org.apache.hadoop.security.SaslRpcServer.AuthMethod Java Examples

The following examples show how to use org.apache.hadoop.security.SaslRpcServer.AuthMethod. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods)
    throws IOException {
  RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder();
  if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) {
    // SIMPLE-only servers return success in response to negotiate
    negotiateBuilder.setState(SaslState.SUCCESS);
  } else {
    negotiateBuilder.setState(SaslState.NEGOTIATE);
    for (AuthMethod authMethod : authMethods) {
      SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod);      
      SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder()
          .setMethod(authMethod.toString())
          .setMechanism(saslRpcServer.mechanism);
      if (saslRpcServer.protocol != null) {
        builder.setProtocol(saslRpcServer.protocol);
      }
      if (saslRpcServer.serverId != null) {
        builder.setServerId(saslRpcServer.serverId);
      }
    }
  }
  return negotiateBuilder.build();
}
 
Example #2
Source File: Server.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods)
    throws IOException {
  RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder();
  if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) {
    // SIMPLE-only servers return success in response to negotiate
    negotiateBuilder.setState(SaslState.SUCCESS);
  } else {
    negotiateBuilder.setState(SaslState.NEGOTIATE);
    for (AuthMethod authMethod : authMethods) {
      SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod);      
      SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder()
          .setMethod(authMethod.toString())
          .setMechanism(saslRpcServer.mechanism);
      if (saslRpcServer.protocol != null) {
        builder.setProtocol(saslRpcServer.protocol);
      }
      if (saslRpcServer.serverId != null) {
        builder.setServerId(saslRpcServer.serverId);
      }
    }
  }
  return negotiateBuilder.build();
}
 
Example #3
Source File: Server.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Authorize proxy users to access this server
 * @throws WrappedRpcServerException - user is not allowed to proxy
 */
private void authorizeConnection() throws WrappedRpcServerException {
  try {
    // If auth method is TOKEN, the token was obtained by the
    // real user for the effective user, therefore not required to
    // authorize real user. doAs is allowed only for simple or kerberos
    // authentication
    if (user != null && user.getRealUser() != null
        && (authMethod != AuthMethod.TOKEN)) {
      ProxyUsers.authorize(user, this.getHostAddress());
    }
    authorize(user, protocolName, getHostInetAddress());
    if (LOG.isDebugEnabled()) {
      LOG.debug("Successfully authorized " + connectionContext);
    }
    rpcMetrics.incrAuthorizationSuccesses();
  } catch (AuthorizationException ae) {
    LOG.info("Connection from " + this
        + " for protocol " + connectionContext.getProtocol()
        + " is unauthorized for user " + user);
    rpcMetrics.incrAuthorizationFailures();
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_UNAUTHORIZED, ae);
  }
}
 
Example #4
Source File: Server.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private List<AuthMethod> getAuthMethods(SecretManager<?> secretManager,
                                           Configuration conf) {
  AuthenticationMethod confAuthenticationMethod =
      SecurityUtil.getAuthenticationMethod(conf);        
  List<AuthMethod> authMethods = new ArrayList<AuthMethod>();
  if (confAuthenticationMethod == AuthenticationMethod.TOKEN) {
    if (secretManager == null) {
      throw new IllegalArgumentException(AuthenticationMethod.TOKEN +
          " authentication requires a secret manager");
    } 
  } else if (secretManager != null) {
    LOG.debug(AuthenticationMethod.TOKEN +
        " authentication enabled for secret manager");
    // most preferred, go to the front of the line!
    authMethods.add(AuthenticationMethod.TOKEN.getAuthMethod());
  }
  authMethods.add(confAuthenticationMethod.getAuthMethod());        
  
  LOG.debug("Server accepts auth methods:" + authMethods);
  return authMethods;
}
 
Example #5
Source File: Server.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildSaslNegotiateResponse()
    throws IOException, InterruptedException {
  RpcSaslProto negotiateMessage = negotiateResponse;
  // accelerate token negotiation by sending initial challenge
  // in the negotiation response
  if (enabledAuthMethods.contains(AuthMethod.TOKEN)) {
    saslServer = createSaslServer(AuthMethod.TOKEN);
    byte[] challenge = saslServer.evaluateResponse(new byte[0]);
    RpcSaslProto.Builder negotiateBuilder =
        RpcSaslProto.newBuilder(negotiateResponse);
    negotiateBuilder.getAuthsBuilder(0)  // TOKEN is always first
        .setChallenge(ByteString.copyFrom(challenge));
    negotiateMessage = negotiateBuilder.build();
  }
  sentNegotiate = true;
  return negotiateMessage;
}
 
Example #6
Source File: Server.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example #7
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example #8
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
private RpcSaslProto buildSaslNegotiateResponse()
    throws IOException, InterruptedException {
  RpcSaslProto negotiateMessage = negotiateResponse;
  // accelerate token negotiation by sending initial challenge
  // in the negotiation response
  if (enabledAuthMethods.contains(AuthMethod.TOKEN)) {
    saslServer = createSaslServer(AuthMethod.TOKEN);
    byte[] challenge = saslServer.evaluateResponse(new byte[0]);
    RpcSaslProto.Builder negotiateBuilder =
        RpcSaslProto.newBuilder(negotiateResponse);
    negotiateBuilder.getAuthsBuilder(0)  // TOKEN is always first
        .setChallenge(ByteString.copyFrom(challenge));
    negotiateMessage = negotiateBuilder.build();
  }
  sentNegotiate = true;
  return negotiateMessage;
}
 
Example #9
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Authorize proxy users to access this server
 * @throws WrappedRpcServerException - user is not allowed to proxy
 */
private void authorizeConnection() throws WrappedRpcServerException {
  try {
    // If auth method is TOKEN, the token was obtained by the
    // real user for the effective user, therefore not required to
    // authorize real user. doAs is allowed only for simple or kerberos
    // authentication
    if (user != null && user.getRealUser() != null
        && (authMethod != AuthMethod.TOKEN)) {
      ProxyUsers.authorize(user, this.getHostAddress());
    }
    authorize(user, protocolName, getHostInetAddress());
    if (LOG.isDebugEnabled()) {
      LOG.debug("Successfully authorized " + connectionContext);
    }
    rpcMetrics.incrAuthorizationSuccesses();
  } catch (AuthorizationException ae) {
    LOG.info("Connection from " + this
        + " for protocol " + connectionContext.getProtocol()
        + " is unauthorized for user " + user);
    rpcMetrics.incrAuthorizationFailures();
    throw new WrappedRpcServerException(
        RpcErrorCodeProto.FATAL_UNAUTHORIZED, ae);
  }
}
 
Example #10
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
private List<AuthMethod> getAuthMethods(SecretManager<?> secretManager,
                                           Configuration conf) {
  AuthenticationMethod confAuthenticationMethod =
      SecurityUtil.getAuthenticationMethod(conf);        
  List<AuthMethod> authMethods = new ArrayList<AuthMethod>();
  if (confAuthenticationMethod == AuthenticationMethod.TOKEN) {
    if (secretManager == null) {
      throw new IllegalArgumentException(AuthenticationMethod.TOKEN +
          " authentication requires a secret manager");
    } 
  } else if (secretManager != null) {
    LOG.debug(AuthenticationMethod.TOKEN +
        " authentication enabled for secret manager");
    // most preferred, go to the front of the line!
    authMethods.add(AuthenticationMethod.TOKEN.getAuthMethod());
  }
  authMethods.add(confAuthenticationMethod.getAuthMethod());        
  
  LOG.debug("Server accepts auth methods:" + authMethods);
  return authMethods;
}
 
Example #11
Source File: Client.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void writeConnectionContext(ConnectionId remoteId,
                                    AuthMethod authMethod)
                                        throws IOException {
  // Write out the ConnectionHeader
  IpcConnectionContextProto message = ProtoUtil.makeIpcConnectionContext(
      RPC.getProtocolName(remoteId.getProtocol()),
      remoteId.getTicket(),
      authMethod);
  RpcRequestHeaderProto connectionContextHeader = ProtoUtil
      .makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
          OperationProto.RPC_FINAL_PACKET, CONNECTION_CONTEXT_CALL_ID,
          RpcConstants.INVALID_RETRY_COUNT, clientId);
  RpcRequestMessageWrapper request =
      new RpcRequestMessageWrapper(connectionContextHeader, message);
  
  // Write out the packet length
  out.writeInt(request.getLength());
  request.write(out);
}
 
