Examples with AuthenticationToken org.apache.hadoop.security.authentication.server.AuthenticationToken used on opensource projects

Search in sources :

Example 11 with AuthenticationToken

use of org.apache.hadoop.security.authentication.server.AuthenticationToken in project hadoop by apache.

the class DelegationTokenAuthenticationFilter method doFilter.

@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    boolean requestCompleted = false;
    UserGroupInformation ugi = null;
    AuthenticationToken authToken = (AuthenticationToken) request.getUserPrincipal();
    if (authToken != null && authToken != AuthenticationToken.ANONYMOUS) {
        // if the request was authenticated because of a delegation token,
        // then we ignore proxyuser (this is the same as the RPC behavior).
        ugi = (UserGroupInformation) request.getAttribute(DelegationTokenAuthenticationHandler.DELEGATION_TOKEN_UGI_ATTRIBUTE);
        if (ugi == null) {
            String realUser = request.getUserPrincipal().getName();
            ugi = UserGroupInformation.createRemoteUser(realUser, handlerAuthMethod);
            String doAsUser = getDoAs(request);
            if (doAsUser != null) {
                ugi = UserGroupInformation.createProxyUser(doAsUser, ugi);
                try {
                    ProxyUsers.authorize(ugi, request.getRemoteAddr());
                } catch (AuthorizationException ex) {
                    HttpExceptionUtils.createServletExceptionResponse(response, HttpServletResponse.SC_FORBIDDEN, ex);
                    requestCompleted = true;
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Authentication exception: " + ex.getMessage(), ex);
                    } else {
                        LOG.warn("Authentication exception: " + ex.getMessage());
                    }
                }
            }
        }
        UGI_TL.set(ugi);
    }
    if (!requestCompleted) {
        final UserGroupInformation ugiF = ugi;
        try {
            request = new HttpServletRequestWrapper(request) {

                @Override
                public String getAuthType() {
                    return (ugiF != null) ? handlerAuthMethod.toString() : null;
                }

                @Override
                public String getRemoteUser() {
                    return (ugiF != null) ? ugiF.getShortUserName() : null;
                }

                @Override
                public Principal getUserPrincipal() {
                    return (ugiF != null) ? new Principal() {

                        @Override
                        public String getName() {
                            return ugiF.getUserName();
                        }
                    } : null;
                }
            };
            super.doFilter(filterChain, request, response);
        } finally {
            UGI_TL.remove();
        }
    }
}
Also used : AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) Principal(java.security.Principal) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 12 with AuthenticationToken

use of org.apache.hadoop.security.authentication.server.AuthenticationToken in project hadoop by apache.

the class TestHttpFSServer method testDelegationTokenOperations.

@Test
@TestDir
@TestJetty
@TestHdfs
public void testDelegationTokenOperations() throws Exception {
    createHttpFSServer(true);
    URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
    AuthenticationToken token = new AuthenticationToken("u", "p", new KerberosDelegationTokenAuthenticationHandler().getType());
    token.setExpires(System.currentTimeMillis() + 100000000);
    SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, -1);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN");
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
    JSONObject json = (JSONObject) new JSONParser().parse(new InputStreamReader(conn.getInputStream()));
    json = (JSONObject) json.get(DelegationTokenAuthenticator.DELEGATION_TOKEN_JSON);
    String tokenStr = (String) json.get(DelegationTokenAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON);
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestMethod("PUT");
    Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestMethod("PUT");
    conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestMethod("PUT");
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
    // getTrash test with delegation
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETTRASHROOT&delegation=" + tokenStr);
    conn = (HttpURLConnection) url.openConnection();
    Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
    url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETTRASHROOT");
    conn = (HttpURLConnection) url.openConnection();
    conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
    Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
}
Also used : Signer(org.apache.hadoop.security.authentication.util.Signer) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) HttpURLConnection(java.net.HttpURLConnection) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) JSONObject(org.json.simple.JSONObject) InputStreamReader(java.io.InputStreamReader) KerberosDelegationTokenAuthenticationHandler(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler) JSONParser(org.json.simple.parser.JSONParser) Properties(java.util.Properties) URL(java.net.URL) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL) TestJetty(org.apache.hadoop.test.TestJetty) TestHdfs(org.apache.hadoop.test.TestHdfs) TestDir(org.apache.hadoop.test.TestDir) Test(org.junit.Test)

Example 13 with AuthenticationToken

use of org.apache.hadoop.security.authentication.server.AuthenticationToken in project incubator-atlas by apache.

the class AtlasAuthenticationFilter method getToken.

@Override
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String tokenStr = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
                tokenStr = cookie.getValue();
                try {
                    tokenStr = this.signer.verifyAndExtract(tokenStr);
                } catch (SignerException ex) {
                    throw new AuthenticationException(ex);
                }
            }
        }
    }
    if (tokenStr != null) {
        token = AuthenticationToken.parse(tokenStr);
        if (token != null) {
            AuthenticationHandler authHandler = getAuthenticationHandler();
            if (!token.getType().equals(authHandler.getType())) {
                throw new AuthenticationException("Invalid AuthenticationToken type");
            }
            if (token.isExpired()) {
                throw new AuthenticationException("AuthenticationToken expired");
            }
        }
    }
    return token;
}
Also used : Cookie(javax.servlet.http.Cookie) AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) KerberosAuthenticationHandler(org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler) AuthenticationHandler(org.apache.hadoop.security.authentication.server.AuthenticationHandler) SignerException(org.apache.hadoop.security.authentication.util.SignerException)

Aggregations

AuthenticationToken (org.apache.hadoop.security.authentication.server.AuthenticationToken)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)7 Token (org.apache.hadoop.security.token.Token)7 PrintWriter (java.io.PrintWriter)4 StringWriter (java.io.StringWriter)4 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)4 DelegationTokenOperation (org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.DelegationTokenOperation)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 Map (java.util.Map)3 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)3 Principal (java.security.Principal)2 Properties (java.util.Properties)2 HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)2 AuthenticationHandler (org.apache.hadoop.security.authentication.server.AuthenticationHandler)2 KerberosAuthenticationHandler (org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler)2 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)2 AbstractDelegationTokenIdentifier (org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier)2 Test (org.junit.Test)2 AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial