Examples with FilterHolder org.eclipse.jetty.servlet.FilterHolder used on opensource projects

Search in sources :

Example 6 with FilterHolder

use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.

the class TestWebDelegationToken method testKerberosDelegationTokenAuthenticator.

private void testKerberosDelegationTokenAuthenticator(final boolean doAs) throws Exception {
    final String doAsUser = doAs ? OK_USER : null;
    // setting hadoop security to kerberos
    org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
    conf.set("hadoop.security.authentication", "kerberos");
    UserGroupInformation.setConfiguration(conf);
    File testDir = new File("target/" + UUID.randomUUID().toString());
    Assert.assertTrue(testDir.mkdirs());
    MiniKdc kdc = new MiniKdc(MiniKdc.createConf(), testDir);
    final Server jetty = createJettyServer();
    ServletContextHandler context = new ServletContextHandler();
    context.setContextPath("/foo");
    jetty.setHandler(context);
    context.addFilter(new FilterHolder(KDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
    context.addServlet(new ServletHolder(UserServlet.class), "/bar");
    try {
        kdc.start();
        File keytabFile = new File(testDir, "test.keytab");
        kdc.createPrincipal(keytabFile, "client", "HTTP/localhost");
        KDTAFilter.keytabFile = keytabFile.getAbsolutePath();
        jetty.start();
        final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
        final DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
        final URL url = new URL(getJettyURL() + "/foo/bar");
        try {
            aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
            Assert.fail();
        } catch (AuthenticationException ex) {
            Assert.assertTrue(ex.getMessage().contains("GSSException"));
        }
        doAsKerberosUser("client", keytabFile.getAbsolutePath(), new Callable<Void>() {

            @Override
            public Void call() throws Exception {
                aUrl.getDelegationToken(url, token, doAs ? doAsUser : "client", doAsUser);
                Assert.assertNotNull(token.getDelegationToken());
                Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind());
                // Make sure the token belongs to the right owner
                ByteArrayInputStream buf = new ByteArrayInputStream(token.getDelegationToken().getIdentifier());
                DataInputStream dis = new DataInputStream(buf);
                DelegationTokenIdentifier id = new DelegationTokenIdentifier(new Text("token-kind"));
                id.readFields(dis);
                dis.close();
                Assert.assertEquals(doAs ? new Text(OK_USER) : new Text("client"), id.getOwner());
                if (doAs) {
                    Assert.assertEquals(new Text("client"), id.getRealUser());
                }
                aUrl.renewDelegationToken(url, token, doAsUser);
                Assert.assertNotNull(token.getDelegationToken());
                aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
                Assert.assertNotNull(token.getDelegationToken());
                try {
                    aUrl.renewDelegationToken(url, token, doAsUser);
                    Assert.fail();
                } catch (Exception ex) {
                    Assert.assertTrue(ex.getMessage().contains("403"));
                }
                aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
                aUrl.cancelDelegationToken(url, token, doAsUser);
                Assert.assertNull(token.getDelegationToken());
                return null;
            }
        });
    } finally {
        jetty.stop();
        kdc.stop();
    }
}
Also used : FilterHolder(org.eclipse.jetty.servlet.FilterHolder) Configuration(javax.security.auth.login.Configuration) Server(org.eclipse.jetty.server.Server) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) URL(java.net.URL) MiniKdc(org.apache.hadoop.minikdc.MiniKdc) Text(org.apache.hadoop.io.Text) DataInputStream(java.io.DataInputStream) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) ByteArrayInputStream(java.io.ByteArrayInputStream) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) File(java.io.File)

Example 7 with FilterHolder

use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.

the class TestWebDelegationToken method testFallbackToPseudoDelegationTokenAuthenticator.

@Test
public void testFallbackToPseudoDelegationTokenAuthenticator() throws Exception {
    final Server jetty = createJettyServer();
    ServletContextHandler context = new ServletContextHandler();
    context.setContextPath("/foo");
    jetty.setHandler(context);
    context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
    context.addServlet(new ServletHolder(UserServlet.class), "/bar");
    try {
        jetty.start();
        final URL url = new URL(getJettyURL() + "/foo/bar");
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
        ugi.doAs(new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                HttpURLConnection conn = aUrl.openConnection(url, token);
                Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
                List<String> ret = IOUtils.readLines(conn.getInputStream());
                Assert.assertEquals(1, ret.size());
                Assert.assertEquals(FOO_USER, ret.get(0));
                aUrl.getDelegationToken(url, token, FOO_USER);
                Assert.assertNotNull(token.getDelegationToken());
                Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind());
                return null;
            }
        });
    } finally {
        jetty.stop();
    }
}
Also used : FilterHolder(org.eclipse.jetty.servlet.FilterHolder) Server(org.eclipse.jetty.server.Server) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) Text(org.apache.hadoop.io.Text) URL(java.net.URL) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) HttpURLConnection(java.net.HttpURLConnection) List(java.util.List) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 8 with FilterHolder

use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.

the class TestWebDelegationToken method testIpaddressCheck.

