEN.getAuthMethod());
  }
  authMethods.add(confAuthenticationMethod.getAuthMethod());        
  
  LOG.debug("Server accepts auth methods:" + authMethods);
  return authMethods;
}
 
Example 6
Source Project: hadoop   Source File: Client.java    License: Apache License 2.0 6 votes vote down vote up
private void writeConnectionContext(ConnectionId remoteId,
                                    AuthMethod authMethod)
                                        throws IOException {
  // Write out the ConnectionHeader
  IpcConnectionContextProto message = ProtoUtil.makeIpcConnectionContext(
      RPC.getProtocolName(remoteId.getProtocol()),
      remoteId.getTicket(),
      authMethod);
  RpcRequestHeaderProto connectionContextHeader = ProtoUtil
      .makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
          OperationProto.RPC_FINAL_PACKET, CONNECTION_CONTEXT_CALL_ID,
          RpcConstants.INVALID_RETRY_COUNT, clientId);
  RpcRequestMessageWrapper request =
      new RpcRequestMessageWrapper(connectionContextHeader, message);
  
  // Write out the packet length
  out.writeInt(request.getLength());
  request.write(out);
}
 
Example 7
Source Project: hadoop   Source File: TestSaslRPC.java    License: Apache License 2.0 6 votes vote down vote up
private void runNegotiation(CallbackHandler clientCbh,
                            CallbackHandler serverCbh)
                                throws SaslException {
  String mechanism = AuthMethod.PLAIN.getMechanismName();

  SaslClient saslClient = Sasl.createSaslClient(
      new String[]{ mechanism }, null, null, null, null, clientCbh);
  assertNotNull(saslClient);

  SaslServer saslServer = Sasl.createSaslServer(
      mechanism, null, "localhost", null, serverCbh);
  assertNotNull("failed to find PLAIN server", saslServer);
  
  byte[] response = saslClient.evaluateChallenge(new byte[0]);
  assertNotNull(response);
  assertTrue(saslClient.isComplete());

  response = saslServer.evaluateResponse(response);
  assertNull(response);
  assertTrue(saslServer.isComplete());
  assertNotNull(saslServer.getAuthorizationID());
}
 
Example 8
Source Project: big-c   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 9
Source Project: big-c   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildSaslNegotiateResponse()
    throws IOException, InterruptedException {
  RpcSaslProto negotiateMessage = negotiateResponse;
  // accelerate token negotiation by sending initial challenge
  // in the negotiation response
  if (enabledAuthMethods.contains(AuthMethod.TOKEN)) {
    saslServer = createSaslServer(AuthMethod.TOKEN);
    byte[] challenge = saslServer.evaluateResponse(new byte[0]);
    RpcSaslProto.Builder negotiateBuilder =
        RpcSaslProto.newBuilder(negotiateResponse);
    negotiateBuilder.getAuthsBuilder(0)  // TOKEN is always first
        .setChallenge(ByteString.copyFrom(challenge));
    negotiateMessage = negotiateBuilder.build();
  }
  sentNegotiate = true;
  return negotiateMessage;
}
 
Example 10
Source Project: big-c   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Authorize proxy users to access this server
 * @throws WrappedRpcServerException - user is not allowed to proxy
 */
private void authorizeConnection() throws WrappedRpcServerException {
  try {
    // If auth method is TOKEN, the token was obtained by the
    // real user for the effective user, therefore not required to
    // authorize real user. doAs is allowed only for simple or kerberos
    // authentication
    if (user != null && user.getRealUser() != null
        && (authMethod != AuthMethod.TOKEN)) {
      ProxyUsers.authorize(user, this.getHostAddress());
    }
    authorize(user, protocolName, getHostInetAddress());
    if (LOG.isDebugEnabled()) {
      LOG.debug("Successfully authorized " + connectionContext);
    }
    rpcMetrics.incrAuthorizationSuccesses();
  } catch (AuthorizationException ae) {
    LOG.info("Connection from " + this
        + " for protocol " + connectionContext.getProtocol()
        + " is unauthorized for user " + user);
    rpcMetrics.incrAuthorizationFailures();
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_UNAUTHORIZED, ae);
  }
}
 
