Example 26 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method verifyJwtAuthenticator.
private void verifyJwtAuthenticator(Optional<String> principalField) throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt").put("http-server.authentication.jwt.key-file", HMAC_KEY).put("http-server.authentication.jwt.principal-field", principalField.orElse("sub")).buildOrThrow()).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
SecretKey hmac = hmacShaKeyFor(Base64.getDecoder().decode(Files.readString(Paths.get(HMAC_KEY)).trim()));
JwtBuilder tokenBuilder = newJwtBuilder().signWith(hmac).setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()));
if (principalField.isPresent()) {
tokenBuilder.claim(principalField.get(), "test-user");
} else {
tokenBuilder.setSubject("test-user");
}
String token = tokenBuilder.compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithJwt);
}
}
Also used :
AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess)
JsonProperty(com.fasterxml.jackson.annotation.JsonProperty)
AccessControlManager(io.trino.security.AccessControlManager)
ZonedDateTime(java.time.ZonedDateTime)
NodeInfo(io.airlift.node.NodeInfo)
Test(org.testng.annotations.Test)
HttpServerConfig(io.airlift.http.server.HttpServerConfig)
SystemSecurityContext(io.trino.spi.security.SystemSecurityContext)
JwsHeader(io.jsonwebtoken.JwsHeader)
HttpCookie(java.net.HttpCookie)
Matcher(java.util.regex.Matcher)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
Map(java.util.Map)
Path(java.nio.file.Path)
Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals)
PemReader(io.airlift.security.pem.PemReader)
CookieJar(okhttp3.CookieJar)
Request(okhttp3.Request)
HttpServlet(javax.servlet.http.HttpServlet)
SET_COOKIE(javax.ws.rs.core.HttpHeaders.SET_COOKIE)
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
Set(java.util.Set)
PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
AccessControl(io.trino.security.AccessControl)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
ProtocolConfig(io.trino.server.ProtocolConfig)
AccessDeniedException(io.trino.spi.security.AccessDeniedException)
NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE)
GET(javax.ws.rs.GET)
OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl)
MINUTES(java.util.concurrent.TimeUnit.MINUTES)
LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Identity(io.trino.spi.security.Identity)
Response(okhttp3.Response)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
Resources(com.google.common.io.Resources)
Files(java.nio.file.Files)
IOException(java.io.IOException)
Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement)
File(java.io.File)
WWW_AUTHENTICATE(javax.ws.rs.core.HttpHeaders.WWW_AUTHENTICATE)
OkHttpClient(okhttp3.OkHttpClient)
ChronoUnit(java.time.temporal.ChronoUnit)
Paths(java.nio.file.Paths)
OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)
AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)
Module(com.google.inject.Module)
AUTHENTICATED_USER(io.trino.server.security.ResourceSecurity.AccessType.AUTHENTICATED_USER)
Date(java.util.Date)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Key(com.google.inject.Key)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER)
URI(java.net.URI)
WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder)
ImmutableSet(com.google.common.collect.ImmutableSet)
Context(javax.ws.rs.core.Context)
ImmutableMap(com.google.common.collect.ImmutableMap)
BeforeClass(org.testng.annotations.BeforeClass)
Assert.assertNotNull(org.testng.Assert.assertNotNull)
Credentials(okhttp3.Credentials)
Collectors(java.util.stream.Collectors)
String.format(java.lang.String.format)
Base64(java.util.Base64)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Principal(java.security.Principal)
CookieManager(java.net.CookieManager)
SC_OK(javax.servlet.http.HttpServletResponse.SC_OK)
HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)
JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)
MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager)
Optional(java.util.Optional)
MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull)
Pattern(java.util.regex.Pattern)
HttpUrl(okhttp3.HttpUrl)
Instant.now(java.time.Instant.now)
DataProvider(org.testng.annotations.DataProvider)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
OAuth2Client(io.trino.server.security.oauth2.OAuth2Client)
Headers(okhttp3.Headers)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Inject(javax.inject.Inject)
Cookie(okhttp3.Cookie)
ImmutableList(com.google.common.collect.ImmutableList)
Objects.requireNonNull(java.util.Objects.requireNonNull)
HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory)
UI_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOCATION)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor)
AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SC_FORBIDDEN(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN)
Assert.assertTrue(org.testng.Assert.assertTrue)
TRINO_HEADERS(io.trino.client.ProtocolHeaders.TRINO_HEADERS)
SecretKey(javax.crypto.SecretKey)
OkHttpClient(okhttp3.OkHttpClient)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Example 27 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method verifyOAuth2Authenticator.
