/** * Create an ACL For a user. * @param ugi User identity * @return the ACL For the specified user. Ifthe username doesn't end * in "@" then the realm is added */ public ACL createACLForUser(UserGroupInformation ugi, int perms) { if (LOG.isDebugEnabled()) { LOG.debug("Creating ACL For ", new UgiInfo(ugi)); } if (!secureRegistry) { return ALL_READWRITE_ACCESS; } else { return createACLfromUsername(ugi.getUserName(), perms); } }
builder.append("User: ").append(UgiInfo.fromCurrentUser()); builder.append("; Kerberos Realm: ").append(kerberosRealm); builder.append(describeProperty(Environment.JAAS_CONF_KEY));
builder.append("User: ").append(UgiInfo.fromCurrentUser()); builder.append("; Kerberos Realm: ").append(kerberosRealm); builder.append(describeProperty(Environment.JAAS_CONF_KEY));
@Test public void testUGILogin() throws Throwable { UserGroupInformation ugi = loginUGI(ZOOKEEPER, keytab_zk); RegistrySecurity.UgiInfo ugiInfo = new RegistrySecurity.UgiInfo(ugi); LOG.info("logged in as: {}", ugiInfo); assertTrue("security is not enabled: " + ugiInfo, UserGroupInformation.isSecurityEnabled()); assertTrue("login is keytab based: " + ugiInfo, ugi.isFromKeytab()); // now we are here, build a SASL ACL ACL acl = ugi.doAs(new PrivilegedExceptionAction<ACL>() { @Override public ACL run() throws Exception { return registrySecurity.createSaslACLFromCurrentUser(0); } }); assertEquals(ZOOKEEPER_REALM, acl.getId().getId()); assertEquals(ZookeeperConfigOptions.SCHEME_SASL, acl.getId().getScheme()); registrySecurity.addSystemACL(acl); }
@Test public void testUGILogin() throws Throwable { UserGroupInformation ugi = loginUGI(ZOOKEEPER, keytab_zk); RegistrySecurity.UgiInfo ugiInfo = new RegistrySecurity.UgiInfo(ugi); LOG.info("logged in as: {}", ugiInfo); assertTrue("security is not enabled: " + ugiInfo, UserGroupInformation.isSecurityEnabled()); assertTrue("login is keytab based: " + ugiInfo, ugi.isFromKeytab()); // now we are here, build a SASL ACL ACL acl = ugi.doAs(new PrivilegedExceptionAction<ACL>() { @Override public ACL run() throws Exception { return registrySecurity.createSaslACLFromCurrentUser(0); } }); assertEquals(ZOOKEEPER_REALM, acl.getId().getId()); assertEquals(ZookeeperConfigOptions.SCHEME_SASL, acl.getId().getScheme()); registrySecurity.addSystemACL(acl); }
/** * Create an ACL For a user. * @param ugi User identity * @return the ACL For the specified user. Ifthe username doesn't end * in "@" then the realm is added */ public ACL createACLForUser(UserGroupInformation ugi, int perms) { if (LOG.isDebugEnabled()) { LOG.debug("Creating ACL For ", new UgiInfo(ugi)); } if (!secureRegistry) { return ALL_READWRITE_ACCESS; } else { return createACLfromUsername(ugi.getUserName(), perms); } }