groups) {
+ assertNotNull("GroupNames should be not null", user.getGroupNames());
+ assertTrue("UserGroupNames length should be == " + groups.size(),
+ user.getGroupNames().length == groups.size());
+
+ for (String group : user.getGroupNames()) {
+ assertTrue("groupName should be in set ", groups.contains(group));
+ }
+ }
+ @Test
+ public void testSecurityForNonSecureHadoop() {
+ assertFalse("Security should be disable in non-secure Hadoop",
+ User.isSecurityEnabled());
+
+ Configuration conf = HBaseConfiguration.create();
+ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+ conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
+ assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf));
+
+ conf = HBaseConfiguration.create();
+ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+ assertFalse("HBase security should not be enabled if "
+ + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly",
+ User.isHBaseSecurityEnabled(conf));
+
+ conf = HBaseConfiguration.create();
+ conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
+ assertTrue("HBase security should be enabled regardless of underlying "
+ + "HDFS settings", User.isHBaseSecurityEnabled(conf));
+ }
+}
diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
new file mode 100644
index 0000000..4dec02c
--- /dev/null
+++ hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.java
@@ -0,0 +1,80 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.security;
+
+import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getConfigurationWoPrincipal;
+import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
+import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
+import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
+import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.isKerberosPropertySetted;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
+import java.io.IOException;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.SmallTests;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(SmallTests.class)
+public class TestUsersOperationsWithSecureHadoop {
+ /**
+ * test login with security enabled configuration
+ *
+ * To run this test, we must specify the following system properties:
+ *
+ * hbase.regionserver.kerberos.principal
+ *
+ * hbase.regionserver.keytab.file
+ *
+ * @throws IOException
+ */
+ @Test
+ public void testUserLoginInSecureHadoop() throws Exception {
+ UserGroupInformation defaultLogin = UserGroupInformation.getLoginUser();
+ Configuration conf = getConfigurationWoPrincipal();
+ User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE,
+ HBaseKerberosUtils.KRB_PRINCIPAL, "localhost");
+
+ UserGroupInformation failLogin = UserGroupInformation.getLoginUser();
+ assertTrue("ugi should be the same in case fail login",
+ defaultLogin.equals(failLogin));
+
+ assumeTrue(isKerberosPropertySetted());
+
+ String nnKeyTab = getKeytabFileForTesting();
+ String dnPrincipal = getPrincipalForTesting();
+
+ assertNotNull("KerberosKeytab was not specified", nnKeyTab);
+ assertNotNull("KerberosPrincipal was not specified", dnPrincipal);
+
+ conf = getSecuredConfiguration();
+ UserGroupInformation.setConfiguration(conf);
+
+ User.login(conf, HBaseKerberosUtils.KRB_KEYTAB_FILE,
+ HBaseKerberosUtils.KRB_PRINCIPAL, "localhost");
+ UserGroupInformation successLogin = UserGroupInformation.getLoginUser();
+ assertFalse("ugi should be different in in case success login",
+ defaultLogin.equals(successLogin));
+ }
+}