use of org.apache.drill.exec.server.rest.auth.DrillSpnegoLoginService in project drill by axbaretto.
the class TestDrillSpnegoAuthenticator method setupTest.
@BeforeClass
public static void setupTest() throws Exception {
spnegoHelper = new KerberosHelper(TestSpnegoAuthentication.class.getSimpleName(), primaryName);
spnegoHelper.setupKdc(dirTestWatcher.getTmpDir());
sun.security.krb5.Config.refresh();
// (2) Reset the default realm.
final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
defaultRealm.setAccessible(true);
defaultRealm.set(null, KerberosUtil.getDefaultRealm());
// Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
// Create mock objects for optionManager and AuthConfiguration
final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
Authenticator.AuthConfiguration authConfiguration = Mockito.mock(Authenticator.AuthConfiguration.class);
spnegoAuthenticator = new DrillSpnegoAuthenticator("SPNEGO");
DrillSpnegoLoginService spnegoLoginService = new DrillSpnegoLoginService(drillbitContext);
Mockito.when(authConfiguration.getLoginService()).thenReturn(spnegoLoginService);
Mockito.when(authConfiguration.getIdentityService()).thenReturn(new DefaultIdentityService());
Mockito.when(authConfiguration.isSessionRenewedOnAuthentication()).thenReturn(true);
// Set the login service and identity service inside SpnegoAuthenticator
spnegoAuthenticator.setConfiguration(authConfiguration);
}
use of org.apache.drill.exec.server.rest.auth.DrillSpnegoLoginService in project drill by axbaretto.
the class TestSpnegoAuthentication method testDrillSpnegoLoginService.
/**
* Validate successful {@link DrillSpnegoLoginService#login(String, Object)} when provided with client token for a
* configured service principal.
* @throws Exception
*/
@Test
public void testDrillSpnegoLoginService() throws Exception {
// Create client subject using it's principal and keytab
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(spnegoHelper.CLIENT_PRINCIPAL, spnegoHelper.clientKeytab.getAbsoluteFile());
// Generate a SPNEGO token for the peer SERVER_PRINCIPAL from this CLIENT_PRINCIPAL
final String token = Subject.doAs(clientSubject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
final GSSManager gssManager = GSSManager.getInstance();
GSSContext gssContext = null;
try {
final Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
final GSSName serviceName = gssManager.createName(spnegoHelper.SERVER_PRINCIPAL, GSSName.NT_USER_NAME, oid);
gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
byte[] outToken = new byte[0];
outToken = gssContext.initSecContext(outToken, 0, outToken.length);
return Base64.encodeBase64String(outToken);
} finally {
if (gssContext != null) {
gssContext.dispose();
}
}
}
});
// Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
final DrillSpnegoLoginService loginService = new DrillSpnegoLoginService(drillbitContext);
// Authenticate the client using its SPNEGO token
final UserIdentity user = loginService.login(null, token);
// Validate the UserIdentity of authenticated client
assertTrue(user != null);
assertTrue(user.getUserPrincipal().getName().equals(spnegoHelper.CLIENT_SHORT_NAME));
assertTrue(user.isUserInRole("authenticated", null));
}
use of org.apache.drill.exec.server.rest.auth.DrillSpnegoLoginService in project drill by apache.
the class TestDrillSpnegoAuthenticator method setupTest.
@BeforeClass
public static void setupTest() throws Exception {
spnegoHelper = new KerberosHelper(TestSpnegoAuthentication.class.getSimpleName(), primaryName);
spnegoHelper.setupKdc(dirTestWatcher.getTmpDir());
sun.security.krb5.Config.refresh();
// (2) Reset the default realm.
final Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
defaultRealm.setAccessible(true);
defaultRealm.set(null, KerberosUtil.getDefaultRealm());
// Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
// Create mock objects for optionManager and AuthConfiguration
final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
Authenticator.AuthConfiguration authConfiguration = Mockito.mock(Authenticator.AuthConfiguration.class);
spnegoAuthenticator = new DrillSpnegoAuthenticator("SPNEGO");
DrillSpnegoLoginService spnegoLoginService = new DrillSpnegoLoginService(drillbitContext);
Mockito.when(authConfiguration.getLoginService()).thenReturn(spnegoLoginService);
Mockito.when(authConfiguration.getIdentityService()).thenReturn(new DefaultIdentityService());
Mockito.when(authConfiguration.isSessionRenewedOnAuthentication()).thenReturn(true);
// Set the login service and identity service inside SpnegoAuthenticator
spnegoAuthenticator.setConfiguration(authConfiguration);
}
use of org.apache.drill.exec.server.rest.auth.DrillSpnegoLoginService in project drill by apache.
the class TestSpnegoAuthentication method testDrillSpnegoLoginService.
/**
* Validate successful {@link DrillSpnegoLoginService#login(String, Object, javax.servlet.ServletRequest)}
* when provided with client token for a configured service principal.
*/
@Test
public void testDrillSpnegoLoginService() throws Exception {
// Create client subject using it's principal and keytab
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(spnegoHelper.CLIENT_PRINCIPAL, spnegoHelper.clientKeytab.getAbsoluteFile());
// Generate a SPNEGO token for the peer SERVER_PRINCIPAL from this CLIENT_PRINCIPAL
final String token = Subject.doAs(clientSubject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
final GSSManager gssManager = GSSManager.getInstance();
GSSContext gssContext = null;
try {
final Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
final GSSName serviceName = gssManager.createName(spnegoHelper.SERVER_PRINCIPAL, GSSName.NT_USER_NAME, oid);
gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
byte[] outToken = new byte[0];
outToken = gssContext.initSecContext(outToken, 0, outToken.length);
return Base64.encodeBase64String(outToken);
} finally {
if (gssContext != null) {
gssContext.dispose();
}
}
}
});
// Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService
final DrillConfig newConfig = new DrillConfig(DrillConfig.create().withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))).withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)).withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString())));
final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS);
Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)).thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS);
final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class);
Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig);
Mockito.when(drillbitContext.getOptionManager()).thenReturn(optionManager);
final DrillSpnegoLoginService loginService = new DrillSpnegoLoginService(drillbitContext);
// Authenticate the client using its SPNEGO token
final UserIdentity user = loginService.login(null, token, null);
// Validate the UserIdentity of authenticated client
assertNotNull(user);
assertEquals(user.getUserPrincipal().getName(), spnegoHelper.CLIENT_SHORT_NAME);
assertTrue(user.isUserInRole("authenticated", null));
}
Aggregations