@Override public synchronized void start() { if (started) { return; } authTokenSecretMgr = createSecretManager(); if (authTokenSecretMgr != null) { setSecretManager(authTokenSecretMgr); authTokenSecretMgr.start(); } this.authManager = new ServiceAuthorizationManager(); HBasePolicyProvider.init(conf, authManager); scheduler.start(); started = true; }
/** Starts the service. Must be called before any calls will be handled. */ @Override public synchronized void start() { if (started) return; authTokenSecretMgr = createSecretManager(); if (authTokenSecretMgr != null) { setSecretManager(authTokenSecretMgr); authTokenSecretMgr.start(); } this.authManager = new ServiceAuthorizationManager(); HBasePolicyProvider.init(conf, authManager); responder.start(); listener.start(); scheduler.start(); started = true; }
/** Starts the service. Must be called before any calls will be handled. */ @Override public synchronized void start() { if (started) return; authTokenSecretMgr = createSecretManager(); if (authTokenSecretMgr != null) { setSecretManager(authTokenSecretMgr); authTokenSecretMgr.start(); } this.authManager = new ServiceAuthorizationManager(); HBasePolicyProvider.init(conf, authManager); responder.start(); listener.start(); scheduler.start(); started = true; }
/** * Authorize the incoming client connection. * * @param user client user * @param connection incoming connection * @param addr InetAddress of incoming connection * @throws AuthorizationException when the client isn't authorized to talk the * protocol */ @SuppressWarnings("static-access") public void authorize(UserGroupInformation user, ConnectionHeader connection, InetAddress addr) throws AuthorizationException { if (authorize) { Class<?> protocol = null; try { protocol = getProtocolClass(connection.getProtocol(), getConf()); } catch (ClassNotFoundException cfne) { throw new AuthorizationException("Unknown protocol: " + connection.getProtocol()); } ServiceAuthorizationManager authManager = new ServiceAuthorizationManager(); authManager.authorize(user, protocol, getConf(), addr); } }
/** * Authorize the incoming client connection. * * @param user client user * @param connection incoming connection * @param addr InetAddress of incoming connection * @throws AuthorizationException when the client isn't authorized to talk the * protocol */ @SuppressWarnings("static-access") public void authorize(UserGroupInformation user, ConnectionHeader connection, InetAddress addr) throws AuthorizationException { if (authorize) { Class<?> protocol = null; try { protocol = getProtocolClass(connection.getProtocol(), getConf()); } catch (ClassNotFoundException cfne) { throw new AuthorizationException("Unknown protocol: " + connection.getProtocol()); } ServiceAuthorizationManager authManager = new ServiceAuthorizationManager(); authManager.authorize(user, protocol, getConf(), addr); } }
@Test public void testMachineList() throws UnknownHostException { UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); conf.set(HOST_CONFIG, "1.2.3.4"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(AUTHORIZED_IP)); } catch (AuthorizationException e) { fail(); } try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(UNAUTHORIZED_IP)); fail(); } catch (AuthorizationException e) { // expects Exception } }
@Test public void testMachineList() throws UnknownHostException { UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); conf.set(HOST_CONFIG, "1.2.3.4"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(AUTHORIZED_IP)); } catch (AuthorizationException e) { fail(); } try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(UNAUTHORIZED_IP)); fail(); } catch (AuthorizationException e) { // expects Exception } }
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
new ServiceAuthorizationManager(); Configuration conf = new Configuration ();
@Test public void testDefaultAcl() { ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); // test without setting a default acl conf.set(ACL_CONFIG, "user1 group1"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); AccessControlList acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals(AccessControlList.WILDCARD_ACL_VALUE, acl.getAclString()); // test with a default acl conf.set( CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals("user2 group2", acl.getAclString()); }
@Test public void testDefaultAcl() { ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); // test without setting a default acl conf.set(ACL_CONFIG, "user1 group1"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); AccessControlList acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals(AccessControlList.WILDCARD_ACL_VALUE, acl.getAclString()); // test with a default acl conf.set( CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals("user2 group2", acl.getAclString()); }