Search in sources :

Example 26 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestJWTRedirectAuthentictionHandler method testFailedSignatureValidationJWT.

@Test
public void testFailedSignatureValidationJWT() throws Exception {
    try {
        // Create a public key that doesn't match the one needed to
        // verify the signature - in order to make it fail verification...
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(2048);
        KeyPair kp = kpg.genKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) kp.getPublic();
        handler.setPublicKey(publicKey);
        Properties props = getProperties();
        handler.init(props);
        SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() + 5000), privateKey);
        Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
        AuthenticationToken token = handler.alternateAuthenticate(request, response);
        Mockito.verify(response).sendRedirect(REDIRECT_LOCATION);
    } catch (ServletException se) {
        fail("alternateAuthentication should NOT have thrown a ServletException");
    } catch (AuthenticationException ae) {
        fail("alternateAuthentication should NOT have thrown a AuthenticationException");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) KeyPair(java.security.KeyPair) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) KeyPairGenerator(java.security.KeyPairGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) RSAPublicKey(java.security.interfaces.RSAPublicKey) Test(org.junit.Test)

Example 27 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestKerberosAuthenticationHandler method testRequestWithInvalidAuthorization.

public void testRequestWithInvalidAuthorization() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn("invalid");
    Assert.assertNull(handler.authenticate(request, response));
    Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 28 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestKerberosAuthenticationHandler method testRequestWithAuthorization.

public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {

        @Override
        public String call() throws Exception {
            GSSManager gssManager = GSSManager.getInstance();
            GSSContext gssContext = null;
            try {
                String servicePrincipal = KerberosTestUtils.getServerPrincipal();
                Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
                GSSName serviceName = gssManager.createName(servicePrincipal, oid);
                oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
                gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
                gssContext.requestCredDeleg(true);
                gssContext.requestMutualAuth(true);
                byte[] inToken = new byte[0];
                byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
                Base64 base64 = new Base64(0);
                return base64.encodeToString(outToken);
            } finally {
                if (gssContext != null) {
                    gssContext.dispose();
                }
            }
        }
    });
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn(KerberosAuthenticator.NEGOTIATE + " " + token);
    Mockito.when(request.getServerName()).thenReturn("localhost");
    AuthenticationToken authToken = handler.authenticate(request, response);
    if (authToken != null) {
        Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
        Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
        Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
        Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
        Assert.assertEquals(getExpectedType(), authToken.getType());
    } else {
        Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
        Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) GSSName(org.ietf.jgss.GSSName) Base64(org.apache.commons.codec.binary.Base64) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) Oid(org.ietf.jgss.Oid) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException)

Example 29 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestConfServlet method verifyGetProperty.

private void verifyGetProperty(Configuration conf, String format, String propertyName) throws Exception {
    StringWriter sw = null;
    PrintWriter pw = null;
    ConfServlet service = null;
    try {
        service = new ConfServlet();
        ServletConfig servletConf = mock(ServletConfig.class);
        ServletContext context = mock(ServletContext.class);
        service.init(servletConf);
        when(context.getAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE)).thenReturn(conf);
        when(service.getServletContext()).thenReturn(context);
        HttpServletRequest request = mock(HttpServletRequest.class);
        when(request.getHeader(HttpHeaders.ACCEPT)).thenReturn(TEST_FORMATS.get(format));
        when(request.getParameter("name")).thenReturn(propertyName);
        HttpServletResponse response = mock(HttpServletResponse.class);
        sw = new StringWriter();
        pw = new PrintWriter(sw);
        when(response.getWriter()).thenReturn(pw);
        // response request
        service.doGet(request, response);
        String result = sw.toString().trim();
        // in the response
        if (Strings.isNullOrEmpty(propertyName)) {
            for (String key : TEST_PROPERTIES.keySet()) {
                assertTrue(result.contains(key) && result.contains(TEST_PROPERTIES.get(key)));
            }
        } else {
            if (conf.get(propertyName) != null) {
                // if property name is not empty and property is found
                assertTrue(result.contains(propertyName));
                for (String key : TEST_PROPERTIES.keySet()) {
                    if (!key.equals(propertyName)) {
                        assertFalse(result.contains(key));
                    }
                }
            } else {
                // if property name is not empty, and it's not in configuration
                // expect proper error code and error message is set to the response
                Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND), Mockito.eq("Property " + propertyName + " not found"));
            }
        }
    } finally {
        if (sw != null) {
            sw.close();
        }
        if (pw != null) {
            pw.close();
        }
        if (service != null) {
            service.destroy();
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) StringWriter(java.io.StringWriter) ServletConfig(javax.servlet.ServletConfig) ServletContext(javax.servlet.ServletContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) PrintWriter(java.io.PrintWriter)

Example 30 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project groovy by apache.

the class ServletBinding method forward.

public void forward(String path) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest) super.getVariable("request");
    HttpServletResponse response = (HttpServletResponse) super.getVariable("response");
    RequestDispatcher dispatcher = request.getRequestDispatcher(path);
    dispatcher.forward(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) RequestDispatcher(javax.servlet.RequestDispatcher)

Aggregations

HttpServletRequest (javax.servlet.http.HttpServletRequest)2488 HttpServletResponse (javax.servlet.http.HttpServletResponse)1308 Test (org.junit.Test)987 IOException (java.io.IOException)595 ServletException (javax.servlet.ServletException)498 AbstractHandler (org.eclipse.jetty.server.handler.AbstractHandler)223 FilterChain (javax.servlet.FilterChain)200 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)196 Test (org.testng.annotations.Test)168 Request (org.eclipse.jetty.server.Request)164 CountDownLatch (java.util.concurrent.CountDownLatch)160 HttpServlet (javax.servlet.http.HttpServlet)156 HttpSession (javax.servlet.http.HttpSession)150 HashMap (java.util.HashMap)130 PrintWriter (java.io.PrintWriter)121 Map (java.util.Map)100 InterruptedIOException (java.io.InterruptedIOException)97 ServletRequest (javax.servlet.ServletRequest)95 ServletContext (javax.servlet.ServletContext)91 ServletOutputStream (javax.servlet.ServletOutputStream)90