List of usage examples for java.security PrivilegedExceptionAction PrivilegedExceptionAction
PrivilegedExceptionAction
From source file:org.apache.hadoop.hdfs.TestDFSShell.java
@Test public void testRemoteException() throws Exception { UserGroupInformation tmpUGI = UserGroupInformation.createUserForTesting("tmpname", new String[] { "mygroup" }); MiniDFSCluster dfs = null;/*from w ww .ja va 2 s.com*/ PrintStream bak = null; try { final Configuration conf = new HdfsConfiguration(); dfs = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); FileSystem fs = dfs.getFileSystem(); Path p = new Path("/foo"); fs.mkdirs(p); fs.setPermission(p, new FsPermission((short) 0700)); bak = System.err; tmpUGI.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { FsShell fshell = new FsShell(conf); ByteArrayOutputStream out = new ByteArrayOutputStream(); PrintStream tmp = new PrintStream(out); System.setErr(tmp); String[] args = new String[2]; args[0] = "-ls"; args[1] = "/foo"; int ret = ToolRunner.run(fshell, args); assertEquals("returned should be 1", 1, ret); String str = out.toString(); assertTrue("permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); return null; } }); } finally { if (bak != null) { System.setErr(bak); } if (dfs != null) { dfs.shutdown(); } } }
From source file:org.apache.hadoop.hdfs.TestDFSShell.java
@Test public void testLsr() throws Exception { final Configuration conf = new HdfsConfiguration(); MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build(); DistributedFileSystem dfs = (DistributedFileSystem) cluster.getFileSystem(); try {/*from w w w .j a v a 2 s .c om*/ final String root = createTree(dfs, "lsr"); dfs.mkdirs(new Path(root, "zzz")); runLsr(new FsShell(conf), root, 0); final Path sub = new Path(root, "sub"); dfs.setPermission(sub, new FsPermission((short) 0)); final UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final String tmpusername = ugi.getShortUserName() + "1"; UserGroupInformation tmpUGI = UserGroupInformation.createUserForTesting(tmpusername, new String[] { tmpusername }); String results = tmpUGI.doAs(new PrivilegedExceptionAction<String>() { @Override public String run() throws Exception { return runLsr(new FsShell(conf), root, 1); } }); assertTrue(results.contains("zzz")); } finally { cluster.shutdown(); } }
From source file:org.apache.axis2.jaxws.message.databinding.JAXBUtils.java
private static Boolean testJAXBProperty(String propName) { final Map<String, String> props = new HashMap<String, String>(); props.put(propName, "http://test"); try {//from w ww . ja va 2s . c o m AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws JAXBException { return JAXBContext.newInstance(new Class[] { Integer.class }, props); } }); return Boolean.TRUE; } catch (PrivilegedActionException e) { if (e.getCause() instanceof JAXBException) { return Boolean.FALSE; } return null; } }
From source file:org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes.java
@Test public void testDeleteColumnWithSpecificTimeStampUsingMultipleVersionsUnMatchingVisExpression() throws Exception { setAuths();//from w ww . j av a 2s.c o m final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); try (Table table = doPuts(tableName)) { TEST_UTIL.getAdmin().flush(tableName); PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection connection = ConnectionFactory.createConnection(conf); Table table = connection.getTable(tableName)) { Delete d = new Delete(row1); d.setCellVisibility(new CellVisibility( "(" + PRIVATE + "&" + CONFIDENTIAL + ")|(" + SECRET + "&" + TOPSECRET + ")")); d.addColumn(fam, qual, 125l); table.delete(d); } catch (Throwable t) { throw new IOException(t); } return null; } }; SUPERUSER.runAs(actiona); TEST_UTIL.getAdmin().flush(tableName); Scan s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); ResultScanner scanner = table.getScanner(s); Result[] next = scanner.next(3); assertTrue(next.length == 2); CellScanner cellScanner = next[0].cellScanner(); cellScanner.advance(); Cell current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 127l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 126l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 125l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 124l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 123l); cellScanner = next[1].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length)); } }
From source file:org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes.java
@Test public void testDeleteColumnWithLatestTimeStampUsingMultipleVersions() throws Exception { setAuths();/*from w w w .j a v a 2 s . c o m*/ final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); try (Table table = doPuts(tableName)) { TEST_UTIL.getAdmin().flush(tableName); PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection connection = ConnectionFactory.createConnection(conf); Table table = connection.getTable(tableName)) { Delete d = new Delete(row1); d.setCellVisibility(new CellVisibility(SECRET + "&" + TOPSECRET)); d.addColumn(fam, qual); table.delete(d); } catch (Throwable t) { throw new IOException(t); } return null; } }; SUPERUSER.runAs(actiona); TEST_UTIL.getAdmin().flush(tableName); Scan s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); ResultScanner scanner = table.getScanner(s); Result[] next = scanner.next(3); assertTrue(next.length == 2); CellScanner cellScanner = next[0].cellScanner(); cellScanner.advance(); Cell current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 127l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 126l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 124l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 123l); cellScanner = next[1].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length)); } }
