Package org.apache.hadoop.hbase.security

Examples of org.apache.hadoop.hbase.security.User


    assertEquals(rowsInsertedCount, getScannedCount(region.getScanner(new Scan())));

    // Now 'crash' the region by stealing its wal
    final Configuration newConf = HBaseConfiguration.create(this.conf);
    User user = HBaseTestingUtility.getDifferentUser(newConf,
        tableNameStr);
    user.runAs(new PrivilegedExceptionAction() {
      public Object run() throws Exception {
        runWALSplit(newConf);
        HLog wal2 = createWAL(newConf);
        HRegion region2 = new HRegion(basedir, wal2, FileSystem.get(newConf),
          newConf, hri, htd, null);
View Full Code Here


    region.compactStores(true);
    assertEquals(rowsInsertedCount, getScannedCount(region.getScanner(new Scan())));

    // Now 'crash' the region by stealing its wal
    final Configuration newConf = HBaseConfiguration.create(this.conf);
    User user = HBaseTestingUtility.getDifferentUser(newConf,
        tableNameStr);
    user.runAs(new PrivilegedExceptionAction() {
      public Object run() throws Exception {
        runWALSplit(newConf);
        HLog wal2 = createWAL(newConf);
        HRegion region2 = new HRegion(basedir, wal2, FileSystem.get(newConf),
            newConf, hri, htd, null);
View Full Code Here

    wal2.sync();
    // Set down maximum recovery so we dfsclient doesn't linger retrying something
    // long gone.
    HBaseTestingUtility.setMaxRecoveryErrorCount(wal2.getOutputStream(), 1);
    final Configuration newConf = HBaseConfiguration.create(this.conf);
    User user = HBaseTestingUtility.getDifferentUser(newConf,
      tableNameStr);
    user.runAs(new PrivilegedExceptionAction() {
      public Object run() throws Exception {
        runWALSplit(newConf);
        FileSystem newFS = FileSystem.get(newConf);
        // Make a new wal for new region open.
        HLog wal3 = createWAL(newConf);
View Full Code Here

  public void testHandleErrorsInFlush() throws Exception {
    LOG.info("Setting up a faulty file system that cannot write");

    final Configuration conf = HBaseConfiguration.create();
    User user = User.createUserForTesting(conf,
        "testhandleerrorsinflush", new String[]{"foo"});
    // Inject our faulty LocalFileSystem
    conf.setClass("fs.file.impl", FaultyFileSystem.class,
        FileSystem.class);
    user.runAs(new PrivilegedExceptionAction<Object>() {
      public Object run() throws Exception {
        // Make sure it worked (above is sensitive to caching details in hadoop core)
        FileSystem fs = FileSystem.get(conf);
        assertEquals(FaultyFileSystem.class, fs.getClass());
View Full Code Here

  /**
   * @return the userName for the current logged-in user.
   * @throws IOException if the underlying user cannot be obtained
   */
  public String getCurrentUserName() throws IOException {
    User user = getCurrent();
    return user == null ? null : user.getName();
  }
View Full Code Here

    Configuration conf = getConf();
    Path hbaseDir = new Path(conf.get(HConstants.HBASE_DIR));
    FileSystem fs = hbaseDir.getFileSystem(conf);
    UserProvider provider = UserProvider.instantiate(conf);
    User user = provider.getCurrent();
    FileStatus[] files = fs.listStatus(hbaseDir);
    for (FileStatus file : files) {
      try {
        FSUtils.checkAccess(user, file, FsAction.WRITE);
      } catch (AccessControlException ace) {
        LOG.warn("Got AccessControlException when preCheckPermission ", ace);
        errors.reportError(ERROR_CODE.WRONG_USAGE, "Current user " + user.getShortName()
          + " does not have write perms to " + file.getPath()
          + ". Please rerun hbck as hdfs user " + file.getOwner());
        throw new AccessControlException(ace);
      }
    }
View Full Code Here

    if (provider.isHBaseSecurityEnabled()) {
      try {
        // init credentials for remote cluster
        String quorumAddress = job.getConfiguration().get(
            TableOutputFormat.QUORUM_ADDRESS);
        User user = provider.getCurrent();
        if (quorumAddress != null) {
          String[] parts = ZKUtil.transformClusterKey(quorumAddress);
          Configuration peerConf = HBaseConfiguration.create(job
              .getConfiguration());
          peerConf.set(HConstants.ZOOKEEPER_QUORUM, parts[0]);
View Full Code Here

    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    final byte[] ZERO = Bytes.toBytes(0L);

