private void cancelDelegationToken(final String tokenString) throws Exception { KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { URL url = new URL("http://localhost:8088/ws/v1/cluster/delegation-token"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty(RMWebServices.DELEGATION_TOKEN_HEADER, tokenString); setupConn(conn, "DELETE", null, null); InputStream response = conn.getInputStream(); assertEquals(Status.OK.getStatusCode(), conn.getResponseCode()); response.close(); return null; } }); }
@Test public void testPutTimelineEntities() throws Exception { KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() { @Override public Void call() throws Exception { TimelineClient client = createTimelineClientForUGI(); TimelineEntity entityToStore = new TimelineEntity(); entityToStore.setEntityType( TestTimelineAuthenticationFilter.class.getName()); entityToStore.setEntityId("entity1"); entityToStore.setStartTime(0L); TimelinePutResponse putResponse = client.putEntities(entityToStore); Assert.assertEquals(0, putResponse.getErrors().size()); TimelineEntity entityToRead = testTimelineServer.getTimelineStore().getEntity( "entity1", TestTimelineAuthenticationFilter.class.getName(), null); Assert.assertNotNull(entityToRead); return null; } }); }
@Test public void testPutDomains() throws Exception { KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() { @Override public Void call() throws Exception { TimelineClient client = createTimelineClientForUGI(); TimelineDomain domainToStore = new TimelineDomain(); domainToStore.setId(TestTimelineAuthenticationFilter.class.getName()); domainToStore.setReaders("*"); domainToStore.setWriters("*"); client.putDomain(domainToStore); TimelineDomain domainToRead = testTimelineServer.getTimelineStore().getDomain( TestTimelineAuthenticationFilter.class.getName()); Assert.assertNotNull(domainToRead); return null; } }); }
@Before public void setup() throws Exception { // create keytab File keytabFile = new File(KerberosTestUtils.getKeytabFile()); String clientPrincipal = KerberosTestUtils.getClientPrincipal(); String serverPrincipal = KerberosTestUtils.getServerPrincipal(); clientPrincipal = clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@")); serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@")); getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal); // handler handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); try { handler.init(props); } catch (Exception ex) { handler = null; throw ex; } }
@Test(timeout=60000) public void testDynamicPrincipalDiscoveryMissingPrincipals() throws Exception { String[] keytabUsers = new String[]{"hdfs/localhost"}; String keytab = KerberosTestUtils.getKeytabFile(); getKdc().createPrincipal(new File(keytab), keytabUsers); // destroy handler created in setUp() handler.destroy(); Properties props = new Properties(); props.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab); props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, "*"); handler = getNewAuthenticationHandler(); try { handler.init(props); Assert.fail("init should have failed"); } catch (ServletException ex) { Assert.assertEquals("Principals do not exist in the keytab", ex.getCause().getMessage()); } catch (Throwable t) { Assert.fail("wrong exception: "+t); } }
@Test public void testPutTimelineEntities() throws Exception { KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() { @Override public Void call() throws Exception { TimelineEntity entityToStore = new TimelineEntity(); entityToStore.setEntityType( TestTimelineAuthenticationFilter.class.getName()); entityToStore.setEntityId("entity1"); entityToStore.setStartTime(0L); TimelinePutResponse putResponse = client.putEntities(entityToStore); Assert.assertEquals(0, putResponse.getErrors().size()); TimelineEntity entityToRead = testTimelineServer.getTimelineStore().getEntity( "entity1", TestTimelineAuthenticationFilter.class.getName(), null); Assert.assertNotNull(entityToRead); return null; } }); }
@Test public void testPutDomains() throws Exception { KerberosTestUtils.doAs(HTTP_USER + "/localhost", new Callable<Void>() { @Override public Void call() throws Exception { TimelineDomain domainToStore = new TimelineDomain(); domainToStore.setId(TestTimelineAuthenticationFilter.class.getName()); domainToStore.setReaders("*"); domainToStore.setWriters("*"); client.putDomain(domainToStore); TimelineDomain domainToRead = testTimelineServer.getTimelineStore().getDomain( TestTimelineAuthenticationFilter.class.getName()); Assert.assertNotNull(domainToRead); return null; } }); }
@Before public void setUp() throws Exception { krbTest.startMiniKdc(); // create keytab File keytabFile = new File(KerberosTestUtils.getKeytabFile()); String clientPrinc = KerberosTestUtils.getClientPrincipal(); String serverPrinc = KerberosTestUtils.getServerPrincipal(); clientPrinc = clientPrinc.substring(0, clientPrinc.lastIndexOf("@")); serverPrinc = serverPrinc.substring(0, serverPrinc.lastIndexOf("@")); krbTest.getKdc().createPrincipal(keytabFile, clientPrinc, serverPrinc); // configure handler handler = new MultiSchemeAuthenticationHandler(); try { handler.init(getDefaultProperties()); } catch (Exception e) { throw e; } }
private void verifyKerberosAuthCreate(String mType, String cType, String reqBody, String renUser) throws Exception { final String mediaType = mType; final String contentType = cType; final String body = reqBody; final String renewer = renUser; KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { ClientResponse response = resource().path("ws").path("v1").path("cluster") .path("delegation-token").accept(contentType) .entity(body, mediaType).post(ClientResponse.class); assertEquals(Status.OK, response.getClientResponseStatus()); DelegationToken tok = getDelegationTokenFromResponse(response); assertFalse(tok.getToken().isEmpty()); Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(); token.decodeFromUrlString(tok.getToken()); assertEquals(renewer, token.decodeIdentifier().getRenewer().toString()); assertValidRMToken(tok.getToken()); DelegationToken dtoken = new DelegationToken(); response = resource().path("ws").path("v1").path("cluster") .path("delegation-token").accept(contentType) .entity(dtoken, mediaType).post(ClientResponse.class); assertEquals(Status.OK, response.getClientResponseStatus()); tok = getDelegationTokenFromResponse(response); assertFalse(tok.getToken().isEmpty()); token = new Token<RMDelegationTokenIdentifier>(); token.decodeFromUrlString(tok.getToken()); assertEquals("", token.decodeIdentifier().getRenewer().toString()); assertValidRMToken(tok.getToken()); return null; } }); }
@Before public void setup() throws Exception { // create keytab File keytabFile = new File(KerberosTestUtils.getKeytabFile()); String clientPrincipal = KerberosTestUtils.getClientPrincipal(); String serverPrincipal = KerberosTestUtils.getServerPrincipal(); clientPrincipal = clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@")); serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@")); getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal); }
@Test(timeout=60000) public void testAuthentication() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); AuthenticatorTestCase.setAuthenticationHandlerConfig( getAuthenticationHandlerConfiguration()); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), false); return null; } }); }
@Test(timeout=60000) public void testAuthenticationPost() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); AuthenticatorTestCase.setAuthenticationHandlerConfig( getAuthenticationHandlerConfiguration()); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), true); return null; } }); }
@Test(timeout=60000) public void testAuthenticationHttpClient() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); AuthenticatorTestCase.setAuthenticationHandlerConfig( getAuthenticationHandlerConfiguration()); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), false); return null; } }); }
@Test(timeout=60000) public void testAuthenticationHttpClientPost() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); AuthenticatorTestCase.setAuthenticationHandlerConfig( getAuthenticationHandlerConfiguration()); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), true); return null; } }); }
@Test(timeout=60000) public void testInit() throws Exception { Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); Set<KerberosPrincipal> principals = handler.getPrincipals(); Principal expectedPrincipal = new KerberosPrincipal(KerberosTestUtils.getServerPrincipal()); Assert.assertTrue(principals.contains(expectedPrincipal)); Assert.assertEquals(1, principals.size()); }
