Example 6 with NettyHttpService
use of io.cdap.http.NettyHttpService in project cdap by caskdata.
the class HttpsEnablerTest method testServer.
/**
* Private method to verify https connection.
*
* @param useTrustStore {@code true} to have the client use a trust store that contains the certificate of the server
* @param trustAll {@code true} to have the client trust any https server
*/
private void testServer(boolean useTrustStore, boolean trustAll) throws Exception {
String ksPass = "xyz";
KeyStore keyStore = KeyStores.generatedCertKeyStore(1, ksPass);
// Start the http server
NettyHttpService httpService = new HttpsEnabler().setKeyStore(keyStore, ksPass::toCharArray).enable(NettyHttpService.builder("test").setHttpHandlers(new PingHandler())).build();
httpService.start();
try {
// Verify that it can be hit with HTTPS
InetSocketAddress address = httpService.getBindAddress();
URL url = new URL(String.format("https://%s:%d/ping", address.getHostName(), address.getPort()));
HttpsEnabler enabler = new HttpsEnabler().setTrustAll(trustAll);
// Optionally validates the server
if (useTrustStore) {
enabler.setTrustStore(KeyStores.createTrustStore(keyStore));
}
HttpsURLConnection urlConn = enabler.enable((HttpsURLConnection) url.openConnection());
Assert.assertEquals(200, urlConn.getResponseCode());
} finally {
httpService.stop();
}
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
NettyHttpService(io.cdap.http.NettyHttpService)
KeyStore(java.security.KeyStore)
URL(java.net.URL)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Example 7 with NettyHttpService
use of io.cdap.http.NettyHttpService in project cdap by caskdata.
the class UGIProviderTest method testRemoteUGIProvider.
@Test
public void testRemoteUGIProvider() throws Exception {
// Starts a mock server to handle remote UGI requests
final NettyHttpService httpService = NettyHttpService.builder("remoteUGITest").setHttpHandlers(new UGIProviderTestHandler()).build();
httpService.start();
setKeytabDir(localKeytabDirPath.getAbsolutePath());
OwnerAdmin ownerAdmin = getOwnerAdmin();
// add an owner for stream
ownerAdmin.add(aliceEntity, aliceKerberosPrincipalId);
try {
InMemoryDiscoveryService discoveryService = new InMemoryDiscoveryService();
discoveryService.register(new Discoverable(Constants.Service.APP_FABRIC_HTTP, httpService.getBindAddress()));
RemoteClientFactory remoteClientFactory = new RemoteClientFactory(discoveryService, new DefaultInternalAuthenticator(new AuthenticationTestContext()));
RemoteUGIProvider ugiProvider = new RemoteUGIProvider(cConf, locationFactory, ownerAdmin, remoteClientFactory);
ImpersonationRequest aliceImpRequest = new ImpersonationRequest(aliceEntity, ImpersonatedOpType.OTHER);
UGIWithPrincipal aliceUGIWithPrincipal = ugiProvider.getConfiguredUGI(aliceImpRequest);
// Shouldn't be a kerberos UGI
Assert.assertFalse(aliceUGIWithPrincipal.getUGI().hasKerberosCredentials());
// Validate the credentials
Token<? extends TokenIdentifier> token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("entity"));
Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
Assert.assertArrayEquals(aliceEntity.toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
Assert.assertEquals(new Text("entity"), token.getKind());
Assert.assertEquals(new Text("service"), token.getService());
token = aliceUGIWithPrincipal.getUGI().getCredentials().getToken(new Text("opType"));
Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getIdentifier());
Assert.assertArrayEquals(aliceImpRequest.getImpersonatedOpType().toString().getBytes(StandardCharsets.UTF_8), token.getPassword());
Assert.assertEquals(new Text("opType"), token.getKind());
Assert.assertEquals(new Text("service"), token.getService());
// Fetch it again, it should return the same UGI due to caching
Assert.assertSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
// Invalid the cache and fetch it again. A different UGI should be returned
ugiProvider.invalidCache();
Assert.assertNotSame(aliceUGIWithPrincipal, ugiProvider.getConfiguredUGI(aliceImpRequest));
} finally {
httpService.stop();
}
// cleanup
ownerAdmin.delete(aliceEntity);
}
Also used :
RemoteClientFactory(io.cdap.cdap.common.internal.remote.RemoteClientFactory)
Discoverable(org.apache.twill.discovery.Discoverable)
AuthenticationTestContext(io.cdap.cdap.security.auth.context.AuthenticationTestContext)
Text(org.apache.hadoop.io.Text)
DefaultInternalAuthenticator(io.cdap.cdap.common.internal.remote.DefaultInternalAuthenticator)
NettyHttpService(io.cdap.http.NettyHttpService)
InMemoryDiscoveryService(org.apache.twill.discovery.InMemoryDiscoveryService)
Test(org.junit.Test)
Example 8 with NettyHttpService
use of io.cdap.http.NettyHttpService in project cdap by caskdata.
the class AuthorizationHandlerTest method testDisabled.
