org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod Java Examples

The following examples show how to use org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestUserGroupInformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/** test constructor */
@Test (timeout = 30000)
public void testConstructorWithKerberos() throws Exception {
  // security on, default is remove default realm
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
  UserGroupInformation.setConfiguration(conf);

  testConstructorSuccess("user1", "user1");
  testConstructorSuccess("[email protected]", "user2");
  testConstructorSuccess("user3/[email protected]", "user3");    
  // failure test
  testConstructorFailures("[email protected]");
  testConstructorFailures("user5/[email protected]");
  testConstructorFailures(null);
  testConstructorFailures("");
}
 
Example #2
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void tryLoginAuthenticationMethod(AuthenticationMethod method,
                                          boolean expectSuccess)
                                              throws IOException {
  SecurityUtil.setAuthenticationMethod(method, conf);
  UserGroupInformation.setConfiguration(conf); // pick up changed auth       

  UserGroupInformation ugi = null;
  Exception ex = null;
  try {
    ugi = UserGroupInformation.getLoginUser();
  } catch (Exception e) {
    ex = e;
  }
  if (expectSuccess) {
    assertNotNull(ugi);
    assertEquals(method, ugi.getAuthenticationMethod());
  } else {
    assertNotNull(ex);
    assertEquals(UnsupportedOperationException.class, ex.getClass());
    assertEquals(method + " login authentication is not supported",
                 ex.getMessage());
  }
}
 
Example #3
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 6 votes vote down vote up
/** test constructor */
@Test (timeout = 30000)
public void testConstructorWithKerberosRules() throws Exception {
  // security on, explicit rules
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL,
      "RULE:[2:$1@$0](.*@OTHER.REALM)s/(.*)@.*/other-$1/" +
      "RULE:[1:$1@$0](.*@OTHER.REALM)s/(.*)@.*/other-$1/" +
      "DEFAULT");
  UserGroupInformation.setConfiguration(conf);
  
  testConstructorSuccess("user1", "user1");
  testConstructorSuccess("[email protected]", "user2");
  testConstructorSuccess("user3/[email protected]", "user3");    
  testConstructorSuccess("[email protected]", "other-user4");
  testConstructorSuccess("user5/[email protected]", "other-user5");
  // failure test
  testConstructorFailures(null);
  testConstructorFailures("");
}
 
Example #4
Source File: TestDelegationToken.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testGetUserWithOwnerAndReal() {
  Text owner = new Text("owner");
  Text realUser = new Text("realUser");
  TestDelegationTokenIdentifier ident =
      new TestDelegationTokenIdentifier(owner, null, realUser);
  UserGroupInformation ugi = ident.getUser();
  assertNotNull(ugi.getRealUser());
  assertNull(ugi.getRealUser().getRealUser());
  assertEquals("owner", ugi.getUserName());
  assertEquals("realUser", ugi.getRealUser().getUserName());
  assertEquals(AuthenticationMethod.PROXY,
               ugi.getAuthenticationMethod());
  assertEquals(AuthenticationMethod.TOKEN,
               ugi.getRealUser().getAuthenticationMethod());
}
 
Example #5
Source File: TestUGIWithExternalKdc.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testLogin() throws IOException {
  String userPrincipal = System.getProperty("user.principal");
  String userKeyTab = System.getProperty("user.keytab");
  Assert.assertNotNull("User principal was not specified", userPrincipal);
  Assert.assertNotNull("User keytab was not specified", userKeyTab);

  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);

  UserGroupInformation ugi = UserGroupInformation
      .loginUserFromKeytabAndReturnUGI(userPrincipal, userKeyTab);

  Assert.assertEquals(AuthenticationMethod.KERBEROS,
      ugi.getAuthenticationMethod());
  
  try {
    UserGroupInformation
    .loginUserFromKeytabAndReturnUGI("[email protected]", userKeyTab);
    Assert.fail("Login should have failed");
  } catch (Exception ex) {
    ex.printStackTrace();
  }
}
 
