Java 类org.apache.hadoop.security.authentication.util.KerberosName 实例源码

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
public static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
public static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
public static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name)
    throws IOException {
  if (expected == null && name != null) {
    throw new IOException(
        "Usernames not matched: expecting null but name=" + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException(
        "Usernames not matched: name=" + shortName + " != expected=" +
            expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

/**
 * Expected user name should be a short name.
 */
private static void checkUsername(final String expected, final String name
    ) throws IOException {
  if (expected == null && name != null) {
    throw new IOException("Usernames not matched: expecting null but name="
        + name);
  }
  if (name == null) { //name is optional, null is okay
    return;
  }
  KerberosName u = new KerberosName(name);
  String shortName = u.getShortName();
  if (!shortName.equals(expected)) {
    throw new IOException("Usernames not matched: name=" + shortName
        + " != expected=" + expected);
  }
}

@Test (timeout = 30000)
public void testEnsureInitWithRules() throws IOException {
  String rules = "RULE:[1:RULE1]";

  // trigger implicit init, rules should init
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertTrue(KerberosName.hasRulesBeenSet());

  // set a rule, trigger implicit init, rule should not change 
  UserGroupInformation.reset();
  KerberosName.setRules(rules);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules, KerberosName.getRules());
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules, KerberosName.getRules());
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test
public void testKerberosRulesValid() throws Throwable {
  assertTrue("!KerberosName.hasRulesBeenSet()",
      KerberosName.hasRulesBeenSet());
  String rules = KerberosName.getRules();
  assertEquals(kerberosRule, rules);
  LOG.info(rules);
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test
public void testKerberosRulesValid() throws Throwable {
  assertTrue("!KerberosName.hasRulesBeenSet()",
      KerberosName.hasRulesBeenSet());
  String rules = KerberosName.getRules();
  assertEquals(kerberosRule, rules);
  LOG.info(rules);
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test
public void testKerberosRulesValid() throws Throwable {
  assertTrue("!KerberosName.hasRulesBeenSet()",
      KerberosName.hasRulesBeenSet());
  String rules = KerberosName.getRules();
  assertEquals(kerberosRule, rules);
  LOG.info(rules);
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@BeforeClass
public static void setupTest() throws Exception {

  krbHelper = new KerberosHelper(TestUserBitKerberos.class.getSimpleName(), null);
  krbHelper.setupKdc(dirTestWatcher.getTmpDir());

  // Create a new DrillConfig which has user authentication enabled and authenticator set to
  // UserAuthenticatorTestImpl.
  final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
    .withValue(ExecConstants.USER_AUTHENTICATION_ENABLED,
      ConfigValueFactory.fromAnyRef(true))
    .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL,
      ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE))
    .withValue(BootStrapContext.SERVICE_PRINCIPAL,
      ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL))
    .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION,
      ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))
    .withValue(ExecConstants.AUTHENTICATION_MECHANISMS,
      ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))),
    false);

  final Properties connectionProps = new Properties();
  connectionProps.setProperty(DrillProperties.USER, "anonymous");
  connectionProps.setProperty(DrillProperties.PASSWORD, "anything works!");

  // Ignore the compile time warning caused by the code below.

  // Config is statically initialized at this point. But the above configuration results in a different
  // initialization which causes the tests to fail. So the following two changes are required.

  // (1) Refresh Kerberos config.
  sun.security.krb5.Config.refresh();
  // (2) Reset the default realm.
  final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
  defaultRealm.setAccessible(true);
  defaultRealm.set(null, KerberosUtil.getDefaultRealm());

  updateTestCluster(1, newConfig, connectionProps);
}

@BeforeClass
public static void setupTest() throws Exception {
  spnegoHelper = new KerberosHelper(TestSpnegoAuthentication.class.getSimpleName(), primaryName);
  spnegoHelper.setupKdc(dirTestWatcher.getTmpDir());


  sun.security.krb5.Config.refresh();

