test/src/main/java/org/apache/accumulo/test/functional/CredentialsIT.java - accumulo - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.accumulo.test.functional;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;

 import java.util.Iterator;
 import java.util.Map.Entry;
 import java.util.Set;

 import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.client.Accumulo;
 import org.apache.accumulo.core.client.AccumuloClient;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.Scanner;
 import org.apache.accumulo.core.client.security.SecurityErrorCode;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Value;
 import org.apache.accumulo.core.metadata.MetadataTable;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.harness.AccumuloClusterHarness;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

 public class CredentialsIT extends AccumuloClusterHarness {

   private boolean saslEnabled;
   private String username;
   private String password;

   @Override
   public int defaultTimeoutSeconds() {
     return 2 * 60;
   }

   @Before
   public void createLocalUser() throws AccumuloException, AccumuloSecurityException {
     try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
       ClusterUser user = getUser(0);
       username = user.getPrincipal();
       saslEnabled = saslEnabled();
       // Create the user if it doesn't exist
       Set<String> users = client.securityOperations().listLocalUsers();
       if (!users.contains(username)) {
         PasswordToken passwdToken = null;
         if (!saslEnabled) {
           password = user.getPassword();
           passwdToken = new PasswordToken(password);
         }
         client.securityOperations().createLocalUser(username, passwdToken);
       }
     }
   }

   @After
   public void deleteLocalUser() throws Exception {
     if (saslEnabled) {
       ClusterUser root = getAdminUser();
       UserGroupInformation.loginUserFromKeytab(root.getPrincipal(),
           root.getKeytab().getAbsolutePath());
     }
     try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
       client.securityOperations().dropLocalUser(username);
     }
   }

   @Test
   public void testConnectorWithDestroyedToken() throws Exception {
     AuthenticationToken token = getUser(0).getToken();
     assertFalse(token.isDestroyed());
     token.destroy();
     assertTrue(token.isDestroyed());
     try (AccumuloClient ignored = Accumulo.newClient().from(getClientInfo().getProperties())
         .as("non_existent_user", token).build()) {
       fail("should ignore " + ignored);
     } catch (IllegalArgumentException e) {
       assertEquals(e.getMessage(), "AuthenticationToken has been destroyed");
     }
   }

   @Test
   public void testDestroyTokenBeforeRPC() throws Exception {
     try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
       AuthenticationToken token = getUser(0).getToken();
       try (
           AccumuloClient userAccumuloClient =
               Accumulo.newClient().from(client.properties()).as(username, token).build();
           Scanner scanner =
               userAccumuloClient.createScanner(MetadataTable.NAME, Authorizations.EMPTY)) {
         assertFalse(token.isDestroyed());
         token.destroy();
         assertTrue(token.isDestroyed());
         try {
           Iterator<Entry<Key,Value>> iter = scanner.iterator();
           while (iter.hasNext())
             fail();
           fail();
         } catch (Exception e) {
           assertTrue(e instanceof RuntimeException);
           assertTrue(e.getCause() instanceof AccumuloSecurityException);
           assertEquals(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode(),
               SecurityErrorCode.TOKEN_EXPIRED);
         }
       }
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.accumulo.test.functional;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertTrue;
	import static org.junit.Assert.fail;

	import java.util.Iterator;
	import java.util.Map.Entry;
	import java.util.Set;

	import org.apache.accumulo.cluster.ClusterUser;
	import org.apache.accumulo.core.client.Accumulo;
	import org.apache.accumulo.core.client.AccumuloClient;
	import org.apache.accumulo.core.client.AccumuloException;
	import org.apache.accumulo.core.client.AccumuloSecurityException;
	import org.apache.accumulo.core.client.Scanner;
	import org.apache.accumulo.core.client.security.SecurityErrorCode;
	import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
	import org.apache.accumulo.core.client.security.tokens.PasswordToken;
	import org.apache.accumulo.core.data.Key;
	import org.apache.accumulo.core.data.Value;
	import org.apache.accumulo.core.metadata.MetadataTable;
	import org.apache.accumulo.core.security.Authorizations;
	import org.apache.accumulo.harness.AccumuloClusterHarness;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;

	public class CredentialsIT extends AccumuloClusterHarness {

	private boolean saslEnabled;
	private String username;
	private String password;

	@Override
	public int defaultTimeoutSeconds() {
	return 2 * 60;
	}

	@Before
	public void createLocalUser() throws AccumuloException, AccumuloSecurityException {
	try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
	ClusterUser user = getUser(0);
	username = user.getPrincipal();
	saslEnabled = saslEnabled();
	// Create the user if it doesn't exist
	Set<String> users = client.securityOperations().listLocalUsers();
	if (!users.contains(username)) {
	PasswordToken passwdToken = null;
	if (!saslEnabled) {
	password = user.getPassword();
	passwdToken = new PasswordToken(password);
	}
	client.securityOperations().createLocalUser(username, passwdToken);
	}
	}
	}

	@After
	public void deleteLocalUser() throws Exception {
	if (saslEnabled) {
	ClusterUser root = getAdminUser();
	UserGroupInformation.loginUserFromKeytab(root.getPrincipal(),
	root.getKeytab().getAbsolutePath());
	}
	try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
	client.securityOperations().dropLocalUser(username);
	}
	}

	@Test
	public void testConnectorWithDestroyedToken() throws Exception {
	AuthenticationToken token = getUser(0).getToken();
	assertFalse(token.isDestroyed());
	token.destroy();
	assertTrue(token.isDestroyed());
	try (AccumuloClient ignored = Accumulo.newClient().from(getClientInfo().getProperties())
	.as("non_existent_user", token).build()) {
	fail("should ignore " + ignored);
	} catch (IllegalArgumentException e) {
	assertEquals(e.getMessage(), "AuthenticationToken has been destroyed");
	}
	}

	@Test
	public void testDestroyTokenBeforeRPC() throws Exception {
	try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
	AuthenticationToken token = getUser(0).getToken();
	try (
	AccumuloClient userAccumuloClient =
	Accumulo.newClient().from(client.properties()).as(username, token).build();
	Scanner scanner =
	userAccumuloClient.createScanner(MetadataTable.NAME, Authorizations.EMPTY)) {
	assertFalse(token.isDestroyed());
	token.destroy();
	assertTrue(token.isDestroyed());
	try {
	Iterator<Entry<Key,Value>> iter = scanner.iterator();
	while (iter.hasNext())
	fail();
	fail();
	} catch (Exception e) {
	assertTrue(e instanceof RuntimeException);
	assertTrue(e.getCause() instanceof AccumuloSecurityException);
	assertEquals(AccumuloSecurityException.class.cast(e.getCause()).getSecurityErrorCode(),
	SecurityErrorCode.TOKEN_EXPIRED);
	}
	}
	}
	}
	}