From source file:org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes.java
@Test(timeout = 180000) public void testDeleteColumnWithLatestTimeStampWhenNoVersionMatches() throws Exception { setAuths();//from ww w.ja va 2 s .co m final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); try (Table table = doPuts(tableName)) { TEST_UTIL.getAdmin().flush(tableName); Put put = new Put(Bytes.toBytes("row1")); put.addColumn(fam, qual, 128l, value); put.setCellVisibility(new CellVisibility(TOPSECRET)); table.put(put); PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection connection = ConnectionFactory.createConnection(conf); Table table = connection.getTable(tableName)) { Delete d = new Delete(row1); d.setCellVisibility(new CellVisibility(SECRET)); d.addColumn(fam, qual); table.delete(d); } catch (Throwable t) { throw new IOException(t); } return null; } }; SUPERUSER.runAs(actiona); TEST_UTIL.getAdmin().flush(tableName); Scan s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); ResultScanner scanner = table.getScanner(s); Result[] next = scanner.next(3); assertTrue(next.length == 2); CellScanner cellScanner = next[0].cellScanner(); cellScanner.advance(); Cell current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 128l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 127l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 126l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 125l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 124l); cellScanner = next[1].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length)); put = new Put(Bytes.toBytes("row1")); put.addColumn(fam, qual, 129l, value); put.setCellVisibility(new CellVisibility(SECRET)); table.put(put); TEST_UTIL.getAdmin().flush(tableName); s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); scanner = table.getScanner(s); next = scanner.next(3); assertTrue(next.length == 2); cellScanner = next[0].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 129l); } }
From source file:org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes.java
@Test public void testDeleteColumnWithLatestTimeStampUsingMultipleVersionsAfterCompaction() throws Exception { setAuths();//from ww w . j a v a 2 s . c o m final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); try (Table table = doPuts(tableName)) { TEST_UTIL.getAdmin().flush(tableName); PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection connection = ConnectionFactory.createConnection(conf); Table table = connection.getTable(tableName)) { Delete d = new Delete(row1); d.setCellVisibility(new CellVisibility(SECRET + "&" + TOPSECRET)); d.addColumn(fam, qual); table.delete(d); } catch (Throwable t) { throw new IOException(t); } return null; } }; SUPERUSER.runAs(actiona); TEST_UTIL.getAdmin().flush(tableName); Put put = new Put(Bytes.toBytes("row3")); put.addColumn(fam, qual, 127l, value); put.setCellVisibility(new CellVisibility(CONFIDENTIAL + "&" + PRIVATE)); table.put(put); TEST_UTIL.getAdmin().flush(tableName); TEST_UTIL.getAdmin().majorCompact(tableName); // Sleep to ensure compaction happens. Need to do it in a better way Thread.sleep(5000); Scan s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); ResultScanner scanner = table.getScanner(s); Result[] next = scanner.next(3); assertTrue(next.length == 3); CellScanner cellScanner = next[0].cellScanner(); cellScanner.advance(); Cell current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 127l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 126l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 124l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 123l); cellScanner = next[1].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length)); } }
From source file:org.apache.hadoop.hdfs.TestDFSShell.java
@Test(timeout = 30000) public void testSetXAttrPermission() throws Exception { UserGroupInformation user = UserGroupInformation.createUserForTesting("user", new String[] { "mygroup" }); MiniDFSCluster cluster = null;/*from www . ja va2 s . c o m*/ PrintStream bak = null; try { final Configuration conf = new HdfsConfiguration(); cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build(); cluster.waitActive(); FileSystem fs = cluster.getFileSystem(); Path p = new Path("/foo"); fs.mkdirs(p); bak = System.err; final FsShell fshell = new FsShell(conf); final ByteArrayOutputStream out = new ByteArrayOutputStream(); System.setErr(new PrintStream(out)); // No permission to write xattr fs.setPermission(p, new FsPermission((short) 0700)); user.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { int ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-n", "user.a1", "-v", "1234", "/foo" }); assertEquals("Returned should be 1", 1, ret); String str = out.toString(); assertTrue("Permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); return null; } }); int ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-n", "user.a1", "-v", "1234", "/foo" }); assertEquals("Returned should be 0", 0, ret); out.reset(); // No permission to read and remove fs.setPermission(p, new FsPermission((short) 0750)); user.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { // Read int ret = ToolRunner.run(fshell, new String[] { "-getfattr", "-n", "user.a1", "/foo" }); assertEquals("Returned should be 1", 1, ret); String str = out.toString(); assertTrue("Permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); // Remove ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-x", "user.a1", "/foo" }); assertEquals("Returned should be 1", 1, ret); str = out.toString(); assertTrue("Permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); return null; } }); } finally { if (bak != null) { System.setErr(bak); } if (cluster != null) { cluster.shutdown(); } } }