Example #6
Source File: Server.java    From big-c with Apache License 2.0 6 votes vote down vote up
private List<AuthMethod> getAuthMethods(SecretManager<?> secretManager,
                                           Configuration conf) {
  AuthenticationMethod confAuthenticationMethod =
      SecurityUtil.getAuthenticationMethod(conf);        
  List<AuthMethod> authMethods = new ArrayList<AuthMethod>();
  if (confAuthenticationMethod == AuthenticationMethod.TOKEN) {
    if (secretManager == null) {
      throw new IllegalArgumentException(AuthenticationMethod.TOKEN +
          " authentication requires a secret manager");
    } 
  } else if (secretManager != null) {
    LOG.debug(AuthenticationMethod.TOKEN +
        " authentication enabled for secret manager");
    // most preferred, go to the front of the line!
    authMethods.add(AuthenticationMethod.TOKEN.getAuthMethod());
  }
  authMethods.add(confAuthenticationMethod.getAuthMethod());        
  
  LOG.debug("Server accepts auth methods:" + authMethods);
  return authMethods;
}
 
Example #7
Source File: AbstractDelegationTokenIdentifier.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Get the username encoded in the token identifier
 * 
 * @return the username or owner
 */
@Override
public UserGroupInformation getUser() {
  if ( (owner == null) || (owner.toString().isEmpty())) {
    return null;
  }
  final UserGroupInformation realUgi;
  final UserGroupInformation ugi;
  if ((realUser == null) || (realUser.toString().isEmpty())
      || realUser.equals(owner)) {
    ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
  } else {
    realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
    ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
  }
  realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
  return ugi;
}
 
Example #8
Source File: TestUGIWithExternalKdc.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testLogin() throws IOException {
  String userPrincipal = System.getProperty("user.principal");
  String userKeyTab = System.getProperty("user.keytab");
  Assert.assertNotNull("User principal was not specified", userPrincipal);
  Assert.assertNotNull("User keytab was not specified", userKeyTab);

  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);

  UserGroupInformation ugi = UserGroupInformation
      .loginUserFromKeytabAndReturnUGI(userPrincipal, userKeyTab);

  Assert.assertEquals(AuthenticationMethod.KERBEROS,
      ugi.getAuthenticationMethod());
  
  try {
    UserGroupInformation
    .loginUserFromKeytabAndReturnUGI("[email protected]", userKeyTab);
    Assert.fail("Login should have failed");
  } catch (Exception ex) {
    ex.printStackTrace();
  }
}
 
Example #9
Source File: SaslDataTransferTestCase.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Creates configuration for starting a secure cluster.
 *
 * @param dataTransferProtection supported QOPs
 * @return configuration for starting a secure cluster
 * @throws Exception if there is any failure
 */
protected HdfsConfiguration createSecureConfig(
    String dataTransferProtection) throws Exception {
  HdfsConfiguration conf = new HdfsConfiguration();
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
  conf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
  conf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
  conf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, dataTransferProtection);
  conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);

  String keystoresDir = baseDir.getAbsolutePath();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(this.getClass());
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  return conf;
}
 
Example #10
Source File: AbstractDelegationTokenIdentifier.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Get the username encoded in the token identifier
 * 
 * @return the username or owner
 */
@Override
public UserGroupInformation getUser() {
  if ( (owner == null) || (owner.toString().isEmpty())) {
    return null;
  }
  final UserGroupInformation realUgi;
  final UserGroupInformation ugi;
  if ((realUser == null) || (realUser.toString().isEmpty())
      || realUser.equals(owner)) {
    ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
  } else {
    realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
    ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
  }
  realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
  return ugi;
}
 
Example #11
Source File: TestUserGroupInformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void tryLoginAuthenticationMethod(AuthenticationMethod method,
                                          boolean expectSuccess)
                                              throws IOException {
  SecurityUtil.setAuthenticationMethod(method, conf);
  UserGroupInformation.setConfiguration(conf); // pick up changed auth       

  UserGroupInformation ugi = null;
  Exception ex = null;
  try {
    ugi = UserGroupInformation.getLoginUser();
  } catch (Exception e) {
    ex = e;
  }
  if (expectSuccess) {
    assertNotNull(ugi);
    assertEquals(method, ugi.getAuthenticationMethod());
  } else {
    assertNotNull(ex);
    assertEquals(UnsupportedOperationException.class, ex.getClass());
    assertEquals(method + " login authentication is not supported",
                 ex.getMessage());
  }
}
 
