Java MiniHiveKdc示例

示例#1

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

  @BeforeClass
  public static void beforeTest() throws Exception {
    Class.forName(MiniHS2.getJdbcDriverName());
    confOverlay.put(ConfVars.HIVE_SERVER2_SESSION_HOOK.varname, SessionHookTest.class.getName());

    HiveConf hiveConf = new HiveConf();
    miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
    miniHS2 = MiniHiveKdc.getMiniHS2WithKerb(miniHiveKdc, hiveConf);
    miniHS2.start(confOverlay);
  }

示例#2

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

 /**
  * * Negative test isValid() method
  *
  * @throws Exception
  */
 @Test
 public void testIsValidNeg() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
   hs2Conn.close();
   assertFalse(hs2Conn.isValid(1000));
 }

示例#3

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

 /**
  * Test connection using the proxy user connection property
  *
  * @throws Exception
  */
 @Test
 public void testProxyAuth() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   hs2Conn =
       DriverManager.getConnection(
           miniHS2.getJdbcURL(
               "default", ";hive.server2.proxy.user=" + MiniHiveKdc.HIVE_TEST_USER_1));
   verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
 }

示例#4

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

  /**
   * * Test token based authentication over kerberos Login as super user and retrieve the token for
   * normal user use the token to connect connect as normal user
   *
   * @throws Exception
   */
  @Test
  public void testTokenAuth() throws Exception {
    miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
    hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());

    // retrieve token and store in the cache
    String token =
        ((HiveConnection) hs2Conn)
            .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);
    assertTrue(token != null && !token.isEmpty());
    hs2Conn.close();

    UserGroupInformation ugi = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
    // Store token in the cache
    storeToken(token, ugi);
    hs2Conn =
        DriverManager.getConnection(miniHS2.getBaseJdbcURL() + "default;auth=delegationToken");
    verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
  }

示例#5

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

 /**
  * * Negative test, verify that connection to secure HS2 fails when required connection attributes
  * are not provided
  *
  * @throws Exception
  */
 @Test
 public void testConnectionNeg() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
   try {
     String url = miniHS2.getJdbcURL().replaceAll(";principal.*", "");
     hs2Conn = DriverManager.getConnection(url);
     fail("NON kerberos connection should fail");
   } catch (SQLException e) {
     // expected error
     assertEquals("08S01", e.getSQLState().trim());
   }
 }

示例#6

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

 /**
  * Test connection using the proxy user connection property. Verify proxy connection fails when
  * super user doesn't have privilege to impersonate the given user
  *
  * @throws Exception
  */
 @Test
 public void testNegativeProxyAuth() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
   try {
     hs2Conn =
         DriverManager.getConnection(
             miniHS2.getJdbcURL(
                 "default", ";hive.server2.proxy.user="******" shouldn't be allowed proxy connection for "
             + MiniHiveKdc.HIVE_TEST_USER_2);
   } catch (SQLException e) {
     // Expected error
     e.printStackTrace();
     assertTrue(e.getMessage().contains("Failed to validate proxy privilege"));
     assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
   }
 }

示例#7

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

  /**
   * * Negative test for token based authentication Verify that a user can't retrieve a token for
   * user that it's not allowed to impersonate
   *
   * @throws Exception
   */
  @Test
  public void testNegativeTokenAuth() throws Exception {
    miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
    hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());

    try {
      // retrieve token and store in the cache
      String token =
          ((HiveConnection) hs2Conn)
              .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_2, MiniHiveKdc.HIVE_SERVICE_PRINCIPAL);

      fail(
          MiniHiveKdc.HIVE_TEST_SUPER_USER
              + " shouldn't be allowed to retrieve token for "
              + MiniHiveKdc.HIVE_TEST_USER_2);
    } catch (SQLException e) {
      // Expected error
      assertTrue(e.getMessage().contains("Error retrieving delegation token for user"));
      assertTrue(e.getCause().getCause().getMessage().contains("is not allowed to impersonate"));
    } finally {
      hs2Conn.close();
    }
  }

示例#8

文件： TestJdbcWithMiniKdc.java 项目： phoenixhadoop/hive

 /**
  * * Basic connection test
  *
  * @throws Exception
  */
 @Test
 public void testConnection() throws Exception {
   miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_USER_1);
   hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
   verifyProperty(SESSION_USER_NAME, MiniHiveKdc.HIVE_TEST_USER_1);
 }