Example 11
Source Project: big-c   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods)
    throws IOException {
  RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder();
  if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) {
    // SIMPLE-only servers return success in response to negotiate
    negotiateBuilder.setState(SaslState.SUCCESS);
  } else {
    negotiateBuilder.setState(SaslState.NEGOTIATE);
    for (AuthMethod authMethod : authMethods) {
      SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod);      
      SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder()
          .setMethod(authMethod.toString())
          .setMechanism(saslRpcServer.mechanism);
      if (saslRpcServer.protocol != null) {
        builder.setProtocol(saslRpcServer.protocol);
      }
      if (saslRpcServer.serverId != null) {
        builder.setServerId(saslRpcServer.serverId);
      }
    }
  }
  return negotiateBuilder.build();
}
 
Example 12
Source Project: big-c   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private List<AuthMethod> getAuthMethods(SecretManager<?> secretManager,
                                           Configuration conf) {
  AuthenticationMethod confAuthenticationMethod =
      SecurityUtil.getAuthenticationMethod(conf);        
  List<AuthMethod> authMethods = new ArrayList<AuthMethod>();
  if (confAuthenticationMethod == AuthenticationMethod.TOKEN) {
    if (secretManager == null) {
      throw new IllegalArgumentException(AuthenticationMethod.TOKEN +
          " authentication requires a secret manager");
    } 
  } else if (secretManager != null) {
    LOG.debug(AuthenticationMethod.TOKEN +
        " authentication enabled for secret manager");
    // most preferred, go to the front of the line!
    authMethods.add(AuthenticationMethod.TOKEN.getAuthMethod());
  }
  authMethods.add(confAuthenticationMethod.getAuthMethod());        
  
  LOG.debug("Server accepts auth methods:" + authMethods);
  return authMethods;
}
 
Example 13
Source Project: big-c   Source File: Client.java    License: Apache License 2.0 6 votes vote down vote up
private void writeConnectionContext(ConnectionId remoteId,
                                    AuthMethod authMethod)
                                        throws IOException {
  // Write out the ConnectionHeader
  IpcConnectionContextProto message = ProtoUtil.makeIpcConnectionContext(
      RPC.getProtocolName(remoteId.getProtocol()),
      remoteId.getTicket(),
      authMethod);
  RpcRequestHeaderProto connectionContextHeader = ProtoUtil
      .makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
          OperationProto.RPC_FINAL_PACKET, CONNECTION_CONTEXT_CALL_ID,
          RpcConstants.INVALID_RETRY_COUNT, clientId);
  RpcRequestMessageWrapper request =
      new RpcRequestMessageWrapper(connectionContextHeader, message);
  
  // Write out the packet length
  out.writeInt(request.getLength());
  request.write(out);
}
 
Example 14
Source Project: big-c   Source File: TestSaslRPC.java    License: Apache License 2.0 6 votes vote down vote up
private void runNegotiation(CallbackHandler clientCbh,
                            CallbackHandler serverCbh)
                                throws SaslException {
  String mechanism = AuthMethod.PLAIN.getMechanismName();

  SaslClient saslClient = Sasl.createSaslClient(
      new String[]{ mechanism }, null, null, null, null, clientCbh);
  assertNotNull(saslClient);

  SaslServer saslServer = Sasl.createSaslServer(
      mechanism, null, "localhost", null, serverCbh);
  assertNotNull("failed to find PLAIN server", saslServer);
  
  byte[] response = saslClient.evaluateChallenge(new byte[0]);
  assertNotNull(response);
  assertTrue(saslClient.isComplete());

  response = saslServer.evaluateResponse(response);
  assertNull(response);
  assertTrue(saslServer.isComplete());
  assertNotNull(saslServer.getAuthorizationID());
}
 