Example #12
Source File: Client.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void writeConnectionContext(ConnectionId remoteId,
                                    AuthMethod authMethod)
                                        throws IOException {
  // Write out the ConnectionHeader
  IpcConnectionContextProto message = ProtoUtil.makeIpcConnectionContext(
      RPC.getProtocolName(remoteId.getProtocol()),
      remoteId.getTicket(),
      authMethod);
  RpcRequestHeaderProto connectionContextHeader = ProtoUtil
      .makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
          OperationProto.RPC_FINAL_PACKET, CONNECTION_CONTEXT_CALL_ID,
          RpcConstants.INVALID_RETRY_COUNT, clientId);
  RpcRequestMessageWrapper request =
      new RpcRequestMessageWrapper(connectionContextHeader, message);
  
  // Write out the packet length
  out.writeInt(request.getLength());
  request.write(out);
}
 
Example #13
Source File: TestSaslRPC.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void runNegotiation(CallbackHandler clientCbh,
                            CallbackHandler serverCbh)
                                throws SaslException {
  String mechanism = AuthMethod.PLAIN.getMechanismName();

  SaslClient saslClient = Sasl.createSaslClient(
      new String[]{ mechanism }, null, null, null, null, clientCbh);
  assertNotNull(saslClient);

  SaslServer saslServer = Sasl.createSaslServer(
      mechanism, null, "localhost", null, serverCbh);
  assertNotNull("failed to find PLAIN server", saslServer);
  
  byte[] response = saslClient.evaluateChallenge(new byte[0]);
  assertNotNull(response);
  assertTrue(saslClient.isComplete());

  response = saslServer.evaluateResponse(response);
  assertNull(response);
  assertTrue(saslServer.isComplete());
  assertNotNull(saslServer.getAuthorizationID());
}
 
Example #14
Source File: TestSaslRPC.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void runNegotiation(CallbackHandler clientCbh,
                            CallbackHandler serverCbh)
                                throws SaslException {
  String mechanism = AuthMethod.PLAIN.getMechanismName();

  SaslClient saslClient = Sasl.createSaslClient(
      new String[]{ mechanism }, null, null, null, null, clientCbh);
  assertNotNull(saslClient);

  SaslServer saslServer = Sasl.createSaslServer(
      mechanism, null, "localhost", null, serverCbh);
  assertNotNull("failed to find PLAIN server", saslServer);
  
  byte[] response = saslClient.evaluateChallenge(new byte[0]);
  assertNotNull(response);
  assertTrue(saslClient.isComplete());

  response = saslServer.evaluateResponse(response);
  assertNull(response);
  assertTrue(saslServer.isComplete());
  assertNotNull(saslServer.getAuthorizationID());
}
 
Example #15
Source File: ProtoUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
/** 
 * This method creates the connection context  using exactly the same logic
 * as the old connection context as was done for writable where
 * the effective and real users are set based on the auth method.
 *
 */
public static IpcConnectionContextProto makeIpcConnectionContext(
    final String protocol,
    final UserGroupInformation ugi, final AuthMethod authMethod) {
  IpcConnectionContextProto.Builder result = IpcConnectionContextProto.newBuilder();
  if (protocol != null) {
    result.setProtocol(protocol);
  }
  UserInformationProto.Builder ugiProto =  UserInformationProto.newBuilder();
  if (ugi != null) {
    /*
     * In the connection context we send only additional user info that
     * is not derived from the authentication done during connection setup.
     */
    if (authMethod == AuthMethod.KERBEROS) {
      // Real user was established as part of the connection.
      // Send effective user only.
      ugiProto.setEffectiveUser(ugi.getUserName());
    } else if (authMethod == AuthMethod.TOKEN) {
      // With token, the connection itself establishes 
      // both real and effective user. Hence send none in header.
    } else {  // Simple authentication
      // No user info is established as part of the connection.
      // Send both effective user and real user
      ugiProto.setEffectiveUser(ugi.getUserName());
      if (ugi.getRealUser() != null) {
        ugiProto.setRealUser(ugi.getRealUser().getUserName());
      }
    }
  }   
  result.setUserInfo(ugiProto);
  return result.build();
}
 
Example #16
Source File: TestRMRestart.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 60000)
public void testAppSubmissionWithOldDelegationTokenAfterRMRestart()
    throws Exception {
  conf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2);
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  conf.set(YarnConfiguration.RM_ADDRESS, "localhost:8032");
  UserGroupInformation.setConfiguration(conf);
  MemoryRMStateStore memStore = new MemoryRMStateStore();
  memStore.init(conf);

  MockRM rm1 = new TestSecurityMockRM(conf, memStore);
  rm1.start();

