Package org.apache.hadoop.hbase.http
Class TestProxyUserSpnegoHttpServer
java.lang.Object
org.apache.hadoop.hbase.http.HttpServerFunctionalTest
org.apache.hadoop.hbase.http.TestProxyUserSpnegoHttpServer
Test class for SPNEGO Proxyuser authentication on the HttpServer. Uses Kerby's MiniKDC and Apache
HttpComponents to verify that the doas= mechanicsm works, and that the proxyuser settings are
observed.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static URLstatic final HBaseClassTestRuleprivate static Fileprivate static org.apache.kerby.kerberos.kerb.server.SimpleKdcServerprivate static final Stringprivate static final org.slf4j.Loggerprivate static final Stringprivate static final Stringprivate static Fileprivate static Fileprivate static org.apache.hadoop.hbase.http.HttpServerprivate static final Stringprivate static Fileprivate static final Stringprivate static FileFields inherited from class org.apache.hadoop.hbase.http.HttpServerFunctionalTest
TEST_BUILD_WEBAPPS -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic org.apache.hadoop.security.authorize.AccessControlListbuildAdminAcl(org.apache.hadoop.conf.Configuration conf) Builds an ACL that will restrict the users who can issue commands to endpoints on the UI which are meant only for administrators.protected static org.apache.hadoop.conf.ConfigurationbuildSpnegoConfiguration(org.apache.hadoop.conf.Configuration conf, String serverPrincipal, File serverKeytab) static voidprivate static voidstatic voidvoidvoidvoidvoidMethods inherited from class org.apache.hadoop.hbase.http.HttpServerFunctionalTest
access, createAndStartTestServer, createServer, createServer, createServer, createServer, createServer, createTestServer, createTestServer, createTestServer, createTestServer, createTestServerWithSecurity, createTestServerWithSecurityAndAcl, deleteRecursively, getFreePort, getServerURL, prepareTestWebapp, readOutput, stop
-
Field Details
-
CLASS_RULE
-
LOG
-
KDC_SERVER_HOST
- See Also:
-
WHEEL_PRINCIPAL
- See Also:
-
UNPRIVILEGED_PRINCIPAL
- See Also:
-
PRIVILEGED_PRINCIPAL
- See Also:
-
PRIVILEGED2_PRINCIPAL
- See Also:
-
server
-
baseUrl
-
kdc
-
infoServerKeytab
-
wheelKeytab
-
unprivilegedKeytab
-
privilegedKeytab
-
privileged2Keytab
-
-
Constructor Details
-
TestProxyUserSpnegoHttpServer
public TestProxyUserSpnegoHttpServer()
-
-
Method Details
-
setupServer
- Throws:
Exception
-
stopServer
- Throws:
Exception
-
setupUser
private static void setupUser(org.apache.kerby.kerberos.kerb.server.SimpleKdcServer kdc, File keytab, String principal) throws org.apache.kerby.kerberos.kerb.KrbException - Throws:
org.apache.kerby.kerberos.kerb.KrbException
-
buildSpnegoConfiguration
protected static org.apache.hadoop.conf.Configuration buildSpnegoConfiguration(org.apache.hadoop.conf.Configuration conf, String serverPrincipal, File serverKeytab) -
buildAdminAcl
public static org.apache.hadoop.security.authorize.AccessControlList buildAdminAcl(org.apache.hadoop.conf.Configuration conf) Builds an ACL that will restrict the users who can issue commands to endpoints on the UI which are meant only for administrators. -
testProxyAllowed
- Throws:
Exception
-
testProxyDisallowedForUnprivileged
- Throws:
Exception
-
testProxyDisallowedForNotSudoAble
- Throws:
Exception
-
testProxy
public void testProxy(String clientPrincipal, String doAs, int responseCode, String statusLine) throws Exception - Throws:
Exception
-