Java Code Examples for org.apache.hadoop.hbase.security.User#getCurrent()

The following examples show how to use org.apache.hadoop.hbase.security.User#getCurrent() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestTablePermissions.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthManager() throws Exception {
  Configuration conf = UTIL.getConfiguration();
  /**
   * test a race condition causing AuthManager to sometimes fail global permissions checks
   * when the global cache is being updated
   */
  AuthManager authManager = new AuthManager(conf);
  // currently running user is the system user and should have global admin perms
  User currentUser = User.getCurrent();
  assertTrue(authManager.authorizeUserGlobal(currentUser, Permission.Action.ADMIN));
  try (Connection connection = ConnectionFactory.createConnection(conf)) {
    for (int i = 1; i <= 50; i++) {
      addUserPermission(conf,
        new UserPermission("testauth" + i,
            Permission.newBuilder()
                .withActions(Permission.Action.ADMIN, Permission.Action.READ,
                  Permission.Action.WRITE)
                .build()),
        connection.getTable(PermissionStorage.ACL_TABLE_NAME));
      // make sure the system user still shows as authorized
      assertTrue("Failed current user auth check on iter "+i,
        authManager.authorizeUserGlobal(currentUser, Permission.Action.ADMIN));
    }
  }
}
 
Example 2
Source File: TestAsyncNonMetaRegionLocatorConcurrenyLimit.java    From hbase with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  Configuration conf = TEST_UTIL.getConfiguration();
  conf.set(REGION_COPROCESSOR_CONF_KEY, CountingRegionObserver.class.getName());
  conf.setInt(MAX_CONCURRENT_LOCATE_REQUEST_PER_TABLE, MAX_ALLOWED);
  TEST_UTIL.startMiniCluster(3);
  TEST_UTIL.getAdmin().balancerSwitch(false, true);
  ConnectionRegistry registry =
      ConnectionRegistryFactory.getRegistry(TEST_UTIL.getConfiguration());
  CONN = new AsyncConnectionImpl(TEST_UTIL.getConfiguration(), registry,
    registry.getClusterId().get(), null, User.getCurrent());
  LOCATOR = new AsyncNonMetaRegionLocator(CONN);
  SPLIT_KEYS = IntStream.range(1, 256).mapToObj(i -> Bytes.toBytes(String.format("%02x", i)))
    .toArray(byte[][]::new);
  TEST_UTIL.createTable(TABLE_NAME, FAMILY, SPLIT_KEYS);
  TEST_UTIL.waitTableAvailable(TABLE_NAME);
}
 
Example 3
Source File: HBaseTestingUtility.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * This method clones the passed <code>c</code> configuration setting a new
 * user into the clone.  Use it getting new instances of FileSystem.  Only
 * works for DistributedFileSystem w/o Kerberos.
 * @param c Initial configuration
 * @param differentiatingSuffix Suffix to differentiate this user from others.
 * @return A new configuration instance with a different user set into it.
 * @throws IOException
 */
public static User getDifferentUser(final Configuration c,
  final String differentiatingSuffix)
throws IOException {
  FileSystem currentfs = FileSystem.get(c);
  if (!(currentfs instanceof DistributedFileSystem) || User.isHBaseSecurityEnabled(c)) {
    return User.getCurrent();
  }
  // Else distributed filesystem.  Make a new instance per daemon.  Below
  // code is taken from the AppendTestUtil over in hdfs.
  String username = User.getCurrent().getName() +
    differentiatingSuffix;
  User user = User.createUserForTesting(c, username,
      new String[]{"supergroup"});
  return user;
}
 
Example 4
Source File: MasterRegistry.java    From hbase with Apache License 2.0 6 votes vote down vote up
MasterRegistry(Configuration conf) throws IOException {
  this.hedgedReadFanOut = Math.max(1, conf.getInt(MASTER_REGISTRY_HEDGED_REQS_FANOUT_KEY,
    MASTER_REGISTRY_HEDGED_REQS_FANOUT_DEFAULT));
  int rpcTimeoutMs = (int) Math.min(Integer.MAX_VALUE,
    conf.getLong(HConstants.HBASE_RPC_TIMEOUT_KEY, HConstants.DEFAULT_HBASE_RPC_TIMEOUT));
  // XXX: we pass cluster id as null here since we do not have a cluster id yet, we have to fetch
  // this through the master registry...
  // This is a problem as we will use the cluster id to determine the authentication method
  rpcClient = RpcClientFactory.createClient(conf, null);
  rpcControllerFactory = RpcControllerFactory.instantiate(conf);
  Set<ServerName> masterAddrs = parseMasterAddrs(conf);
  ImmutableMap.Builder<ServerName, ClientMetaService.Interface> builder =
    ImmutableMap.builderWithExpectedSize(masterAddrs.size());
  User user = User.getCurrent();
  for (ServerName masterAddr : masterAddrs) {
    builder.put(masterAddr,
      ClientMetaService.newStub(rpcClient.createRpcChannel(masterAddr, user, rpcTimeoutMs)));
  }
  masterAddr2Stub = builder.build();
}
 
Example 5
Source File: PhoenixEmbeddedDriver.java    From phoenix with Apache License 2.0 6 votes vote down vote up
public ConnectionInfo(String zookeeperQuorum, Integer port, String rootNode, String principal, String keytab) {
    this.zookeeperQuorum = zookeeperQuorum;
    this.port = port;
    this.rootNode = rootNode;
    this.isConnectionless = PhoenixRuntime.CONNECTIONLESS.equals(zookeeperQuorum);
    this.principal = principal;
    this.keytab = keytab;
    try {
        this.user = User.getCurrent();
    } catch (IOException e) {
        throw new RuntimeException("Couldn't get the current user!!");
    }
    if (null == this.user) {
        throw new RuntimeException("Acquired null user which should never happen");
    }
}
 
