use of org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider in project drill by axbaretto.
the class WebServer method createServletContextHandler.
private ServletContextHandler createServletContextHandler(final boolean authEnabled) throws DrillbitStartupException {
// Add resources
final ErrorHandler errorHandler = new DrillErrorHandler();
errorHandler.setShowStacks(true);
errorHandler.setShowMessageInTitle(true);
final ServletContextHandler servletContextHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
servletContextHandler.setErrorHandler(errorHandler);
servletContextHandler.setContextPath("/");
final ServletHolder servletHolder = new ServletHolder(new ServletContainer(new DrillRestServer(workManager, servletContextHandler.getServletContext(), drillbit)));
servletHolder.setInitOrder(1);
servletContextHandler.addServlet(servletHolder, "/*");
servletContextHandler.addServlet(new ServletHolder(new MetricsServlet(metrics)), "/status/metrics");
servletContextHandler.addServlet(new ServletHolder(new ThreadDumpServlet()), "/status/threads");
final ServletHolder staticHolder = new ServletHolder("static", DefaultServlet.class);
// Get resource URL for Drill static assets, based on where Drill icon is located
String drillIconResourcePath = Resource.newClassPathResource(BASE_STATIC_PATH + DRILL_ICON_RESOURCE_RELATIVE_PATH).getURL().toString();
staticHolder.setInitParameter("resourceBase", drillIconResourcePath.substring(0, drillIconResourcePath.length() - DRILL_ICON_RESOURCE_RELATIVE_PATH.length()));
staticHolder.setInitParameter("dirAllowed", "false");
staticHolder.setInitParameter("pathInfoOnly", "true");
servletContextHandler.addServlet(staticHolder, "/static/*");
if (authEnabled) {
// DrillSecurityHandler is used to support SPNEGO and FORM authentication together
servletContextHandler.setSecurityHandler(new DrillHttpSecurityHandlerProvider(config, workManager.getContext()));
servletContextHandler.setSessionHandler(createSessionHandler(servletContextHandler.getSecurityHandler()));
}
if (isImpersonationOnlyEnabled(workManager.getContext().getConfig())) {
for (String path : new String[] { "/query", "/query.json" }) {
servletContextHandler.addFilter(UserNameFilter.class, path, EnumSet.of(DispatcherType.REQUEST));
}
}
if (config.getBoolean(ExecConstants.HTTP_CORS_ENABLED)) {
FilterHolder holder = new FilterHolder(CrossOriginFilter.class);
holder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, StringUtils.join(config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_ORIGINS), ","));
holder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, StringUtils.join(config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_METHODS), ","));
holder.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, StringUtils.join(config.getStringList(ExecConstants.HTTP_CORS_ALLOWED_HEADERS), ","));
holder.setInitParameter(CrossOriginFilter.ALLOW_CREDENTIALS_PARAM, String.valueOf(config.getBoolean(ExecConstants.HTTP_CORS_CREDENTIALS)));
for (String path : new String[] { "*.json", "/storage/*/enable/*", "/status*" }) {
servletContextHandler.addFilter(holder, path, EnumSet.of(DispatcherType.REQUEST));
}
}
return servletContextHandler;
}
use of org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider in project drill by axbaretto.
the class TestSpnegoAuthentication method testFORMEnabledWithPlainDisabled.
/**
* Validate failure in creating FORM security handler when PAM authenticator is absent. PAM authenticator is provided
* via {@link PlainFactory#getAuthenticator()}
* @throws Exception
*/
@Test
public void testFORMEnabledWithPlainDisabled() throws Exception {
try {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("form"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(false);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
fail();
} catch (Exception ex) {
assertTrue(ex instanceof DrillbitStartupException);
}
}
use of org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider in project drill by axbaretto.
the class TestSpnegoAuthentication method testSPNEGOAndFORMEnabled.
/**
* Both SPNEGO and FORM mechanism is enabled for WebServer in configuration. Test to see if the respective security
* handlers are created successfully or not.
* @throws Exception
*/
@Test
public void testSPNEGOAndFORMEnabled() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("form", "spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
assertTrue(securityProvider.isFormEnabled());
assertTrue(securityProvider.isSpnegoEnabled());
}
use of org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider in project drill by axbaretto.
the class TestSpnegoAuthentication method testConfigBackwardCompatibility.
/**
* Validate when none of the security mechanism is specified in the
* {@link ExecConstants#HTTP_AUTHENTICATION_MECHANISMS}, FORM security handler is still configured correctly when
* authentication is enabled along with PAM authenticator module.
* @throws Exception
*/
@Test
public void testConfigBackwardCompatibility() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
assertTrue(securityProvider.isFormEnabled());
assertTrue(!securityProvider.isSpnegoEnabled());
}
use of org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider in project drill by apache.
the class TestSpnegoAuthentication method testSPNEGOAndFORMEnabled.
/**
* Both SPNEGO and FORM mechanism is enabled for WebServer in configuration. Test to see if the respective security
* handlers are created successfully or not.
*/
@Test
public void testSPNEGOAndFORMEnabled() throws Exception {
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("form", "spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final ScanResult scanResult = ClassPathScanner.fromPrescan(newConfig);
final AuthenticatorProviderImpl authenticatorProvider = Mockito.mock(AuthenticatorProviderImpl.class);
Mockito.when(authenticatorProvider.containsFactory(PlainFactory.SIMPLE_NAME)).thenReturn(true);
final DrillbitContext context = Mockito.mock(DrillbitContext.class);
Mockito.when(context.getClasspathScan()).thenReturn(scanResult);
Mockito.when(context.getConfig()).thenReturn(newConfig);
Mockito.when(context.getAuthProvider()).thenReturn(authenticatorProvider);
final DrillHttpSecurityHandlerProvider securityProvider = new DrillHttpSecurityHandlerProvider(newConfig, context);
assertTrue(securityProvider.isFormEnabled());
assertTrue(securityProvider.isSpnegoEnabled());
}
Aggregations