Example 15
Source Project: hadoop-ozone   Source File: TestSecureOzoneCluster.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSCMSecurityProtocol() throws Exception {

  initSCM();
  scm = HddsTestUtils.getScm(conf);
  //Reads the SCM Info from SCM instance
  try {
    scm.start();

    // Case 1: User with Kerberos credentials should succeed.
    UserGroupInformation ugi =
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(
            testUserPrincipal, testUserKeytab.getCanonicalPath());
    ugi.setAuthenticationMethod(KERBEROS);
    SCMSecurityProtocol scmSecurityProtocolClient =
        HddsServerUtil.getScmSecurityClient(conf, ugi);
    assertNotNull(scmSecurityProtocolClient);
    String caCert = scmSecurityProtocolClient.getCACertificate();
    assertNotNull(caCert);
    LambdaTestUtils.intercept(RemoteException.class, "Certificate not found",
        () -> scmSecurityProtocolClient.getCertificate("1"));

    // Case 2: User without Kerberos credentials should fail.
    ugi = UserGroupInformation.createRemoteUser("test");
    ugi.setAuthenticationMethod(AuthMethod.TOKEN);
    SCMSecurityProtocol finalScmSecurityProtocolClient =
        HddsServerUtil.getScmSecurityClient(conf, ugi);

    String cannotAuthMessage = "Client cannot authenticate via:[KERBEROS]";
    LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
        finalScmSecurityProtocolClient::getCACertificate);
    LambdaTestUtils.intercept(IOException.class, cannotAuthMessage,
        () -> finalScmSecurityProtocolClient.getCertificate("1"));
  } finally {
    if (scm != null) {
      scm.stop();
    }
  }
}
 
Example 16
Source Project: hadoop   Source File: TestRMRestart.java    License: Apache License 2.0 5 votes vote down vote up
@Test (timeout = 60000)
public void testAppSubmissionWithOldDelegationTokenAfterRMRestart()
    throws Exception {
  conf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2);
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  conf.set(YarnConfiguration.RM_ADDRESS, "localhost:8032");
  UserGroupInformation.setConfiguration(conf);
  MemoryRMStateStore memStore = new MemoryRMStateStore();
  memStore.init(conf);

  MockRM rm1 = new TestSecurityMockRM(conf, memStore);
  rm1.start();

  GetDelegationTokenRequest request1 =
      GetDelegationTokenRequest.newInstance("renewer1");
  UserGroupInformation.getCurrentUser().setAuthenticationMethod(
      AuthMethod.KERBEROS);
  GetDelegationTokenResponse response1 =
      rm1.getClientRMService().getDelegationToken(request1);
  Token<RMDelegationTokenIdentifier> token1 =
      ConverterUtils.convertFromYarn(response1.getRMDelegationToken(), rmAddr);

  // start new RM
  MockRM rm2 = new TestSecurityMockRM(conf, memStore);
  rm2.start();

  // submit an app with the old delegation token got from previous RM.
  Credentials ts = new Credentials();
  ts.addToken(token1.getService(), token1);
  RMApp app = rm2.submitApp(200, "name", "user",
      new HashMap<ApplicationAccessType, String>(), false, "default", 1, ts);
  rm2.waitForState(app.getApplicationId(), RMAppState.ACCEPTED);
}
 
Example 17
public TestApplicationHistoryManagerOnTimelineStore(String caller) {
  conf = new YarnConfiguration();
  if (!caller.equals("")) {
    callerUGI = UserGroupInformation.createRemoteUser(caller, AuthMethod.SIMPLE);
    conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
    conf.set(YarnConfiguration.YARN_ADMIN_ACL, "admin");
  }
}
 
Example 18
Source Project: hadoop   Source File: SaslRpcClient.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isValidAuthType(SaslAuth authType) {
  AuthMethod authMethod;
  try {
    authMethod = AuthMethod.valueOf(authType.getMethod());
  } catch (IllegalArgumentException iae) { // unknown auth
    authMethod = null;
  }
  // do we know what it is?  is it using our mechanism?
  return authMethod != null &&
         authMethod.getMechanismName().equals(authType.getMechanism());
}
 
