Java Code Examples for org.apache.hadoop.security.UserGroupInformation#setConfiguration()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#setConfiguration() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestRMHA.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Before
public void setUp() throws Exception {
  configuration = new Configuration();
  UserGroupInformation.setConfiguration(configuration);
  configuration.setBoolean(YarnConfiguration.RM_HA_ENABLED, true);
  configuration.set(YarnConfiguration.RM_HA_IDS, RM1_NODE_ID + ","
      + RM2_NODE_ID);
  for (String confKey : YarnConfiguration
      .getServiceAddressConfKeys(configuration)) {
    configuration.set(HAUtil.addSuffix(confKey, RM1_NODE_ID), RM1_ADDRESS);
    configuration.set(HAUtil.addSuffix(confKey, RM2_NODE_ID), RM2_ADDRESS);
    configuration.set(HAUtil.addSuffix(confKey, RM3_NODE_ID), RM3_ADDRESS);
  }

  // Enable webapp to test web-services also
  configuration.setBoolean(MockRM.ENABLE_WEBAPP, true);
  configuration.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  ClusterMetrics.destroy();
  QueueMetrics.clearQueueMetrics();
  DefaultMetricsSystem.shutdown();
}
 
Example 2
Source File: Delete.java    From Transwarp-Sample-Code with MIT License 6 votes vote down vote up
public static void main(String[] args) {
    String rootPath = "hdfs://nameservice1";
    Path p = new Path(rootPath + "/tmp/file.txt");
    Configuration conf = new Configuration();
    conf.addResource("core-site.xml");
    conf.addResource("hdfs-site.xml");
    conf.addResource("yarn-site.xml");
    try {
        // 没开kerberos,注释下面两行
        UserGroupInformation.setConfiguration(conf);
        UserGroupInformation.loginUserFromKeytab("hdfs@TDH","E:\\星环\\hdfs.keytab");
        FileSystem fs = p.getFileSystem(conf);
        boolean b = fs.delete(p, true);
        System.out.println(b);
        fs.close();
    } catch (IOException e) {
        e.printStackTrace();
    }
}
 
Example 3
Source File: DefaultLoginUgiProvider.java    From datacollector with Apache License 2.0 6 votes vote down vote up
@Override
public UserGroupInformation getLoginUgi(Configuration hdfsConfiguration) throws IOException {
  AccessControlContext accessContext = AccessController.getContext();
  Subject subject = Subject.getSubject(accessContext);
  UserGroupInformation loginUgi;
  //HADOOP-13805
  HadoopConfigurationUtils.configureHadoopTreatSubjectExternal(hdfsConfiguration);
  UserGroupInformation.setConfiguration(hdfsConfiguration);
  if (UserGroupInformation.isSecurityEnabled()) {
    loginUgi = UserGroupInformation.getUGIFromSubject(subject);
  } else {
    UserGroupInformation.loginUserFromSubject(subject);
    loginUgi = UserGroupInformation.getLoginUser();
  }
  if (LOG.isDebugEnabled()) {
    LOG.debug(
        "Subject = {}, Principals = {}, Login UGI = {}",
        subject,
        subject == null ? "null" : subject.getPrincipals(),
        loginUgi
    );
  }
  return loginUgi;
}
 
Example 4
Source File: TestUsersOperationsWithSecureHadoop.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Test
public void testLoginWithUserKeytabAndPrincipal() throws Exception {
  String clientKeytab = getClientKeytabForTesting();
  String clientPrincipal = getClientPrincipalForTesting();
  assertNotNull("Path for client keytab is not specified.", clientKeytab);
  assertNotNull("Client principal is not specified.", clientPrincipal);

  Configuration conf = getSecuredConfiguration();
  conf.set(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, clientKeytab);
  conf.set(AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL, clientPrincipal);
  UserGroupInformation.setConfiguration(conf);

  UserProvider provider = UserProvider.instantiate(conf);
  assertTrue("Client principal or keytab is empty", provider.shouldLoginFromKeytab());

  provider.login(AuthUtil.HBASE_CLIENT_KEYTAB_FILE, AuthUtil.HBASE_CLIENT_KERBEROS_PRINCIPAL);
  User loginUser = provider.getCurrent();
  assertEquals(CLIENT_NAME, loginUser.getShortName());
  assertEquals(getClientPrincipalForTesting(), loginUser.getName());
}
 
