impersonatingUser, impersonatingPrincipal, authorizedGroups, authorizedHosts); if (!isAllowedToImpersonateFromHost(authorizedHosts, remoteAddress)) { LOG.info("user = {}, principal = {} is not allowed to impersonate from host {} ", impersonatingUser, impersonatingPrincipal, remoteAddress); if (!isAllowedToImpersonateUser(authorizedGroups, userBeingImpersonated)) { LOG.info("user = {}, principal = {} is not allowed to impersonate any group that user {} is part of.", impersonatingUser, impersonatingPrincipal, userBeingImpersonated);
ImpersonationAuthorizer authorizer = new ImpersonationAuthorizer(); authorizer.prepare(clusterConf); assertTrue(authorizer.permit(new ReqContext(mkSubject("anyuser")), "fileUplaod", null)); assertFalse(authorizer.permit(mkImpersonatingReqContext("user-with-no-acl", userBeingImpersonated, localHost), "someOperation", null)); assertFalse(authorizer.permit(mkImpersonatingReqContext(impersonatingUser, userBeingImpersonated, unauthorizedHost), "someOperation", null)); assertFalse(authorizer.permit(mkImpersonatingReqContext(impersonatingUser, "unauthorized-user", localHost), "someOperation", null)); assertTrue(authorizer.permit(mkImpersonatingReqContext(impersonatingUser, userBeingImpersonated, localHost), "someOperation", null));
impersonatingUser, impersonatingPrincipal, authorizedGroups, authorizedHosts); if (!isAllowedToImpersonateFromHost(authorizedHosts, remoteAddress)) { LOG.info("user = {}, principal = {} is not allowed to impersonate from host {} ", impersonatingUser, impersonatingPrincipal, remoteAddress); if (!isAllowedToImpersonateUser(authorizedGroups, userBeingImpersonated)) { LOG.info("user = {}, principal = {} is not allowed to impersonate any group that user {} is part of.", impersonatingUser, impersonatingPrincipal, userBeingImpersonated);