Example 19
Source Project: hadoop   Source File: UserGroupInformation.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a user from a login name. It is intended to be used for remote
 * users in RPC, since it won't have any credentials.
 * @param user the full user principal name, must not be empty or null
 * @return the UserGroupInformation for the remote user.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) {
  if (user == null || user.isEmpty()) {
    throw new IllegalArgumentException("Null user");
  }
  Subject subject = new Subject();
  subject.getPrincipals().add(new User(user));
  UserGroupInformation result = new UserGroupInformation(subject);
  result.setAuthenticationMethod(authMethod);
  return result;
}
 
Example 20
Source Project: hadoop   Source File: UserGroupInformation.java    License: Apache License 2.0 5 votes vote down vote up
public static AuthenticationMethod valueOf(AuthMethod authMethod) {
  for (AuthenticationMethod value : values()) {
    if (value.getAuthMethod() == authMethod) {
      return value;
    }
  }
  throw new IllegalArgumentException(
      "no authentication method for " + authMethod);
}
 
Example 21
Source Project: hadoop   Source File: ProtoUtil.java    License: Apache License 2.0 5 votes vote down vote up
/** 
 * This method creates the connection context  using exactly the same logic
 * as the old connection context as was done for writable where
 * the effective and real users are set based on the auth method.
 *
 */
public static IpcConnectionContextProto makeIpcConnectionContext(
    final String protocol,
    final UserGroupInformation ugi, final AuthMethod authMethod) {
  IpcConnectionContextProto.Builder result = IpcConnectionContextProto.newBuilder();
  if (protocol != null) {
    result.setProtocol(protocol);
  }
  UserInformationProto.Builder ugiProto =  UserInformationProto.newBuilder();
  if (ugi != null) {
    /*
     * In the connection context we send only additional user info that
     * is not derived from the authentication done during connection setup.
     */
    if (authMethod == AuthMethod.KERBEROS) {
      // Real user was established as part of the connection.
      // Send effective user only.
      ugiProto.setEffectiveUser(ugi.getUserName());
    } else if (authMethod == AuthMethod.TOKEN) {
      // With token, the connection itself establishes 
      // both real and effective user. Hence send none in header.
    } else {  // Simple authentication
      // No user info is established as part of the connection.
      // Send both effective user and real user
      ugiProto.setEffectiveUser(ugi.getUserName());
      if (ugi.getRealUser() != null) {
        ugiProto.setRealUser(ugi.getRealUser().getUserName());
      }
    }
  }   
  result.setUserInfo(ugiProto);
  return result.build();
}
 
Example 22
Source Project: hadoop   Source File: Client.java    License: Apache License 2.0 5 votes vote down vote up
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  if (authMethod == AuthMethod.KERBEROS && loginUser != null &&
  // Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser))) {
    return true;
  }
  return false;
}
 
Example 23
Source Project: hadoop   Source File: Client.java    License: Apache License 2.0 5 votes vote down vote up
private synchronized AuthMethod setupSaslConnection(final InputStream in2, 
    final OutputStream out2) throws IOException {
  // Do not use Client.conf here! We must use ConnectionId.conf, since the
  // Client object is cached and shared between all RPC clients, even those
  // for separate services.
  saslRpcClient = new SaslRpcClient(remoteId.getTicket(),
      remoteId.getProtocol(), remoteId.getAddress(), remoteId.conf);
  return saslRpcClient.saslConnect(in2, out2);
}
 
Example 24
Source Project: hadoop   Source File: TestUserGroupInformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testCreateRemoteUser() {
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
  assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
  assertTrue (ugi.toString().contains("(auth:SIMPLE)"));
  ugi = UserGroupInformation.createRemoteUser("user1", 
      AuthMethod.KERBEROS);
  assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
  assertTrue (ugi.toString().contains("(auth:KERBEROS)"));
}
 
