Example 11 with HttpServerInfo
use of io.airlift.http.server.HttpServerInfo in project trino by trinodb.
the class TestResourceSecurity method testFixedManagerAuthenticatorHttps.
@Test
public void testFixedManagerAuthenticatorHttps() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "true").put("management.user", MANAGEMENT_USER).put("management.user.https-enabled", "true").buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertFixedManagementUser(httpServerInfo.getHttpUri(), true);
assertFixedManagementUser(httpServerInfo.getHttpsUri(), false);
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 12 with HttpServerInfo
use of io.airlift.http.server.HttpServerInfo in project trino by trinodb.
the class TestResourceSecurity method testPasswordAuthenticatorWithInsecureHttp.
@Test
public void testPasswordAuthenticatorWithInsecureHttp() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "true").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertInsecureAuthentication(httpServerInfo.getHttpUri());
assertPasswordAuthentication(httpServerInfo.getHttpsUri());
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 13 with HttpServerInfo
use of io.airlift.http.server.HttpServerInfo in project trino by trinodb.
the class TestResourceSecurity method testMultiplePasswordAuthenticatorsMessages.
@Test
public void testMultiplePasswordAuthenticatorsMessages() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate, TestResourceSecurity::authenticate2);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
Request request = new Request.Builder().url(getAuthorizedUserLocation(httpServerInfo.getHttpsUri())).headers(Headers.of("Authorization", Credentials.basic(TEST_USER_LOGIN, "wrong_password"))).build();
try (Response response = client.newCall(request).execute()) {
assertThat(response.message()).isEqualTo("Access Denied: Invalid credentials | Access Denied: Invalid credentials2");
}
}
}
Also used :
Response(okhttp3.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Request(okhttp3.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 14 with HttpServerInfo
use of io.airlift.http.server.HttpServerInfo in project trino by trinodb.
the class TestResourceSecurity method testCertAuthenticator.
@Test
public void testCertAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "certificate").put("http-server.https.truststore.path", LOCALHOST_KEYSTORE).put("http-server.https.truststore.key", "").buildOrThrow()).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
OkHttpClient.Builder clientBuilder = client.newBuilder();
setupSsl(clientBuilder, Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty(), Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty());
OkHttpClient clientWithCert = clientBuilder.build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithCert);
}
}
Also used :
OkHttpClient(okhttp3.OkHttpClient)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 15 with HttpServerInfo
use of io.airlift.http.server.HttpServerInfo in project trino by trinodb.
the class TestResourceSecurity method testJwtAndOAuth2AuthenticatorsSeparation.
@Test
public void testJwtAndOAuth2AuthenticatorsSeparation() throws Exception {
TestingHttpServer jwkServer = createTestingJwkServer();
jwkServer.start();
try (TokenServer tokenServer = new TokenServer(Optional.empty());
TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt,oauth2").put("http-server.authentication.jwt.key-file", jwkServer.getBaseUrl().toString()).putAll(getOAuth2Properties(tokenServer)).put("web-ui.enabled", "true").buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + tokenServer.getAccessToken()).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
String token = newJwtBuilder().signWith(JWK_PRIVATE_KEY).setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithJwt);
}
}
Also used :
AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess)
JsonProperty(com.fasterxml.jackson.annotation.JsonProperty)
AccessControlManager(io.trino.security.AccessControlManager)
ZonedDateTime(java.time.ZonedDateTime)
NodeInfo(io.airlift.node.NodeInfo)
Test(org.testng.annotations.Test)
HttpServerConfig(io.airlift.http.server.HttpServerConfig)
SystemSecurityContext(io.trino.spi.security.SystemSecurityContext)
JwsHeader(io.jsonwebtoken.JwsHeader)
HttpCookie(java.net.HttpCookie)
Matcher(java.util.regex.Matcher)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
Map(java.util.Map)
Path(java.nio.file.Path)
Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals)
PemReader(io.airlift.security.pem.PemReader)
CookieJar(okhttp3.CookieJar)
Request(okhttp3.Request)