  GetDelegationTokenRequest request1 =
      GetDelegationTokenRequest.newInstance("renewer1");
  UserGroupInformation.getCurrentUser().setAuthenticationMethod(
      AuthMethod.KERBEROS);
  GetDelegationTokenResponse response1 =
      rm1.getClientRMService().getDelegationToken(request1);
  Token<RMDelegationTokenIdentifier> token1 =
      ConverterUtils.convertFromYarn(response1.getRMDelegationToken(), rmAddr);

  // start new RM
  MockRM rm2 = new TestSecurityMockRM(conf, memStore);
  rm2.start();

  // submit an app with the old delegation token got from previous RM.
  Credentials ts = new Credentials();
  ts.addToken(token1.getService(), token1);
  RMApp app = rm2.submitApp(200, "name", "user",
      new HashMap<ApplicationAccessType, String>(), false, "default", 1, ts);
  rm2.waitForState(app.getApplicationId(), RMAppState.ACCEPTED);
}
 
Example #17
Source File: TestSaslRPC.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth,
    final UseToken tokenType) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, tokenType);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}
 
Example #18
Source File: TestApplicationHistoryManagerOnTimelineStore.java    From big-c with Apache License 2.0 5 votes vote down vote up
public TestApplicationHistoryManagerOnTimelineStore(String caller) {
  conf = new YarnConfiguration();
  if (!caller.equals("")) {
    callerUGI = UserGroupInformation.createRemoteUser(caller, AuthMethod.SIMPLE);
    conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
    conf.set(YarnConfiguration.YARN_ADMIN_ACL, "admin");
  }
}
 
Example #19
Source File: TestSaslRPC.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, UseToken.NONE);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}
 
Example #20
Source File: SaslRpcClient.java    From big-c with Apache License 2.0 5 votes vote down vote up
private boolean isValidAuthType(SaslAuth authType) {
  AuthMethod authMethod;
  try {
    authMethod = AuthMethod.valueOf(authType.getMethod());
  } catch (IllegalArgumentException iae) { // unknown auth
    authMethod = null;
  }
  // do we know what it is?  is it using our mechanism?
  return authMethod != null &&
         authMethod.getMechanismName().equals(authType.getMechanism());
}
 
Example #21
Source File: ProtoUtil.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/** 
 * This method creates the connection context  using exactly the same logic
 * as the old connection context as was done for writable where
 * the effective and real users are set based on the auth method.
 *
 */
public static IpcConnectionContextProto makeIpcConnectionContext(
    final String protocol,
    final UserGroupInformation ugi, final AuthMethod authMethod) {
  IpcConnectionContextProto.Builder result = IpcConnectionContextProto.newBuilder();
  if (protocol != null) {
    result.setProtocol(protocol);
  }
  UserInformationProto.Builder ugiProto =  UserInformationProto.newBuilder();
  if (ugi != null) {
    /*
     * In the connection context we send only additional user info that
     * is not derived from the authentication done during connection setup.
     */
    if (authMethod == AuthMethod.KERBEROS) {
      // Real user was established as part of the connection.
      // Send effective user only.
      ugiProto.setEffectiveUser(ugi.getUserName());
    } else if (authMethod == AuthMethod.TOKEN) {
      // With token, the connection itself establishes 
      // both real and effective user. Hence send none in header.
    } else {  // Simple authentication
      // No user info is established as part of the connection.
      // Send both effective user and real user
      ugiProto.setEffectiveUser(ugi.getUserName());
      if (ugi.getRealUser() != null) {
        ugiProto.setRealUser(ugi.getRealUser().getUserName());
      }
    }
  }   
  result.setUserInfo(ugiProto);
  return result.build();
}
 
Example #22
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a user from a login name. It is intended to be used for remote
 * users in RPC, since it won't have any credentials.
 * @param user the full user principal name, must not be empty or null
 * @return the UserGroupInformation for the remote user.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) {
  if (user == null || user.isEmpty()) {
    throw new IllegalArgumentException("Null user");
  }
  Subject subject = new Subject();
  subject.getPrincipals().add(new User(user));
  UserGroupInformation result = new UserGroupInformation(subject);
  result.setAuthenticationMethod(authMethod);
  return result;
}
 
Example #23
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static AuthenticationMethod valueOf(AuthMethod authMethod) {
  for (AuthenticationMethod value : values()) {
    if (value.getAuthMethod() == authMethod) {
      return value;
    }
  }
  throw new IllegalArgumentException(
      "no authentication method for " + authMethod);
}
 