@Test
public void testIpaddressCheck() throws Exception {
    final Server jetty = createJettyServer();
    ServletContextHandler context = new ServletContextHandler();
    context.setContextPath("/foo");
    jetty.setHandler(context);
    context.addFilter(new FilterHolder(IpAddressBasedPseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
    context.addServlet(new ServletHolder(UGIServlet.class), "/bar");
    try {
        jetty.start();
        final URL url = new URL(getJettyURL() + "/foo/bar");
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
        ugi.doAs(new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                // user ok-user via proxyuser foo
                HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER);
                Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
                List<String> ret = IOUtils.readLines(conn.getInputStream());
                Assert.assertEquals(1, ret.size());
                Assert.assertEquals("realugi=" + FOO_USER + ":remoteuser=" + OK_USER + ":ugi=" + OK_USER, ret.get(0));
                return null;
            }
        });
    } finally {
        jetty.stop();
    }
}
Also used : FilterHolder(org.eclipse.jetty.servlet.FilterHolder) Server(org.eclipse.jetty.server.Server) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) URL(java.net.URL) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) HttpURLConnection(java.net.HttpURLConnection) List(java.util.List) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 9 with FilterHolder

use of org.eclipse.jetty.servlet.FilterHolder in project hadoop by apache.

the class TestWebDelegationToken method testProxyUser.

@Test
public void testProxyUser() throws Exception {
    final Server jetty = createJettyServer();
    ServletContextHandler context = new ServletContextHandler();
    context.setContextPath("/foo");
    jetty.setHandler(context);
    context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
    context.addServlet(new ServletHolder(UserServlet.class), "/bar");
    try {
        jetty.start();
        final URL url = new URL(getJettyURL() + "/foo/bar");
        // proxyuser using raw HTTP, verifying doAs is case insensitive
        String strUrl = String.format("%s?user.name=%s&doas=%s", url.toExternalForm(), FOO_USER, OK_USER);
        HttpURLConnection conn = (HttpURLConnection) new URL(strUrl).openConnection();
        Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
        List<String> ret = IOUtils.readLines(conn.getInputStream());
        Assert.assertEquals(1, ret.size());
        Assert.assertEquals(OK_USER, ret.get(0));
        strUrl = String.format("%s?user.name=%s&DOAS=%s", url.toExternalForm(), FOO_USER, OK_USER);
        conn = (HttpURLConnection) new URL(strUrl).openConnection();
        Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
        ret = IOUtils.readLines(conn.getInputStream());
        Assert.assertEquals(1, ret.size());
        Assert.assertEquals(OK_USER, ret.get(0));
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
        ugi.doAs(new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                // proxyuser using authentication handler authentication
                HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER);
                Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
                List<String> ret = IOUtils.readLines(conn.getInputStream());
                Assert.assertEquals(1, ret.size());
                Assert.assertEquals(OK_USER, ret.get(0));
                // unauthorized proxy user using authentication handler authentication
                conn = aUrl.openConnection(url, token, FAIL_USER);
                Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
                // proxy using delegation token authentication
                aUrl.getDelegationToken(url, token, FOO_USER);
                UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
                ugi.addToken(token.getDelegationToken());
                token = new DelegationTokenAuthenticatedURL.Token();
                // requests using delegation token as auth do not honor doAs
                conn = aUrl.openConnection(url, token, OK_USER);
                Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
                ret = IOUtils.readLines(conn.getInputStream());
                Assert.assertEquals(1, ret.size());
                Assert.assertEquals(FOO_USER, ret.get(0));
                return null;
            }
        });
    } finally {
        jetty.stop();
    }
}
Also used : FilterHolder(org.eclipse.jetty.servlet.FilterHolder) Server(org.eclipse.jetty.server.Server) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken) URL(java.net.URL) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) HttpURLConnection(java.net.HttpURLConnection) List(java.util.List) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 10 with FilterHolder

use of org.eclipse.jetty.servlet.FilterHolder in project kafka by apache.

