Examples with Credential io.cdap.cdap.proto.security.Credential used on opensource projects

Example 6 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class DefaultInternalAuthenticatorTest method testProperHeadersSet.

@Test
public void testProperHeadersSet() {
    Map<String, String> stringMap = new HashMap<>();
    // Set authentication context principal.
    String expectedName = "somebody";
    String expectedCredValue = "credential";
    Credential.CredentialType expectedCredType = Credential.CredentialType.EXTERNAL;
    Credential credential = new Credential(expectedCredValue, expectedCredType);
    Principal expectedPrincipal = new Principal(expectedName, Principal.PrincipalType.USER, credential);
    DefaultInternalAuthenticator defaultInternalAuthenticator = new DefaultInternalAuthenticator(new TestAuthenticationContext(expectedPrincipal));
    defaultInternalAuthenticator.applyInternalAuthenticationHeaders(stringMap::put);
    // Verify return values
    Assert.assertEquals(expectedName, stringMap.get(Constants.Security.Headers.USER_ID));
    Assert.assertEquals(String.format("%s %s", expectedCredType.getQualifiedName(), expectedCredValue), stringMap.get(Constants.Security.Headers.RUNTIME_TOKEN));
}

Example 7 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class AuthenticationTestContext method getPrincipal.

@Override
public Principal getPrincipal() {
    Properties properties = System.getProperties();
    String credentialValue = properties.getProperty(PRINCIPAL_CREDENTIAL_VALUE);
    String credentialTypeStr = properties.getProperty(PRINCIPAL_CREDENTIAL_TYPE);
    Credential credential = null;
    if (credentialValue != null && credentialTypeStr != null) {
        Credential.CredentialType credentialType = Credential.CredentialType.valueOf(credentialTypeStr);
        credential = new Credential(credentialValue, credentialType);
    }
    return new Principal(System.getProperty(PRINCIPAL_NAME), Principal.PrincipalType.USER, credential);
}

Example 8 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class AuthenticationContextModules method getProgramContainerModule.

/**
 * An {@link AuthenticationContext} for use in program containers. The authentication details in this context are
 * determined based on the {@link UserGroupInformation} of the user running the program.
 */
public Module getProgramContainerModule(CConfiguration cConf) {
    return new AbstractModule() {

        @Override
        protected void configure() {
            Credential remoteCredentials = loadRemoteCredentials(cConf);
            if (remoteCredentials != null) {
                String username = getUsername();
                bind(AuthenticationContext.class).toInstance(new ProgramContainerAuthenticationContext(new Principal(username, Principal.PrincipalType.USER, loadRemoteCredentials(cConf))));
            } else {
                bind(new TypeLiteral<Class<? extends AuthenticationContext>>() {
                }).toInstance(WorkerAuthenticationContext.class);
                bind(AuthenticationContext.class).toProvider(MasterAuthenticationContextProvider.class);
            }
            bind(InternalAuthenticator.class).toProvider(InternalAuthenticatorProvider.class);
        }
    };
}

Example 9 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceNonInternalTokenType.

@Test(expected = AccessException.class)
public void testInternalAccessEnforceNonInternalTokenType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.EXTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}

Example 10 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class RemoteClientAuthenticatorTest method testRemoteClientWithInternalAuthInjectsAuthenticationContext.

@Test
public void testRemoteClientWithInternalAuthInjectsAuthenticationContext() throws Exception {
    CConfiguration cConf = injector.getInstance(CConfiguration.class);
    cConf.setBoolean(Constants.Security.INTERNAL_AUTH_ENABLED, true);
    RemoteClientFactory remoteClientFactory = injector.getInstance(RemoteClientFactory.class);
    RemoteClient remoteClient = remoteClientFactory.createRemoteClient(TEST_SERVICE, new HttpRequestConfig(15000, 15000, false), "/");
    // Set authentication context principal.
    String expectedName = "somebody";
    String expectedCredValue = "credential";
    Credential.CredentialType expectedCredType = Credential.CredentialType.EXTERNAL;
    System.setProperty("user.name", expectedName);
    System.setProperty("user.credential.value", expectedCredValue);
    System.setProperty("user.credential.type", expectedCredType.name());
    HttpURLConnection conn = remoteClient.openConnection(HttpMethod.GET, "");
    int responseCode = conn.getResponseCode();
    // Verify that the request received the expected headers.
    HttpHeaders headers = testHttpHandler.getRequest().headers();
    Assert.assertEquals(HttpResponseStatus.OK.code(), responseCode);
    Assert.assertEquals(expectedName, headers.get(Constants.Security.Headers.USER_ID));
    Assert.assertEquals(String.format("%s %s", expectedCredType.getQualifiedName(), expectedCredValue), headers.get(Constants.Security.Headers.RUNTIME_TOKEN));
}