You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2012/11/07 01:48:18 UTC
svn commit: r1406413 - in
/hadoop/common/trunk/hadoop-common-project/hadoop-common: CHANGES.txt
src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java
src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java
Author: suresh
Date: Wed Nov 7 00:48:17 2012
New Revision: 1406413
URL: http://svn.apache.org/viewvc?rev=1406413&view=rev
Log:
HADOOP-9004. Allow security unit tests to use external KDC. Contributed by Stephen Chu.
Added:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1406413&r1=1406412&r2=1406413&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Wed Nov 7 00:48:17 2012
@@ -129,6 +129,9 @@ Trunk (Unreleased)
HADOOP-8776. Provide an option in test-patch that can enable/disable
compiling native code. (Chris Nauroth via suresh)
+ HADOOP-9004. Allow security unit tests to use external KDC. (Stephen Chu
+ via suresh)
+
BUG FIXES
HADOOP-8177. MBeans shouldn't try to register when it fails to create MBeanName.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java?rev=1406413&r1=1406412&r2=1406413&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/SecurityUtilTestHelper.java Wed Nov 7 00:48:17 2012
@@ -27,4 +27,19 @@ public class SecurityUtilTestHelper {
public static void setTokenServiceUseIp(boolean flag) {
SecurityUtil.setTokenServiceUseIp(flag);
}
+
+ /**
+ * Return true if externalKdc=true and the location of the krb5.conf
+ * file has been specified, and false otherwise.
+ */
+ public static boolean isExternalKdcRunning() {
+ String externalKdc = System.getProperty("externalKdc");
+ String krb5Conf = System.getProperty("java.security.krb5.conf");
+ if(externalKdc == null || !externalKdc.equals("true") ||
+ krb5Conf == null) {
+ return false;
+ }
+ return true;
+ }
+
}
Added: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java?rev=1406413&view=auto
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java (added)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGIWithExternalKdc.java Wed Nov 7 00:48:17 2012
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
+import static org.apache.hadoop.security.SecurityUtilTestHelper.isExternalKdcRunning;
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
+import org.junit.Assume;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Tests kerberos keytab login using a user-specified external KDC
+ *
+ * To run, users must specify the following system properties:
+ * externalKdc=true
+ * java.security.krb5.conf
+ * user.principal
+ * user.keytab
+ */
+public class TestUGIWithExternalKdc {
+
+ @Before
+ public void testExternalKdcRunning() {
+ Assume.assumeTrue(isExternalKdcRunning());
+ }
+
+ @Test
+ public void testLogin() throws IOException {
+ String userPrincipal = System.getProperty("user.principal");
+ String userKeyTab = System.getProperty("user.keytab");
+ Assert.assertNotNull("User principal was not specified", userPrincipal);
+ Assert.assertNotNull("User keytab was not specified", userKeyTab);
+
+ Configuration conf = new Configuration();
+ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
+ "kerberos");
+ UserGroupInformation.setConfiguration(conf);
+
+ UserGroupInformation ugi = UserGroupInformation
+ .loginUserFromKeytabAndReturnUGI(userPrincipal, userKeyTab);
+
+ Assert.assertEquals(AuthenticationMethod.KERBEROS,
+ ugi.getAuthenticationMethod());
+
+ try {
+ UserGroupInformation
+ .loginUserFromKeytabAndReturnUGI("bogus@EXAMPLE.COM", userKeyTab);
+ Assert.fail("Login should have failed");
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+}