Search in sources :

Example 6 with Base64.encodeBase64String

use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.

the class LdapAuthenticationHandler method authenticate.

@Override
public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String authorization = request.getHeader(HttpConstants.AUTHORIZATION_HEADER);
    if (authorization == null || !AuthenticationHandlerUtil.matchAuthScheme(HttpConstants.BASIC, authorization)) {
        response.setHeader(WWW_AUTHENTICATE, HttpConstants.BASIC);
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        if (authorization == null) {
            logger.trace("Basic auth starting");
        } else {
            logger.warn("'" + HttpConstants.AUTHORIZATION_HEADER + "' does not start with '" + HttpConstants.BASIC + "' :  {}", authorization);
        }
    } else {
        authorization = authorization.substring(HttpConstants.BASIC.length()).trim();
        final Base64 base64 = new Base64(0);
        // As per RFC7617, UTF-8 charset should be used for decoding.
        String[] credentials = new String(base64.decode(authorization), StandardCharsets.UTF_8).split(":", 2);
        if (credentials.length == 2) {
            token = authenticateUser(credentials[0], credentials[1]);
            response.setStatus(HttpServletResponse.SC_OK);
        }
    }
    return token;
}
Also used : Base64(org.apache.commons.codec.binary.Base64)

Example 7 with Base64.encodeBase64String

use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.

the class TestLdapAuthenticationHandler method testRequestWithAuthorization.

@Test(timeout = 60000)
public void testRequestWithAuthorization() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    final Base64 base64 = new Base64(0);
    String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes());
    String authHeader = HttpConstants.BASIC + " " + credentials;
    Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)).thenReturn(authHeader);
    AuthenticationToken token = handler.authenticate(request, response);
    Assert.assertNotNull(token);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
    Assert.assertEquals(TYPE, token.getType());
    Assert.assertEquals("bjones", token.getUserName());
    Assert.assertEquals("bjones", token.getName());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Base64(org.apache.commons.codec.binary.Base64) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Example 8 with Base64.encodeBase64String

use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.

the class TestLdapAuthenticationHandler method testRequestWithWrongCredentials.

@Test(timeout = 60000)
public void testRequestWithWrongCredentials() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    final Base64 base64 = new Base64(0);
    String credentials = base64.encodeToString("bjones:foo123".getBytes());
    String authHeader = HttpConstants.BASIC + " " + credentials;
    Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)).thenReturn(authHeader);
    try {
        handler.authenticate(request, response);
        Assert.fail();
    } catch (AuthenticationException ex) {
    // Expected
    } catch (Exception ex) {
        Assert.fail();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Base64(org.apache.commons.codec.binary.Base64) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Test(org.junit.Test)

Example 9 with Base64.encodeBase64String

use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.

the class TestMultiSchemeAuthenticationHandler method testRequestWithInvalidKerberosAuthorization.

@Test(timeout = 60000)
public void testRequestWithInvalidKerberosAuthorization() throws Exception {
    String token = new Base64(0).encodeToString(new byte[] { 0, 1, 2 });
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getHeader(AUTHORIZATION_HEADER)).thenReturn(NEGOTIATE + token);
    try {
        handler.authenticate(request, response);
        Assert.fail();
    } catch (AuthenticationException ex) {
    // Expected
    } catch (Exception ex) {
        Assert.fail();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Base64(org.apache.commons.codec.binary.Base64) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Test(org.junit.Test)

Example 10 with Base64.encodeBase64String

use of org.apache.commons.codec.binary.Base64.encodeBase64String in project hadoop by apache.

the class TestKerberosAuthenticationHandler method testRequestWithAuthorization.

public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {

        @Override
        public String call() throws Exception {
            GSSManager gssManager = GSSManager.getInstance();
            GSSContext gssContext = null;
            try {
                String servicePrincipal = KerberosTestUtils.getServerPrincipal();
                Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
                GSSName serviceName = gssManager.createName(servicePrincipal, oid);
                oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
                gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
                gssContext.requestCredDeleg(true);
                gssContext.requestMutualAuth(true);
                byte[] inToken = new byte[0];
                byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
                Base64 base64 = new Base64(0);
                return base64.encodeToString(outToken);
            } finally {
                if (gssContext != null) {
                    gssContext.dispose();
                }
            }
        }
    });
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn(KerberosAuthenticator.NEGOTIATE + " " + token);
    Mockito.when(request.getServerName()).thenReturn("localhost");
    AuthenticationToken authToken = handler.authenticate(request, response);
    if (authToken != null) {
        Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
        Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
        Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
        Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
        Assert.assertEquals(getExpectedType(), authToken.getType());
    } else {
        Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
        Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) GSSName(org.ietf.jgss.GSSName) Base64(org.apache.commons.codec.binary.Base64) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) Oid(org.ietf.jgss.Oid) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException)

Aggregations

Base64 (org.apache.commons.codec.binary.Base64)149 IOException (java.io.IOException)33 Test (org.junit.Test)29 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14 Base64.encodeBase64String (org.apache.commons.codec.binary.Base64.encodeBase64String)14 ByteArrayInputStream (java.io.ByteArrayInputStream)11 InputStream (java.io.InputStream)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 HttpServletResponse (javax.servlet.http.HttpServletResponse)11 SecretKeySpec (javax.crypto.spec.SecretKeySpec)9 URL (java.net.URL)8 HashMap (java.util.HashMap)8 Cipher (javax.crypto.Cipher)8 File (java.io.File)7 MessageDigest (java.security.MessageDigest)7 Mac (javax.crypto.Mac)7 ServletException (javax.servlet.ServletException)7 FileNotFoundException (java.io.FileNotFoundException)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 URLConnection (java.net.URLConnection)5