org.apache.hadoop.hbase.http

Class TestProxyUserSpnegoHttpServer

java.lang.Object

org.apache.hadoop.hbase.http.HttpServerFunctionalTest

org.apache.hadoop.hbase.http.TestProxyUserSpnegoHttpServer

public class TestProxyUserSpnegoHttpServer
extends HttpServerFunctionalTest

Test class for SPNEGO Proxyuser authentication on the HttpServer. Uses Kerby's MiniKDC and Apache HttpComponents to verify that the doas= mechanicsm works, and that the proxyuser settings are observed.

Field Summary

Fields

Modifier and Type	Field and Description
private static URL	baseUrl
static HBaseClassTestRule	CLASS_RULE
private static File	infoServerKeytab
private static org.apache.kerby.kerberos.kerb.server.SimpleKdcServer	kdc
private static String	KDC_SERVER_HOST
private static org.slf4j.Logger	LOG
private static String	PRIVILEGED_PRINCIPAL
private static String	PRIVILEGED2_PRINCIPAL
private static File	privileged2Keytab
private static File	privilegedKeytab
private static org.apache.hadoop.hbase.http.HttpServer	server
private static String	UNPRIVILEGED_PRINCIPAL
private static File	unprivilegedKeytab
private static String	WHEEL_PRINCIPAL
private static File	wheelKeytab

Fields inherited from class org.apache.hadoop.hbase.http.HttpServerFunctionalTest

TEST_BUILD_WEBAPPS

Constructor Summary

Constructors

Constructor and Description
TestProxyUserSpnegoHttpServer()

Method Summary

Modifier and Type	Method and Description
static org.apache.hadoop.security.authorize.AccessControlList	buildAdminAcl(org.apache.hadoop.conf.Configuration conf) Builds an ACL that will restrict the users who can issue commands to endpoints on the UI which are meant only for administrators.
protected static org.apache.hadoop.conf.Configuration	buildSpnegoConfiguration(org.apache.hadoop.conf.Configuration conf, String serverPrincipal, File serverKeytab)
static void	setupServer()
private static void	setupUser(org.apache.kerby.kerberos.kerb.server.SimpleKdcServer kdc, File keytab, String principal)
static void	stopServer()
void	testProxy(String clientPrincipal, String doAs, int responseCode, String statusLine)
void	testProxyAllowed()
void	testProxyDisallowedForNotSudoAble()
void	testProxyDisallowedForUnprivileged()

Methods inherited from class org.apache.hadoop.hbase.http.HttpServerFunctionalTest

access, createAndStartTestServer, createServer, createServer, createServer, createServer, createServer, createTestServer, createTestServer, createTestServer, createTestServer, createTestServerWithSecurity, createTestServerWithSecurityAndAcl, deleteRecursively, getFreePort, getServerURL, prepareTestWebapp, readOutput, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_RULE

public static final HBaseClassTestRule CLASS_RULE

LOG

private static final org.slf4j.Logger LOG

KDC_SERVER_HOST

private static final String KDC_SERVER_HOST

See Also:

Constant Field Values

WHEEL_PRINCIPAL

private static final String WHEEL_PRINCIPAL

See Also:

Constant Field Values

UNPRIVILEGED_PRINCIPAL

private static final String UNPRIVILEGED_PRINCIPAL

See Also:

Constant Field Values

PRIVILEGED_PRINCIPAL

private static final String PRIVILEGED_PRINCIPAL

See Also:

Constant Field Values

PRIVILEGED2_PRINCIPAL

private static final String PRIVILEGED2_PRINCIPAL

See Also:

Constant Field Values

server

private static org.apache.hadoop.hbase.http.HttpServer server

baseUrl

private static URL baseUrl

kdc

private static org.apache.kerby.kerberos.kerb.server.SimpleKdcServer kdc

infoServerKeytab

private static File infoServerKeytab

wheelKeytab

private static File wheelKeytab

unprivilegedKeytab

private static File unprivilegedKeytab

privilegedKeytab

private static File privilegedKeytab

privileged2Keytab

private static File privileged2Keytab

Constructor Detail

TestProxyUserSpnegoHttpServer

public TestProxyUserSpnegoHttpServer()

Method Detail

setupServer

public static void setupServer()
                        throws Exception

Throws:

Exception

stopServer

public static void stopServer()
                       throws Exception

Throws:

Exception

setupUser

private static void setupUser(org.apache.kerby.kerberos.kerb.server.SimpleKdcServer kdc,
                              File keytab,
                              String principal)
                       throws org.apache.kerby.kerberos.kerb.KrbException

Throws:

org.apache.kerby.kerberos.kerb.KrbException

buildSpnegoConfiguration

protected static org.apache.hadoop.conf.Configuration buildSpnegoConfiguration(org.apache.hadoop.conf.Configuration conf,
                                                                               String serverPrincipal,
                                                                               File serverKeytab)

buildAdminAcl

public static org.apache.hadoop.security.authorize.AccessControlList buildAdminAcl(org.apache.hadoop.conf.Configuration conf)

Builds an ACL that will restrict the users who can issue commands to endpoints on the UI which are meant only for administrators.

testProxyAllowed

public void testProxyAllowed()
                      throws Exception

Throws:

Exception

testProxyDisallowedForUnprivileged

public void testProxyDisallowedForUnprivileged()
                                        throws Exception

Throws:

Exception

testProxyDisallowedForNotSudoAble

public void testProxyDisallowedForNotSudoAble()
                                       throws Exception

Throws:

Exception

testProxy

public void testProxy(String clientPrincipal,
                      String doAs,
                      int responseCode,
                      String statusLine)
               throws Exception

Throws:

Exception