public virtual void TestTokenBySuperUser() { TestSaslRPC.TestTokenSecretManager sm = new TestSaslRPC.TestTokenSecretManager(); Configuration newConf = new Configuration(masterConf); SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos , newConf); UserGroupInformation.SetConfiguration(newConf); Server server = new RPC.Builder(newConf).SetProtocol(typeof(TestDoAsEffectiveUser.TestProtocol )).SetInstance(new TestDoAsEffectiveUser.TestImpl(this)).SetBindAddress(Address) .SetPort(0).SetNumHandlers(5).SetVerbose(true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.CreateUserForTesting(RealUserName , GroupNames); RefreshConf(newConf); IPEndPoint addr = NetUtils.GetConnectAddress(server); TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier(new Org.Apache.Hadoop.IO.Text(current.GetUserName()), new Org.Apache.Hadoop.IO.Text( "SomeSuperUser")); Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId, sm); SecurityUtil.SetTokenService(token, addr); current.AddToken(token); string retVal = current.DoAs(new _PrivilegedExceptionAction_509(this, addr, newConf , server)); string expected = RealUserName + " (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)"; Assert.Equal(retVal + "!=" + expected, expected, retVal); }
public virtual void TestPrivateTokenExclusion() { UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier(); Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId. GetBytes(), Runtime.GetBytesForString("password"), tokenId.GetKind(), null ); ugi.AddToken(new Text("regular-token"), token); // Now add cloned private token ugi.AddToken(new Text("private-token"), new Token.PrivateToken <TestSaslRPC.TestTokenIdentifier >(token)); ugi.AddToken(new Text("private-token1"), new Token.PrivateToken <TestSaslRPC.TestTokenIdentifier >(token)); // Ensure only non-private tokens are returned ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > tokens = ugi .GetCredentials().GetAllTokens(); Assert.Equal(1, tokens.Count); }
public virtual void TestProxyWithToken() { Configuration conf = new Configuration(masterConf); TestSaslRPC.TestTokenSecretManager sm = new TestSaslRPC.TestTokenSecretManager(); SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos , conf); UserGroupInformation.SetConfiguration(conf); Server server = new RPC.Builder(conf).SetProtocol(typeof(TestDoAsEffectiveUser.TestProtocol )).SetInstance(new TestDoAsEffectiveUser.TestImpl(this)).SetBindAddress(Address) .SetPort(0).SetNumHandlers(5).SetVerbose(true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.CreateRemoteUser(RealUserName ); IPEndPoint addr = NetUtils.GetConnectAddress(server); TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier(new Org.Apache.Hadoop.IO.Text(current.GetUserName()), new Org.Apache.Hadoop.IO.Text( "SomeSuperUser")); Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId, sm); SecurityUtil.SetTokenService(token, addr); UserGroupInformation proxyUserUgi = UserGroupInformation.CreateProxyUserForTesting (ProxyUserName, current, GroupNames); proxyUserUgi.AddToken(token); RefreshConf(conf); string retVal = proxyUserUgi.DoAs(new _PrivilegedExceptionAction_457(this, addr, conf, server)); //The user returned by server must be the one in the token. Assert.Equal(RealUserName + " (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)" , retVal); }