Search in sources :

Example 81 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestAuthenticationFilter method testInit.

@Test
public void testInit() throws Exception {
    // custom secret as inline
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(new SignerSecretProvider() {

            @Override
            public void init(Properties config, ServletContext servletContext, long tokenValidity) {
            }

            @Override
            public byte[] getCurrentSecret() {
                return null;
            }

            @Override
            public byte[][] getAllSecrets() {
                return null;
            }
        });
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertTrue(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom secret by file
    File testDir = new File(System.getProperty("test.build.data", "target/test-dir"));
    testDir.mkdirs();
    String secretValue = "hadoop";
    File secretFile = new File(testDir, "http-secret.txt");
    Writer writer = new FileWriter(secretFile);
    writer.write(secretValue);
    writer.close();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET_FILE)).thenReturn(secretFile.getAbsolutePath());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET_FILE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertFalse(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom cookie domain and cookie path
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH)).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertEquals(".foo.com", filter.getCookieDomain());
        Assert.assertEquals("/bar", filter.getCookiePath());
    } finally {
        filter.destroy();
    }
    // authentication handler lifecycle, and custom impl
    DummyAuthenticationHandler.reset();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertTrue(DummyAuthenticationHandler.init);
    } finally {
        filter.destroy();
        Assert.assertTrue(DummyAuthenticationHandler.destroy);
    }
    // kerberos auth handler
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        ServletContext sc = Mockito.mock(ServletContext.class);
        Mockito.when(config.getServletContext()).thenReturn(sc);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("kerberos");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        filter.init(config);
    } catch (ServletException ex) {
    // Expected
    } finally {
        Assert.assertEquals(KerberosAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
        filter.destroy();
    }
}
Also used : SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FileWriter(java.io.FileWriter) Properties(java.util.Properties) ServletException(javax.servlet.ServletException) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) File(java.io.File) FileWriter(java.io.FileWriter) Writer(java.io.Writer) Test(org.junit.Test)

Example 82 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestAuthenticationFilter method testGetTokenInvalidType.

@Test
public void testGetTokenInvalidType() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        boolean failed = false;
        try {
            filter.getToken(request);
        } catch (AuthenticationException ex) {
            Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
            failed = true;
        } finally {
            Assert.assertTrue("token not invalid type", failed);
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Properties(java.util.Properties) Signer(org.apache.hadoop.security.authentication.util.Signer) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 83 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestAuthenticationFilter method testDoFilterAuthenticationFailure.

@Test
public void testDoFilterAuthenticationFailure() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] {});
        Mockito.when(request.getHeader("WWW-Authenticate")).thenReturn("dummyauth");
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        final Map<String, String> cookieMap = new HashMap<String, String>();
        Mockito.doAnswer(new Answer<Object>() {

            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                Object[] args = invocation.getArguments();
                parseCookieMap((String) args[1], cookieMap);
                return null;
            }
        }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
        Mockito.doAnswer(new Answer<Object>() {

            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                Assert.fail("shouldn't get here");
                return null;
            }
        }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
        filter.doFilter(request, response, chain);
        Mockito.verify(response).sendError(HttpServletResponse.SC_FORBIDDEN, "AUTH FAILED");
        Mockito.verify(response, Mockito.never()).setHeader(Mockito.eq("WWW-Authenticate"), Mockito.anyString());
        String value = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
        Assert.assertNotNull("cookie missing", value);
        Assert.assertEquals("", value);
    } finally {
        filter.destroy();
    }
}
Also used : HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 84 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestStaticUserWebFilter method testFilter.

@Test
public void testFilter() throws Exception {
    FilterConfig config = mockConfig("myuser");
    StaticUserFilter suf = new StaticUserFilter();
    suf.init(config);
    ArgumentCaptor<HttpServletRequestWrapper> wrapperArg = ArgumentCaptor.forClass(HttpServletRequestWrapper.class);
    FilterChain chain = mock(FilterChain.class);
    suf.doFilter(mock(HttpServletRequest.class), mock(ServletResponse.class), chain);
    Mockito.verify(chain).doFilter(wrapperArg.capture(), Mockito.<ServletResponse>anyObject());
    HttpServletRequestWrapper wrapper = wrapperArg.getValue();
    assertEquals("myuser", wrapper.getUserPrincipal().getName());
    assertEquals("myuser", wrapper.getRemoteUser());
    suf.destroy();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletResponse(javax.servlet.ServletResponse) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) FilterChain(javax.servlet.FilterChain) StaticUserFilter(org.apache.hadoop.http.lib.StaticUserWebFilter.StaticUserFilter) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 85 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestStaticUserWebFilter method mockConfig.

private FilterConfig mockConfig(String username) {
    FilterConfig mock = Mockito.mock(FilterConfig.class);
    Mockito.doReturn(username).when(mock).getInitParameter(CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER);
    return mock;
}
Also used : FilterConfig(javax.servlet.FilterConfig)

Aggregations

FilterConfig (javax.servlet.FilterConfig)118 Test (org.junit.Test)70 HttpServletRequest (javax.servlet.http.HttpServletRequest)64 FilterChain (javax.servlet.FilterChain)63 HttpServletResponse (javax.servlet.http.HttpServletResponse)50 ServletContext (javax.servlet.ServletContext)28 HashMap (java.util.HashMap)21 ServletException (javax.servlet.ServletException)21 Vector (java.util.Vector)17 Properties (java.util.Properties)15 Filter (javax.servlet.Filter)14 ServletResponse (javax.servlet.ServletResponse)14 ServletRequest (javax.servlet.ServletRequest)12 IOException (java.io.IOException)10 SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Signer (org.apache.hadoop.security.authentication.util.Signer)9 Enumeration (java.util.Enumeration)8 CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8