Example #12
Source File: OzoneManager.java    From hadoop-ozone with Apache License 2.0 6 votes vote down vote up
/**
 * Login OM service user if security and Kerberos are enabled.
 *
 * @param conf
 * @throws IOException, AuthenticationException
 */
private static void loginOMUser(OzoneConfiguration conf)
    throws IOException, AuthenticationException {

  if (SecurityUtil.getAuthenticationMethod(conf).equals(
      AuthenticationMethod.KERBEROS)) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Ozone security is enabled. Attempting login for OM user. "
              + "Principal: {}, keytab: {}", conf.get(
          OZONE_OM_KERBEROS_PRINCIPAL_KEY),
          conf.get(OZONE_OM_KERBEROS_KEYTAB_FILE_KEY));
    }

    UserGroupInformation.setConfiguration(conf);

    InetSocketAddress socAddr = OmUtils.getOmAddress(conf);
    SecurityUtil.login(conf, OZONE_OM_KERBEROS_KEYTAB_FILE_KEY,
        OZONE_OM_KERBEROS_PRINCIPAL_KEY, socAddr.getHostName());
  } else {
    throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
        conf) + " authentication method not supported. OM user login "
        + "failed.");
  }
  LOG.info("Ozone Manager login successful.");
}
 
Example #13
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testGetRealAuthenticationMethod() {
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
  ugi.setAuthenticationMethod(AuthenticationMethod.SIMPLE);
  assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
  assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod());
  ugi = UserGroupInformation.createProxyUser("user2", ugi);
  assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod());
  assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod());
}
 
Example #14
Source File: TestDelegationToken.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetUserWithOwnerEqualsReal() {
  Text owner = new Text("owner");
  TestDelegationTokenIdentifier ident =
      new TestDelegationTokenIdentifier(owner, null, owner);
  UserGroupInformation ugi = ident.getUser();
  assertNull(ugi.getRealUser());
  assertEquals("owner", ugi.getUserName());
  assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
}
 
Example #15
Source File: SecurityUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static void setAuthenticationMethod(
    AuthenticationMethod authenticationMethod, Configuration conf) {
  if (authenticationMethod == null) {
    authenticationMethod = AuthenticationMethod.SIMPLE;
  }
  conf.set(HADOOP_SECURITY_AUTHENTICATION,
      StringUtils.toLowerCase(authenticationMethod.toString()));
}
 
Example #16
Source File: TestSecureIPC.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Test
public void testRpcCallWithEnabledKerberosSaslAuth() throws Exception {
  UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();

  // check that the login user is okay:
  assertSame(ugi2, ugi);
  assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
  assertEquals(krbPrincipal, ugi.getUserName());

  callRpcService(User.create(ugi2));
}
 
Example #17
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testTestAuthMethod() throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  // verify the reverse mappings works
  for (AuthenticationMethod am : AuthenticationMethod.values()) {
    if (am.getAuthMethod() != null) {
      ugi.setAuthenticationMethod(am.getAuthMethod());
      assertEquals(am, ugi.getAuthenticationMethod());
    }
  }
}
 
Example #18
Source File: TestDelegationToken.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetUserWithOwner() {
  TestDelegationTokenIdentifier ident =
      new TestDelegationTokenIdentifier(new Text("owner"), null, null);
  UserGroupInformation ugi = ident.getUser();
  assertNull(ugi.getRealUser());
  assertEquals("owner", ugi.getUserName());
  assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
}
 
Example #19
Source File: TokenProvider.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * @param ugi A user group information.
 * @return true if delegation token operation is allowed
 */
private boolean isAllowedDelegationTokenOp(UserGroupInformation ugi) throws IOException {
  AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
  if (authMethod == AuthenticationMethod.PROXY) {
    authMethod = ugi.getRealUser().getAuthenticationMethod();
  }
  if (authMethod != AuthenticationMethod.KERBEROS
      && authMethod != AuthenticationMethod.KERBEROS_SSL
      && authMethod != AuthenticationMethod.CERTIFICATE) {
    return false;
  }
  return true;
}
 
