View Javadoc

1   /*
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertFalse;
23  import static org.junit.Assert.assertNotNull;
24  import static org.junit.Assert.assertTrue;
25  
26  import java.io.IOException;
27  import java.security.PrivilegedAction;
28  import java.security.PrivilegedExceptionAction;
29  
30  import org.apache.commons.logging.Log;
31  import org.apache.commons.logging.LogFactory;
32  import org.apache.hadoop.conf.Configuration;
33  import org.apache.hadoop.fs.CommonConfigurationKeys;
34  import org.apache.hadoop.hbase.HBaseConfiguration;
35  import org.apache.hadoop.hbase.testclassification.SmallTests;
36  import org.junit.Test;
37  import org.junit.experimental.categories.Category;
38  
39  import com.google.common.collect.ImmutableSet;
40  
41  @Category(SmallTests.class)
42  public class TestUser {
43    private static Log LOG = LogFactory.getLog(TestUser.class);
44  
45    @Test
46    public void testBasicAttributes() throws Exception {
47      Configuration conf = HBaseConfiguration.create();
48      User user = User.createUserForTesting(conf, "simple", new String[]{"foo"});
49      assertEquals("Username should match", "simple", user.getName());
50      assertEquals("Short username should match", "simple", user.getShortName());
51      // don't test shortening of kerberos names because regular Hadoop doesn't support them
52    }
53  
54    @Test
55    public void testRunAs() throws Exception {
56      Configuration conf = HBaseConfiguration.create();
57      final User user = User.createUserForTesting(conf, "testuser", new String[]{"foo"});
58      final PrivilegedExceptionAction<String> action = new PrivilegedExceptionAction<String>(){
59        public String run() throws IOException {
60            User u = User.getCurrent();
61            return u.getName();
62        }
63      };
64  
65      String username = user.runAs(action);
66      assertEquals("Current user within runAs() should match",
67          "testuser", username);
68  
69      // ensure the next run is correctly set
70      User user2 = User.createUserForTesting(conf, "testuser2", new String[]{"foo"});
71      String username2 = user2.runAs(action);
72      assertEquals("Second username should match second user",
73          "testuser2", username2);
74  
75      // check the exception version
76      username = user.runAs(new PrivilegedExceptionAction<String>(){
77        public String run() throws Exception {
78          return User.getCurrent().getName();
79        }
80      });
81      assertEquals("User name in runAs() should match", "testuser", username);
82  
83      // verify that nested contexts work
84      user2.runAs(new PrivilegedExceptionAction<Object>(){
85        public Object run() throws IOException, InterruptedException{
86          String nestedName = user.runAs(action);
87          assertEquals("Nest name should match nested user", "testuser", nestedName);
88          assertEquals("Current name should match current user",
89              "testuser2", User.getCurrent().getName());
90          return null;
91        }
92      });
93  
94      username = user.runAs(new PrivilegedAction<String>(){
95        String result = null;
96        @Override
97        public String run() {
98          try {
99            return User.getCurrent().getName();
100         } catch (IOException e) {
101           result = "empty";
102         }
103         return result;
104       }
105     });
106 
107     assertEquals("Current user within runAs() should match",
108         "testuser", username);
109   }
110 
111   /**
112    * Make sure that we're returning a result for the current user.
113    * Previously getCurrent() was returning null if not initialized on
114    * non-secure Hadoop variants.
115    */
116   @Test
117   public void testGetCurrent() throws Exception {
118     User user1 = User.getCurrent();
119     assertNotNull(user1.ugi);
120     LOG.debug("User1 is "+user1.getName());
121 
122     for (int i =0 ; i< 100; i++) {
123       User u = User.getCurrent();
124       assertNotNull(u);
125       assertEquals(user1.getName(), u.getName());
126       assertEquals(user1, u);
127       assertEquals(user1.hashCode(), u.hashCode());
128     }
129   }
130 
131   @Test
132   public void testUserGroupNames() throws Exception {
133     final String username = "testuser";
134     final ImmutableSet<String> singleGroups = ImmutableSet.of("group");
135     final Configuration conf = HBaseConfiguration.create();
136     User user = User.createUserForTesting(conf, username,
137         singleGroups.toArray(new String[singleGroups.size()]));
138     assertUserGroup(user, singleGroups);
139 
140     final ImmutableSet<String> multiGroups = ImmutableSet.of("group", "group1", "group2");
141     user = User.createUserForTesting(conf, username,
142         multiGroups.toArray(new String[multiGroups.size()]));
143     assertUserGroup(user, multiGroups);
144   }
145 
146   private void assertUserGroup(User user, ImmutableSet<String> groups) {
147     assertNotNull("GroupNames should be not null", user.getGroupNames());
148     assertTrue("UserGroupNames length should be == " + groups.size(),
149         user.getGroupNames().length == groups.size());
150 
151     for (String group : user.getGroupNames()) {
152       assertTrue("groupName should be in set ", groups.contains(group));
153     }
154   }
155 
156   @Test
157   public void testSecurityForNonSecureHadoop() {
158     assertFalse("Security should be disable in non-secure Hadoop",
159         User.isSecurityEnabled());
160 
161     Configuration conf = HBaseConfiguration.create();
162     conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
163     conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
164     assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf));
165 
166     conf = HBaseConfiguration.create();
167     conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
168     assertFalse("HBase security should not be enabled if " 
169         + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly",
170         User.isHBaseSecurityEnabled(conf));
171 
172     conf = HBaseConfiguration.create();
173     conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
174     assertTrue("HBase security should be enabled regardless of underlying "
175         + "HDFS settings", User.isHBaseSecurityEnabled(conf));
176   }
177 }