    // additional test user
    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);

    verifyAllowed(new AccessTestAction() {
      @Override
      public Object run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          // with rw ACL for "user1"
          Put p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, ZERO);
          p.add(TEST_FAMILY1, TEST_Q2, ZERO);
          p.setACL(user1.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          t.put(p);
          // with rw ACL for "user1"
          p = new Put(TEST_ROW2);
          p.add(TEST_FAMILY1, TEST_Q1, ZERO);
          p.add(TEST_FAMILY1, TEST_Q2, ZERO);
          p.setACL(user1.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          t.put(p);
        } finally {
          t.close();
        }
        return null;
      }
    }, USER_OWNER);

    verifyAllowed(new AccessTestAction() {
      @Override
      public Object run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          // with rw ACL for "user1" and "user2"
          Put p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, ZERO);
          p.add(TEST_FAMILY1, TEST_Q2, ZERO);
          Map<String, Permission> perms = new HashMap<String, Permission>();
          perms.put(user1.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          perms.put(user2.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          p.setACL(perms);
          t.put(p);
          // with rw ACL for "user1" and "user2"
          p = new Put(TEST_ROW2);
          p.add(TEST_FAMILY1, TEST_Q1, ZERO);
          p.add(TEST_FAMILY1, TEST_Q2, ZERO);
          p.setACL(perms);
          t.put(p);
        } finally {
          t.close();
        }
        return null;
      }
    }, user1);

    // user1 should be allowed to delete TEST_ROW1 as he is having write permission on both
    // versions of the cells
    user1.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Delete d = new Delete(TEST_ROW1);
          d.deleteColumns(TEST_FAMILY1, TEST_Q1);
          d.deleteColumns(TEST_FAMILY1, TEST_Q2);
          t.delete(d);
        } finally {
          t.close();
        }
        return null;
      }
    });
    // user2 should not be allowed to delete TEST_ROW2 as he is having write permission only on one
    // version of the cells.
    user2.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Delete d = new Delete(TEST_ROW2);
View Full Code Here

    final byte[] TEST_ROW1 = Bytes.toBytes("r1");
    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    final byte[] ZERO = Bytes.toBytes(0L);

    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);

    verifyAllowed(new AccessTestAction() {
      @Override
      public Object run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Map<String, Permission> permsU1andOwner = new HashMap<String, Permission>();
          permsU1andOwner.put(user1.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          permsU1andOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          Map<String, Permission> permsU2andOwner = new HashMap<String, Permission>();
          permsU2andOwner.put(user2.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          permsU2andOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          Put p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, 123, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q2, 123, ZERO);
          p.setACL(permsU2andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY2, TEST_Q1, 123, ZERO);
          p.add(TEST_FAMILY2, TEST_Q2, 123, ZERO);
          p.setACL(permsU2andOwner);
          t.put(p);

          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY2, TEST_Q1, 125, ZERO);
          p.add(TEST_FAMILY2, TEST_Q2, 125, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);

          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, 127, ZERO);
          p.setACL(permsU2andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q2, 127, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY2, TEST_Q1, 129, ZERO);
          p.add(TEST_FAMILY2, TEST_Q2, 129, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);
        } finally {
          t.close();
        }
        return null;
      }
    }, USER_OWNER);

    // user1 should be allowed to delete TEST_ROW1 as he is having write permission on both
    // versions of the cells
    user1.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Delete d = new Delete(TEST_ROW1);
          d.deleteColumn(TEST_FAMILY1, TEST_Q1, 123);
          d.deleteColumn(TEST_FAMILY1, TEST_Q2);
          d.deleteFamilyVersion(TEST_FAMILY2, 125);
          t.delete(d);
        } finally {
          t.close();
        }
        return null;
      }
    });

    user2.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Delete d = new Delete(TEST_ROW1, 127);
View Full Code Here

    final byte[] TEST_ROW1 = Bytes.toBytes("r1");
    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    final byte[] ZERO = Bytes.toBytes(0L);

    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);

    verifyAllowed(new AccessTestAction() {
      @Override
      public Object run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Map<String, Permission> permsU1andOwner = new HashMap<String, Permission>();
          permsU1andOwner.put(user1.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          permsU1andOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          Map<String, Permission> permsU2andOwner = new HashMap<String, Permission>();
          permsU2andOwner.put(user2.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          permsU2andOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ,
              Permission.Action.WRITE));
          Put p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, 123, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q2, 123, ZERO);
          p.setACL(permsU2andOwner);
          t.put(p);

          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q1, 127, ZERO);
          p.setACL(permsU2andOwner);
          t.put(p);
          p = new Put(TEST_ROW1);
          p.add(TEST_FAMILY1, TEST_Q2, 127, ZERO);
          p.setACL(permsU1andOwner);
          t.put(p);
        } finally {
          t.close();
        }
        return null;
      }
    }, USER_OWNER);

    // Increment considers the TimeRange set on it.
    user1.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Increment inc = new Increment(TEST_ROW1);
          inc.setTimeRange(0, 123);
          inc.addColumn(TEST_FAMILY1, TEST_Q1, 2L);
          t.increment(inc);
          t.incrementColumnValue(TEST_ROW1, TEST_FAMILY1, TEST_Q2, 1L);
        } finally {
          t.close();
        }
        return null;
      }
    });

    user2.runAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        HTable t = new HTable(conf, TEST_TABLE.getTableName());
        try {
          Increment inc = new Increment(TEST_ROW1);
View Full Code Here

TOP

Related Classes of org.apache.hadoop.hbase.security.User

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.