private void verifyOAuth2Authenticator(boolean webUiEnabled, Optional<String> principalField) throws Exception {
CookieManager cookieManager = new CookieManager();
OkHttpClient client = this.client.newBuilder().cookieJar(new JavaNetCookieJar(cookieManager)).build();
try (TokenServer tokenServer = new TokenServer(principalField);
TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("web-ui.enabled", String.valueOf(webUiEnabled)).put("http-server.authentication.type", "oauth2").putAll(getOAuth2Properties(tokenServer)).put("http-server.authentication.oauth2.principal-field", principalField.orElse("sub")).buildOrThrow()).setAdditionalModule(oauth2Module(tokenServer)).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
// not logged in
URI baseUri = httpServerInfo.getHttpsUri();
assertOk(client, getPublicLocation(baseUri));
assertAuthenticateOAuth2Bearer(client, getManagementLocation(baseUri), "http://example.com/authorize");
OAuthBearer bearer = assertAuthenticateOAuth2Bearer(client, getAuthorizedUserLocation(baseUri), "http://example.com/authorize");
assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN);
// login with the callback endpoint
assertOk(client, uriBuilderFrom(baseUri).replacePath("/oauth2/callback/").addParameter("code", "TEST_CODE").addParameter("state", bearer.getState()).toString());
assertEquals(getOauthToken(client, bearer.getTokenServer()), tokenServer.getAccessToken());
// if Web UI is using oauth so we should get a cookie
if (webUiEnabled) {
HttpCookie cookie = getOnlyElement(cookieManager.getCookieStore().getCookies());
assertEquals(cookie.getValue(), tokenServer.getAccessToken());
assertEquals(cookie.getPath(), "/ui/");
assertEquals(cookie.getDomain(), baseUri.getHost());
assertTrue(cookie.getMaxAge() > 0 && cookie.getMaxAge() < MINUTES.toSeconds(5));
assertTrue(cookie.isHttpOnly());
cookieManager.getCookieStore().removeAll();
} else {
List<HttpCookie> cookies = cookieManager.getCookieStore().getCookies();
assertTrue(cookies.isEmpty(), "Expected no cookies when webUi is not enabled, but got: " + cookies);
}
OkHttpClient clientWithOAuthToken = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + tokenServer.getAccessToken()).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithOAuthToken);
}
}
Also used :
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess)
JsonProperty(com.fasterxml.jackson.annotation.JsonProperty)
AccessControlManager(io.trino.security.AccessControlManager)
ZonedDateTime(java.time.ZonedDateTime)
NodeInfo(io.airlift.node.NodeInfo)
Test(org.testng.annotations.Test)
HttpServerConfig(io.airlift.http.server.HttpServerConfig)
SystemSecurityContext(io.trino.spi.security.SystemSecurityContext)
JwsHeader(io.jsonwebtoken.JwsHeader)
HttpCookie(java.net.HttpCookie)
Matcher(java.util.regex.Matcher)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
Map(java.util.Map)
Path(java.nio.file.Path)
Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals)
PemReader(io.airlift.security.pem.PemReader)
CookieJar(okhttp3.CookieJar)
Request(okhttp3.Request)
HttpServlet(javax.servlet.http.HttpServlet)
SET_COOKIE(javax.ws.rs.core.HttpHeaders.SET_COOKIE)
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
Set(java.util.Set)
PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
AccessControl(io.trino.security.AccessControl)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
ProtocolConfig(io.trino.server.ProtocolConfig)
AccessDeniedException(io.trino.spi.security.AccessDeniedException)
NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE)
GET(javax.ws.rs.GET)
OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl)
MINUTES(java.util.concurrent.TimeUnit.MINUTES)
LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Identity(io.trino.spi.security.Identity)
Response(okhttp3.Response)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
Resources(com.google.common.io.Resources)
Files(java.nio.file.Files)
IOException(java.io.IOException)
Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement)
File(java.io.File)
WWW_AUTHENTICATE(javax.ws.rs.core.HttpHeaders.WWW_AUTHENTICATE)
OkHttpClient(okhttp3.OkHttpClient)
