use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.
the class LdapAuthenticationHandler method authenticate.
@Override
public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException {
AuthenticationToken token = null;
String authorization = request.getHeader(HttpConstants.AUTHORIZATION_HEADER);
if (authorization == null || !AuthenticationHandlerUtil.matchAuthScheme(HttpConstants.BASIC, authorization)) {
response.setHeader(WWW_AUTHENTICATE, HttpConstants.BASIC);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
if (authorization == null) {
logger.trace("Basic auth starting");
} else {
logger.warn("'" + HttpConstants.AUTHORIZATION_HEADER + "' does not start with '" + HttpConstants.BASIC + "' : {}", authorization);
}
} else {
authorization = authorization.substring(HttpConstants.BASIC.length()).trim();
final Base64 base64 = new Base64(0);
// As per RFC7617, UTF-8 charset should be used for decoding.
String[] credentials = new String(base64.decode(authorization), StandardCharsets.UTF_8).split(":", 2);
if (credentials.length == 2) {
token = authenticateUser(credentials[0], credentials[1]);
response.setStatus(HttpServletResponse.SC_OK);
}
}
return token;
}
use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.
the class TestLdapAuthenticationHandler method testRequestWithAuthorization.
@Test(timeout = 60000)
public void testRequestWithAuthorization() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
final Base64 base64 = new Base64(0);
String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes());
String authHeader = HttpConstants.BASIC + " " + credentials;
Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)).thenReturn(authHeader);
AuthenticationToken token = handler.authenticate(request, response);
Assert.assertNotNull(token);
Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
Assert.assertEquals(TYPE, token.getType());
Assert.assertEquals("bjones", token.getUserName());
Assert.assertEquals("bjones", token.getName());
}
use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.
the class TestLdapAuthenticationHandler method testRequestWithWrongCredentials.
@Test(timeout = 60000)
public void testRequestWithWrongCredentials() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
final Base64 base64 = new Base64(0);
String credentials = base64.encodeToString("bjones:foo123".getBytes());
String authHeader = HttpConstants.BASIC + " " + credentials;
Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)).thenReturn(authHeader);
try {
handler.authenticate(request, response);
Assert.fail();
} catch (AuthenticationException ex) {
// Expected
} catch (Exception ex) {
Assert.fail();
}
}
use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.
the class TestMultiSchemeAuthenticationHandler method testRequestWithInvalidKerberosAuthorization.
@Test(timeout = 60000)
public void testRequestWithInvalidKerberosAuthorization() throws Exception {
String token = new Base64(0).encodeToString(new byte[] { 0, 1, 2 });
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(request.getHeader(AUTHORIZATION_HEADER)).thenReturn(NEGOTIATE + token);
try {
handler.authenticate(request, response);
Assert.fail();
} catch (AuthenticationException ex) {
// Expected
} catch (Exception ex) {
Assert.fail();
}
}
use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.
the class TestKerberosAuthenticationHandler method testRequestWithAuthorization.
public void testRequestWithAuthorization() throws Exception {
String token = KerberosTestUtils.doAsClient(new Callable<String>() {
@Override
public String call() throws Exception {
GSSManager gssManager = GSSManager.getInstance();
GSSContext gssContext = null;
try {
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal, oid);
oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
byte[] inToken = new byte[0];
byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
Base64 base64 = new Base64(0);
return base64.encodeToString(outToken);
} finally {
if (gssContext != null) {
gssContext.dispose();
}
}
}
});
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn(KerberosAuthenticator.NEGOTIATE + " " + token);
Mockito.when(request.getServerName()).thenReturn("localhost");
AuthenticationToken authToken = handler.authenticate(request, response);
if (authToken != null) {
Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
Assert.assertEquals(getExpectedType(), authToken.getType());
} else {
Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
}
Aggregations