Examples with SignerSecretProvider org.apache.hadoop.security.authentication.util.SignerSecretProvider used on opensource projects

Search in sources :

Example 6 with SignerSecretProvider

use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.

the class TestAuthenticationFilter method _testDoFilterAuthentication.

private void _testDoFilterAuthentication(boolean withDomainPath, boolean invalidToken, boolean expired) throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter("expired.token")).thenReturn(Boolean.toString(expired));
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, "management.operation" + ".return", "expired.token")).elements());
    getMockedServletContextWithStringSigner(config);
    if (withDomainPath) {
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH, "management.operation.return")).elements());
    }
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getParameter("authenticated")).thenReturn("true");
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
    Mockito.when(request.getQueryString()).thenReturn("authenticated=true");
    if (invalidToken) {
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { new Cookie(AuthenticatedURL.AUTH_COOKIE, "foo") });
    }
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    FilterChain chain = Mockito.mock(FilterChain.class);
    final Map<String, String> cookieMap = new HashMap<String, String>();
    Mockito.doAnswer(new Answer<Object>() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            String cookieHeader = (String) invocation.getArguments()[1];
            parseCookieMap(cookieHeader, cookieMap);
            return null;
        }
    }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    try {
        filter.init(config);
        filter.doFilter(request, response, chain);
        if (expired) {
            Mockito.verify(response, Mockito.never()).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
        } else {
            String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
            Assert.assertNotNull("cookie missing", v);
            Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains("t=") && v.contains("e=") && v.contains("s="));
            Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class), Mockito.any(ServletResponse.class));
            SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties secretProviderProps = new Properties();
            secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
            Signer signer = new Signer(secretProvider);
            String value = signer.verifyAndExtract(v);
            AuthenticationToken token = AuthenticationToken.parse(value);
            assertThat(token.getExpires(), not(0L));
            if (withDomainPath) {
                Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
                Assert.assertEquals("/bar", cookieMap.get("Path"));
            } else {
                Assert.assertFalse(cookieMap.containsKey("Domain"));
                Assert.assertFalse(cookieMap.containsKey("Path"));
            }
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector)

Example 7 with SignerSecretProvider

use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.

the class TestAuthenticationFilter method testManagementOperation.

@Test
public void testManagementOperation() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("false");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        filter.doFilter(request, response, chain);
        Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
        Mockito.verifyNoMoreInteractions(response);
        Mockito.reset(request);
        Mockito.reset(response);
        AuthenticationToken token = new AuthenticationToken("u", "p", "t");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        filter.doFilter(request, response, chain);
        Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
        Mockito.verifyNoMoreInteractions(response);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 8 with SignerSecretProvider

use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.

the class TestAuthenticationFilter method testGetToken.

@Test
public void testGetToken() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        SignerSecretProvider secretProvider = getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        AuthenticationToken newToken = filter.getToken(request);
        Assert.assertEquals(token.toString(), newToken.toString());
    } finally {
        filter.destroy();
    }
}
Also used : Signer(org.apache.hadoop.security.authentication.util.Signer) HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 9 with SignerSecretProvider

use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.

the class TestAuthenticationFilter method testDoFilterAuthenticated.

@Test
public void testDoFilterAuthenticated() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        AuthenticationToken token = new AuthenticationToken("u", "p", "t");
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
        FilterChain chain = Mockito.mock(FilterChain.class);
        Mockito.doAnswer(new Answer<Object>() {

            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                Object[] args = invocation.getArguments();
                HttpServletRequest request = (HttpServletRequest) args[0];
                Assert.assertEquals("u", request.getRemoteUser());
                Assert.assertEquals("p", request.getUserPrincipal().getName());
                return null;
            }
        }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
        filter.doFilter(request, response, chain);
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(org.apache.hadoop.security.authentication.util.Signer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 10 with SignerSecretProvider

use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.

the class TestAuthenticationFilter method testInit.

@Test
public void testInit() throws Exception {
    // custom secret as inline
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(new SignerSecretProvider() {

            @Override
            public void init(Properties config, ServletContext servletContext, long tokenValidity) {
            }

            @Override
            public byte[] getCurrentSecret() {
                return null;
            }

            @Override
            public byte[][] getAllSecrets() {
                return null;
            }
        });
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertTrue(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom secret by file
    File testDir = new File(System.getProperty("test.build.data", "target/test-dir"));
    testDir.mkdirs();
    String secretValue = "hadoop";
    File secretFile = new File(testDir, "http-secret.txt");
    Writer writer = new FileWriter(secretFile);
    writer.write(secretValue);
    writer.close();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET_FILE)).thenReturn(secretFile.getAbsolutePath());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET_FILE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertFalse(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom cookie domain and cookie path
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH)).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertEquals(".foo.com", filter.getCookieDomain());
        Assert.assertEquals("/bar", filter.getCookiePath());
    } finally {
        filter.destroy();
    }
    // authentication handler lifecycle, and custom impl
    DummyAuthenticationHandler.reset();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertTrue(DummyAuthenticationHandler.init);
    } finally {
        filter.destroy();
        Assert.assertTrue(DummyAuthenticationHandler.destroy);
    }
    // kerberos auth handler
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        ServletContext sc = Mockito.mock(ServletContext.class);
        Mockito.when(config.getServletContext()).thenReturn(sc);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("kerberos");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        filter.init(config);
    } catch (ServletException ex) {
    // Expected
    } finally {
        Assert.assertEquals(KerberosAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
        filter.destroy();
    }
}
Also used : SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) FileWriter(java.io.FileWriter) Properties(java.util.Properties) ServletException(javax.servlet.ServletException) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) File(java.io.File) FileWriter(java.io.FileWriter) Writer(java.io.Writer) Test(org.junit.Test)

Aggregations

SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)14 Properties (java.util.Properties)13 Signer (org.apache.hadoop.security.authentication.util.Signer)12 Vector (java.util.Vector)10 FilterConfig (javax.servlet.FilterConfig)10 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Test (org.junit.Test)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)7 FilterChain (javax.servlet.FilterChain)6 InvocationOnMock (org.mockito.invocation.InvocationOnMock)3 HashMap (java.util.HashMap)2 ServletContext (javax.servlet.ServletContext)2 ServletRequest (javax.servlet.ServletRequest)2 ServletResponse (javax.servlet.ServletResponse)2 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)2 File (java.io.File)1 FileWriter (java.io.FileWriter)1 InputStreamReader (java.io.InputStreamReader)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial