Java Code Examples for org.apache.hadoop.minikdc.MiniKdc#createConf()
The following examples show how to use
org.apache.hadoop.minikdc.MiniKdc#createConf() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: BaseSecurityTest.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
protected File startKDC() throws Exception {
File target = Files.createTempDirectory("sectest").toFile();
File kdcWorkDir = new File(target, "kdc");
Properties kdcConf = MiniKdc.createConf();
kdcConf.setProperty(MiniKdc.DEBUG, "true");
kdc = new MiniKdc(kdcConf, kdcWorkDir);
kdc.start();
Assert.assertNotNull(kdc.getRealm());
return kdcWorkDir;
}
Example 2
| Source File: AbstractSecureRegistryTest.java From big-c with Apache License 2.0 | 5 votes |
|
/**
* Sets up the KDC and a set of principals in the JAAS file
*
* @throws Exception
*/
public static void setupKDCAndPrincipals() throws Exception {
// set up the KDC
File target = new File(System.getProperty("test.dir", "target"));
kdcWorkDir = new File(target, "kdc");
kdcWorkDir.mkdirs();
if (!kdcWorkDir.mkdirs()) {
assertTrue(kdcWorkDir.isDirectory());
}
kdcConf = MiniKdc.createConf();
kdcConf.setProperty(MiniKdc.DEBUG, "true");
kdc = new MiniKdc(kdcConf, kdcWorkDir);
kdc.start();
keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
keytab_alice = createKeytab(ALICE, "alice.keytab");
keytab_bob = createKeytab(BOB, "bob.keytab");
zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;
StringBuilder jaas = new StringBuilder(1024);
jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
ZOOKEEPER, keytab_zk));
jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
zkServerPrincipal, keytab_zk));
jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
ALICE_LOCALHOST , keytab_alice));
jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
BOB_LOCALHOST, keytab_bob));
jaasFile = new File(kdcWorkDir, "jaas.txt");
FileUtils.write(jaasFile, jaas.toString());
LOG.info("\n"+ jaas);
RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
Example 3
| Source File: TestRMWebServicesHttpStaticUserPermissions.java From big-c with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setUp() {
try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
setupKDC();
setupAndStartRM();
} catch (Exception e) {
fail("Couldn't create MiniKDC");
}
}
Example 4
| Source File: TestRMWebServicesDelegationTokens.java From big-c with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setupKDC() throws Exception {
testRootDir = new File("target",
TestRMWebServicesDelegationTokens.class.getName() + "-root");
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
testMiniKDC.start();
testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
"client", "client2", "client3");
}
Example 5
| Source File: TestRMWebappAuthentication.java From big-c with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setUp() {
try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
setupKDC();
} catch (Exception e) {
assertTrue("Couldn't create MiniKDC", false);
}
}
Example 6
| Source File: TestRMWebServicesDelegationTokenAuthentication.java From big-c with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setUp() {
try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
setupKDC();
setupAndStartRM();
} catch (Exception e) {
assertTrue("Couldn't create MiniKDC", false);
}
}
Example 7
| Source File: TestUGILoginFromKeytab.java From big-c with Apache License 2.0 | 5 votes |
|
@Before
public void startMiniKdc() throws Exception {
// This setting below is required. If not enabled, UGI will abort
// any attempt to loginUserFromKeytab.