ChronoUnit(java.time.temporal.ChronoUnit)
Paths(java.nio.file.Paths)
OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)
AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)
Module(com.google.inject.Module)
AUTHENTICATED_USER(io.trino.server.security.ResourceSecurity.AccessType.AUTHENTICATED_USER)
Date(java.util.Date)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Key(com.google.inject.Key)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER)
URI(java.net.URI)
WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder)
ImmutableSet(com.google.common.collect.ImmutableSet)
Context(javax.ws.rs.core.Context)
ImmutableMap(com.google.common.collect.ImmutableMap)
BeforeClass(org.testng.annotations.BeforeClass)
Assert.assertNotNull(org.testng.Assert.assertNotNull)
Credentials(okhttp3.Credentials)
Collectors(java.util.stream.Collectors)
String.format(java.lang.String.format)
Base64(java.util.Base64)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Principal(java.security.Principal)
CookieManager(java.net.CookieManager)
SC_OK(javax.servlet.http.HttpServletResponse.SC_OK)
HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)
JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)
MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager)
Optional(java.util.Optional)
MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull)
Pattern(java.util.regex.Pattern)
HttpUrl(okhttp3.HttpUrl)
Instant.now(java.time.Instant.now)
DataProvider(org.testng.annotations.DataProvider)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
OAuth2Client(io.trino.server.security.oauth2.OAuth2Client)
Headers(okhttp3.Headers)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Inject(javax.inject.Inject)
Cookie(okhttp3.Cookie)
ImmutableList(com.google.common.collect.ImmutableList)
Objects.requireNonNull(java.util.Objects.requireNonNull)
HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory)
UI_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOCATION)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor)
AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SC_FORBIDDEN(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN)
Assert.assertTrue(org.testng.Assert.assertTrue)
TRINO_HEADERS(io.trino.client.ProtocolHeaders.TRINO_HEADERS)
OkHttpClient(okhttp3.OkHttpClient)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
URI(java.net.URI)
HttpCookie(java.net.HttpCookie)
CookieManager(java.net.CookieManager)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Example 28 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testJwtWithJwkAuthenticator.
@Test
public void testJwtWithJwkAuthenticator() throws Exception {
TestingHttpServer jwkServer = createTestingJwkServer();
jwkServer.start();
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "jwt").put("http-server.authentication.jwt.key-file", jwkServer.getBaseUrl().toString()).buildOrThrow()).build()) {
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.NO_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertAuthenticationDisabled(httpServerInfo.getHttpUri());
String token = newJwtBuilder().signWith(JWK_PRIVATE_KEY).setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
OkHttpClient clientWithJwt = client.newBuilder().authenticator((route, response) -> response.request().newBuilder().header(AUTHORIZATION, "Bearer " + token).build()).build();
assertAuthenticationAutomatic(httpServerInfo.getHttpsUri(), clientWithJwt);
} finally {
jwkServer.stop();
}
}
Also used :
AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess)
JsonProperty(com.fasterxml.jackson.annotation.JsonProperty)
AccessControlManager(io.trino.security.AccessControlManager)
ZonedDateTime(java.time.ZonedDateTime)
NodeInfo(io.airlift.node.NodeInfo)
Test(org.testng.annotations.Test)
HttpServerConfig(io.airlift.http.server.HttpServerConfig)
SystemSecurityContext(io.trino.spi.security.SystemSecurityContext)
JwsHeader(io.jsonwebtoken.JwsHeader)
HttpCookie(java.net.HttpCookie)
Matcher(java.util.regex.Matcher)
JwtBuilder(io.jsonwebtoken.JwtBuilder)
Map(java.util.Map)
Path(java.nio.file.Path)
Assert.assertEquals(io.trino.testing.assertions.Assert.assertEquals)
