use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testPasswordAuthenticatorWithInsecureHttp.
@Test
public void testPasswordAuthenticatorWithInsecureHttp() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "true").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertInsecureAuthentication(httpServerInfo.getHttpUri());
assertPasswordAuthentication(httpServerInfo.getHttpsUri());
}
}
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testMultiplePasswordAuthenticatorsMessages.
@Test
public void testMultiplePasswordAuthenticatorsMessages() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate, TestResourceSecurity::authenticate2);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
Request request = new Request.Builder().url(getAuthorizedUserLocation(httpServerInfo.getHttpsUri())).headers(Headers.of("Authorization", Credentials.basic(TEST_USER_LOGIN, "wrong_password"))).build();
try (Response response = client.newCall(request).execute()) {
assertThat(response.message()).isEqualTo("Access Denied: Invalid credentials | Access Denied: Invalid credentials2");
}
}
}
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testCertAuthenticator.
@Test
public void testCertAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "certificate").put("http-server.https.truststore.path", LOCALHOST_KEYSTORE).put("http-server.https.truststore.key", "").buildOrThrow()).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
OkHttpClient.Builder clientBuilder = client.newBuilder();
setupSsl(clientBuilder, Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty(), Optional.of(LOCALHOST_KEYSTORE), Optional.empty(), Optional.empty());
OkHttpClient clientWithCert = clientBuilder.build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithCert);
}
}
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testJwtAndOAuth2AuthenticatorsSeparation.
@Test
public void testJwtAndOAuth2AuthenticatorsSeparation() throws Exception {
TestingHttpServer jwkServer = createTestingJwkServer();
jwkServer.start();
try (TokenServer tokenServer = new TokenServer(Optional.empty());
TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt,oauth2").put("http-server.authentication.jwt.key-file", jwkServer.getBaseUrl().toString()).putAll(getOAuth2Properties(tokenServer)).put("web-ui.enabled", "true").buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + tokenServer.getAccessToken()).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
String token = newJwtBuilder().signWith(JWK_PRIVATE_KEY).setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithJwt);
}
}
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testFixedManagerAuthenticatorHttpInsecureDisabledOnly.
@Test
public void testFixedManagerAuthenticatorHttpInsecureDisabledOnly() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "false").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).put("management.user", MANAGEMENT_USER).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertResponseCode(client, getPublicLocation(httpServerInfo.getHttpUri()), SC_OK);
assertResponseCode(client, getAuthorizedUserLocation(httpServerInfo.getHttpUri()), SC_FORBIDDEN, TEST_USER_LOGIN, null);
assertResponseCode(client, getManagementLocation(httpServerInfo.getHttpUri()), SC_OK);
assertResponseCode(client, getManagementLocation(httpServerInfo.getHttpUri()), SC_OK, "unknown", "something");
assertPasswordAuthentication(httpServerInfo.getHttpsUri());
}
}
Aggregations