Configuration conf = new Configuration();
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
"kerberos");
UserGroupInformation.setConfiguration(conf);
workDir = folder.getRoot();
kdc = new MiniKdc(MiniKdc.createConf(), workDir);
kdc.start();
}
Example 8
| Source File: CoreClientOverOneWaySSLKerb5Test.java From activemq-artemis with Apache License 2.0 | 5 votes |
|
@Override
@Before
public void setUp() throws Exception {
super.setUp();
kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
kdc.start();
}
Example 9
| Source File: TestRMWebServicesHttpStaticUserPermissions.java From hadoop with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setUp() {
try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
setupKDC();
setupAndStartRM();
} catch (Exception e) {
fail("Couldn't create MiniKDC");
}
}
Example 10
| Source File: TestRMWebServicesDelegationTokens.java From hadoop with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setupKDC() throws Exception {
testRootDir = new File("target",
TestRMWebServicesDelegationTokens.class.getName() + "-root");
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
testMiniKDC.start();
testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
"client", "client2", "client3");
}
Example 11
| Source File: TestRMWebappAuthentication.java From hadoop with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setUp() {
try {
testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
setupKDC();
} catch (Exception e) {
assertTrue("Couldn't create MiniKDC", false);
}
}
Example 12
| Source File: BaseSecurityTest.java From atlas with Apache License 2.0 | 5 votes |
|
protected File startKDC() throws Exception {
File target = Files.createTempDirectory("sectest").toFile();
File kdcWorkDir = new File(target, "kdc");
Properties kdcConf = MiniKdc.createConf();
kdcConf.setProperty(MiniKdc.DEBUG, "true");
kdc = new MiniKdc(kdcConf, kdcWorkDir);
kdc.start();
Assert.assertNotNull(kdc.getRealm());
return kdcWorkDir;
}
Example 13
| Source File: TestSecurityContext.java From datacollector with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void startKdc() throws Exception {
testDir = new File("target", UUID.randomUUID().toString()).getAbsoluteFile();
Assert.assertTrue(testDir.mkdirs());
File kdcDir = new File(testDir, "kdc");
Assert.assertTrue(kdcDir.mkdirs());
keytabFile = new File(testDir, "test.keytab");
miniKdc = new MiniKdc(MiniKdc.createConf(), testDir);
miniKdc.start();
miniKdc.createPrincipal(keytabFile, "foo", "bar/localhost");
}
Example 14
| Source File: SecureTestEnvironment.java From flink with Apache License 2.0 | 4 votes |
|
public static void prepare(TemporaryFolder tempFolder) {
try {
File baseDirForSecureRun = tempFolder.newFolder();
LOG.info("Base Directory for Secure Environment: {}", baseDirForSecureRun);
String hostName = "localhost";
Properties kdcConf = MiniKdc.createConf();
if (LOG.isDebugEnabled()) {
kdcConf.setProperty(MiniKdc.DEBUG, "true");
}
kdcConf.setProperty(MiniKdc.KDC_BIND_ADDRESS, hostName);
kdc = new MiniKdc(kdcConf, baseDirForSecureRun);
kdc.start();
LOG.info("Started Mini KDC");
File keytabFile = new File(baseDirForSecureRun, "test-users.keytab");
testKeytab = keytabFile.getAbsolutePath();
testZkServerPrincipal = "zookeeper/" + hostName;
testZkClientPrincipal = "zk-client/" + hostName;
testKafkaServerPrincipal = "kafka/" + hostName;
hadoopServicePrincipal = "hadoop/" + hostName;
testPrincipal = "client/" + hostName;
kdc.createPrincipal(keytabFile, testPrincipal, testZkServerPrincipal,
hadoopServicePrincipal,
testZkClientPrincipal,
testKafkaServerPrincipal);
testPrincipal = testPrincipal + "@" + kdc.getRealm();
testZkServerPrincipal = testZkServerPrincipal + "@" + kdc.getRealm();
testZkClientPrincipal = testZkClientPrincipal + "@" + kdc.getRealm();
testKafkaServerPrincipal = testKafkaServerPrincipal + "@" + kdc.getRealm();
hadoopServicePrincipal = hadoopServicePrincipal + "@" + kdc.getRealm();
LOG.info("-------------------------------------------------------------------");
LOG.info("Test Principal: {}", testPrincipal);
LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
LOG.info("Test Keytab: {}", testKeytab);
LOG.info("-------------------------------------------------------------------");
//Security Context is established to allow non hadoop applications that requires JAAS
//based SASL/Kerberos authentication to work. However, for Hadoop specific applications
//the context can be reinitialized with Hadoop configuration by calling
//ctx.setHadoopConfiguration() for the UGI implementation to work properly.
