use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.
the class TestSpnegoAuthentication method testSPNEGOAndFORMEnabled.
/**
* Both SPNEGO and FORM mechanism is enabled for WebServer in configuration. Test to see if the respective security
* handlers are created successfully or not.
* @throws Exception
*/
@Test
public void testSPNEGOAndFORMEnabled() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("form", "spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
assertTrue(securityProvider.isFormEnabled());
assertTrue(securityProvider.isSpnegoEnabled());
}
use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.
the class TestSpnegoAuthentication method testDrillSpnegoLoginService.
/**
* Validate successful {@link DrillSpnegoLoginService#login(String, Object)} when provided with client token for a
* configured service principal.
* @throws Exception
*/
@Test
public void testDrillSpnegoLoginService() throws Exception {
// Create client subject using it's principal and keytab
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(spnegoHelper.CLIENT_PRINCIPAL, spnegoHelper.clientKeytab.getAbsoluteFile());
// Generate a SPNEGO token for the peer SERVER_PRINCIPAL from this CLIENT_PRINCIPAL
final String token = Subject.doAs(clientSubject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
final GSSManager gssManager = GSSManager.getInstance();
GSSContext gssContext = null;
try {
final Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
final GSSName serviceName = gssManager.createName(spnegoHelper.SERVER_PRINCIPAL, GSSName.NT_USER_NAME, oid);
gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
byte[] outToken = new byte[0];
outToken = gssContext.initSecContext(outToken, 0, outToken.length);
return Base64.encodeBase64String(outToken);
} finally {
if (gssContext != null) {
gssContext.dispose();
}
}
}
});
// Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
final DrillSpnegoLoginService loginService = new DrillSpnegoLoginService(drillbitContext);
// Authenticate the client using its SPNEGO token
final UserIdentity user = loginService.login(null, token);
// Validate the UserIdentity of authenticated client
assertTrue(user != null);
assertTrue(user.getUserPrincipal().getName().equals(spnegoHelper.CLIENT_SHORT_NAME));
assertTrue(user.isUserInRole("authenticated", null));
}
use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.
the class TestSpnegoAuthentication method testConfigBackwardCompatibility.
/**
* Validate when none of the security mechanism is specified in the
* {@link ExecConstants#HTTP_AUTHENTICATION_MECHANISMS}, FORM security handler is still configured correctly when
* authentication is enabled along with PAM authenticator module.
* @throws Exception
*/
@Test
public void testConfigBackwardCompatibility() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
assertTrue(securityProvider.isFormEnabled());
assertTrue(!securityProvider.isSpnegoEnabled());
}
use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.
the class TestCustomTunnel method ensureRoundTripJackson.
@Test
public void ensureRoundTripJackson() throws Exception {
final DrillbitContext context = getDrillbitContext();
final MesgA mesgA = new MesgA();
mesgA.fieldA = "123";
mesgA.fieldB = "okra";
final TestCustomMessageHandlerJackson handler = new TestCustomMessageHandlerJackson(mesgA);
context.getController().registerCustomHandler(1003, handler, new ControlTunnel.JacksonSerDe<MesgA>(MesgA.class), new ControlTunnel.JacksonSerDe<MesgB>(MesgB.class));
final ControlTunnel loopbackTunnel = context.getController().getTunnel(context.getEndpoint());
final CustomTunnel<MesgA, MesgB> tunnel = loopbackTunnel.getCustomTunnel(1003, new ControlTunnel.JacksonSerDe<MesgA>(MesgA.class), new ControlTunnel.JacksonSerDe<MesgB>(MesgB.class));
CustomFuture<MesgB> future = tunnel.send(mesgA);
assertEquals(expectedB, future.get());
}
use of org.apache.drill.exec.server.DrillbitContext in project drill by axbaretto.
the class TestCustomTunnel method ensureRoundTripBytes.
@Test
public void ensureRoundTripBytes() throws Exception {
final DrillbitContext context = getDrillbitContext();
final TestCustomMessageHandler handler = new TestCustomMessageHandler(context.getEndpoint(), true);
context.getController().registerCustomHandler(1002, handler, DrillbitEndpoint.PARSER);
final ControlTunnel loopbackTunnel = context.getController().getTunnel(context.getEndpoint());
final CustomTunnel<DrillbitEndpoint, QueryId> tunnel = loopbackTunnel.getCustomTunnel(1002, DrillbitEndpoint.class, QueryId.PARSER);
buf1.retain();
CustomFuture<QueryId> future = tunnel.send(context.getEndpoint(), buf1);
assertEquals(expectedId, future.get());
byte[] actual = new byte[1024];
future.getBuffer().getBytes(0, actual);
future.getBuffer().release();
assertTrue(Arrays.equals(expected, actual));
}
Aggregations