@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
private void testManagementOperationErrors(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(DelegationTokenOperation.GETDELEGATIONTOKEN.toString()); Mockito.when(request.getMethod()).thenReturn("FOO"); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.startsWith("Wrong HTTP method")); Mockito.reset(response); Mockito.when(request.getMethod()). thenReturn(DelegationTokenOperation.GETDELEGATIONTOKEN.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("requires SPNEGO")); }
@Test @TestDir public void testAuthenticate() throws Exception { String dir = TestDirHelper.getTestDir().getAbsolutePath(); Configuration httpfsConf = new Configuration(false); HttpFSServerWebApp server = new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf); server.setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), 14000)); AuthenticationHandler handler = new HttpFSKerberosAuthenticationHandlerForTesting(); try { server.init(); handler.init(null); testValidDelegationToken(handler); testInvalidDelegationToken(handler); } finally { if (handler != null) { handler.destroy(); } server.destroy(); } }
private void testValidDelegationToken(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.DELEGATION_PARAM)). thenReturn(dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser().getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(HttpFSKerberosAuthenticationHandler.TYPE, token.getType()); Assert.assertTrue(token.isExpired()); }
private void testManagementOperationErrors(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(DelegationTokenOperation.GETDELEGATIONTOKEN.toString()); Mockito.when(request.getMethod()).thenReturn("FOO"); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.startsWith("Wrong HTTP method")); Mockito.reset(response); Mockito.when(request.getMethod()). thenReturn(DelegationTokenOperation.GETDELEGATIONTOKEN.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("requires SPNEGO")); }
@Test @TestDir public void testAuthenticate() throws Exception { String dir = TestDirHelper.getTestDir().getAbsolutePath(); Configuration httpfsConf = new Configuration(false); HttpFSServerWebApp server = new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf); server .setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), 14000)); AuthenticationHandler handler = new HttpFSKerberosAuthenticationHandlerForTesting(); try { server.init(); handler.init(null); testValidDelegationToken(handler); testInvalidDelegationToken(handler); } finally { if (handler != null) { handler.destroy(); } server.destroy(); } }
private void testValidDelegationToken(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "user"); Mockito.when( request.getParameter(HttpFSKerberosAuthenticator.DELEGATION_PARAM)). thenReturn(dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert .assertEquals(UserGroupInformation.getCurrentUser().getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(HttpFSKerberosAuthenticationHandler.TYPE, token.getType()); Assert.assertTrue(token.isExpired()); }
@Test @TestDir public void testManagementOperations() throws Exception { String dir = TestDirHelper.getTestDir().getAbsolutePath(); Configuration httpfsConf = new Configuration(false); HttpFSServerWebApp server = new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf); server.setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), 14000)); AuthenticationHandler handler = new HttpFSKerberosAuthenticationHandlerForTesting(); try { server.init(); handler.init(null); testNonManagementOperation(handler); testManagementOperationErrors(handler); testGetToken(handler, null); testGetToken(handler, "foo"); testCancelToken(handler); testRenewToken(handler); } finally { if (handler != null) { handler.destroy(); } server.destroy(); } }
private void testNonManagementOperation(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(null); Assert.assertTrue(handler.managementOperation(null, request, null)); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(HttpFSFileSystem.Operation.CREATE.toString()); Assert.assertTrue(handler.managementOperation(null, request, null)); }
private void testCancelToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.CANCELDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); Token<DelegationTokenIdentifier> token = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "foo"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(token.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); try { HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(token); Assert.fail(); } catch (DelegationTokenManagerException ex) { Assert.assertTrue(ex.toString().contains("DT01")); } }
private void testRenewToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("equires SPNEGO authentication established")); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(dToken); }
@Override protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); try { tokenStr = this.signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if (token != null) { AuthenticationHandler authHandler = getAuthenticationHandler(); if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
@Test @TestDir public void testManagementOperations() throws Exception { String dir = TestDirHelper.getTestDir().getAbsolutePath(); Configuration httpfsConf = new Configuration(false); HttpFSServerWebApp server = new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf); server .setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), 14000)); AuthenticationHandler handler = new HttpFSKerberosAuthenticationHandlerForTesting(); try { server.init(); handler.init(null); testNonManagementOperation(handler); testManagementOperationErrors(handler); testGetToken(handler, null); testGetToken(handler, "foo"); testCancelToken(handler); testRenewToken(handler); } finally { if (handler != null) { handler.destroy(); } server.destroy(); } }
private void testCancelToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.CANCELDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); Token<DelegationTokenIdentifier> token = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "foo"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(token.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); try { HttpFSServerWebApp.get().get(DelegationTokenManager.class) .verifyToken(token); Assert.fail(); } catch (DelegationTokenManagerException ex) { Assert.assertTrue(ex.toString().contains("DT01")); } }
private void testRenewToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("equires SPNEGO authentication established")); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); HttpFSServerWebApp.get().get(DelegationTokenManager.class) .verifyToken(dToken); }
private void testManagementOperations(Text expectedTokenKind) throws Exception { String dir = TestDirHelper.getTestDir().getAbsolutePath(); Configuration httpfsConf = new Configuration(false); HttpFSServerWebApp server = new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf); server.setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), 14000)); AuthenticationHandler handler = new HttpFSKerberosAuthenticationHandlerForTesting(); try { server.init(); handler.init(null); testNonManagementOperation(handler); testManagementOperationErrors(handler); testGetToken(handler, null, expectedTokenKind); testGetToken(handler, "foo", expectedTokenKind); testCancelToken(handler); testRenewToken(handler); } finally { if (handler != null) { handler.destroy(); } server.destroy(); } }