//See Yarn test case module for reference
Configuration flinkConfig = GlobalConfiguration.loadConfiguration();
flinkConfig.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
flinkConfig.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient");
SecurityConfiguration ctx = new SecurityConfiguration(flinkConfig);
TestingSecurityContext.install(ctx, getClientSecurityConfigurationMap());
populateJavaPropertyVariables();
} catch (Exception e) {
throw new RuntimeException("Exception occured while preparing secure environment.", e);
}
}
Example 15
| Source File: TestSecureNNWithQJM.java From big-c with Apache License 2.0 | 4 votes |
|
@BeforeClass
public static void init() throws Exception {
baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
TestSecureNNWithQJM.class.getSimpleName());
FileUtil.fullyDelete(baseDir);
assertTrue(baseDir.mkdirs());
Properties kdcConf = MiniKdc.createConf();
kdc = new MiniKdc(kdcConf, baseDir);
kdc.start();
baseConf = new HdfsConfiguration();
SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS,
baseConf);
UserGroupInformation.setConfiguration(baseConf);
assertTrue("Expected configuration to enable security",
UserGroupInformation.isSecurityEnabled());
String userName = UserGroupInformation.getLoginUser().getShortUserName();
File keytabFile = new File(baseDir, userName + ".keytab");
String keytab = keytabFile.getAbsolutePath();
// Windows will not reverse name lookup "127.0.0.1" to "localhost".
String krbInstance = Path.WINDOWS ? "127.0.0.1" : "localhost";
kdc.createPrincipal(keytabFile,
userName + "/" + krbInstance,
"HTTP/" + krbInstance);
String hdfsPrincipal = userName + "/" + krbInstance + "@" + kdc.getRealm();
String spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.getRealm();
baseConf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
baseConf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
baseConf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
baseConf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
baseConf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
baseConf.set(DFS_JOURNALNODE_KEYTAB_FILE_KEY, keytab);
baseConf.set(DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
baseConf.set(DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
spnegoPrincipal);
baseConf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
baseConf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, "authentication");
baseConf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
baseConf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
baseConf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
baseConf.set(DFS_JOURNALNODE_HTTPS_ADDRESS_KEY, "localhost:0");
baseConf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
String keystoresDir = baseDir.getAbsolutePath();
String sslConfDir = KeyStoreTestUtil.getClasspathDir(
TestSecureNNWithQJM.class);
KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, baseConf, false);
}
Example 16
| Source File: SentryMiniKdcTestcase.java From incubator-sentry with Apache License 2.0 | 4 votes |
|
private static void createMiniKdcConf(Properties confOverlay) {
conf = MiniKdc.createConf();
for ( Object property : confOverlay.keySet()) {
conf.put(property, confOverlay.get(property));
}
}
Example 17
| Source File: SecureUserConnectionsIT.java From phoenix with Apache License 2.0 | 4 votes |
|
@BeforeClass
public static synchronized void setupKdc() throws Exception {
ensureIsEmptyDirectory(KDC_DIR);
ensureIsEmptyDirectory(KEYTAB_DIR);
// Create and start the KDC. MiniKDC appears to have a race condition in how it does
// port allocation (with apache-ds). See PHOENIX-3287.
boolean started = false;
for (int i = 0; !started && i < KDC_START_ATTEMPTS; i++) {
Properties kdcConf = MiniKdc.createConf();
kdcConf.put(MiniKdc.DEBUG, true);
KDC = new MiniKdc(kdcConf, KDC_DIR);
try {
KDC.start();
started = true;
} catch (Exception e) {
LOGGER.warn("PHOENIX-3287: Failed to start KDC, retrying..", e);
}
}
assertTrue("The embedded KDC failed to start successfully after " + KDC_START_ATTEMPTS
+ " attempts.", started);
createUsers(NUM_USERS);
createServiceUsers(NUM_USERS);
final Configuration conf = new Configuration(false);
conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true);
UserGroupInformation.setConfiguration(conf);
// Clear the cached singletons so we can inject our own.