PemReader(io.airlift.security.pem.PemReader)
CookieJar(okhttp3.CookieJar)
Request(okhttp3.Request)
HttpServlet(javax.servlet.http.HttpServlet)
SET_COOKIE(javax.ws.rs.core.HttpHeaders.SET_COOKIE)
JavaNetCookieJar(okhttp3.JavaNetCookieJar)
Set(java.util.Set)
PreparedStatementEncoder(io.trino.server.protocol.PreparedStatementEncoder)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
AccessControl(io.trino.security.AccessControl)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
ProtocolConfig(io.trino.server.ProtocolConfig)
AccessDeniedException(io.trino.spi.security.AccessDeniedException)
NONCE(io.trino.server.security.oauth2.OAuth2Service.NONCE)
GET(javax.ws.rs.GET)
OkHttpUtil.setupSsl(io.trino.client.OkHttpUtil.setupSsl)
MINUTES(java.util.concurrent.TimeUnit.MINUTES)
LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Identity(io.trino.spi.security.Identity)
Response(okhttp3.Response)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
Resources(com.google.common.io.Resources)
Files(java.nio.file.Files)
IOException(java.io.IOException)
Iterables.getOnlyElement(com.google.common.collect.Iterables.getOnlyElement)
File(java.io.File)
WWW_AUTHENTICATE(javax.ws.rs.core.HttpHeaders.WWW_AUTHENTICATE)
OkHttpClient(okhttp3.OkHttpClient)
ChronoUnit(java.time.temporal.ChronoUnit)
Paths(java.nio.file.Paths)
OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)
AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)
Module(com.google.inject.Module)
AUTHENTICATED_USER(io.trino.server.security.ResourceSecurity.AccessType.AUTHENTICATED_USER)
Date(java.util.Date)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Key(com.google.inject.Key)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
SC_SEE_OTHER(javax.servlet.http.HttpServletResponse.SC_SEE_OTHER)
URI(java.net.URI)
WEB_UI(io.trino.server.security.ResourceSecurity.AccessType.WEB_UI)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder)
ImmutableSet(com.google.common.collect.ImmutableSet)
Context(javax.ws.rs.core.Context)
ImmutableMap(com.google.common.collect.ImmutableMap)
BeforeClass(org.testng.annotations.BeforeClass)
Assert.assertNotNull(org.testng.Assert.assertNotNull)
Credentials(okhttp3.Credentials)
Collectors(java.util.stream.Collectors)
String.format(java.lang.String.format)
Base64(java.util.Base64)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Principal(java.security.Principal)
CookieManager(java.net.CookieManager)
SC_OK(javax.servlet.http.HttpServletResponse.SC_OK)
HttpUriBuilder.uriBuilderFrom(io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)
JaxrsBinder.jaxrsBinder(io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)
MetadataManager.createTestMetadataManager(io.trino.metadata.MetadataManager.createTestMetadataManager)
Optional(java.util.Optional)
MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull)
Pattern(java.util.regex.Pattern)
HttpUrl(okhttp3.HttpUrl)
Instant.now(java.time.Instant.now)
DataProvider(org.testng.annotations.DataProvider)
JwtUtil.newJwtBuilder(io.trino.server.security.jwt.JwtUtil.newJwtBuilder)
OAuth2Client(io.trino.server.security.oauth2.OAuth2Client)
Headers(okhttp3.Headers)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Inject(javax.inject.Inject)
Cookie(okhttp3.Cookie)
ImmutableList(com.google.common.collect.ImmutableList)
Objects.requireNonNull(java.util.Objects.requireNonNull)
HttpRequestSessionContextFactory(io.trino.server.HttpRequestSessionContextFactory)
UI_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.UI_LOCATION)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
Keys.hmacShaKeyFor(io.jsonwebtoken.security.Keys.hmacShaKeyFor)
AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SC_FORBIDDEN(javax.servlet.http.HttpServletResponse.SC_FORBIDDEN)
Assert.assertTrue(org.testng.Assert.assertTrue)
TRINO_HEADERS(io.trino.client.ProtocolHeaders.TRINO_HEADERS)
OkHttpClient(okhttp3.OkHttpClient)
TestingHttpServer(io.airlift.http.server.testing.TestingHttpServer)
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 29 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestResourceSecurity method testFixedManagerAuthenticatorHttpInsecureEnabledOnly.