Example 5
Source File: HdfsUtils.java    From dk-fitting with Apache License 2.0 6 votes vote down vote up
public static FileSystem getFs(String krb5_conf, String principal, String keytab) throws Exception {
    if (fs != null) {
        return fs;
    } else {
        System.out.println("hdfs_site:" + Prop.getProperty("datasource.hdfs_xml_path"));
        System.out.println("core_site:" + Prop.getProperty("datasource.core_xml_path"));
        conf.addResource(new Path(Prop.getProperty("datasource.hdfs_xml_path")));
        conf.addResource(new Path(Prop.getProperty("datasource.core_xml_path")));
        conf.set("dfs.client.block.write.replace-datanode-on-failure.policy", "NEVER");
        conf.set("dfs.client.block.write.replace-datanode-on-failure.enable", "true");
        //conf.setBoolean("fs.hdfs.impl.disable.cache", true);
        if (StringUtils.isNotBlank(krb5_conf) && StringUtils.isNotBlank(principal) && StringUtils.isNotBlank(keytab)) {
            System.setProperty("java.security.krb5.conf", krb5_conf);
            UserGroupInformation.setConfiguration(conf);
            UserGroupInformation.loginUserFromKeytab(principal, keytab);
            UserGroupInformation.getLoginUser();
        }
        fs = FileSystem.get(conf);
        return fs;
    }
}
 
Example 6
Source File: TestRMRestart.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Before
public void setup() throws IOException {
  conf = getConf();
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  UserGroupInformation.setConfiguration(conf);
  conf.setBoolean(YarnConfiguration.RECOVERY_ENABLED, true);
  conf.setBoolean(YarnConfiguration.RM_WORK_PRESERVING_RECOVERY_ENABLED, false);
  conf.set(YarnConfiguration.RM_STORE, MemoryRMStateStore.class.getName());
  rmAddr = new InetSocketAddress("localhost", 8032);
  Assert.assertTrue(YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS > 1);
}
 
Example 7
Source File: TestRMRestart.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Before
public void setup() throws IOException {
  conf = getConf();
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  UserGroupInformation.setConfiguration(conf);
  conf.setBoolean(YarnConfiguration.RECOVERY_ENABLED, true);
  conf.setBoolean(YarnConfiguration.RM_WORK_PRESERVING_RECOVERY_ENABLED, false);
  conf.set(YarnConfiguration.RM_STORE, MemoryRMStateStore.class.getName());
  rmAddr = new InetSocketAddress("localhost", 8032);
  Assert.assertTrue(YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS > 1);
}
 
Example 8
Source File: TestRMDelegationTokens.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Before
public void setup() {
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  ExitUtil.disableSystemExit();
  conf = new YarnConfiguration();
  UserGroupInformation.setConfiguration(conf);
  conf.set(YarnConfiguration.RM_STORE, MemoryRMStateStore.class.getName());
  conf.set(YarnConfiguration.RM_SCHEDULER, FairScheduler.class.getName());
}
 
Example 9
Source File: JDBCSecurityImpl.java    From zeppelin with Apache License 2.0 5 votes vote down vote up
/***
 * @param properties
 */
public static void createSecureConfiguration(Properties properties,
    AuthenticationMethod authType) {
  switch (authType) {
    case KERBEROS:
      Configuration conf = new
          org.apache.hadoop.conf.Configuration();
      conf.set("hadoop.security.authentication", KERBEROS.toString());
      UserGroupInformation.setConfiguration(conf);
      try {
        // Check TGT before calling login
        // Ref: https://github.com/apache/hadoop/blob/release-3.0.1-RC1/hadoop-common-project/
        // hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L1232
        if (!UserGroupInformation.isSecurityEnabled()
            || UserGroupInformation.getCurrentUser().getAuthenticationMethod() != KERBEROS
            || !UserGroupInformation.isLoginKeytabBased()) {
          UserGroupInformation.loginUserFromKeytab(
              properties.getProperty("zeppelin.jdbc.principal"),
              properties.getProperty("zeppelin.jdbc.keytab.location"));
        } else {
          LOGGER.info("The user has already logged in using Keytab and principal, " +
              "no action required");
        }
      } catch (IOException e) {
        LOGGER.error("Failed to get either keytab location or principal name in the " +
            "interpreter", e);
      }
  }
}
 
Example 10
Source File: Kerberos.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
public AtlasClientV2 createClient(String[] baseUrls) {
    final Configuration hadoopConf = new Configuration();
    hadoopConf.set("hadoop.security.authentication", "kerberos");
    UserGroupInformation.setConfiguration(hadoopConf);
    final UserGroupInformation ugi;
    try {
        UserGroupInformation.loginUserFromKeytab(principal, keytab);
        ugi = UserGroupInformation.getCurrentUser();
    } catch (IOException e) {
        throw new RuntimeException("Failed to login with Kerberos due to: " + e, e);
    }
    return new AtlasClientV2(ugi, null, baseUrls);
}
 
