in phoenix-queryserver-it/src/it/java/org/apache/phoenix/end2end/HttpParamImpersonationQueryServerIT.java [143:175]
public void testDisallowedImpersonation() throws Exception {
final Entry<String,File> user2 = environment.getUser(2);
// Build the JDBC URL by hand with the doAs
final String doAsUrlTemplate = getUrlTemplate();
final String tableName = "DISALLOWED_IMPERSONATION";
final int numRows = 5;
final UserGroupInformation serviceUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(environment.getServicePrincipal() + "@" + environment.getRealm(), environment.getServiceKeytab().getAbsolutePath());
serviceUgi.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
createTable(tableName, numRows);
grantUsersToPhoenixSystemTables(Arrays.asList(user2.getKey()));
return null;
}
});
UserGroupInformation user2Ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user2.getKey() + "@" + environment.getRealm(), user2.getValue().getAbsolutePath());
user2Ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
// This user is disallowed to read this table
readAndExpectPermissionError(environment.getPqsUrl(), tableName, numRows);
// This user is also not allowed to impersonate
final String doAsUrl = String.format(doAsUrlTemplate, serviceUgi.getShortUserName());
try (Connection conn = DriverManager.getConnection(doAsUrl);
Statement stmt = conn.createStatement()) {
conn.setAutoCommit(true);
readRows(stmt, tableName, numRows);
fail("user2 should not be allowed to impersonate the service user");
} catch (Exception e) {
LOG.info("Caught expected exception", e);
}
return null;
}
});
}