Example #20
Source File: HadoopUtilsTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@Test
public void testShouldCheckIfTheUserHasHDFSDelegationToken() {
	UserGroupInformation userWithToken = createTestUser(AuthenticationMethod.KERBEROS);
	userWithToken.addToken(getHDFSDelegationToken());

	boolean result = HadoopUtils.hasHDFSDelegationToken(userWithToken);

	assertTrue(result);
}
 
Example #21
Source File: UserProvider.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public UserGroupInformation getValue(final HttpContext context) {
  final Configuration conf = (Configuration) servletcontext
      .getAttribute(JspHelper.CURRENT_CONF);
  try {
    return JspHelper.getUGI(servletcontext, request, conf,
        AuthenticationMethod.KERBEROS, false);
  } catch (IOException e) {
    throw new SecurityException(
        SecurityUtil.FAILED_TO_GET_UGI_MSG_HEADER + " " + e, e);
  }
}
 
Example #22
Source File: HistoryClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
private boolean isAllowedDelegationTokenOp() throws IOException {
  if (UserGroupInformation.isSecurityEnabled()) {
    return EnumSet.of(AuthenticationMethod.KERBEROS,
                      AuthenticationMethod.KERBEROS_SSL,
                      AuthenticationMethod.CERTIFICATE)
        .contains(UserGroupInformation.getCurrentUser()
                .getRealAuthenticationMethod());
  } else {
    return true;
  }
}
 
Example #23
Source File: TokenProvider.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request,
    RpcCallback<AuthenticationProtos.WhoAmIResponse> done) {
  AuthenticationProtos.WhoAmIResponse.Builder response =
      AuthenticationProtos.WhoAmIResponse.newBuilder();
  RpcServer.getRequestUser().ifPresent(requestUser -> {
    response.setUsername(requestUser.getShortName());
    AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod();
    if (method != null) {
      response.setAuthMethod(method.name());
    }
  });
  done.run(response.build());
}
 
Example #24
Source File: TestUserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testUGIAuthMethodInRealUser() throws Exception {
  final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(
      "proxy", ugi);
  final AuthenticationMethod am = AuthenticationMethod.KERBEROS;
  ugi.setAuthenticationMethod(am);
  Assert.assertEquals(am, ugi.getAuthenticationMethod());
  Assert.assertEquals(AuthenticationMethod.PROXY,
                      proxyUgi.getAuthenticationMethod());
  Assert.assertEquals(am, UserGroupInformation
      .getRealAuthenticationMethod(proxyUgi));
  proxyUgi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws IOException {
      Assert.assertEquals(AuthenticationMethod.PROXY, UserGroupInformation
          .getCurrentUser().getAuthenticationMethod());
      Assert.assertEquals(am, UserGroupInformation.getCurrentUser()
          .getRealUser().getAuthenticationMethod());
      return null;
    }
  });
  UserGroupInformation proxyUgi2 = 
    new UserGroupInformation(proxyUgi.getSubject());
  proxyUgi2.setAuthenticationMethod(AuthenticationMethod.PROXY);
  Assert.assertEquals(proxyUgi, proxyUgi2);
  // Equality should work if authMethod is null
  UserGroupInformation realugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation proxyUgi3 = UserGroupInformation.createProxyUser(
      "proxyAnother", realugi);
  UserGroupInformation proxyUgi4 = 
    new UserGroupInformation(proxyUgi3.getSubject());
  Assert.assertEquals(proxyUgi3, proxyUgi4);
}
 
Example #25
Source File: TestUserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testUGIAuthMethod() throws Exception {
  final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  final AuthenticationMethod am = AuthenticationMethod.KERBEROS;
  ugi.setAuthenticationMethod(am);
  Assert.assertEquals(am, ugi.getAuthenticationMethod());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws IOException {
      Assert.assertEquals(am, UserGroupInformation.getCurrentUser()
          .getAuthenticationMethod());
      return null;
    }
  });
}
 