InstanceResolver.clearSingletons();
// Make sure the ConnectionInfo doesn't try to pull a default Configuration
InstanceResolver.getSingleton(ConfigurationFactory.class, new ConfigurationFactory() {
@Override
public Configuration getConfiguration() {
return conf;
}
@Override
public Configuration getConfiguration(Configuration confToClone) {
Configuration copy = new Configuration(conf);
copy.addResource(confToClone);
return copy;
}
});
updateDefaultRealm();
}
Example 18
| Source File: SecureTestEnvironment.java From flink with Apache License 2.0 | 4 votes |
|
public static void prepare(TemporaryFolder tempFolder) {
try {
File baseDirForSecureRun = tempFolder.newFolder();
LOG.info("Base Directory for Secure Environment: {}", baseDirForSecureRun);
String hostName = "localhost";
Properties kdcConf = MiniKdc.createConf();
if (LOG.isDebugEnabled()) {
kdcConf.setProperty(MiniKdc.DEBUG, "true");
}
kdcConf.setProperty(MiniKdc.KDC_BIND_ADDRESS, hostName);
kdc = new MiniKdc(kdcConf, baseDirForSecureRun);
kdc.start();
LOG.info("Started Mini KDC");
File keytabFile = new File(baseDirForSecureRun, "test-users.keytab");
testKeytab = keytabFile.getAbsolutePath();
testZkServerPrincipal = "zookeeper/127.0.0.1";
testZkClientPrincipal = "zk-client/127.0.0.1";
testKafkaServerPrincipal = "kafka/" + hostName;
hadoopServicePrincipal = "hadoop/" + hostName;
testPrincipal = "client/" + hostName;
kdc.createPrincipal(keytabFile, testPrincipal, testZkServerPrincipal,
hadoopServicePrincipal,
testZkClientPrincipal,
testKafkaServerPrincipal);
testPrincipal = testPrincipal + "@" + kdc.getRealm();
testZkServerPrincipal = testZkServerPrincipal + "@" + kdc.getRealm();
testZkClientPrincipal = testZkClientPrincipal + "@" + kdc.getRealm();
testKafkaServerPrincipal = testKafkaServerPrincipal + "@" + kdc.getRealm();
hadoopServicePrincipal = hadoopServicePrincipal + "@" + kdc.getRealm();
LOG.info("-------------------------------------------------------------------");
LOG.info("Test Principal: {}", testPrincipal);
LOG.info("Test ZK Server Principal: {}", testZkServerPrincipal);
LOG.info("Test ZK Client Principal: {}", testZkClientPrincipal);
LOG.info("Test Kafka Server Principal: {}", testKafkaServerPrincipal);
LOG.info("Test Hadoop Service Principal: {}", hadoopServicePrincipal);
LOG.info("Test Keytab: {}", testKeytab);
LOG.info("-------------------------------------------------------------------");
//Security Context is established to allow non hadoop applications that requires JAAS
//based SASL/Kerberos authentication to work. However, for Hadoop specific applications
//the context can be reinitialized with Hadoop configuration by calling
//ctx.setHadoopConfiguration() for the UGI implementation to work properly.
//See Yarn test case module for reference
Configuration flinkConfig = GlobalConfiguration.loadConfiguration();
flinkConfig.setBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, testKeytab);
flinkConfig.setBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE, false);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, testPrincipal);
flinkConfig.setString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS, "Client,KafkaClient");
SecurityConfiguration ctx = new SecurityConfiguration(flinkConfig);
TestingSecurityContext.install(ctx, getClientSecurityConfigurationMap());
populateJavaPropertyVariables();
} catch (Exception e) {
throw new RuntimeException("Exception occured while preparing secure environment.", e);
}
}
Example 19
| Source File: TestSecureOzoneCluster.java From hadoop-ozone with Apache License 2.0 | 4 votes |
|
private void startMiniKdc() throws Exception {
Properties securityProperties = MiniKdc.createConf();
miniKdc = new MiniKdc(securityProperties, workDir);
miniKdc.start();
}
Example 20
| Source File: JAASKerberosTest.java From blazingcache with Apache License 2.0 | 2 votes |
|
/**
*
* /**
* Create a Kdc configuration
*/
public void createMiniKdcConf() {
conf = MiniKdc.createConf();
}
