1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import static org.junit.Assert.assertFalse;
22 import static org.junit.Assert.assertTrue;
23
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.concurrent.atomic.AtomicBoolean;
27
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.apache.hadoop.conf.Configuration;
31 import org.apache.hadoop.hbase.Abortable;
32 import org.apache.hadoop.hbase.HBaseTestingUtility;
33 import org.apache.hadoop.hbase.LargeTests;
34 import org.apache.hadoop.hbase.util.Bytes;
35 import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
36 import org.junit.AfterClass;
37 import org.junit.BeforeClass;
38 import org.junit.Test;
39 import org.junit.experimental.categories.Category;
40
41
42
43
44 @Category(LargeTests.class)
45 public class TestZKPermissionsWatcher {
46 private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
47 private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
48 private static TableAuthManager AUTH_A;
49 private static TableAuthManager AUTH_B;
50 private final static Abortable ABORTABLE = new Abortable() {
51 private final AtomicBoolean abort = new AtomicBoolean(false);
52
53 @Override
54 public void abort(String why, Throwable e) {
55 LOG.info(why, e);
56 abort.set(true);
57 }
58
59 @Override
60 public boolean isAborted() {
61 return abort.get();
62 }
63 };
64
65 private static byte[] TEST_TABLE = Bytes.toBytes("perms_test");
66
67 @BeforeClass
68 public static void beforeClass() throws Exception {
69
70 Configuration conf = UTIL.getConfiguration();
71 SecureTestUtil.enableSecurity(conf);
72
73
74 UTIL.startMiniCluster();
75 AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
76 "TestZKPermissionsWatcher_1", ABORTABLE), conf);
77 AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
78 "TestZKPermissionsWatcher_2", ABORTABLE), conf);
79 }
80
81 @AfterClass
82 public static void afterClass() throws Exception {
83 UTIL.shutdownMiniCluster();
84 }
85
86 @Test
87 public void testPermissionsWatcher() throws Exception {
88 assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
89 TablePermission.Action.READ));
90 assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
91 TablePermission.Action.WRITE));
92 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
93 TablePermission.Action.READ));
94 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
95 TablePermission.Action.WRITE));
96
97 assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
98 TablePermission.Action.READ));
99 assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
100 TablePermission.Action.WRITE));
101 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
102 TablePermission.Action.READ));
103 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
104 TablePermission.Action.WRITE));
105
106
107 List<TablePermission> acl = new ArrayList<TablePermission>();
108 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
109 TablePermission.Action.WRITE));
110 AUTH_A.setUserPermissions("george", TEST_TABLE, acl);
111 Thread.sleep(100);
112
113
114 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
115 TablePermission.Action.READ));
116 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
117 TablePermission.Action.WRITE));
118 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
119 TablePermission.Action.READ));
120 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
121 TablePermission.Action.WRITE));
122 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
123 TablePermission.Action.READ));
124 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
125 TablePermission.Action.WRITE));
126 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
127 TablePermission.Action.READ));
128 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
129 TablePermission.Action.WRITE));
130
131
132 acl = new ArrayList<TablePermission>();
133 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
134 AUTH_B.setUserPermissions("hubert", TEST_TABLE, acl);
135 Thread.sleep(100);
136
137
138 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
139 TablePermission.Action.READ));
140 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
141 TablePermission.Action.WRITE));
142 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
143 TablePermission.Action.READ));
144 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
145 TablePermission.Action.WRITE));
146 assertTrue(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
147 TablePermission.Action.READ));
148 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
149 TablePermission.Action.WRITE));
150 assertTrue(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
151 TablePermission.Action.READ));
152 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
153 TablePermission.Action.WRITE));
154 }
155 }