@Override public void refreshAuthManager(PolicyProvider pp) { // Ignore warnings that this should be accessed in a static way instead of via an instance; // it'll break if you go via static route. synchronized (authManager) { authManager.refresh(this.conf, pp); } }
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
public static void init(Configuration conf, ServiceAuthorizationManager authManager) { // set service-level authorization security policy System.setProperty("hadoop.policy.file", "hbase-policy.xml"); if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) { authManager.refresh(conf, new HBasePolicyProvider()); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); } } }
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
@Override public synchronized void refreshAuthManager(PolicyProvider pp) { // Ignore warnings that this should be accessed in a static way instead of via an instance; // it'll break if you go via static route. this.authManager.refresh(this.conf, pp); }
/** * Refresh the service authorization ACL for the service handled by this server. */ public void refreshServiceAcl(Configuration conf, PolicyProvider provider) { serviceAuthorizationManager.refresh(conf, provider); }
public static void init(Configuration conf, ServiceAuthorizationManager authManager) { // set service-level authorization security policy System.setProperty("hadoop.policy.file", "hbase-policy.xml"); if (conf.getBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) { authManager.refresh(conf, new HBasePolicyProvider()); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); } } }
serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho,
serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho,
@Test public void testMachineList() throws UnknownHostException { UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); conf.set(HOST_CONFIG, "1.2.3.4"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(AUTHORIZED_IP)); } catch (AuthorizationException e) { fail(); } try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(UNAUTHORIZED_IP)); fail(); } catch (AuthorizationException e) { // expects Exception } }
Configuration conf = new Configuration (); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, "security.service.authorization.default.hosts", IP_RANGE); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf,
serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol1.class, conf, "user2 group2"); conf.set(ACL_CONFIG + ServiceAuthorizationManager.BLOCKED, "user2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider());
serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol1.class, conf, "user2 group2"); conf.set(ACL_CONFIG + ServiceAuthorizationManager.BLOCKED, "user2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider());
@Test public void testMachineList() throws UnknownHostException { UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[] { "group1", "group2" }); ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); conf.set(HOST_CONFIG, "1.2.3.4"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(AUTHORIZED_IP)); } catch (AuthorizationException e) { fail(); } try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, InetAddress.getByName(UNAUTHORIZED_IP)); fail(); } catch (AuthorizationException e) { // expects Exception } }
Configuration conf = new Configuration (); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf, "security.service.authorization.default.hosts", IP_RANGE); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); try { serviceAuthorizationManager.authorize(drwho, TestProtocol.class, conf,
@Test public void testDefaultAcl() { ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); // test without setting a default acl conf.set(ACL_CONFIG, "user1 group1"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); AccessControlList acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals(AccessControlList.WILDCARD_ACL_VALUE, acl.getAclString()); // test with a default acl conf.set( CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals("user2 group2", acl.getAclString()); }
@Test public void testDefaultAcl() { ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); // test without setting a default acl conf.set(ACL_CONFIG, "user1 group1"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); AccessControlList acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals(AccessControlList.WILDCARD_ACL_VALUE, acl.getAclString()); // test with a default acl conf.set( CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals("user2 group2", acl.getAclString()); }