Example 11
Source File: TestApplicationCleanup.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Before
public void setup() throws UnknownHostException {
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  conf = new YarnConfiguration();
  UserGroupInformation.setConfiguration(conf);
  conf.set(YarnConfiguration.RECOVERY_ENABLED, "true");
  conf.set(YarnConfiguration.RM_STORE, MemoryRMStateStore.class.getName());
  Assert.assertTrue(YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS > 1);
}
 
Example 12
Source File: HiveMetaStoreServiceJdbcImpl.java    From griffin with Apache License 2.0 5 votes vote down vote up
@PostConstruct
public void init() {
    if (needKerberos != null && needKerberos.equalsIgnoreCase("true")) {
        LOGGER.info("Hive need Kerberos Auth.");

        Configuration conf = new Configuration();
        conf.set("hadoop.security.authentication", "Kerberos");
        UserGroupInformation.setConfiguration(conf);
        try {
            UserGroupInformation.loginUserFromKeytab(keytabUser, keytabPath);
        } catch (IOException e) {
            LOGGER.error("Register Kerberos has error. {}", e.getMessage());
        }
    }
}
 
Example 13
Source File: TestWebDelegationToken.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@After
public void cleanUp() throws Exception {
  jetty.stop();

  // resetting hadoop security to simple
  org.apache.hadoop.conf.Configuration conf =
      new org.apache.hadoop.conf.Configuration();
  UserGroupInformation.setConfiguration(conf);
}
 
Example 14
Source File: SimpleAuthenticationHandler.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
public void secureLogin() {
  //no secureLogin, just set configurations
  Configuration conf = new Configuration();
  conf.set(get_hadoop_security_authentication(),
          SecurityConstants.TYPE.SIMPLE.name());
  UserGroupInformation.setConfiguration(conf);
  LOG.info("Using simple/pseudo authentication, principal ["
          + System.getProperty("user.name") + "]");
}
 
Example 15
Source File: KerberosAuthenticationHandler.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
public void secureLogin() {
  MapContext mapContext = SqoopConfiguration.getInstance().getContext();
  String keytab = mapContext.getString(
          SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim();
  if (keytab.length() == 0) {
    throw new SqoopException(SecurityError.AUTH_0001,
            SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB);
  }
  keytabFile = keytab;

  String principal = mapContext.getString(
          SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim();
  if (principal.length() == 0) {
    throw new SqoopException(SecurityError.AUTH_0002,
            SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL);
  }
  keytabPrincipal = principal;

  Configuration conf = new Configuration();
  conf.set(get_hadoop_security_authentication(),
          SecurityConstants.TYPE.KERBEROS.name());
  UserGroupInformation.setConfiguration(conf);
  try {
    String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
    UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab);
  } catch (IOException ex) {
    throw new SqoopException(SecurityError.AUTH_0003, ex);
  }
  LOG.info("Using Kerberos authentication, principal ["
          + principal + "] keytab [" + keytab + "]");
}
 
Example 16
Source File: CelosCiContext.java    From celos with Apache License 2.0 5 votes vote down vote up
private Configuration setupConfiguration(String username, CelosCiTarget target) throws Exception {
    JScpWorker jscpWorker = new JScpWorker(username);
    Configuration conf = new Configuration();

    conf.set("fs.hdfs.impl", org.apache.hadoop.hdfs.DistributedFileSystem.class.getName());
    conf.set("fs.file.impl", org.apache.hadoop.fs.LocalFileSystem.class.getName());

    conf.addResource(jscpWorker.getFileObjectByUri(target.getPathToHdfsSite()).getContent().getInputStream());
    conf.addResource(jscpWorker.getFileObjectByUri(target.getPathToCoreSite()).getContent().getInputStream());

    UserGroupInformation.setConfiguration(conf);

    return conf;
}
 
Example 17
Source File: SecondaryNameNode.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Initialize SecondaryNameNode.
 */
private void initialize(final Configuration conf,
    CommandLineOpts commandLineOpts) throws IOException {
  final InetSocketAddress infoSocAddr = getHttpAddress(conf);
  final String infoBindAddress = infoSocAddr.getHostName();
  UserGroupInformation.setConfiguration(conf);
  if (UserGroupInformation.isSecurityEnabled()) {
    SecurityUtil.login(conf,
        DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY,
        DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_PRINCIPAL_KEY, infoBindAddress);
  }
  // initiate Java VM metrics
  DefaultMetricsSystem.initialize("SecondaryNameNode");
  JvmMetrics.create("SecondaryNameNode",
      conf.get(DFSConfigKeys.DFS_METRICS_SESSION_ID_KEY),
      DefaultMetricsSystem.instance());

