Example 76 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.
the class TestWebDelegationToken method testHttpUGI.
@Test
public void testHttpUGI() throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UGIServlet.class), "/bar");
try {
jetty.start();
final URL url = new URL(getJettyURL() + "/foo/bar");
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
// user foo
HttpURLConnection conn = aUrl.openConnection(url, token);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals("remoteuser=" + FOO_USER + ":ugi=" + FOO_USER, ret.get(0));
// user ok-user via proxyuser foo
conn = aUrl.openConnection(url, token, OK_USER);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals("realugi=" + FOO_USER + ":remoteuser=" + OK_USER + ":ugi=" + OK_USER, ret.get(0));
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
List(java.util.List)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 77 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.
the class TestWebDelegationToken method testDelegationTokenAuthenticatedURLWithNoDT.
// we are, also, implicitly testing KerberosDelegationTokenAuthenticator
// fallback here
private void testDelegationTokenAuthenticatedURLWithNoDT(Class<? extends Filter> filterClass) throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(filterClass), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UserServlet.class), "/bar");
try {
jetty.start();
final URL url = new URL(getJettyURL() + "/foo/bar");
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
HttpURLConnection conn = aUrl.openConnection(url, token);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(FOO_USER, ret.get(0));
try {
aUrl.getDelegationToken(url, token, FOO_USER);
Assert.fail();
} catch (AuthenticationException ex) {
Assert.assertTrue(ex.getMessage().contains("delegation token operation"));
}
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
List(java.util.List)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 78 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.
the class TestWebDelegationToken method testDelegationTokenAuthenticatorCalls.
private void testDelegationTokenAuthenticatorCalls(final boolean useQS) throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(AFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(PingServlet.class), "/bar");
try {
jetty.start();
final URL nonAuthURL = new URL(getJettyURL() + "/foo/bar");
URL authURL = new URL(getJettyURL() + "/foo/bar?authenticated=foo");
URL authURL2 = new URL(getJettyURL() + "/foo/bar?authenticated=bar");
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
final DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
aUrl.setUseQueryStringForDelegationToken(useQS);
try {
aUrl.getDelegationToken(nonAuthURL, token, FOO_USER);
Assert.fail();
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("401"));
}
aUrl.getDelegationToken(authURL, token, FOO_USER);
Assert.assertNotNull(token.getDelegationToken());
Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind());
aUrl.renewDelegationToken(authURL, token);
try {
aUrl.renewDelegationToken(nonAuthURL, token);
Assert.fail();
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("401"));
}
aUrl.getDelegationToken(authURL, token, FOO_USER);
try {
aUrl.renewDelegationToken(authURL2, token);
Assert.fail();
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("403"));
}
aUrl.getDelegationToken(authURL, token, FOO_USER);
aUrl.cancelDelegationToken(authURL, token);
aUrl.getDelegationToken(authURL, token, FOO_USER);
aUrl.cancelDelegationToken(nonAuthURL, token);
aUrl.getDelegationToken(authURL, token, FOO_USER);
try {
aUrl.renewDelegationToken(nonAuthURL, token);
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("401"));
}
aUrl.getDelegationToken(authURL, token, "foo");
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
ugi.addToken(token.getDelegationToken());
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HttpURLConnection conn = aUrl.openConnection(nonAuthURL, new DelegationTokenAuthenticatedURL.Token());
Assert.assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode());
if (useQS) {
Assert.assertNull(conn.getHeaderField("UsingHeader"));
Assert.assertNotNull(conn.getHeaderField("UsingQueryString"));
} else {
Assert.assertNotNull(conn.getHeaderField("UsingHeader"));
Assert.assertNull(conn.getHeaderField("UsingQueryString"));
}
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
Text(org.apache.hadoop.io.Text)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 79 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.
the class AuthenticatorTestCase method startJetty.
protected void startJetty() throws Exception {
server = new Server();
context = new ServletContextHandler();
context.setContextPath("/foo");
server.setHandler(context);
context.addFilter(new FilterHolder(TestFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(TestServlet.class), "/bar");
host = "localhost";
port = getLocalPort();
ServerConnector connector = new ServerConnector(server);
connector.setHost(host);
connector.setPort(port);
server.setConnectors(new Connector[] { connector });
server.start();
System.out.println("Running embedded servlet container at: http://" + host + ":" + port);
}
Also used :
ServerConnector(org.eclipse.jetty.server.ServerConnector)
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
Example 80 with FilterHolder
use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.
the class ApplicationHistoryServer method startWebApp.
@SuppressWarnings("unchecked")
private void startWebApp() {
Configuration conf = getConfig();
TimelineAuthenticationFilter.setTimelineDelegationTokenSecretManager(secretManagerService.getTimelineDelegationTokenSecretManager());
// Always load pseudo authentication filter to parse "user.name" in an URL
// to identify a HTTP request's user in insecure mode.
// When Kerberos authentication type is set (i.e., secure mode is turned on),
// the customized filter will be loaded by the timeline server to do Kerberos
// + DT authentication.
String initializers = conf.get("hadoop.http.filter.initializers");
boolean modifiedInitializers = false;
initializers = initializers == null || initializers.length() == 0 ? "" : initializers;
if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) {
if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration.TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) {
if (initializers.contains(HttpCrossOriginFilterInitializer.class.getName())) {
initializers = initializers.replaceAll(HttpCrossOriginFilterInitializer.class.getName(), CrossOriginFilterInitializer.class.getName());
} else {
if (initializers.length() != 0) {
initializers += ",";
}
initializers += CrossOriginFilterInitializer.class.getName();
}
modifiedInitializers = true;
}
}
if (!initializers.contains(TimelineAuthenticationFilterInitializer.class.getName())) {
if (initializers.length() != 0) {
initializers += ",";
}
initializers += TimelineAuthenticationFilterInitializer.class.getName();
modifiedInitializers = true;
}
String[] parts = initializers.split(",");
ArrayList<String> target = new ArrayList<String>();
for (String filterInitializer : parts) {
filterInitializer = filterInitializer.trim();
if (filterInitializer.equals(AuthenticationFilterInitializer.class.getName())) {
modifiedInitializers = true;
continue;
}
target.add(filterInitializer);
}
String actualInitializers = org.apache.commons.lang.StringUtils.join(target, ",");
if (modifiedInitializers) {
conf.set("hadoop.http.filter.initializers", actualInitializers);
}
String bindAddress = WebAppUtils.getWebAppBindURL(conf, YarnConfiguration.TIMELINE_SERVICE_BIND_HOST, WebAppUtils.getAHSWebAppURLWithoutScheme(conf));
try {
AHSWebApp ahsWebApp = new AHSWebApp(timelineDataManager, ahsClientService);
webApp = WebApps.$for("applicationhistory", ApplicationHistoryClientService.class, ahsClientService, "ws").with(conf).withAttribute(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, conf.get(YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS)).withCSRFProtection(YarnConfiguration.TIMELINE_CSRF_PREFIX).withXFSProtection(YarnConfiguration.TIMELINE_XFS_PREFIX).at(bindAddress).build(ahsWebApp);
HttpServer2 httpServer = webApp.httpServer();
String[] names = conf.getTrimmedStrings(YarnConfiguration.TIMELINE_SERVICE_UI_NAMES);
WebAppContext webAppContext = httpServer.getWebAppContext();
for (String name : names) {
String webPath = conf.get(YarnConfiguration.TIMELINE_SERVICE_UI_WEB_PATH_PREFIX + name);
String onDiskPath = conf.get(YarnConfiguration.TIMELINE_SERVICE_UI_ON_DISK_PATH_PREFIX + name);
WebAppContext uiWebAppContext = new WebAppContext();
uiWebAppContext.setContextPath(webPath);
if (onDiskPath.endsWith(".war")) {
uiWebAppContext.setWar(onDiskPath);
} else {
uiWebAppContext.setResourceBase(onDiskPath);
}
final String[] ALL_URLS = { "/*" };
FilterHolder[] filterHolders = webAppContext.getServletHandler().getFilters();
for (FilterHolder filterHolder : filterHolders) {
if (!"guice".equals(filterHolder.getName())) {
HttpServer2.defineFilter(uiWebAppContext, filterHolder.getName(), filterHolder.getClassName(), filterHolder.getInitParameters(), ALL_URLS);
}
}
LOG.info("Hosting " + name + " from " + onDiskPath + " at " + webPath);
httpServer.addHandlerAtFront(uiWebAppContext);
}
httpServer.start();
conf.updateConnectAddr(YarnConfiguration.TIMELINE_SERVICE_BIND_HOST, YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS, YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_ADDRESS, this.getListenerAddress());
LOG.info("Instantiating AHSWebApp at " + getPort());
} catch (Exception e) {
String msg = "AHSWebApp failed to start.";
LOG.error(msg, e);
throw new YarnRuntimeException(msg, e);
}
}
Also used :
HttpCrossOriginFilterInitializer(org.apache.hadoop.security.HttpCrossOriginFilterInitializer)
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
ArrayList(java.util.ArrayList)
TimelineAuthenticationFilterInitializer(org.apache.hadoop.yarn.server.timeline.security.TimelineAuthenticationFilterInitializer)
AuthenticationFilterInitializer(org.apache.hadoop.security.AuthenticationFilterInitializer)
IOException(java.io.IOException)
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
WebAppContext(org.eclipse.jetty.webapp.WebAppContext)
CrossOriginFilterInitializer(org.apache.hadoop.yarn.server.timeline.webapp.CrossOriginFilterInitializer)
HttpCrossOriginFilterInitializer(org.apache.hadoop.security.HttpCrossOriginFilterInitializer)
AHSWebApp(org.apache.hadoop.yarn.server.applicationhistoryservice.webapp.AHSWebApp)
TimelineAuthenticationFilterInitializer(org.apache.hadoop.yarn.server.timeline.security.TimelineAuthenticationFilterInitializer)
HttpServer2(org.apache.hadoop.http.HttpServer2)
Aggregations
FilterHolder (org.eclipse.jetty.servlet.FilterHolder)84
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)44
Test (org.junit.Test)35
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)32
Server (org.eclipse.jetty.server.Server)21
CountDownLatch (java.util.concurrent.CountDownLatch)18
Filter (javax.servlet.Filter)11
IOException (java.io.IOException)10
URL (java.net.URL)10
DispatcherType (javax.servlet.DispatcherType)9
ServletException (javax.servlet.ServletException)8
AuthenticationToken (org.apache.hadoop.security.authentication.server.AuthenticationToken)8
ServerConnector (org.eclipse.jetty.server.ServerConnector)8
File (java.io.File)7
HttpURLConnection (java.net.HttpURLConnection)7
PrivilegedActionException (java.security.PrivilegedActionException)7
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)7
FilterMapping (org.eclipse.jetty.servlet.FilterMapping)7
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)7
List (java.util.List)6
