in phoenix-queryserver-it/src/it/java/org/apache/phoenix/end2end/HttpParamImpersonationQueryServerIT.java [110:140]
public void testSuccessfulImpersonation() throws Exception {
final Entry<String,File> user1 = environment.getUser(1);
final Entry<String,File> user2 = environment.getUser(2);
// Build the JDBC URL by hand with the doAs
final String doAsUrlTemplate = getUrlTemplate();
final String tableName = "POSITIVE_IMPERSONATION";
final int numRows = 5;
final UserGroupInformation serviceUgi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(environment.getServicePrincipal() + "@" + environment.getRealm(), environment.getServiceKeytab().getAbsolutePath());
serviceUgi.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
createTable(tableName, numRows);
grantUsersToPhoenixSystemTables(Arrays.asList(user1.getKey(), user2.getKey()));
return null;
}
});
UserGroupInformation user1Ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user1.getKey() + "@" + environment.getRealm(), user1.getValue().getAbsolutePath());
user1Ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override public Void run() throws Exception {
// This user should not be able to read the table
readAndExpectPermissionError(environment.getPqsUrl(), tableName, numRows);
// Run the same query with the same credentials, but with a doAs. We should be permitted since the user we're impersonating can run the query
final String doAsUrl = String.format(doAsUrlTemplate, serviceUgi.getShortUserName());
try (Connection conn = DriverManager.getConnection(doAsUrl);
Statement stmt = conn.createStatement()) {
conn.setAutoCommit(true);
readRows(stmt, tableName, numRows);
}
return null;
}
});
}