Java Code Examples for org.apache.hadoop.minikdc.MiniKdc#createConf()

The following examples show how to use org.apache.hadoop.minikdc.MiniKdc#createConf() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BaseSecurityTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 
Example 2
Source File: AbstractSecureRegistryTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Sets up the KDC and a set of principals in the JAAS file
 *
 * @throws Exception
 */
public static void setupKDCAndPrincipals() throws Exception {
  // set up the KDC
  File target = new File(System.getProperty("test.dir", "target"));
  kdcWorkDir = new File(target, "kdc");
  kdcWorkDir.mkdirs();
  if (!kdcWorkDir.mkdirs()) {
    assertTrue(kdcWorkDir.isDirectory());
  }
  kdcConf = MiniKdc.createConf();
  kdcConf.setProperty(MiniKdc.DEBUG, "true");
  kdc = new MiniKdc(kdcConf, kdcWorkDir);
  kdc.start();

  keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
  keytab_alice = createKeytab(ALICE, "alice.keytab");
  keytab_bob = createKeytab(BOB, "bob.keytab");
  zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;

  StringBuilder jaas = new StringBuilder(1024);
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
      ZOOKEEPER, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
      zkServerPrincipal, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
      ALICE_LOCALHOST , keytab_alice));
  jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
      BOB_LOCALHOST, keytab_bob));

  jaasFile = new File(kdcWorkDir, "jaas.txt");
  FileUtils.write(jaasFile, jaas.toString());
  LOG.info("\n"+ jaas);
  RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
 
Example 3
Source File: TestRMWebServicesHttpStaticUserPermissions.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 
Example 4
Source File: TestRMWebServicesDelegationTokens.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 
Example 5
Source File: TestRMWebappAuthentication.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example 6
Source File: TestRMWebServicesDelegationTokenAuthentication.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example 7
Source File: TestUGILoginFromKeytab.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Before
public void startMiniKdc() throws Exception {
  // This setting below is required. If not enabled, UGI will abort
  // any attempt to loginUserFromKeytab.
  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  workDir = folder.getRoot();
  kdc = new MiniKdc(MiniKdc.createConf(), workDir);
  kdc.start();
}
 
Example 8
Source File: CoreClientOverOneWaySSLKerb5Test.java    From activemq-artemis with Apache License 2.0 5 votes vote down vote up
@Override
@Before
public void setUp() throws Exception {
   super.setUp();
   kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
   kdc.start();
}
 
Example 9
Source File: TestRMWebServicesHttpStaticUserPermissions.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 
Example 10
Source File: TestRMWebServicesDelegationTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 
Example 11
Source File: TestRMWebappAuthentication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 
Example 12
Source File: BaseSecurityTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 
Example 13
Source File: TestSecurityContext.java    From datacollector with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void startKdc() throws Exception {
  testDir = new File("target", UUID.randomUUID().toString()).getAbsoluteFile();
  Assert.assertTrue(testDir.mkdirs());
  File kdcDir = new File(testDir, "kdc");
  Assert.assertTrue(kdcDir.mkdirs());
  keytabFile = new File(testDir, "test.keytab");
  miniKdc = new MiniKdc(MiniKdc.createConf(), testDir);
  miniKdc.start();
  miniKdc.createPrincipal(keytabFile, "foo", "bar/localhost");
}
 
Example 14
Source File: SecureTestEnvironment.java    From flink with Apache License 2.0 4 votes vote down vote up
public static void prepare(TemporaryFolder tempFolder) {

		try {
			File baseDirForSecureRun = tempFolder.newFolder();
			LOG.info("Base Directory for Secure Environment: {}", baseDirForSecureRun);

			String hostName = "localhost";
			Properties kdcConf = MiniKdc.createConf();
			if (LOG.isDebugEnabled()) {
				kdcConf.setProperty(MiniKdc.DEBUG, "true");
			}
			kdcConf.setProperty(MiniKdc.KDC_BIND_ADDRESS, hostName);
			kdc = new MiniKdc(kdcConf, baseDirForSecureRun);
			kdc.start();
			LOG.info("Started Mini KDC");

