Examples of org.apache.hadoop.security.UnixUserGroupInformation

• org.apache.hadoop.security.UnixUserGroupInformation
  An implementation of UserGroupInformation in the Unix system

    long now = System.currentTimeMillis();
    long cutoffTime = now - ugiLifetime;
    CachedUgi cachedUgi = ugiCache.get(userName);
    if (cachedUgi != null && cachedUgi.getInitTime() > cutoffTime)
      return cachedUgi.getUgi();
    UnixUserGroupInformation ugi = null;
    try {
      ugi = getUgi(userName);
    } catch (IOException e) {
      return null;
    }
    if (ugiCache.size() > CLEANUP_THRESHOLD) { // remove expired ugi's first
      for (Iterator<Map.Entry<String, CachedUgi>> it = ugiCache.entrySet()
          .iterator(); it.hasNext();) {
        Map.Entry<String, CachedUgi> e = it.next();
        if (e.getValue().getInitTime() < cutoffTime) {
          it.remove();
        }
      }
    }
    ugiCache.put(ugi.getUserName(), new CachedUgi(ugi, now));
    return ugi;
  }

      throws IOException {
    if (userName == null || !USERNAME_PATTERN.matcher(userName).matches())
      throw new IOException("Invalid username=" + userName);
    String[] cmd = new String[] { "bash", "-c", "id -Gn '" + userName + "'"};
    String[] groups = Shell.execCommand(cmd).split("\\s+");
    return new UnixUserGroupInformation(userName, groups);
  }

  static interface TestGetRunner {
    String run(int exitcode, String... options) throws IOException;
  }

  public void testRemoteException() throws Exception {
    UnixUserGroupInformation tmpUGI = new UnixUserGroupInformation("tmpname",
        new String[] {
        "mygroup"});
    MiniDFSCluster dfs = null;
    PrintStream bak = null;
    try {

      final Path sub = new Path(root, "sub");
      dfs.setPermission(sub, new FsPermission((short)0));

      final UserGroupInformation ugi = UserGroupInformation.getCurrentUGI();
      final String tmpusername = ugi.getUserName() + "1";
      UnixUserGroupInformation tmpUGI = new UnixUserGroupInformation(
          tmpusername, new String[] {tmpusername});
      UnixUserGroupInformation.saveToConf(conf,
            UnixUserGroupInformation.UGI_PROPERTY_NAME, tmpUGI);
      String results = runLsr(new FsShell(conf), root, -1);
      assertTrue(results.contains("zzz"));

      if (!isAuthorized) {
        rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized access");
        return;
      }
      // request is authorized, set ugi for servlets
      UnixUserGroupInformation ugi = ProxyUgiManager
          .getUgiForUser(userID);
      if (ugi == null) {
        LOG.info("Can't retrieve ugi for user " + userID);
        rsp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
            "Can't retrieve ugi for user " + userID);
        return;
      }
      rqst.setAttribute("authorized.ugi", ugi);
    } else { // http request, set ugi for servlets, only for testing purposes
      String ugi = rqst.getParameter("ugi");
      rqst.setAttribute("authorized.ugi", new UnixUserGroupInformation(ugi
          .split(",")));
    }

    chain.doFilter(request, response);
  }

        final UserGroupInformation superuser = UserGroupInformation.getCurrentUGI();
        String username = "testappenduser";
        String group = "testappendgroup";
        assertFalse(superuser.getUserName().equals(username));
        assertFalse(Arrays.asList(superuser.getGroupNames()).contains(group));
        UnixUserGroupInformation appenduser = UnixUserGroupInformation.createImmutable(
            new String[]{username, group});
        UnixUserGroupInformation.saveToConf(conf,
            UnixUserGroupInformation.UGI_PROPERTY_NAME, appenduser);
        fs = FileSystem.get(conf);

  static Configuration createConf4Testing(String username) throws Exception {
    Configuration conf = new Configuration();
    UnixUserGroupInformation.saveToConf(conf,
        UnixUserGroupInformation.UGI_PROPERTY_NAME,
        new UnixUserGroupInformation(username, new String[]{"group"}));
    return conf;
  }

    ConfiguredPolicy policy = new ConfiguredPolicy(conf, new TestPolicyProvider());
    SecurityUtil.setPolicy(policy);

    Subject user1 =
      SecurityUtil.getSubject(new UnixUserGroupInformation(USER1, GROUPS1));

    // Should succeed
    ServiceAuthorizationManager.authorize(user1, Protocol1.class);

    // Should fail
    Subject user2 =
      SecurityUtil.getSubject(new UnixUserGroupInformation(USER2, GROUPS2));
    boolean failed = false;
    try {
      ServiceAuthorizationManager.authorize(user2, Protocol2.class);
    } catch (AuthorizationException ae) {
      failed = true;

  }

  public void testHftpAccessControl() throws Exception {
    MiniDFSCluster cluster = null;
    try {
      final UnixUserGroupInformation DFS_UGI = createUGI("dfs", true);
      final UnixUserGroupInformation USER_UGI = createUGI("user", false);

      //start cluster by DFS_UGI
      final Configuration dfsConf = new Configuration();
      UnixUserGroupInformation.saveToConf(dfsConf,
          UnixUserGroupInformation.UGI_PROPERTY_NAME, DFS_UGI);

  static interface TestGetRunner {
    String run(int exitcode, String... options) throws IOException;
  }

  public void testRemoteException() throws Exception {
    UnixUserGroupInformation tmpUGI = new UnixUserGroupInformation("tmpname",
        new String[] {
        "mygroup"});
    MiniDFSCluster dfs = null;
    PrintStream bak = null;
    try {