001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase; 019 020import java.io.IOException; 021import javax.management.remote.JMXConnector; 022import javax.management.remote.JMXConnectorFactory; 023import javax.naming.ServiceUnavailableException; 024import org.apache.hadoop.conf.Configuration; 025import org.apache.hadoop.hbase.client.Admin; 026import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; 027import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; 028import org.apache.hadoop.hbase.coprocessor.ObserverContext; 029import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment; 030import org.apache.hadoop.hbase.security.AccessDeniedException; 031import org.apache.hadoop.hbase.security.access.AccessController; 032import org.apache.hadoop.hbase.testclassification.MediumTests; 033import org.apache.hadoop.hbase.testclassification.MiscTests; 034import org.junit.After; 035import org.junit.AfterClass; 036import org.junit.Assert; 037import org.junit.Before; 038import org.junit.BeforeClass; 039import org.junit.ClassRule; 040import org.junit.Test; 041import org.junit.experimental.categories.Category; 042import org.slf4j.Logger; 043import org.slf4j.LoggerFactory; 044 045/** 046 * Test case for JMX Connector Server. 047 */ 048@Category({ MiscTests.class, MediumTests.class }) 049public class TestJMXConnectorServer { 050 051 @ClassRule 052 public static final HBaseClassTestRule CLASS_RULE = 053 HBaseClassTestRule.forClass(TestJMXConnectorServer.class); 054 055 private static final Logger LOG = LoggerFactory.getLogger(TestJMXConnectorServer.class); 056 private static HBaseTestingUtility UTIL = new HBaseTestingUtility(); 057 058 private static Configuration conf = null; 059 private static Admin admin; 060 // RMI registry port 061 private static int rmiRegistryPort; 062 // Switch for customized Accesscontroller to throw ACD exception while executing test case 063 private volatile static boolean hasAccess; 064 065 @BeforeClass 066 public static void setUpBeforeClass() throws Exception { 067 conf = UTIL.getConfiguration(); 068 String cps = JMXListener.class.getName() + "," + MyAccessController.class.getName(); 069 conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, cps); 070 conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, cps); 071 rmiRegistryPort = UTIL.randomFreePort(); 072 conf.setInt("master.rmi.registry.port", rmiRegistryPort); 073 conf.setInt("regionserver.rmi.registry.port", rmiRegistryPort); 074 UTIL.startMiniCluster(); 075 admin = UTIL.getConnection().getAdmin(); 076 } 077 078 @AfterClass 079 public static void tearDownAfterClass() throws Exception { 080 admin.close(); 081 UTIL.shutdownMiniCluster(); 082 } 083 084 @Before 085 public void setUp() { 086 hasAccess = false; 087 } 088 089 @After 090 public void tearDown() { 091 hasAccess = true; 092 } 093 094 /** 095 * This tests to validate the HMaster's ConnectorServer after unauthorised stopMaster call. 096 */ 097 @Test 098 public void testHMConnectorServerWhenStopMaster() throws Exception { 099 // try to stop master 100 boolean accessDenied = false; 101 try { 102 LOG.info("Stopping HMaster..."); 103 admin.stopMaster(); 104 } catch (AccessDeniedException e) { 105 LOG.info("Exception occurred while stopping HMaster. ", e); 106 accessDenied = true; 107 } 108 Assert.assertTrue(accessDenied); 109 110 checkConnector(); 111 } 112 113 /** 114 * This tests to validate the RegionServer's ConnectorServer after unauthorised stopRegionServer 115 * call. 116 */ 117 @Test 118 public void testRSConnectorServerWhenStopRegionServer() throws Exception { 119 ServerName serverName = UTIL.getHBaseCluster().getRegionServer(0).getServerName(); 120 LOG.info("Stopping Region Server..."); 121 admin.stopRegionServer(serverName.getHostname() + ":" + serverName.getPort()); 122 123 checkConnector(); 124 } 125 126 /** 127 * This tests to validate the HMaster's ConnectorServer after unauthorised shutdown call. 128 */ 129 @Test 130 public void testHMConnectorServerWhenShutdownCluster() throws Exception { 131 boolean accessDenied = false; 132 try { 133 LOG.info("Stopping HMaster..."); 134 admin.shutdown(); 135 } catch (AccessDeniedException e) { 136 LOG.error("Exception occurred while stopping HMaster. ", e); 137 accessDenied = true; 138 } 139 Assert.assertTrue(accessDenied); 140 141 checkConnector(); 142 } 143 144 private void checkConnector() throws Exception { 145 // Check whether HMaster JMX Connector server can be connected 146 JMXConnector connector = null; 147 try { 148 connector = JMXConnectorFactory 149 .connect(JMXListener.buildJMXServiceURL(rmiRegistryPort, rmiRegistryPort)); 150 } catch (IOException e) { 151 if (e.getCause() instanceof ServiceUnavailableException) { 152 Assert.fail("Can't connect to ConnectorServer."); 153 } 154 } 155 Assert.assertNotNull("JMXConnector should not be null.", connector); 156 connector.close(); 157 } 158 159 /* 160 * Customized class for test case execution which will throw ACD exception while executing 161 * stopMaster/preStopRegionServer/preShutdown explicitly. 162 */ 163 public static class MyAccessController extends AccessController { 164 @Override 165 public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx) { 166 // Do nothing. In particular, stop the creation of the hbase:acl table. It makes the 167 // shutdown take time. 168 } 169 170 @Override 171 public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c) throws IOException { 172 if (!hasAccess) { 173 throw new AccessDeniedException("Insufficient permissions to stop master"); 174 } 175 } 176 177 @Override 178 public void preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx) 179 throws IOException { 180 if (!hasAccess) { 181 throw new AccessDeniedException("Insufficient permissions to stop region server."); 182 } 183 } 184 185 @Override 186 public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> c) throws IOException { 187 if (!hasAccess) { 188 throw new AccessDeniedException("Insufficient permissions to shut down cluster."); 189 } 190 } 191 192 @Override 193 public void preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx) 194 throws IOException { 195 // FIXME: ignore the procedure permission check since in our UT framework master is neither 196 // the systemuser nor the superuser so we can not call executeProcedures... 197 } 198 } 199}