@Test
public void testFixedManagerAuthenticatorHttpInsecureEnabledOnly() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("password-authenticator.config-files", passwordConfigDummy.toString()).put("http-server.authentication.type", "password").put("http-server.authentication.allow-insecure-over-http", "true").put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN).put("management.user", MANAGEMENT_USER).buildOrThrow()).build()) {
server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticators(TestResourceSecurity::authenticate);
server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(TestSystemAccessControl.WITH_IMPERSONATION);
HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class));
assertFixedManagementUser(httpServerInfo.getHttpUri(), true);
assertPasswordAuthentication(httpServerInfo.getHttpsUri());
}
}
Also used :
HttpServerInfo(io.airlift.http.server.HttpServerInfo)
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Example 30 with TestingTrinoServer
use of io.trino.server.testing.TestingTrinoServer in project trino by trinodb.
the class TestWebUi method testNoPasswordAuthenticator.
@Test
public void testNoPasswordAuthenticator() throws Exception {
try (TestingTrinoServer server = TestingTrinoServer.builder().setProperties(ImmutableMap.<String, String>builder().putAll(SECURE_PROPERTIES).put("http-server.authentication.type", "password").put("password-authenticator.config-files", passwordConfigDummy.toString()).buildOrThrow()).build()) {
// a password manager is required, so a secure request will fail
// a real server will fail to start, but verify that we get an exception here to be safe
FormAuthenticator formAuthenticator = server.getInstance(Key.get(FormAuthenticator.class));
assertThatThrownBy(() -> formAuthenticator.isValidCredential(TEST_USER, TEST_USER, true)).hasMessage("authenticators were not loaded").isInstanceOf(IllegalStateException.class);
assertTrue(formAuthenticator.isLoginEnabled(true));
}
}
Also used :
TestingTrinoServer(io.trino.server.testing.TestingTrinoServer)
Test(org.testng.annotations.Test)
Aggregations
TestingTrinoServer (io.trino.server.testing.TestingTrinoServer)41
Test (org.testng.annotations.Test)33
HttpServerInfo (io.airlift.http.server.HttpServerInfo)28
ImmutableMap (com.google.common.collect.ImmutableMap)16
ImmutableSet (com.google.common.collect.ImmutableSet)14
Iterables.getOnlyElement (com.google.common.collect.Iterables.getOnlyElement)14
Resources (com.google.common.io.Resources)14
AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)14
Key (com.google.inject.Key)14
OptionalBinder.newOptionalBinder (com.google.inject.multibindings.OptionalBinder.newOptionalBinder)14
HttpUriBuilder.uriBuilderFrom (io.airlift.http.client.HttpUriBuilder.uriBuilderFrom)14
HttpServerConfig (io.airlift.http.server.HttpServerConfig)14
TestingHttpServer (io.airlift.http.server.testing.TestingHttpServer)14
JaxrsBinder.jaxrsBinder (io.airlift.jaxrs.JaxrsBinder.jaxrsBinder)14
NodeInfo (io.airlift.node.NodeInfo)14
PemReader (io.airlift.security.pem.PemReader)14
JwsHeader (io.jsonwebtoken.JwsHeader)14
JwtBuilder (io.jsonwebtoken.JwtBuilder)14
Keys.hmacShaKeyFor (io.jsonwebtoken.security.Keys.hmacShaKeyFor)14
OkHttpUtil.setupSsl (io.trino.client.OkHttpUtil.setupSsl)14