Example #26
Source File: StorageContainerManager.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
/**
 * Login as the configured user for SCM.
 *
 * @param conf
 */
private void loginAsSCMUser(ConfigurationSource conf)
    throws IOException, AuthenticationException {
  if (LOG.isDebugEnabled()) {
    ScmConfig scmConfig = configuration.getObject(ScmConfig.class);
    LOG.debug("Ozone security is enabled. Attempting login for SCM user. "
            + "Principal: {}, keytab: {}",
        scmConfig.getKerberosPrincipal(),
        scmConfig.getKerberosKeytab());
  }

  Configuration hadoopConf =
      LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
  if (SecurityUtil.getAuthenticationMethod(hadoopConf).equals(
      AuthenticationMethod.KERBEROS)) {
    UserGroupInformation.setConfiguration(hadoopConf);
    InetSocketAddress socAddr = HddsServerUtil
        .getScmBlockClientBindAddress(conf);
    SecurityUtil.login(hadoopConf,
          ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_KEYTAB_FILE_KEY,
          ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY,
          socAddr.getHostName());
  } else {
    throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(
        hadoopConf) + " authentication method not support. "
        + "SCM user login failed.");
  }
  LOG.info("SCM login successful.");
}
 
Example #27
Source File: TestUserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testTestAuthMethod() throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  // verify the reverse mappings works
  for (AuthenticationMethod am : AuthenticationMethod.values()) {
    if (am.getAuthMethod() != null) {
      ugi.setAuthenticationMethod(am.getAuthMethod());
      assertEquals(am, ugi.getAuthenticationMethod());
    }
  }
}
 
Example #28
Source File: HadoopUtilsTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@Test
public void testShouldReturnTrueWhenDelegationTokenIsPresent() {
	UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(AuthenticationMethod.KERBEROS));
	UserGroupInformation userWithoutCredentialsButHavingToken = createTestUser(AuthenticationMethod.KERBEROS);
	userWithoutCredentialsButHavingToken.addToken(getHDFSDelegationToken());
	assumeFalse(userWithoutCredentialsButHavingToken.hasKerberosCredentials());

	boolean result = HadoopUtils.areKerberosCredentialsValid(userWithoutCredentialsButHavingToken, true);

	assertTrue(result);
}
 
Example #29
Source File: SecureClientLogin.java    From ranger with Apache License 2.0 5 votes vote down vote up
public synchronized static Subject loginUserFromKeytab(String user, String path, String nameRules) throws IOException {
	try {
		Subject subject = new Subject();
		SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(true, user, path);
		LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf);
		KerberosName.setRules(nameRules);
		subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login));
		login.login();
		return login.getSubject();
	} catch (LoginException le) {
		throw new IOException("Login failure for " + user + " from keytab " + path, le);
	}
}
 
Example #30
Source File: TestUserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test (timeout = 30000)
public void testUGIAuthMethodInRealUser() throws Exception {
  final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(
      "proxy", ugi);
  final AuthenticationMethod am = AuthenticationMethod.KERBEROS;
  ugi.setAuthenticationMethod(am);
  Assert.assertEquals(am, ugi.getAuthenticationMethod());
  Assert.assertEquals(AuthenticationMethod.PROXY,
                      proxyUgi.getAuthenticationMethod());
  Assert.assertEquals(am, UserGroupInformation
      .getRealAuthenticationMethod(proxyUgi));
  proxyUgi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws IOException {
      Assert.assertEquals(AuthenticationMethod.PROXY, UserGroupInformation
          .getCurrentUser().getAuthenticationMethod());
      Assert.assertEquals(am, UserGroupInformation.getCurrentUser()
          .getRealUser().getAuthenticationMethod());
      return null;
    }
  });
  UserGroupInformation proxyUgi2 = 
    new UserGroupInformation(proxyUgi.getSubject());
  proxyUgi2.setAuthenticationMethod(AuthenticationMethod.PROXY);
  Assert.assertEquals(proxyUgi, proxyUgi2);
  // Equality should work if authMethod is null
  UserGroupInformation realugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation proxyUgi3 = UserGroupInformation.createProxyUser(
      "proxyAnother", realugi);
  UserGroupInformation proxyUgi4 = 
    new UserGroupInformation(proxyUgi3.getSubject());
  Assert.assertEquals(proxyUgi3, proxyUgi4);
}