			File keytabFile = new File(baseDirForSecureRun, "test-users.keytab");
			testKeytab = keytabFile.getAbsolutePath();
			testZkServerPrincipal = "zookeeper/" + hostName;
			testZkClientPrincipal = "zk-client/" + hostName;
			testKafkaServerPrincipal = "kafka/" + hostName;
			hadoopServicePrincipal = "hadoop/" + hostName;
			testPrincipal = "client/" + hostName;

			kdc.createPrincipal(keytabFile, testPrincipal, testZkServerPrincipal,
					hadoopServicePrincipal,
					testZkClientPrincipal,
					testKafkaServerPrincipal);

			testPrincipal = testPrincipal + "@" + kdc.getRealm();
			testZkServerPrincipal = testZkServerPrincipal + "@" + kdc.getRealm();
			testZkClientPrincipal = testZkClientPrincipal + "@" + kdc.getRealm();
			testKafkaServerPrincipal = testKafkaServerPrincipal + "@" + kdc.getRealm();
			hadoopServicePrincipal = hadoopServicePrincipal + "@" + kdc.getRealm();

			LOG.info("-------------------------------------------------------------------");
			LOG.info("Test Principal: {}", testPrincipal);
			LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
			LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
			LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
			LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
			LOG.info("Test Keytab: {}", testKeytab);
			LOG.info("-------------------------------------------------------------------");

			//Security Context is established to allow non hadoop applications that requires JAAS
			//based SASL/Kerberos authentication to work. However, for Hadoop specific applications
			//the context can be reinitialized with Hadoop configuration by calling
			//ctx.setHadoopConfiguration() for the UGI implementation to work properly.
			//See Yarn test case module for reference
			Configuration flinkConfig = GlobalConfiguration.loadConfiguration();
			flinkConfig.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
			flinkConfig.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient");
			SecurityConfiguration ctx = new SecurityConfiguration(flinkConfig);
			TestingSecurityContext.install(ctx, getClientSecurityConfigurationMap());

			populateJavaPropertyVariables();

		} catch (Exception e) {
			throw new RuntimeException("Exception occured while preparing secure environment.", e);
		}

	}
 
Example 15
Source File: TestSecureNNWithQJM.java    From big-c with Apache License 2.0 4 votes vote down vote up
@BeforeClass
public static void init() throws Exception {
  baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
    TestSecureNNWithQJM.class.getSimpleName());
  FileUtil.fullyDelete(baseDir);
  assertTrue(baseDir.mkdirs());

  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, baseDir);
  kdc.start();

  baseConf = new HdfsConfiguration();
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS,
    baseConf);
  UserGroupInformation.setConfiguration(baseConf);
  assertTrue("Expected configuration to enable security",
    UserGroupInformation.isSecurityEnabled());

  String userName = UserGroupInformation.getLoginUser().getShortUserName();
  File keytabFile = new File(baseDir, userName + ".keytab");
  String keytab = keytabFile.getAbsolutePath();
  // Windows will not reverse name lookup "127.0.0.1" to "localhost".
  String krbInstance = Path.WINDOWS ? "127.0.0.1" : "localhost";
  kdc.createPrincipal(keytabFile,
    userName + "/" + krbInstance,
    "HTTP/" + krbInstance);
  String hdfsPrincipal = userName + "/" + krbInstance + "@" + kdc.getRealm();
  String spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.getRealm();

  baseConf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  baseConf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
  baseConf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  baseConf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
  baseConf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
  baseConf.set(DFS_JOURNALNODE_KEYTAB_FILE_KEY, keytab);
  baseConf.set(DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  baseConf.set(DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
    spnegoPrincipal);
  baseConf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
  baseConf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, "authentication");
  baseConf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  baseConf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  baseConf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
  baseConf.set(DFS_JOURNALNODE_HTTPS_ADDRESS_KEY, "localhost:0");
  baseConf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);

  String keystoresDir = baseDir.getAbsolutePath();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(
    TestSecureNNWithQJM.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, baseConf, false);
}
 
Example 16
Source File: SentryMiniKdcTestcase.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
private static void createMiniKdcConf(Properties confOverlay) {
  conf = MiniKdc.createConf();
  for ( Object property : confOverlay.keySet()) {
    conf.put(property, confOverlay.get(property));
  }
}
 
Example 17
Source File: SecureUserConnectionsIT.java    From phoenix with Apache License 2.0 4 votes vote down vote up
@BeforeClass
public static synchronized void setupKdc() throws Exception {
    ensureIsEmptyDirectory(KDC_DIR);
    ensureIsEmptyDirectory(KEYTAB_DIR);
    // Create and start the KDC. MiniKDC appears to have a race condition in how it does
    // port allocation (with apache-ds). See PHOENIX-3287.
    boolean started = false;
    for (int i = 0; !started && i < KDC_START_ATTEMPTS; i++) {
        Properties kdcConf = MiniKdc.createConf();
        kdcConf.put(MiniKdc.DEBUG, true);
        KDC = new MiniKdc(kdcConf, KDC_DIR);
        try {
            KDC.start();
            started = true;
        } catch (Exception e) {
            LOGGER.warn("PHOENIX-3287: Failed to start KDC, retrying..", e);
        }
    }
    assertTrue("The embedded KDC failed to start successfully after " + KDC_START_ATTEMPTS
            + " attempts.", started);

    createUsers(NUM_USERS);
    createServiceUsers(NUM_USERS);

    final Configuration conf = new Configuration(false);
    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
    conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true);
    UserGroupInformation.setConfiguration(conf);