Example 6
Source File: PhoenixAccessController.java    From phoenix with Apache License 2.0 6 votes vote down vote up
/**
 * Should be called only once to pre-load list of super users and super
 * groups from Configuration. This operation is idempotent.
 * @param conf configuration to load users from
 * @throws IOException if unable to initialize lists of superusers or super groups
 * @throws IllegalStateException if current user is null
 */
public static void initialize(Configuration conf) throws IOException {
    superUsers = new ArrayList<>();
    superGroups = new ArrayList<>();
    systemUser = User.getCurrent();

    if (systemUser == null) {
        throw new IllegalStateException("Unable to obtain the current user, "
            + "authorization checks for internal operations will not work correctly!");
    }

    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Current user name is " + systemUser.getShortName());
    }
    String currentUser = systemUser.getShortName();
    String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
    for (String name : superUserList) {
        if (AuthUtil.isGroupPrincipal(name)) {
            superGroups.add(AuthUtil.getGroupName(name));
        } else {
            superUsers.add(name);
        }
    }
    superUsers.add(currentUser);
}
 
Example 7
Source File: RangerAuthorizationCoprocessor.java    From ranger with Apache License 2.0 5 votes vote down vote up
protected void requireSystemOrSuperUser(Configuration conf, ObserverContext<?> ctx) throws IOException {
	User user = User.getCurrent();
	if (user == null) {
		throw new IOException("Unable to obtain the current user, authorization checks for internal operations will not work correctly!");
	}
	String systemUser = user.getShortName();
	User activeUser = getActiveUser(ctx);
	if (!Objects.equals(systemUser, activeUser.getShortName()) && !_userUtils.isSuperUser(activeUser)) {
		throw new AccessDeniedException("User '" + user.getShortName() + "is not system or super user.");
	}
}
 
Example 8
Source File: VisibilityUtils.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * @return User who called RPC method. For non-RPC handling, falls back to system user
 * @throws IOException When there is IOE in getting the system user (During non-RPC handling).
 */
public static User getActiveUser() throws IOException {
  Optional<User> optionalUser = RpcServer.getRequestUser();
  User user;
  if (optionalUser.isPresent()) {
    user = optionalUser.get();
  } else {
    user = User.getCurrent();
  }
  if (LOG.isTraceEnabled()) {
    LOG.trace("Current active user name is " + user.getShortName());
  }
  return user;
}
 
Example 9
Source File: TestAsyncNonMetaRegionLocator.java    From hbase with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  TEST_UTIL.startMiniCluster(3);
  TEST_UTIL.getAdmin().balancerSwitch(false, true);
  ConnectionRegistry registry =
      ConnectionRegistryFactory.getRegistry(TEST_UTIL.getConfiguration());
  CONN = new AsyncConnectionImpl(TEST_UTIL.getConfiguration(), registry,
    registry.getClusterId().get(), null, User.getCurrent());
  LOCATOR = new AsyncNonMetaRegionLocator(CONN);
  SPLIT_KEYS = new byte[8][];
  for (int i = 111; i < 999; i += 111) {
    SPLIT_KEYS[i / 111 - 1] = Bytes.toBytes(String.format("%03d", i));
  }
}
 
Example 10
Source File: TestAsyncSingleRequestRpcRetryingCaller.java    From hbase with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUpBeforeClass() throws Exception {
  TEST_UTIL.startMiniCluster(2);
  TEST_UTIL.getAdmin().balancerSwitch(false, true);
  TEST_UTIL.createTable(TABLE_NAME, FAMILY);
  TEST_UTIL.waitTableAvailable(TABLE_NAME);
  ConnectionRegistry registry =
      ConnectionRegistryFactory.getRegistry(TEST_UTIL.getConfiguration());
  CONN = new AsyncConnectionImpl(TEST_UTIL.getConfiguration(), registry,
    registry.getClusterId().get(), null, User.getCurrent());
}
 
Example 11
Source File: TestAsyncRegionLocator.java    From hbase with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  Configuration conf = TEST_UTIL.getConfiguration();
  conf.set(REGION_COPROCESSOR_CONF_KEY, SleepRegionObserver.class.getName());
  conf.setLong(HBASE_CLIENT_META_OPERATION_TIMEOUT, 2000);
  TEST_UTIL.startMiniCluster(1);
  TEST_UTIL.createTable(TABLE_NAME, FAMILY);
  TEST_UTIL.waitTableAvailable(TABLE_NAME);
  ConnectionRegistry registry =
      ConnectionRegistryFactory.getRegistry(TEST_UTIL.getConfiguration());
  CONN = new AsyncConnectionImpl(TEST_UTIL.getConfiguration(), registry,
    registry.getClusterId().get(), null, User.getCurrent());
  LOCATOR = CONN.getLocator();
}
 
Example 12
Source File: MiniHBaseCluster.java    From hbase with Apache License 2.0 4 votes vote down vote up
public MiniHBaseClusterRegionServer(Configuration conf)
    throws IOException, InterruptedException {
  super(conf);
  this.user = User.getCurrent();
}
 
Example 13
Source File: TestNettyRpcConnection.java    From hbase with Apache License 2.0 4 votes vote down vote up
@BeforeClass
public static void setUp() throws IOException {
  CLIENT = new NettyRpcClient(HBaseConfiguration.create());
  CONN = new NettyRpcConnection(CLIENT,
    new ConnectionId(User.getCurrent(), "test", new InetSocketAddress("localhost", 1234)));
}