  // Create connection to the namenode.
  shouldRun = true;
  nameNodeAddr = NameNode.getServiceAddress(conf, true);

  this.conf = conf;
  this.namenode = NameNodeProxies.createNonHAProxy(conf, nameNodeAddr, 
      NamenodeProtocol.class, UserGroupInformation.getCurrentUser(),
      true).getProxy();

  // initialize checkpoint directories
  fsName = getInfoServer();
  checkpointDirs = FSImage.getCheckpointDirs(conf,
                                "/tmp/hadoop/dfs/namesecondary");
  checkpointEditsDirs = FSImage.getCheckpointEditsDirs(conf, 
                                "/tmp/hadoop/dfs/namesecondary");    
  checkpointImage = new CheckpointStorage(conf, checkpointDirs, checkpointEditsDirs);
  checkpointImage.recoverCreate(commandLineOpts.shouldFormat());
  checkpointImage.deleteTempEdits();
  
  namesystem = new FSNamesystem(conf, checkpointImage, true);

  // Disable quota checks
  namesystem.dir.disableQuotaChecks();

  // Initialize other scheduling parameters from the configuration
  checkpointConf = new CheckpointConf(conf);

  final InetSocketAddress httpAddr = infoSocAddr;

  final String httpsAddrString = conf.getTrimmed(
      DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTPS_ADDRESS_KEY,
      DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTPS_ADDRESS_DEFAULT);
  InetSocketAddress httpsAddr = NetUtils.createSocketAddr(httpsAddrString);

  HttpServer2.Builder builder = DFSUtil.httpServerTemplateForNNAndJN(conf,
      httpAddr, httpsAddr, "secondary",
      DFSConfigKeys.DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
      DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);

  nameNodeStatusBeanName = MBeans.register("SecondaryNameNode",
          "SecondaryNameNodeInfo", this);

  infoServer = builder.build();

  infoServer.setAttribute("secondary.name.node", this);
  infoServer.setAttribute("name.system.image", checkpointImage);
  infoServer.setAttribute(JspHelper.CURRENT_CONF, conf);
  infoServer.addInternalServlet("imagetransfer", ImageServlet.PATH_SPEC,
      ImageServlet.class, true);
  infoServer.start();

  LOG.info("Web server init done");

  HttpConfig.Policy policy = DFSUtil.getHttpPolicy(conf);
  int connIdx = 0;
  if (policy.isHttpEnabled()) {
    InetSocketAddress httpAddress = infoServer.getConnectorAddress(connIdx++);
    conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY,
        NetUtils.getHostPortString(httpAddress));
  }

  if (policy.isHttpsEnabled()) {
    InetSocketAddress httpsAddress = infoServer.getConnectorAddress(connIdx);
    conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTPS_ADDRESS_KEY,
        NetUtils.getHostPortString(httpsAddress));
  }

  legacyOivImageDir = conf.get(
      DFSConfigKeys.DFS_NAMENODE_LEGACY_OIV_IMAGE_DIR_KEY);

  LOG.info("Checkpoint Period   :" + checkpointConf.getPeriod() + " secs "
      + "(" + checkpointConf.getPeriod() / 60 + " min)");
  LOG.info("Log Size Trigger    :" + checkpointConf.getTxnCount() + " txns");
}
 
Example 18
Source File: TestAccessController.java    From hbase with Apache License 2.0 4 votes vote down vote up
@BeforeClass
public static void setupBeforeClass() throws Exception {
  // setup configuration
  conf = TEST_UTIL.getConfiguration();
  // Up the handlers; this test needs more than usual.
  conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10);

  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
    MyShellBasedUnixGroupsMapping.class.getName());
  UserGroupInformation.setConfiguration(conf);

  // Enable security
  enableSecurity(conf);
  // In this particular test case, we can't use SecureBulkLoadEndpoint because its doAs will fail
  // to move a file for a random user
  conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());
  // Verify enableSecurity sets up what we require
  verifyConfiguration(conf);

  // Enable EXEC permission checking
  conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);

  TEST_UTIL.startMiniCluster();
  MasterCoprocessorHost masterCpHost =
    TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();
  masterCpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf);
  ACCESS_CONTROLLER = masterCpHost.findCoprocessor(AccessController.class);
  CP_ENV = masterCpHost.createEnvironment(
      ACCESS_CONTROLLER, Coprocessor.PRIORITY_HIGHEST, 1, conf);
  RegionServerCoprocessorHost rsCpHost = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0)
    .getRegionServerCoprocessorHost();
  RSCP_ENV = rsCpHost.createEnvironment(ACCESS_CONTROLLER, Coprocessor.PRIORITY_HIGHEST, 1, conf);