    // Clear the cached singletons so we can inject our own.
    InstanceResolver.clearSingletons();
    // Make sure the ConnectionInfo doesn't try to pull a default Configuration
    InstanceResolver.getSingleton(ConfigurationFactory.class, new ConfigurationFactory() {
        @Override
        public Configuration getConfiguration() {
            return conf;
        }
        @Override
        public Configuration getConfiguration(Configuration confToClone) {
            Configuration copy = new Configuration(conf);
            copy.addResource(confToClone);
            return copy;
        }
    });
    updateDefaultRealm();
}
 
Example 18
Source File: SecureTestEnvironment.java    From flink with Apache License 2.0 4 votes vote down vote up
public static void prepare(TemporaryFolder tempFolder) {

		try {
			File baseDirForSecureRun = tempFolder.newFolder();
			LOG.info("Base Directory for Secure Environment: {}", baseDirForSecureRun);

			String hostName = "localhost";
			Properties kdcConf = MiniKdc.createConf();
			if (LOG.isDebugEnabled()) {
				kdcConf.setProperty(MiniKdc.DEBUG, "true");
			}
			kdcConf.setProperty(MiniKdc.KDC_BIND_ADDRESS, hostName);
			kdc = new MiniKdc(kdcConf, baseDirForSecureRun);
			kdc.start();
			LOG.info("Started Mini KDC");

			File keytabFile = new File(baseDirForSecureRun, "test-users.keytab");
			testKeytab = keytabFile.getAbsolutePath();
			testZkServerPrincipal = "zookeeper/127.0.0.1";
			testZkClientPrincipal = "zk-client/127.0.0.1";
			testKafkaServerPrincipal = "kafka/" + hostName;
			hadoopServicePrincipal = "hadoop/" + hostName;
			testPrincipal = "client/" + hostName;

			kdc.createPrincipal(keytabFile, testPrincipal, testZkServerPrincipal,
					hadoopServicePrincipal,
					testZkClientPrincipal,
					testKafkaServerPrincipal);

			testPrincipal = testPrincipal + "@" + kdc.getRealm();
			testZkServerPrincipal = testZkServerPrincipal + "@" + kdc.getRealm();
			testZkClientPrincipal = testZkClientPrincipal + "@" + kdc.getRealm();
			testKafkaServerPrincipal = testKafkaServerPrincipal + "@" + kdc.getRealm();
			hadoopServicePrincipal = hadoopServicePrincipal + "@" + kdc.getRealm();

			LOG.info("-------------------------------------------------------------------");
			LOG.info("Test Principal: {}", testPrincipal);
			LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
			LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
			LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
			LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
			LOG.info("Test Keytab: {}", testKeytab);
			LOG.info("-------------------------------------------------------------------");

			//Security Context is established to allow non hadoop applications that requires JAAS
			//based SASL/Kerberos authentication to work. However, for Hadoop specific applications
			//the context can be reinitialized with Hadoop configuration by calling
			//ctx.setHadoopConfiguration() for the UGI implementation to work properly.
			//See Yarn test case module for reference
			Configuration flinkConfig = GlobalConfiguration.loadConfiguration();
			flinkConfig.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
			flinkConfig.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
			flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient");
			SecurityConfiguration ctx = new SecurityConfiguration(flinkConfig);
			TestingSecurityContext.install(ctx, getClientSecurityConfigurationMap());

			populateJavaPropertyVariables();

		} catch (Exception e) {
			throw new RuntimeException("Exception occured while preparing secure environment.", e);
		}

	}
 
Example 19
Source File: TestSecureOzoneCluster.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up
private void startMiniKdc() throws Exception {
  Properties securityProperties = MiniKdc.createConf();
  miniKdc = new MiniKdc(securityProperties, workDir);
  miniKdc.start();
}
 
Example 20
Source File: JAASKerberosTest.java    From blazingcache with Apache License 2.0 2 votes vote down vote up
/**
 *
 * /**
 * Create a Kdc configuration
 */
public void createMiniKdcConf() {
    conf = MiniKdc.createConf();
}