HttpServlet(javax.servlet.http.HttpServlet)
SET_COOKIE(javax.ws.rs.core.HttpHeaders.SET_COOKIE)
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
Set(java.util.Set)
PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
AccessControl(io.trino.security.AccessControl)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
ProtocolConfig(io.trino.server.ProtocolConfig)
AccessDeniedException(io.trino.spi.security.AccessDeniedException)
NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE)
GET(javax.ws.rs.GET)
OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl)
MINUTES(java.util.concurrent.TimeUnit.MINUTES)
LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Identity(io.trino.spi.security.Identity)
Response(okhttp3.Response)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
Resources(com.google.common.io.Resources)
Files(java.nio.file.Files)
IOException(java.io.IOException)
Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement)
File(java.io.File)
WWW_AUTHENTICATE(javax.ws.rs.core.HttpHeaders.WWW_AUTHENTICATE)
OkHttpClient(okhttp3.OkHttpClient)
ChronoUnit(java.time.temporal.ChronoUnit)
Paths(java.nio.file.Paths)
OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)
AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)
Module(com.google.inject.Module)
AUTHENTICATED_USER(io.trino.server.security.ResourceSecurity.AccessType.AUTHENTICATED_USER)
Date(java.util.Date)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Key(com.google.inject.Key)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER)
URI(java.net.URI)
WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder)
ImmutableSet(com.google.common.collect.ImmutableSet)
Context(javax.ws.rs.core.Context)
ImmutableMap(com.google.common.collect.ImmutableMap)
BeforeClass(org.testng.annotations.BeforeClass)
Assert.assertNotNull(org.testng.Assert.assertNotNull)
Credentials(okhttp3.Credentials)
Collectors(java.util.stream.Collectors)
String.format(java.lang.String.format)
Base64(java.util.Base64)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Principal(java.security.Principal)
CookieManager(java.net.CookieManager)
SC_OK(javax.servlet.http.HttpServletResponse.SC_OK)
HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)
JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)
MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager)
Optional(java.util.Optional)
MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull)
Pattern(java.util.regex.Pattern)
HttpUrl(okhttp3.HttpUrl)
Instant.now(java.time.Instant.now)
DataProvider(org.testng.annotations.DataProvider)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
OAuth2Client(io.trino.server.security.oauth2.OAuth2Client)
Headers(okhttp3.Headers)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Inject(javax.inject.Inject)
Cookie(okhttp3.Cookie)
ImmutableList(com.google.common.collect.ImmutableList)
Objects.requireNonNull(java.util.Objects.requireNonNull)
HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory)
UI_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOCATION)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor)
AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SC_FORBIDDEN(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN)
Assert.assertTrue(org.testng.Assert.assertTrue)
TRINO_HEADERS(io.trino.client.ProtocolHeaders.TRINO_HEADERS)
OkHttpClient(okhttp3.OkHttpClient)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Aggregations
HttpServerInfo (io.airlift.http.server.HttpServerInfo)37
Test (org.testng.annotations.Test)30
TestingTrinoServer (io.trino.server.testing.TestingTrinoServer)28
HttpServerConfig (io.airlift.http.server.HttpServerConfig)19
NodeInfo (io.airlift.node.NodeInfo)19
TestingHttpServer (io.airlift.http.server.testing.TestingHttpServer)17
URI (java.net.URI)16
ImmutableMap (com.google.common.collect.ImmutableMap)14
ImmutableSet (com.google.common.collect.ImmutableSet)14
Iterables.getOnlyElement (com.google.common.collect.Iterables.getOnlyElement)14
Resources (com.google.common.io.Resources)14
AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)14
Key (com.google.inject.Key)14
OptionalBinder.newOptionalBinder (com.google.inject.multibindings.OptionalBinder.newOptionalBinder)14
HttpUriBuilder.uriBuilderFrom (io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)14
JaxrsBinder.jaxrsBinder (io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)14
PemReader (io.airlift.security.pem.PemReader)14
JwsHeader (io.jsonwebtoken.JwsHeader)14
JwtBuilder (io.jsonwebtoken.JwtBuilder)14
Keys.hmacShaKeyFor (io.jsonwebtoken.security.Keys.hmacShaKeyFor)14