  // Wait for the ACL table to become available
  TEST_UTIL.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);

  // create a set of test users
  SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
  USER_ADMIN = User.createUserForTesting(conf, "admin2", new String[0]);
  USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
  USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
  USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
  USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
  USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
  USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);

  USER_GROUP_ADMIN =
      User.createUserForTesting(conf, "user_group_admin", new String[] { GROUP_ADMIN });
  USER_GROUP_CREATE =
      User.createUserForTesting(conf, "user_group_create", new String[] { GROUP_CREATE });
  USER_GROUP_READ =
      User.createUserForTesting(conf, "user_group_read", new String[] { GROUP_READ });
  USER_GROUP_WRITE =
      User.createUserForTesting(conf, "user_group_write", new String[] { GROUP_WRITE });

  systemUserConnection = TEST_UTIL.getConnection();
  setUpTableAndUserPermissions();
}
 
Example 19
Source File: TestDFSUtil.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Reset to default UGI settings since some tests change them.
 */
@Before
public void resetUGI() {
  UserGroupInformation.setConfiguration(new Configuration());
}
 
Example 20
Source File: TestTaskAttemptContainerRequest.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testAttemptContainerRequest() throws Exception {
  final Text SECRET_KEY_ALIAS = new Text("secretkeyalias");
  final byte[] SECRET_KEY = ("secretkey").getBytes();
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>(1);
  acls.put(ApplicationAccessType.VIEW_APP, "otheruser");
  ApplicationId appId = ApplicationId.newInstance(1, 1);
  JobId jobId = MRBuilderUtils.newJobId(appId, 1);
  TaskId taskId = MRBuilderUtils.newTaskId(jobId, 1, TaskType.MAP);
  Path jobFile = mock(Path.class);

  EventHandler eventHandler = mock(EventHandler.class);
  TaskAttemptListener taListener = mock(TaskAttemptListener.class);
  when(taListener.getAddress()).thenReturn(new InetSocketAddress("localhost", 0));

  JobConf jobConf = new JobConf();
  jobConf.setClass("fs.file.impl", StubbedFS.class, FileSystem.class);
  jobConf.setBoolean("fs.file.impl.disable.cache", true);
  jobConf.set(JobConf.MAPRED_MAP_TASK_ENV, "");

  // setup UGI for security so tokens and keys are preserved
  jobConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
  UserGroupInformation.setConfiguration(jobConf);

  Credentials credentials = new Credentials();
  credentials.addSecretKey(SECRET_KEY_ALIAS, SECRET_KEY);
  Token<JobTokenIdentifier> jobToken = new Token<JobTokenIdentifier>(
      ("tokenid").getBytes(), ("tokenpw").getBytes(),
      new Text("tokenkind"), new Text("tokenservice"));

  TaskAttemptImpl taImpl =
      new MapTaskAttemptImpl(taskId, 1, eventHandler, jobFile, 1,
          mock(TaskSplitMetaInfo.class), jobConf, taListener,
          jobToken, credentials,
          new SystemClock(), null);

  jobConf.set(MRJobConfig.APPLICATION_ATTEMPT_ID, taImpl.getID().toString());

  ContainerLaunchContext launchCtx =
      TaskAttemptImpl.createContainerLaunchContext(acls,
          jobConf, jobToken, taImpl.createRemoteTask(),
          TypeConverter.fromYarn(jobId),
          mock(WrappedJvmID.class), taListener,
          credentials);

  Assert.assertEquals("ACLs mismatch", acls, launchCtx.getApplicationACLs());
  Credentials launchCredentials = new Credentials();

  DataInputByteBuffer dibb = new DataInputByteBuffer();
  dibb.reset(launchCtx.getTokens());
  launchCredentials.readTokenStorageStream(dibb);

  // verify all tokens specified for the task attempt are in the launch context
  for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
    Token<? extends TokenIdentifier> launchToken =
        launchCredentials.getToken(token.getService());
    Assert.assertNotNull("Token " + token.getService() + " is missing",
        launchToken);
    Assert.assertEquals("Token " + token.getService() + " mismatch",
        token, launchToken);
  }

  // verify the secret key is in the launch context
  Assert.assertNotNull("Secret key missing",
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS));
  Assert.assertTrue("Secret key mismatch", Arrays.equals(SECRET_KEY,
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS)));
}