Example #24
Source File: TestRMRestart.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 60000)
public void testAppSubmissionWithOldDelegationTokenAfterRMRestart()
    throws Exception {
  conf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS, 2);
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  conf.set(YarnConfiguration.RM_ADDRESS, "localhost:8032");
  UserGroupInformation.setConfiguration(conf);
  MemoryRMStateStore memStore = new MemoryRMStateStore();
  memStore.init(conf);

  MockRM rm1 = new TestSecurityMockRM(conf, memStore);
  rm1.start();

  GetDelegationTokenRequest request1 =
      GetDelegationTokenRequest.newInstance("renewer1");
  UserGroupInformation.getCurrentUser().setAuthenticationMethod(
      AuthMethod.KERBEROS);
  GetDelegationTokenResponse response1 =
      rm1.getClientRMService().getDelegationToken(request1);
  Token<RMDelegationTokenIdentifier> token1 =
      ConverterUtils.convertFromYarn(response1.getRMDelegationToken(), rmAddr);

  // start new RM
  MockRM rm2 = new TestSecurityMockRM(conf, memStore);
  rm2.start();

  // submit an app with the old delegation token got from previous RM.
  Credentials ts = new Credentials();
  ts.addToken(token1.getService(), token1);
  RMApp app = rm2.submitApp(200, "name", "user",
      new HashMap<ApplicationAccessType, String>(), false, "default", 1, ts);
  rm2.waitForState(app.getApplicationId(), RMAppState.ACCEPTED);
}
 
Example #25
Source File: Client.java    From big-c with Apache License 2.0 5 votes vote down vote up
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  if (authMethod == AuthMethod.KERBEROS && loginUser != null &&
  // Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser))) {
    return true;
  }
  return false;
}
 
Example #26
Source File: Client.java    From big-c with Apache License 2.0 5 votes vote down vote up
private synchronized AuthMethod setupSaslConnection(final InputStream in2, 
    final OutputStream out2) throws IOException {
  // Do not use Client.conf here! We must use ConnectionId.conf, since the
  // Client object is cached and shared between all RPC clients, even those
  // for separate services.
  saslRpcClient = new SaslRpcClient(remoteId.getTicket(),
      remoteId.getProtocol(), remoteId.getAddress(), remoteId.conf);
  return saslRpcClient.saslConnect(in2, out2);
}
 
Example #27
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testCreateRemoteUser() {
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
  assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
  assertTrue (ugi.toString().contains("(auth:SIMPLE)"));
  ugi = UserGroupInformation.createRemoteUser("user1", 
      AuthMethod.KERBEROS);
  assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
  assertTrue (ugi.toString().contains("(auth:KERBEROS)"));
}
 
Example #28
Source File: TestSaslRPC.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void doDigestRpc(Server server, TestTokenSecretManager sm
                         ) throws Exception {
  server.start();

  final UserGroupInformation current = UserGroupInformation.getCurrentUser();
  final InetSocketAddress addr = NetUtils.getConnectAddress(server);
  TestTokenIdentifier tokenId = new TestTokenIdentifier(new Text(current
      .getUserName()));
  Token<TestTokenIdentifier> token = new Token<TestTokenIdentifier>(tokenId,
      sm);
  SecurityUtil.setTokenService(token, addr);
  current.addToken(token);

  TestSaslProtocol proxy = null;
  try {
    proxy = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, conf);
    AuthMethod authMethod = proxy.getAuthMethod();
    assertEquals(TOKEN, authMethod);
    //QOP must be auth
    assertEquals(expectedQop.saslQop,
                 RPC.getConnectionIdForProxy(proxy).getSaslQop());            
    proxy.ping();
  } finally {
    server.stop();
    if (proxy != null) {
      RPC.stopProxy(proxy);
    }
  }
}
 
Example #29
Source File: TestSaslRPC.java    From big-c with Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, UseToken.NONE);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}
 
Example #30
Source File: TestSaslRPC.java    From big-c with Apache License 2.0 5 votes vote down vote up
private String getAuthMethod(
    final AuthMethod clientAuth,
    final AuthMethod serverAuth,
    final UseToken tokenType) throws Exception {
  try {
    return internalGetAuthMethod(clientAuth, serverAuth, tokenType);
  } catch (Exception e) {
    LOG.warn("Auth method failure", e);
    return e.toString();
  }
}