  // (2) Reset the default realm.
  final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
  defaultRealm.setAccessible(true);
  defaultRealm.set(null, KerberosUtil.getDefaultRealm());
}

@BeforeClass
public static void setupTest() throws Exception {
  spnegoHelper = new KerberosHelper(TestSpnegoAuthentication.class.getSimpleName(), primaryName);
  spnegoHelper.setupKdc(dirTestWatcher.getTmpDir());


  sun.security.krb5.Config.refresh();

  // (2) Reset the default realm.
  final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
  defaultRealm.setAccessible(true);
  defaultRealm.set(null, KerberosUtil.getDefaultRealm());
}

@Test
public void testKerberosRulesValid() throws Throwable {
  assertTrue("!KerberosName.hasRulesBeenSet()",
      KerberosName.hasRulesBeenSet());
  String rules = KerberosName.getRules();
  assertEquals(kerberosRule, rules);
  LOG.info(rules);
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@InterfaceAudience.Private
@InterfaceStability.Unstable
public SaslRpcServer(AuthMethod authMethod) throws IOException {
  this.authMethod = authMethod;
  mechanism = authMethod.getMechanismName();    
  switch (authMethod) {
    case SIMPLE: {
      return; // no sasl for simple
    }
    case TOKEN: {
      protocol = "";
      serverId = SaslRpcServer.SASL_DEFAULT_REALM;
      break;
    }
    case KERBEROS: {
      String fullName = UserGroupInformation.getCurrentUser().getUserName();
      if (LOG.isDebugEnabled())
        LOG.debug("Kerberos principal name is " + fullName);
      KerberosName krbName = new KerberosName(fullName);
      serverId = krbName.getHostName();
      if (serverId == null) {
        serverId = "";
      }
      protocol = krbName.getServiceName();
      break;
    }
    default:
      // we should never be able to get here
      throw new AccessControlException(
          "Server does not support SASL " + authMethod);
  }
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test
public void testKerberosRulesValid() throws Throwable {
  assertTrue("!KerberosName.hasRulesBeenSet()",
      KerberosName.hasRulesBeenSet());
  String rules = KerberosName.getRules();
  assertEquals(kerberosRule, rules);
  LOG.info(rules);
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

private static Configuration buildSpnegoConfiguration(String serverPrincipal, File
    serverKeytab) {
  Configuration conf = new Configuration();
  KerberosName.setRules("DEFAULT");

  conf.setInt(HttpServer.HTTP_MAX_THREADS, TestHttpServer.MAX_THREADS);

  // Enable Kerberos (pre-req)
  conf.set("hbase.security.authentication", "kerberos");
  conf.set(HttpServer.HTTP_UI_AUTHENTICATION, "kerberos");
  conf.set(HttpServer.HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY, serverPrincipal);
  conf.set(HttpServer.HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY, serverKeytab.getAbsolutePath());

  return conf;
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}

@Test (timeout = 30000)
public void testSetConfigWithRules() {
  String[] rules = { "RULE:[1:TEST1]", "RULE:[1:TEST2]", "RULE:[1:TEST3]" };

  // explicitly set a rule
  UserGroupInformation.reset();
  assertFalse(KerberosName.hasRulesBeenSet());
  KerberosName.setRules(rules[0]);
  assertTrue(KerberosName.hasRulesBeenSet());
  assertEquals(rules[0], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[0], KerberosName.getRules());

  // set conf, should override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[1]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[1], KerberosName.getRules());

  // set conf, should again override
  conf.set(HADOOP_SECURITY_AUTH_TO_LOCAL, rules[2]);
  UserGroupInformation.setConfiguration(conf);
  assertEquals(rules[2], KerberosName.getRules());

  // implicit init should honor rules already being set
  UserGroupInformation.createUserForTesting("someone", new String[0]);
  assertEquals(rules[2], KerberosName.getRules());
}