From source file:org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes.java
@Test public void testDeleteFamilyLatestTimeStampWithMulipleVersions() throws Exception { setAuths();// w ww .j av a 2 s. c om final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); try (Table table = doPuts(tableName)) { TEST_UTIL.getAdmin().flush(tableName); PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection connection = ConnectionFactory.createConnection(conf); Table table = connection.getTable(tableName)) { Delete d = new Delete(row1); d.setCellVisibility(new CellVisibility(SECRET + "&" + TOPSECRET)); d.addFamily(fam); table.delete(d); } catch (Throwable t) { throw new IOException(t); } return null; } }; SUPERUSER.runAs(actiona); TEST_UTIL.getAdmin().flush(tableName); Scan s = new Scan(); s.setMaxVersions(5); s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET)); ResultScanner scanner = table.getScanner(s); Result[] next = scanner.next(3); assertTrue(next.length == 2); CellScanner cellScanner = next[0].cellScanner(); cellScanner.advance(); Cell current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 127l); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length)); assertEquals(current.getTimestamp(), 126l); cellScanner = next[1].cellScanner(); cellScanner.advance(); current = cellScanner.current(); assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row2, 0, row2.length)); } }
From source file:org.apache.hadoop.hdfs.TestDFSShell.java
/** * HDFS-6374 setXAttr should require the user to be the owner of the file * or directory.// w w w . j av a2 s . c o m * * Test to make sure that only the owner of a file or directory can set * or remove the xattrs. * * As user1: * Create a directory (/foo) as user1, chown it to user1 (and user1's group), * grant rwx to "other". * * As user2: * Set an xattr (should fail). * * As user1: * Set an xattr (should pass). * * As user2: * Read the xattr (should pass). * Remove the xattr (should fail). * * As user1: * Read the xattr (should pass). * Remove the xattr (should pass). */ @Test(timeout = 30000) public void testSetXAttrPermissionAsDifferentOwner() throws Exception { final String USER1 = "user1"; final String GROUP1 = "mygroup1"; final UserGroupInformation user1 = UserGroupInformation.createUserForTesting(USER1, new String[] { GROUP1 }); final UserGroupInformation user2 = UserGroupInformation.createUserForTesting("user2", new String[] { "mygroup2" }); MiniDFSCluster cluster = null; PrintStream bak = null; try { final Configuration conf = new HdfsConfiguration(); cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build(); cluster.waitActive(); final FileSystem fs = cluster.getFileSystem(); fs.setOwner(new Path("/"), USER1, GROUP1); bak = System.err; final FsShell fshell = new FsShell(conf); final ByteArrayOutputStream out = new ByteArrayOutputStream(); System.setErr(new PrintStream(out)); // mkdir foo as user1 user1.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final int ret = ToolRunner.run(fshell, new String[] { "-mkdir", "/foo" }); assertEquals("Return should be 0", 0, ret); out.reset(); return null; } }); user1.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { // Give access to "other" final int ret = ToolRunner.run(fshell, new String[] { "-chmod", "707", "/foo" }); assertEquals("Return should be 0", 0, ret); out.reset(); return null; } }); // No permission to write xattr for non-owning user (user2). user2.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final int ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-n", "user.a1", "-v", "1234", "/foo" }); assertEquals("Returned should be 1", 1, ret); final String str = out.toString(); assertTrue("Permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); return null; } }); // But there should be permission to write xattr for // the owning user. user1.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final int ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-n", "user.a1", "-v", "1234", "/foo" }); assertEquals("Returned should be 0", 0, ret); out.reset(); return null; } }); // There should be permission to read,but not to remove for // non-owning user (user2). user2.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { // Read int ret = ToolRunner.run(fshell, new String[] { "-getfattr", "-n", "user.a1", "/foo" }); assertEquals("Returned should be 0", 0, ret); out.reset(); // Remove ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-x", "user.a1", "/foo" }); assertEquals("Returned should be 1", 1, ret); final String str = out.toString(); assertTrue("Permission denied printed", str.indexOf("Permission denied") != -1); out.reset(); return null; } }); // But there should be permission to read/remove for // the owning user. user1.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { // Read int ret = ToolRunner.run(fshell, new String[] { "-getfattr", "-n", "user.a1", "/foo" }); assertEquals("Returned should be 0", 0, ret); out.reset(); // Remove ret = ToolRunner.run(fshell, new String[] { "-setfattr", "-x", "user.a1", "/foo" }); assertEquals("Returned should be 0", 0, ret); out.reset(); return null; } }); } finally { if (bak != null) { System.setErr(bak); } if (cluster != null) { cluster.shutdown(); } } }