Example 56 with ServletContextHandler
use of org.eclipse.jetty.servlet.ServletContextHandler in project hadoop by apache.
the class NotificationTestCase method startHttpServer.
private void startHttpServer() throws Exception {
// Create the webServer
if (webServer != null) {
webServer.stop();
webServer = null;
}
webServer = new Server(0);
ServletContextHandler context = new ServletContextHandler(webServer, contextPath);
// create servlet handler
context.addServlet(new ServletHolder(new NotificationServlet()), servletPath);
// Start webServer
webServer.start();
port = ((ServerConnector) webServer.getConnectors()[0]).getLocalPort();
}
Also used :
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
Example 57 with ServletContextHandler
use of org.eclipse.jetty.servlet.ServletContextHandler in project hadoop by apache.
the class TestWebDelegationToken method testKerberosDelegationTokenAuthenticator.
private void testKerberosDelegationTokenAuthenticator(final boolean doAs) throws Exception {
final String doAsUser = doAs ? OK_USER : null;
// setting hadoop security to kerberos
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);
File testDir = new File("target/" + UUID.randomUUID().toString());
Assert.assertTrue(testDir.mkdirs());
MiniKdc kdc = new MiniKdc(MiniKdc.createConf(), testDir);
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(KDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UserServlet.class), "/bar");
try {
kdc.start();
File keytabFile = new File(testDir, "test.keytab");
kdc.createPrincipal(keytabFile, "client", "HTTP/localhost");
KDTAFilter.keytabFile = keytabFile.getAbsolutePath();
jetty.start();
final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
final DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
final URL url = new URL(getJettyURL() + "/foo/bar");
try {
aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
Assert.fail();
} catch (AuthenticationException ex) {
Assert.assertTrue(ex.getMessage().contains("GSSException"));
}
doAsKerberosUser("client", keytabFile.getAbsolutePath(), new Callable<Void>() {
@Override
public Void call() throws Exception {
aUrl.getDelegationToken(url, token, doAs ? doAsUser : "client", doAsUser);
Assert.assertNotNull(token.getDelegationToken());
Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind());
// Make sure the token belongs to the right owner
ByteArrayInputStream buf = new ByteArrayInputStream(token.getDelegationToken().getIdentifier());
DataInputStream dis = new DataInputStream(buf);
DelegationTokenIdentifier id = new DelegationTokenIdentifier(new Text("token-kind"));
id.readFields(dis);
dis.close();
Assert.assertEquals(doAs ? new Text(OK_USER) : new Text("client"), id.getOwner());
if (doAs) {
Assert.assertEquals(new Text("client"), id.getRealUser());
}
aUrl.renewDelegationToken(url, token, doAsUser);
Assert.assertNotNull(token.getDelegationToken());
aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
Assert.assertNotNull(token.getDelegationToken());
try {
aUrl.renewDelegationToken(url, token, doAsUser);
Assert.fail();
} catch (Exception ex) {
Assert.assertTrue(ex.getMessage().contains("403"));
}
aUrl.getDelegationToken(url, token, FOO_USER, doAsUser);
aUrl.cancelDelegationToken(url, token, doAsUser);
Assert.assertNull(token.getDelegationToken());
return null;
}
});
} finally {
jetty.stop();
kdc.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Configuration(javax.security.auth.login.Configuration)
Server(org.eclipse.jetty.server.Server)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
URL(java.net.URL)
MiniKdc(org.apache.hadoop.minikdc.MiniKdc)
Text(org.apache.hadoop.io.Text)
DataInputStream(java.io.DataInputStream)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
File(java.io.File)
Example 58 with ServletContextHandler
use of org.eclipse.jetty.servlet.ServletContextHandler in project hadoop by apache.
the class TestWebDelegationToken method testFallbackToPseudoDelegationTokenAuthenticator.
