org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser.java

Source

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.hdfs.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Map;

import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
import org.apache.hadoop.hdfs.web.resources.ExceptionHandler;
import org.apache.hadoop.hdfs.web.resources.GetOpParam;
import org.apache.hadoop.hdfs.web.resources.PostOpParam;
import org.apache.hadoop.hdfs.web.resources.PutOpParam;
import org.apache.hadoop.security.TestDoAsEffectiveUser;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.apache.log4j.Level;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

public class TestDelegationTokenForProxyUser {
    private MiniDFSCluster cluster;
    Configuration config;
    final private static String GROUP1_NAME = "group1";
    final private static String GROUP2_NAME = "group2";
    final private static String[] GROUP_NAMES = new String[] { GROUP1_NAME, GROUP2_NAME };
    final private static String REAL_USER = "RealUser";
    final private static String PROXY_USER = "ProxyUser";

    private static final Log LOG = LogFactory.getLog(TestDoAsEffectiveUser.class);

    private void configureSuperUserIPAddresses(Configuration conf, String superUserShortName) throws IOException {
        ArrayList<String> ipList = new ArrayList<String>();
        Enumeration<NetworkInterface> netInterfaceList = NetworkInterface.getNetworkInterfaces();
        while (netInterfaceList.hasMoreElements()) {
            NetworkInterface inf = netInterfaceList.nextElement();
            Enumeration<InetAddress> addrList = inf.getInetAddresses();
            while (addrList.hasMoreElements()) {
                InetAddress addr = addrList.nextElement();
                ipList.add(addr.getHostAddress());
            }
        }
        StringBuilder builder = new StringBuilder();
        for (String ip : ipList) {
            builder.append(ip);
            builder.append(',');
        }
        builder.append("127.0.1.1,");
        builder.append(InetAddress.getLocalHost().getCanonicalHostName());
        LOG.info("Local Ip addresses: " + builder.toString());
        conf.setStrings(ProxyUsers.getProxySuperuserIpConfKey(superUserShortName), builder.toString());
    }

    @Before
    public void setUp() throws Exception {
        config = new Configuration();
        config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
        config.setBoolean(DFSConfigKeys.DFS_SUPPORT_APPEND_KEY, true);
        config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000);
        config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000);
        config.setStrings(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER), "group1");
        configureSuperUserIPAddresses(config, REAL_USER);
        FileSystem.setDefaultUri(config, "hdfs://localhost:" + "0");
        cluster = new MiniDFSCluster(0, config, 1, true, true, true, null, null, null, null);
        cluster.waitActive();
        cluster.getNameNode().getNamesystem().getDelegationTokenSecretManager().startThreads();
        ProxyUsers.refreshSuperUserGroupsConfiguration(config);
    }

    @After
    public void tearDown() throws Exception {
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Test
    public void testDelegationTokenWithRealUser() throws IOException {
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(REAL_USER);
        final UserGroupInformation proxyUgi = UserGroupInformation.createProxyUserForTesting(PROXY_USER, ugi,
                GROUP_NAMES);
        try {
            Token<DelegationTokenIdentifier> token = proxyUgi
                    .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
                        public Token<DelegationTokenIdentifier> run() throws IOException {
                            DistributedFileSystem dfs = (DistributedFileSystem) cluster.getFileSystem();
                            return dfs.getDelegationToken("RenewerUser");
                        }
                    });
            DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
            byte[] tokenId = token.getIdentifier();
            identifier.readFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
            Assert.assertEquals(identifier.getUser().getUserName(), PROXY_USER);
            Assert.assertEquals(identifier.getUser().getRealUser().getUserName(), REAL_USER);
        } catch (InterruptedException e) {
            //Do Nothing
        }
    }

    @Test
    public void testWebHdfsDoAs() throws Exception {
        WebHdfsTestUtil.LOG.info("START: testWebHdfsDoAs()");
        ((Log4JLogger) NamenodeWebHdfsMethods.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) ExceptionHandler.LOG).getLogger().setLevel(Level.ALL);
        final UserGroupInformation ugi = UserGroupInformation.createRemoteUser(REAL_USER);
        WebHdfsTestUtil.LOG.info("ugi.getShortUserName()=" + ugi.getShortUserName());
        final WebHdfsFileSystem webhdfs = WebHdfsTestUtil.getWebHdfsFileSystemAs(ugi, config);

        final Path root = new Path("/");
        cluster.getFileSystem().setPermission(root, new FsPermission((short) 0777));

        {
            //test GETHOMEDIRECTORY with doAs
            final URL url = WebHdfsTestUtil.toUrl(webhdfs, GetOpParam.Op.GETHOMEDIRECTORY, root,
                    new DoAsParam(PROXY_USER));
            final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            final Map<?, ?> m = WebHdfsTestUtil.connectAndGetJson(conn, HttpServletResponse.SC_OK);
            conn.disconnect();

            final Object responsePath = m.get(Path.class.getSimpleName());
            WebHdfsTestUtil.LOG.info("responsePath=" + responsePath);
            Assert.assertEquals("/user/" + PROXY_USER, responsePath);
        }

        {
            //test GETHOMEDIRECTORY with DOas
            final URL url = WebHdfsTestUtil.toUrl(webhdfs, GetOpParam.Op.GETHOMEDIRECTORY, root,
                    new DoAsParam(PROXY_USER) {
                        @Override
                        public String getName() {
                            return "DOas";
                        }
                    });
            final HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            final Map<?, ?> m = WebHdfsTestUtil.connectAndGetJson(conn, HttpServletResponse.SC_OK);
            conn.disconnect();

            final Object responsePath = m.get(Path.class.getSimpleName());
            WebHdfsTestUtil.LOG.info("responsePath=" + responsePath);
            Assert.assertEquals("/user/" + PROXY_USER, responsePath);
        }

        final Path f = new Path("/testWebHdfsDoAs/a.txt");
        {
            //test create file with doAs
            final PutOpParam.Op op = PutOpParam.Op.CREATE;
            final URL url = WebHdfsTestUtil.toUrl(webhdfs, op, f, new DoAsParam(PROXY_USER));
            WebHdfsTestUtil.LOG.info("url=" + url);
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn = WebHdfsTestUtil.twoStepWrite(conn, op);
            final FSDataOutputStream out = WebHdfsTestUtil.write(webhdfs, op, conn, 4096);
            out.write("Hello, webhdfs user!".getBytes());
            out.close();

            final FileStatus status = webhdfs.getFileStatus(f);
            WebHdfsTestUtil.LOG.info("status.getOwner()=" + status.getOwner());
            Assert.assertEquals(PROXY_USER, status.getOwner());
        }

        {
            //test append file with doAs
            final PostOpParam.Op op = PostOpParam.Op.APPEND;
            final URL url = WebHdfsTestUtil.toUrl(webhdfs, op, f, new DoAsParam(PROXY_USER));
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn = WebHdfsTestUtil.twoStepWrite(conn, op);
            final FSDataOutputStream out = WebHdfsTestUtil.write(webhdfs, op, conn, 4096);
            out.write("\nHello again!".getBytes());
            out.close();

            final FileStatus status = webhdfs.getFileStatus(f);
            WebHdfsTestUtil.LOG.info("status.getOwner()=" + status.getOwner());
            WebHdfsTestUtil.LOG.info("status.getLen()  =" + status.getLen());
            Assert.assertEquals(PROXY_USER, status.getOwner());
        }
    }
}