Example 25
Source Project: hadoop   Source File: TestSaslRPC.java    License: Apache License 2.0 5 votes vote down vote up
private void doDigestRpc(Server server, TestTokenSecretManager sm
                         ) throws Exception {
  server.start();

  final UserGroupInformation current = UserGroupInformation.getCurrentUser();
  final InetSocketAddress addr = NetUtils.getConnectAddress(server);
  TestTokenIdentifier tokenId = new TestTokenIdentifier(new Text(current
      .getUserName()));
  Token<TestTokenIdentifier> token = new Token<TestTokenIdentifier>(tokenId,
      sm);
  SecurityUtil.setTokenService(token, addr);
  current.addToken(token);

  TestSaslProtocol proxy = null;
  try {
    proxy = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, conf);
    AuthMethod authMethod = proxy.getAuthMethod();
    assertEquals(TOKEN, authMethod);
    //QOP must be auth
    assertEquals(expectedQop.saslQop,
                 RPC.getConnectionIdForProxy(proxy).getSaslQop());            
    proxy.ping();
  } finally {
    server.stop();
    if (proxy != null) {
      RPC.stopProxy(proxy);
    }
  }
}
 
Example 26
Source Project: hadoop   Source File: TestSaslRPC.java    License: Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, UseToken.NONE);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}
 
Example 27
Source Project: hadoop   Source File: TestSaslRPC.java    License: Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth,
    final UseToken tokenType) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, tokenType);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}
 
Example 28
Source Project: big-c   Source File: TestRMRestart.java    License: Apache License 2.0 5 votes vote down vote up
@Test (timeout = 60000)
public void testAppSubmissionWithOldDelegationTokenAfterRMRestart()
    throws Exception {
  conf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2);
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  conf.set(YarnConfiguration.RM_ADDRESS, "localhost:8032");
  UserGroupInformation.setConfiguration(conf);
  MemoryRMStateStore memStore = new MemoryRMStateStore();
  memStore.init(conf);

  MockRM rm1 = new TestSecurityMockRM(conf, memStore);
  rm1.start();

  GetDelegationTokenRequest request1 =
      GetDelegationTokenRequest.newInstance("renewer1");
  UserGroupInformation.getCurrentUser().setAuthenticationMethod(
      AuthMethod.KERBEROS);
  GetDelegationTokenResponse response1 =
      rm1.getClientRMService().getDelegationToken(request1);
  Token<RMDelegationTokenIdentifier> token1 =
      ConverterUtils.convertFromYarn(response1.getRMDelegationToken(), rmAddr);

  // start new RM
  MockRM rm2 = new TestSecurityMockRM(conf, memStore);
  rm2.start();

  // submit an app with the old delegation token got from previous RM.
  Credentials ts = new Credentials();
  ts.addToken(token1.getService(), token1);
  RMApp app = rm2.submitApp(200, "name", "user",
      new HashMap<ApplicationAccessType, String>(), false, "default", 1, ts);
  rm2.waitForState(app.getApplicationId(), RMAppState.ACCEPTED);
}
 
Example 29
public TestApplicationHistoryManagerOnTimelineStore(String caller) {
  conf = new YarnConfiguration();
  if (!caller.equals("")) {
    callerUGI = UserGroupInformation.createRemoteUser(caller, AuthMethod.SIMPLE);
    conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
    conf.set(YarnConfiguration.YARN_ADMIN_ACL, "admin");
  }
}
 
Example 30
Source Project: big-c   Source File: SaslRpcClient.java    License: Apache License 2.0 5 votes vote down vote up
private boolean isValidAuthType(SaslAuth authType) {
  AuthMethod authMethod;
  try {
    authMethod = AuthMethod.valueOf(authType.getMethod());
  } catch (IllegalArgumentException iae) { // unknown auth
    authMethod = null;
  }
  // do we know what it is?  is it using our mechanism?
  return authMethod != null &&
         authMethod.getMechanismName().equals(authType.getMechanism());
}