Examples with PrimaryPrincipal org.apache.knox.gateway.security.PrimaryPrincipal used on opensource projects

Search in sources :

Example 21 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class HadoopGroupProviderFilterTest method testGroups.

/**
 * Test that valid groups are retrieved for a legitimate user.
 *
 * @throws ServletException
 */
@Test
public void testGroups() throws ServletException {
    final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
    final Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal(username));
    filter.init(config);
    final String principal = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    final String[] groups = filter.mapGroupPrincipals(principal, subject);
    assertThat(principal, is(username));
    assertThat("No groups assosciated with the user, most likely this is a failure, it is only OK when 'bash -c groups' command returns 0 groups. ", groups.length > 0);
}
Also used : PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 22 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class HadoopGroupProviderFilterTest method testUnknownUser.

/**
 * Test that no groups are retrieved for a dummy user.
 *
 * @throws ServletException
 */
@Test
public void testUnknownUser() throws ServletException {
    final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
    final Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal(failUsername));
    filter.init(config);
    final String principal = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    final String[] groups = filter.mapGroupPrincipals(principal, subject);
    assertThat(principal, is(failUsername));
    assertThat("Somehow groups were found for this user, how is it possible ! check 'bash -c groups' command ", groups.length == 0);
}
Also used : PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 23 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class DefaultIdentityAssertionFilterTest method testContextParameters.

@Test
public void testContextParameters() throws Exception {
    // for backward compatibility of old deployment contributor's method
    // of adding init params to the servlet context instead of to the filter.
    // There is the possibility that previously deployed topologies will have
    // init params in web.xml at the context level instead of the filter level.
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    IdentityAsserterFilter filter = new IdentityAsserterFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    filter.init(config);
    String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
    // String[] groups = filter.mapGroupPrincipals(username, subject);
    assertEquals("lmccay", username);
    // means for the caller to use the existing subject groups
    assertNull(groups);
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
    EasyMock.expect(context.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
    assertEquals("hdfs", username);
    assertTrue("mrgroup not found in groups: " + groups, groupFoundIn("mrgroup", groups));
    assertTrue("mrducks not found in groups: " + groups, groupFoundIn("mrducks", groups));
    assertFalse("group1 WAS found in groups: " + groups, groupFoundIn("group1", groups));
    subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
    EasyMock.expect(context.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    assertEquals("hdfs", username);
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Principal(java.security.Principal) GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Test(org.junit.Test)

Example 24 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class TokenServiceResourceTest method testValidClientCertWrongUser.

@Test
public void testValidClientCertWrongUser() throws Exception {
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(context.getInitParameter("knox.token.client.cert.required")).andReturn("true");
    EasyMock.expect(context.getInitParameter("knox.token.allowed.principals")).andReturn("CN=remotehost, OU=Test, O=Hadoop, L=Test, ST=Test, C=US");
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
    X509Certificate trustedCertMock = EasyMock.createMock(X509Certificate.class);
    EasyMock.expect(trustedCertMock.getSubjectDN()).andReturn(new PrimaryPrincipal("CN=localhost, OU=Test, O=Hadoop, L=Test, ST=Test, C=US")).anyTimes();
    ArrayList<X509Certificate> certArrayList = new ArrayList<X509Certificate>();
    certArrayList.add(trustedCertMock);
    X509Certificate[] certs = {};
    EasyMock.expect(request.getAttribute("javax.servlet.request.X509Certificate")).andReturn(certArrayList.toArray(certs)).anyTimes();
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("alice").anyTimes();
    EasyMock.expect(request.getUserPrincipal()).andReturn(principal).anyTimes();
    GatewayServices services = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(services);
    JWTokenAuthority authority = new TestJWTokenAuthority(publicKey, privateKey);
    EasyMock.expect(services.getService(GatewayServices.TOKEN_SERVICE)).andReturn(authority);
    StringWriter writer = new StringWriter();
    PrintWriter printWriter = new PrintWriter(writer);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.expect(response.getWriter()).andReturn(printWriter);
    EasyMock.replay(principal, services, context, request, response, trustedCertMock);
    TokenResource tr = new TokenResource();
    tr.request = request;
    tr.response = response;
    tr.context = context;
    tr.init();
    // Issue a token
    Response retResponse = tr.doGet();
    assertEquals(403, retResponse.getStatus());
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) TokenResource(org.apache.knox.gateway.service.knoxtoken.TokenResource) ArrayList(java.util.ArrayList) HttpServletResponse(javax.servlet.http.HttpServletResponse) X509Certificate(java.security.cert.X509Certificate) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) StringWriter(java.io.StringWriter) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) ServletContext(javax.servlet.ServletContext) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Principal(java.security.Principal) PrintWriter(java.io.PrintWriter) Test(org.junit.Test)

Example 25 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class ConcatIdentityAssertionFilterTest method testPrefixAndSuffix.

@Test
public void testPrefixAndSuffix() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    ConcatIdentityAssertionFilter filter = new ConcatIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("larry"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    filter.init(config);
    String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(username, subject);
    assertEquals(username, "larry");
    // means for the caller to use the existing subject groups
    assertNull(groups);
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.expect(config.getInitParameter("concat.prefix")).andReturn("sir-").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    assertEquals(username, "sir-larry");
    config = EasyMock.createNiceMock(FilterConfig.class);
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.expect(config.getInitParameter("concat.suffix")).andReturn("-tenant-1").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    assertEquals(username, "larry-tenant-1");
    config = EasyMock.createNiceMock(FilterConfig.class);
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.expect(config.getInitParameter("concat.prefix")).andReturn("sir-").anyTimes();
    EasyMock.expect(config.getInitParameter("concat.suffix")).andReturn("-tenant-1").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    assertEquals(username, "sir-larry-tenant-1");
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Principal(java.security.Principal) GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Test(org.junit.Test)

Aggregations

PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)42 Subject (javax.security.auth.Subject)30 Test (org.junit.Test)30 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 ServletContext (javax.servlet.ServletContext)18 FilterConfig (javax.servlet.FilterConfig)17 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)16 Principal (java.security.Principal)13 ServletException (javax.servlet.ServletException)12 SignedJWT (com.nimbusds.jwt.SignedJWT)10 Properties (java.util.Properties)10 Date (java.util.Date)9 ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)4 HashSet (java.util.HashSet)3 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 StringWriter (java.io.StringWriter)2 URISyntaxException (java.net.URISyntaxException)2 PrivilegedActionException (java.security.PrivilegedActionException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial