Examples with SignerSecretProvider com.hortonworks.registries.auth.util.SignerSecretProvider used on opensource projects

Search in sources :

Example 6 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testManagementOperation.

@Test
public void testManagementOperation() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("false");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(request.getRequestURI()).thenReturn("/bar");
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        filter.doFilter(request, response, chain);
        Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
        Mockito.verifyNoMoreInteractions(response);
        Mockito.reset(request);
        Mockito.reset(response);
        AuthenticationToken token = new AuthenticationToken("u", "p", "t");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURI()).thenReturn("/bar");
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        filter.doFilter(request, response, chain);
        Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
        Mockito.verifyNoMoreInteractions(response);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(com.hortonworks.registries.auth.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 7 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testDoFilterAuthenticatedInvalidType.

@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
    String secret = "secret";
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret);
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(request.getRequestURI()).thenReturn("/bar");
        AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret);
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        FilterChain chain = Mockito.mock(FilterChain.class);
        verifyUnauthorized(filter, request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(com.hortonworks.registries.auth.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 8 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testDoFilterAuthenticated.

@Test
public void testDoFilterAuthenticated() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(request.getRequestURI()).thenReturn("/bar");
        AuthenticationToken token = new AuthenticationToken("u", "p", "t");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        Mockito.doAnswer(new Answer<Object>() {

            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                Object[] args = invocation.getArguments();
                HttpServletRequest request = (HttpServletRequest) args[0];
                Assert.assertEquals("u", request.getRemoteUser());
                Assert.assertEquals("p", request.getUserPrincipal().getName());
                return null;
            }
        }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
        filter.doFilter(request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(com.hortonworks.registries.auth.util.Signer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 9 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testDoFilterAuthenticatedExpired.

@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
    String secret = "secret";
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret);
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(request.getRequestURI()).thenReturn("/bar");
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret);
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        FilterChain chain = Mockito.mock(FilterChain.class);
        verifyUnauthorized(filter, request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(com.hortonworks.registries.auth.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 10 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testGetTokenInvalidType.

@Test
public void testGetTokenInvalidType() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        boolean failed = false;
        try {
            filter.getToken(request);
        } catch (AuthenticationException ex) {
            Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
            failed = true;
        } finally {
            Assert.assertTrue("token not invalid type", failed);
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) Properties(java.util.Properties) Signer(com.hortonworks.registries.auth.util.Signer) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

SignerSecretProvider (com.hortonworks.registries.auth.util.SignerSecretProvider)10 Properties (java.util.Properties)9 Vector (java.util.Vector)9 FilterConfig (javax.servlet.FilterConfig)9 Signer (com.hortonworks.registries.auth.util.Signer)8 HttpCookie (java.net.HttpCookie)8 Cookie (javax.servlet.http.Cookie)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 Test (org.junit.Test)8 FilterChain (javax.servlet.FilterChain)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)2 ServletContext (javax.servlet.ServletContext)2 InvocationOnMock (org.mockito.invocation.InvocationOnMock)2 File (java.io.File)1 FileWriter (java.io.FileWriter)1 Writer (java.io.Writer)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1 ServletRequest (javax.servlet.ServletRequest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial