use of org.apache.http.config.Lookup in project hbase by apache.
the class TestProxyUserSpnegoHttpServer method testProxy.
public void testProxy(String clientPrincipal, String doAs, int responseCode, String statusLine) throws Exception {
// Create the subject for the client
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(WHEEL_PRINCIPAL, wheelKeytab);
final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
// Make sure the subject has a principal
assertFalse(clientPrincipals.isEmpty());
// Get a TGT for the subject (might have many, different encryption types). The first should
// be the default encryption type.
Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
assertFalse(privateCredentials.isEmpty());
KerberosTicket tgt = privateCredentials.iterator().next();
assertNotNull(tgt);
// The name of the principal
final String principalName = clientPrincipals.iterator().next().getName();
// Run this code, logged in as the subject (the client)
HttpResponse resp = Subject.doAs(clientSubject, new PrivilegedExceptionAction<HttpResponse>() {
@Override
public HttpResponse run() throws Exception {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
// jGSS Kerberos login constant
Oid oid = new Oid("1.2.840.113554.1.2.2");
GSSName gssClient = gssManager.createName(principalName, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
HttpClientContext context = HttpClientContext.create();
Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
HttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).build();
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
URL url = new URL(getServerURL(server), "/echo?doAs=" + doAs + "&a=b");
context.setTargetHost(new HttpHost(url.getHost(), url.getPort()));
context.setCredentialsProvider(credentialsProvider);
context.setAuthSchemeRegistry(authRegistry);
HttpGet get = new HttpGet(url.toURI());
return client.execute(get, context);
}
});
assertNotNull(resp);
assertEquals(responseCode, resp.getStatusLine().getStatusCode());
if (responseCode == HttpURLConnection.HTTP_OK) {
assertTrue(EntityUtils.toString(resp.getEntity()).trim().contains("a:b"));
} else {
assertTrue(resp.getStatusLine().toString().contains(statusLine) || EntityUtils.toString(resp.getEntity()).contains(statusLine));
}
}
use of org.apache.http.config.Lookup in project hbase by apache.
the class TestThriftSpnegoHttpFallbackServer method createHttpClient.
private CloseableHttpClient createHttpClient() throws Exception {
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(clientPrincipal, clientKeytab);
final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
// Make sure the subject has a principal
assertFalse("Found no client principals in the clientSubject.", clientPrincipals.isEmpty());
// Get a TGT for the subject (might have many, different encryption types). The first should
// be the default encryption type.
Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
assertFalse("Found no private credentials in the clientSubject.", privateCredentials.isEmpty());
KerberosTicket tgt = privateCredentials.iterator().next();
assertNotNull("No kerberos ticket found.", tgt);
// The name of the principal
final String clientPrincipalName = clientPrincipals.iterator().next().getName();
return Subject.doAs(clientSubject, (PrivilegedExceptionAction<CloseableHttpClient>) () -> {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
// jGSS Kerberos login constant
Oid oid = new Oid("1.2.840.113554.1.2.2");
GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
});
}
use of org.apache.http.config.Lookup in project hbase by apache.
the class TestThriftSpnegoHttpServer method createHttpClient.
private CloseableHttpClient createHttpClient() throws Exception {
final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(clientPrincipal, clientKeytab);
final Set<Principal> clientPrincipals = clientSubject.getPrincipals();
// Make sure the subject has a principal
assertFalse("Found no client principals in the clientSubject.", clientPrincipals.isEmpty());
// Get a TGT for the subject (might have many, different encryption types). The first should
// be the default encryption type.
Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
assertFalse("Found no private credentials in the clientSubject.", privateCredentials.isEmpty());
KerberosTicket tgt = privateCredentials.iterator().next();
assertNotNull("No kerberos ticket found.", tgt);
// The name of the principal
final String clientPrincipalName = clientPrincipals.iterator().next().getName();
return Subject.doAs(clientSubject, (PrivilegedExceptionAction<CloseableHttpClient>) () -> {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
// jGSS Kerberos login constant
Oid oid = new Oid("1.2.840.113554.1.2.2");
GSSName gssClient = gssManager.createName(clientPrincipalName, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
});
}
use of org.apache.http.config.Lookup in project lucene-solr by apache.
the class CloserThread method setupHttpClientForAuthPlugin.
private void setupHttpClientForAuthPlugin(Object authcPlugin) {
if (authcPlugin instanceof HttpClientBuilderPlugin) {
// Setup HttpClient for internode communication
SolrHttpClientBuilder builder = ((HttpClientBuilderPlugin) authcPlugin).getHttpClientBuilder(HttpClientUtil.getHttpClientBuilder());
// The default http client of the core container's shardHandlerFactory has already been created and
// configured using the default httpclient configurer. We need to reconfigure it using the plugin's
// http client configurer to set it up for internode communication.
log.debug("Reconfiguring HttpClient settings.");
SolrHttpClientContextBuilder httpClientBuilder = new SolrHttpClientContextBuilder();
if (builder.getCredentialsProviderProvider() != null) {
httpClientBuilder.setDefaultCredentialsProvider(new CredentialsProviderProvider() {
@Override
public CredentialsProvider getCredentialsProvider() {
return builder.getCredentialsProviderProvider().getCredentialsProvider();
}
});
}
if (builder.getAuthSchemeRegistryProvider() != null) {
httpClientBuilder.setAuthSchemeRegistryProvider(new AuthSchemeRegistryProvider() {
@Override
public Lookup<AuthSchemeProvider> getAuthSchemeRegistry() {
return builder.getAuthSchemeRegistryProvider().getAuthSchemeRegistry();
}
});
}
HttpClientUtil.setHttpClientRequestContextBuilder(httpClientBuilder);
} else {
if (pkiAuthenticationPlugin != null) {
//this happened due to an authc plugin reload. no need to register the pkiAuthc plugin again
if (pkiAuthenticationPlugin.isInterceptorRegistered())
return;
log.info("PKIAuthenticationPlugin is managing internode requests");
setupHttpClientForAuthPlugin(pkiAuthenticationPlugin);
pkiAuthenticationPlugin.setInterceptorRegistered();
}
}
}
use of org.apache.http.config.Lookup in project epp.mpc by eclipse.
the class TransportFactoryTest method testHttpClientTransportWin32Support.
@Test
public void testHttpClientTransportWin32Support() throws Exception {
BundleContext bundleContext = FrameworkUtil.getBundle(TransportFactory.class).getBundleContext();
Assume.assumeThat(bundleContext.getProperty("osgi.os"), is("win32"));
HttpContext context = interceptRequest().getInterceptedContext();
Lookup<?> authRegistry = (Lookup<?>) context.getAttribute(HttpClientContext.AUTHSCHEME_REGISTRY);
CredentialsProvider credentialsProvider = (CredentialsProvider) context.getAttribute(HttpClientContext.CREDS_PROVIDER);
assertNotNull(authRegistry);
Object ntlmFactory = authRegistry.lookup(AuthSchemes.NTLM);
assertNotNull(ntlmFactory);
assertEquals("org.apache.http.impl.auth.win.WindowsNTLMSchemeFactory", ntlmFactory.getClass().getName());
assertNotNull(credentialsProvider);
List<CredentialsProvider> nestedProviders = listCredentialsProviders(credentialsProvider);
assertThat(nestedProviders, hasItem(LambdaMatchers.map(x -> x.getClass().getName()).matches("org.apache.http.impl.auth.win.WindowsCredentialsProvider")));
}
Aggregations