@Test
public void testFallbackToPseudoDelegationTokenAuthenticator() throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UserServlet.class), "/bar");
try {
jetty.start();
final URL url = new URL(getJettyURL() + "/foo/bar");
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
HttpURLConnection conn = aUrl.openConnection(url, token);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(FOO_USER, ret.get(0));
aUrl.getDelegationToken(url, token, FOO_USER);
Assert.assertNotNull(token.getDelegationToken());
Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind());
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
Text(org.apache.hadoop.io.Text)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
List(java.util.List)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 59 with ServletContextHandler
use of org.eclipse.jetty.servlet.ServletContextHandler in project hadoop by apache.
the class TestWebDelegationToken method testIpaddressCheck.
@Test
public void testIpaddressCheck() throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(IpAddressBasedPseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UGIServlet.class), "/bar");
try {
jetty.start();
final URL url = new URL(getJettyURL() + "/foo/bar");
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
// user ok-user via proxyuser foo
HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals("realugi=" + FOO_USER + ":remoteuser=" + OK_USER + ":ugi=" + OK_USER, ret.get(0));
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
List(java.util.List)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 60 with ServletContextHandler
use of org.eclipse.jetty.servlet.ServletContextHandler in project hadoop by apache.
the class TestWebDelegationToken method testProxyUser.
@Test
public void testProxyUser() throws Exception {
final Server jetty = createJettyServer();
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/foo");
jetty.setHandler(context);
context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", EnumSet.of(DispatcherType.REQUEST));
context.addServlet(new ServletHolder(UserServlet.class), "/bar");
try {
jetty.start();
final URL url = new URL(getJettyURL() + "/foo/bar");
// proxyuser using raw HTTP, verifying doAs is case insensitive
String strUrl = String.format("%s?user.name=%s&doas=%s", url.toExternalForm(), FOO_USER, OK_USER);
HttpURLConnection conn = (HttpURLConnection) new URL(strUrl).openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(OK_USER, ret.get(0));
strUrl = String.format("%s?user.name=%s&DOAS=%s", url.toExternalForm(), FOO_USER, OK_USER);
conn = (HttpURLConnection) new URL(strUrl).openConnection();
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(OK_USER, ret.get(0));
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
// proxyuser using authentication handler authentication
HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
List<String> ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(OK_USER, ret.get(0));
// unauthorized proxy user using authentication handler authentication
conn = aUrl.openConnection(url, token, FAIL_USER);
Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
// proxy using delegation token authentication
aUrl.getDelegationToken(url, token, FOO_USER);
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
ugi.addToken(token.getDelegationToken());
token = new DelegationTokenAuthenticatedURL.Token();
// requests using delegation token as auth do not honor doAs
conn = aUrl.openConnection(url, token, OK_USER);
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
ret = IOUtils.readLines(conn.getInputStream());
Assert.assertEquals(1, ret.size());
Assert.assertEquals(FOO_USER, ret.get(0));
return null;
}
});
} finally {
jetty.stop();
}
}
Also used :
FilterHolder(org.eclipse.jetty.servlet.FilterHolder)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
AuthenticationToken(org.apache.hadoop.security.authentication.server.AuthenticationToken)
URL(java.net.URL)
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
ServletException(javax.servlet.ServletException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
HttpURLConnection(java.net.HttpURLConnection)
List(java.util.List)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Aggregations
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)390
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)253
Server (org.eclipse.jetty.server.Server)217
ServerConnector (org.eclipse.jetty.server.ServerConnector)98
Test (org.junit.Test)70
FilterHolder (org.eclipse.jetty.servlet.FilterHolder)56
IOException (java.io.IOException)42
HttpServletRequest (javax.servlet.http.HttpServletRequest)39
HttpClient (org.eclipse.jetty.client.HttpClient)39
HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)39
ContentResponse (org.eclipse.jetty.client.api.ContentResponse)37
HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)37
QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)32
Connector (org.eclipse.jetty.server.Connector)29
Request (org.eclipse.jetty.client.api.Request)27
SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)24
ServletContainer (org.glassfish.jersey.servlet.ServletContainer)24
ServletException (javax.servlet.ServletException)22
ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)22
HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)22