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
final InMemoryAccessController accessController = new InMemoryAccessController();
NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {
@Override
public AccessController get() {
return accessController;
}
}, cConf, new MasterAuthenticationContext())).build();
service.start();
try {
final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
final NamespaceId ns1 = Ids.namespace("ns1");
final Role admins = new Role("admins");
// Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listGrants(admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.addRoleToPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.removeRoleFromPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.createRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.dropRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listAllRoles();
}
}, feature, configSetting);
} finally {
service.stop();
}
}
Also used :
MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext)
CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AccessException(io.cdap.cdap.api.security.AccessException)
FeatureDisabledException(io.cdap.cdap.common.FeatureDisabledException)
AlreadyExistsException(io.cdap.cdap.security.spi.authorization.AlreadyExistsException)
Role(io.cdap.cdap.proto.security.Role)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessController(io.cdap.cdap.security.spi.authorization.AccessController)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
NettyHttpService(io.cdap.http.NettyHttpService)
AuthorizationClient(io.cdap.cdap.client.AuthorizationClient)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
Example 9 with NettyHttpService
use of io.cdap.http.NettyHttpService in project cdap by caskdata.
the class SpillableBodyConsumerTest method testPost.
private void testPost(String body, int bufferLimit) throws Exception {
NettyHttpService httpService = NettyHttpService.builder("test").setHttpHandlers(new TestHandler(bufferLimit)).build();
httpService.start();
try {
InetSocketAddress addr = httpService.getBindAddress();
URL url = new URL(String.format("http://%s:%d/post", addr.getHostName(), addr.getPort()));
HttpResponse response = HttpRequests.execute(io.cdap.common.http.HttpRequest.post(url).withBody(body).build(), new HttpRequestConfig(1000, 10000000));
Assert.assertEquals(200, response.getResponseCode());
Assert.assertEquals(body, response.getResponseBodyAsString());
} finally {
httpService.stop();
}
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
NettyHttpService(io.cdap.http.NettyHttpService)
HttpResponse(io.cdap.common.http.HttpResponse)
HttpRequestConfig(io.cdap.common.http.HttpRequestConfig)
URL(java.net.URL)
Example 10 with NettyHttpService
use of io.cdap.http.NettyHttpService in project cdap by caskdata.
the class HttpHandlerGeneratorTest method testHttpHeaders.
@Test
public void testHttpHeaders() throws Exception {
HttpHandlerFactory factory = new HttpHandlerFactory("/prefix", TransactionControl.IMPLICIT);
HttpHandler httpHandler = factory.createHttpHandler(TypeToken.of(MyHttpHandler.class), new AbstractDelegatorContext<MyHttpHandler>() {
@Override
protected MyHttpHandler createHandler() {
return new MyHttpHandler();
}
}, new NoopMetricsContext());
NettyHttpService service = NettyHttpService.builder("test-headers").setHttpHandlers(httpHandler).build();
service.start();
try {
InetSocketAddress bindAddress = service.getBindAddress();
// Make a request with headers that the response should carry first value for each header name
HttpURLConnection urlConn = (HttpURLConnection) new URL(String.format("http://%s:%d/prefix/p2/echo/firstHeaders", bindAddress.getHostName(), bindAddress.getPort())).openConnection();
urlConn.addRequestProperty("k1", "v1");
urlConn.addRequestProperty("k1", "v2");
urlConn.addRequestProperty("k2", "v2");
Assert.assertEquals(200, urlConn.getResponseCode());
Map<String, List<String>> headers = urlConn.getHeaderFields();
Assert.assertEquals(ImmutableList.of("v1"), headers.get("k1"));
Assert.assertEquals(ImmutableList.of("v2"), headers.get("k2"));
// Make a request with headers that the response should carry all values for each header name
urlConn = (HttpURLConnection) new URL(String.format("http://%s:%d/prefix/p2/echo/allHeaders", bindAddress.getHostName(), bindAddress.getPort())).openConnection();
urlConn.addRequestProperty("k1", "v1");
urlConn.addRequestProperty("k1", "v2");
urlConn.addRequestProperty("k1", "v3");
urlConn.addRequestProperty("k2", "v2");
Assert.assertEquals(200, urlConn.getResponseCode());
headers = urlConn.getHeaderFields();
// URLConnection always reverse the ordering of the header values.
Assert.assertEquals(ImmutableList.of("v3", "v2", "v1"), headers.get("k1"));
Assert.assertEquals(ImmutableList.of("v2"), headers.get("k2"));
} finally {
service.stop();
}
}
Also used :
HttpHandler(io.cdap.http.HttpHandler)
InetSocketAddress(java.net.InetSocketAddress)
NoopMetricsContext(io.cdap.cdap.api.metrics.NoopMetricsContext)
URL(java.net.URL)
HttpURLConnection(java.net.HttpURLConnection)
NettyHttpService(io.cdap.http.NettyHttpService)
List(java.util.List)
ArrayList(java.util.ArrayList)
ImmutableList(com.google.common.collect.ImmutableList)
Test(org.junit.Test)
Aggregations
NettyHttpService (io.cdap.http.NettyHttpService)12
InetSocketAddress (java.net.InetSocketAddress)9
URL (java.net.URL)8
Test (org.junit.Test)8
NoopMetricsContext (io.cdap.cdap.api.metrics.NoopMetricsContext)4
HttpHandler (io.cdap.http.HttpHandler)4
File (java.io.File)3
HttpURLConnection (java.net.HttpURLConnection)3
KeyStore (java.security.KeyStore)3
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)3
CConfiguration (io.cdap.cdap.common.conf.CConfiguration)2
HttpResponse (io.cdap.common.http.HttpResponse)2
LoggerContext (ch.qos.logback.classic.LoggerContext)1
ILoggingEvent (ch.qos.logback.classic.spi.ILoggingEvent)1
ImmutableList (com.google.common.collect.ImmutableList)1
AccessException (io.cdap.cdap.api.security.AccessException)1
AuthorizationClient (io.cdap.cdap.client.AuthorizationClient)1
FeatureDisabledException (io.cdap.cdap.common.FeatureDisabledException)1
HttpExceptionHandler (io.cdap.cdap.common.HttpExceptionHandler)1
SConfiguration (io.cdap.cdap.common.conf.SConfiguration)1