the class RestServer method start.

public void start(Herder herder) {
    log.info("Starting REST server");
    ResourceConfig resourceConfig = new ResourceConfig();
    resourceConfig.register(new JacksonJsonProvider());
    resourceConfig.register(RootResource.class);
    resourceConfig.register(new ConnectorsResource(herder));
    resourceConfig.register(new ConnectorPluginsResource(herder));
    resourceConfig.register(ConnectExceptionMapper.class);
    ServletContainer servletContainer = new ServletContainer(resourceConfig);
    ServletHolder servletHolder = new ServletHolder(servletContainer);
    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setContextPath("/");
    context.addServlet(servletHolder, "/*");
    String allowedOrigins = config.getString(WorkerConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG);
    if (allowedOrigins != null && !allowedOrigins.trim().isEmpty()) {
        FilterHolder filterHolder = new FilterHolder(new CrossOriginFilter());
        filterHolder.setName("cross-origin");
        filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, allowedOrigins);
        String allowedMethods = config.getString(WorkerConfig.ACCESS_CONTROL_ALLOW_METHODS_CONFIG);
        if (allowedMethods != null && !allowedOrigins.trim().isEmpty()) {
            filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, allowedMethods);
        }
        context.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
    }
    RequestLogHandler requestLogHandler = new RequestLogHandler();
    Slf4jRequestLog requestLog = new Slf4jRequestLog();
    requestLog.setLoggerName(RestServer.class.getCanonicalName());
    requestLog.setLogLatency(true);
    requestLogHandler.setRequestLog(requestLog);
    HandlerCollection handlers = new HandlerCollection();
    handlers.setHandlers(new Handler[] { context, new DefaultHandler(), requestLogHandler });
    /* Needed for graceful shutdown as per `setStopTimeout` documentation */
    StatisticsHandler statsHandler = new StatisticsHandler();
    statsHandler.setHandler(handlers);
    jettyServer.setHandler(statsHandler);
    jettyServer.setStopTimeout(GRACEFUL_SHUTDOWN_TIMEOUT_MS);
    jettyServer.setStopAtShutdown(true);
    try {
        jettyServer.start();
    } catch (Exception e) {
        throw new ConnectException("Unable to start REST server", e);
    }
    log.info("REST server listening at " + jettyServer.getURI() + ", advertising URL " + advertisedUrl());
}
Also used : Slf4jRequestLog(org.eclipse.jetty.server.Slf4jRequestLog) ConnectorsResource(org.apache.kafka.connect.runtime.rest.resources.ConnectorsResource) FilterHolder(org.eclipse.jetty.servlet.FilterHolder) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider) ConnectorPluginsResource(org.apache.kafka.connect.runtime.rest.resources.ConnectorPluginsResource) CrossOriginFilter(org.eclipse.jetty.servlets.CrossOriginFilter) ConnectRestException(org.apache.kafka.connect.runtime.rest.errors.ConnectRestException) IOException(java.io.IOException) ConnectException(org.apache.kafka.connect.errors.ConnectException) DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler) RequestLogHandler(org.eclipse.jetty.server.handler.RequestLogHandler) ServletContainer(org.glassfish.jersey.servlet.ServletContainer) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) ResourceConfig(org.glassfish.jersey.server.ResourceConfig) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) StatisticsHandler(org.eclipse.jetty.server.handler.StatisticsHandler) ConnectException(org.apache.kafka.connect.errors.ConnectException)

Aggregations

FilterHolder (org.eclipse.jetty.servlet.FilterHolder)84 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)44 Test (org.junit.Test)35 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)32 Server (org.eclipse.jetty.server.Server)21 CountDownLatch (java.util.concurrent.CountDownLatch)18 Filter (javax.servlet.Filter)11 IOException (java.io.IOException)10 URL (java.net.URL)10 DispatcherType (javax.servlet.DispatcherType)9 ServletException (javax.servlet.ServletException)8 AuthenticationToken (org.apache.hadoop.security.authentication.server.AuthenticationToken)8 ServerConnector (org.eclipse.jetty.server.ServerConnector)8 File (java.io.File)7 HttpURLConnection (java.net.HttpURLConnection)7 PrivilegedActionException (java.security.PrivilegedActionException)7 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)7 FilterMapping (org.eclipse.jetty.servlet.FilterMapping)7 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)7 List (java.util.List)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial