Example 11 with SignerSecretProvider
use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.
the class TestAuthenticationFilter method verifyAuthorized.
private static void verifyAuthorized(AuthenticationFilter filter, HttpServletRequest request, HttpServletResponse response, FilterChain chain, boolean newCookie) throws Exception {
final Map<String, String> cookieMap = new HashMap<>();
Mockito.doAnswer(new Answer<Object>() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
String cookieHeader = (String) invocation.getArguments()[1];
parseCookieMap(cookieHeader, cookieMap);
return null;
}
}).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
filter.doFilter(request, response, chain);
if (newCookie) {
// a new cookie should be dropped when maxInactiveInterval is enabled
String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
Assert.assertNotNull("cookie missing", v);
Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains("t=") && v.contains("i=") && v.contains("e=") && v.contains("s="));
Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class), Mockito.any(ServletResponse.class));
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
Properties secretProviderProps = new Properties();
secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
Signer signer = new Signer(secretProvider);
String value = signer.verifyAndExtract(v);
AuthenticationToken token = AuthenticationToken.parse(value);
assertThat(token.getMaxInactives(), not(0L));
assertThat(token.getExpires(), not(0L));
Assert.assertFalse("Token is expired.", token.isExpired());
} else {
//make sure that no auth cookie is dropped.
//For unauthorized response, auth cookie is dropped with empty value
Assert.assertTrue("cookie is present", !cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE));
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider)
HashMap(java.util.HashMap)
Properties(java.util.Properties)
Signer(org.apache.hadoop.security.authentication.util.Signer)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
Example 12 with SignerSecretProvider
use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.
the class TestAuthenticationFilter method testGetTokenInvalidType.
@Test
public void testGetTokenInvalidType() throws Exception {
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
getMockedServletContextWithStringSigner(config);
filter.init(config);
AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
Properties secretProviderProps = new Properties();
secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
Signer signer = new Signer(secretProvider);
String tokenSigned = signer.sign(token.toString());
Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
boolean failed = false;
try {
filter.getToken(request);
} catch (AuthenticationException ex) {
Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
failed = true;
} finally {
Assert.assertTrue("token not invalid type", failed);
}
} finally {
filter.destroy();
}
}
Also used :
HttpCookie(java.net.HttpCookie)
Cookie(javax.servlet.http.Cookie)
SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
Properties(java.util.Properties)
Signer(org.apache.hadoop.security.authentication.util.Signer)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
FilterConfig(javax.servlet.FilterConfig)
Vector(java.util.Vector)
Test(org.junit.Test)
Example 13 with SignerSecretProvider
use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.
the class TestHttpServerWithSpengo method getSignerToEncrypt.
private Signer getSignerToEncrypt() throws Exception {
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
Properties secretProviderProps = new Properties();
secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, SECRET_STR);
secretProvider.init(secretProviderProps, null, TIMEOUT);
return new Signer(secretProvider);
}
Also used :
Signer(org.apache.hadoop.security.authentication.util.Signer)
SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider)
Properties(java.util.Properties)
Example 14 with SignerSecretProvider
use of org.apache.hadoop.security.authentication.util.SignerSecretProvider in project hadoop by apache.
the class TestHttpFSServer method testDelegationTokenOperations.
@Test
@TestDir
@TestJetty
@TestHdfs
public void testDelegationTokenOperations() throws Exception {
createHttpFSServer(true);
URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
AuthenticationToken token = new AuthenticationToken("u", "p", new KerberosDelegationTokenAuthenticationHandler().getType());
token.setExpires(System.currentTimeMillis() + 100000000);
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
Properties secretProviderProps = new Properties();
secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
secretProvider.init(secretProviderProps, null, -1);
Signer signer = new Signer(secretProvider);
String tokenSigned = signer.sign(token.toString());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN");
conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
JSONObject json = (JSONObject) new JSONParser().parse(new InputStreamReader(conn.getInputStream()));
json = (JSONObject) json.get(DelegationTokenAuthenticator.DELEGATION_TOKEN_JSON);
String tokenStr = (String) json.get(DelegationTokenAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON);
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("PUT");
Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("PUT");
conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("PUT");
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
// getTrash test with delegation
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETTRASHROOT&delegation=" + tokenStr);
conn = (HttpURLConnection) url.openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETTRASHROOT");
conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
}
Also used :
Signer(org.apache.hadoop.security.authentication.util.Signer)
SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider)
HttpURLConnection(java.net.HttpURLConnection)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
JSONObject(org.json.simple.JSONObject)
InputStreamReader(java.io.InputStreamReader)
KerberosDelegationTokenAuthenticationHandler(org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler)
JSONParser(org.json.simple.parser.JSONParser)
Properties(java.util.Properties)
URL(java.net.URL)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
TestJetty(org.apache.hadoop.test.TestJetty)
TestHdfs(org.apache.hadoop.test.TestHdfs)
TestDir(org.apache.hadoop.test.TestDir)
Test(org.junit.Test)
Aggregations
SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)14
Properties (java.util.Properties)13
Signer (org.apache.hadoop.security.authentication.util.Signer)12
Vector (java.util.Vector)10
FilterConfig (javax.servlet.FilterConfig)10
HttpServletRequest (javax.servlet.http.HttpServletRequest)10
HttpCookie (java.net.HttpCookie)9
Cookie (javax.servlet.http.Cookie)9
Test (org.junit.Test)9
HttpServletResponse (javax.servlet.http.HttpServletResponse)7
FilterChain (javax.servlet.FilterChain)6
InvocationOnMock (org.mockito.invocation.InvocationOnMock)3
HashMap (java.util.HashMap)2
ServletContext (javax.servlet.ServletContext)2
ServletRequest (javax.servlet.ServletRequest)2
ServletResponse (javax.servlet.ServletResponse)2
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)2
File (java.io.File)1
FileWriter (java.io.FileWriter)1
InputStreamReader (java.io.InputStreamReader)1
