View Javadoc

1   /*
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getConfigurationWoPrincipal;
22  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
23  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
24  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
25  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.isKerberosPropertySetted;
26  import static org.junit.Assert.assertFalse;
27  import static org.junit.Assert.assertNotNull;
28  import static org.junit.Assert.assertTrue;
29  import static org.junit.Assume.assumeTrue;
30  
31  import java.io.IOException;
32  
33  import org.apache.hadoop.conf.Configuration;
34  import org.apache.hadoop.hbase.SmallTests;
35  import org.apache.hadoop.security.UserGroupInformation;
36  import org.junit.Test;
37  import org.junit.experimental.categories.Category;
38  
39  @Category(SmallTests.class)
40  public class TestUsersOperationsWithSecureHadoop {
41    /**
42     * test login with security enabled configuration
43     *
44     * To run this test, we must specify the following system properties:
45     * <p>
46     * <b> hbase.regionserver.kerberos.principal </b>
47     * <p>
48     * <b> hbase.regionserver.keytab.file </b>
49     *
50     * @throws IOException
51     */
52    @Test
53    public void testUserLoginInSecureHadoop() throws Exception {
54      UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser();
55      Configuration conf = getConfigurationWoPrincipal();
56      User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE,
57          HBaseKerberosUtils.KRB_PRINCIPAL, "localhost");
58  
59      UserGroupInformation failLogin = UserGroupInformation.getLoginUser();
60      assertTrue("ugi should be the same in case fail login",
61          defaultLogin.equals(failLogin));
62      
63      assumeTrue(isKerberosPropertySetted());
64  
65      String nnKeyTab = getKeytabFileForTesting();
66      String dnPrincipal = getPrincipalForTesting();
67  
68      assertNotNull("KerberosKeytab was not specified", nnKeyTab);
69      assertNotNull("KerberosPrincipal was not specified", dnPrincipal);
70  
71      conf = getSecuredConfiguration();
72      UserGroupInformation.setConfiguration(conf);
73  
74      User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE,
75          HBaseKerberosUtils.KRB_PRINCIPAL, "localhost");
76      UserGroupInformation successLogin = UserGroupInformation.getLoginUser();
77      assertFalse("ugi should be different in in case success login",
78         defaultLogin.equals(successLogin));
79    }
80  }