Search in sources :

Example 11 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAuthenticationFilter method testDoFilterAuthenticatedExpired.

@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
    String secret = "secret";
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret);
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret);
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        FilterChain chain = Mockito.mock(FilterChain.class);
        verifyUnauthorized(filter, request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 12 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAuthenticationFilter method testDoFilterAuthenticatedInvalidType.

@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
    String secret = "secret";
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret);
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret);
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        FilterChain chain = Mockito.mock(FilterChain.class);
        verifyUnauthorized(filter, request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 13 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAuthenticationFilter method testDoFilterNotAuthenticated.

@Test
public void testDoFilterNotAuthenticated() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        Mockito.doAnswer(new Answer<Object>() {

            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                Assert.fail();
                return null;
            }
        }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        filter.doFilter(request, response, chain);
        Mockito.verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required");
    } finally {
        filter.destroy();
    }
}
Also used : FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 14 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAuthenticationFilter method _testDoFilterAuthenticationMaxInactiveInterval.

private void _testDoFilterAuthenticationMaxInactiveInterval(long maxInactivesInToken, long maxInactivesOnServer, long expires, boolean authorized, boolean newCookie) throws Exception {
    String secret = "secret";
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL)).thenReturn(Long.toString(maxInactivesOnServer));
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setMaxInactives(maxInactivesInToken);
        token.setExpires(expires);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret);
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
        FilterChain chain = Mockito.mock(FilterChain.class);
        if (authorized) {
            verifyAuthorized(filter, request, response, chain, newCookie);
        } else {
            verifyUnauthorized(filter, request, response, chain);
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector)

Example 15 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestLdapAuthenticationHandler method testRequestWithIncompleteAuthorization.

@Test(timeout = 60000)
public void testRequestWithIncompleteAuthorization() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)).thenReturn(HttpConstants.BASIC);
    Assert.assertNull(handler.authenticate(request, response));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Aggregations

HttpServletRequest (javax.servlet.http.HttpServletRequest)2488 HttpServletResponse (javax.servlet.http.HttpServletResponse)1308 Test (org.junit.Test)987 IOException (java.io.IOException)595 ServletException (javax.servlet.ServletException)498 AbstractHandler (org.eclipse.jetty.server.handler.AbstractHandler)223 FilterChain (javax.servlet.FilterChain)200 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)196 Test (org.testng.annotations.Test)168 Request (org.eclipse.jetty.server.Request)164 CountDownLatch (java.util.concurrent.CountDownLatch)160 HttpServlet (javax.servlet.http.HttpServlet)156 HttpSession (javax.servlet.http.HttpSession)150 HashMap (java.util.HashMap)130 PrintWriter (java.io.PrintWriter)121 Map (java.util.Map)100 InterruptedIOException (java.io.InterruptedIOException)97 ServletRequest (javax.servlet.ServletRequest)95 ServletContext (javax.servlet.ServletContext)91 ServletOutputStream (javax.servlet.ServletOutputStream)90