/// <exception cref="System.Exception"/>
public virtual void TestRequestWithAuthorization()
{
string token = KerberosTestUtils.DoAsClient(new _Callable_225());
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetHeader(KerberosAuthenticator.Authorization)).
ThenReturn(KerberosAuthenticator.Negotiate + " " + token);
Org.Mockito.Mockito.When(request.GetServerName()).ThenReturn("localhost");
AuthenticationToken authToken = handler.Authenticate(request, response);
if (authToken != null)
{
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
" .*"));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
Assert.Equal(KerberosTestUtils.GetClientPrincipal(), authToken
.GetName());
Assert.True(KerberosTestUtils.GetClientPrincipal().StartsWith(authToken
.GetUserName()));
Assert.Equal(GetExpectedType(), authToken.GetType());
}
else
{
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
" .*"));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScUnauthorized
);
}
}
/// <summary>
/// It enforces the the Kerberos SPNEGO authentication sequence returning an
/// <see cref="AuthenticationToken"/>
/// only
/// after the Kerberos SPNEGO sequence has completed successfully.
/// </summary>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>
/// an authentication token if the Kerberos SPNEGO sequence is complete and valid,
/// <code>null</code> if it is in progress (in this case the handler handles the response to the client).
/// </returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if Kerberos SPNEGO sequence failed.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token = null;
string authorization = request.GetHeader(KerberosAuthenticator.Authorization);
if (authorization == null || !authorization.StartsWith(KerberosAuthenticator.Negotiate
))
{
response.SetHeader(WwwAuthenticate, KerberosAuthenticator.Negotiate);
response.SetStatus(HttpServletResponse.ScUnauthorized);
if (authorization == null)
{
Log.Trace("SPNEGO starting");
}
else
{
Log.Warn("'" + KerberosAuthenticator.Authorization + "' does not start with '" +
KerberosAuthenticator.Negotiate + "' : {}", authorization);
}
}
else
{
authorization = Runtime.Substring(authorization, KerberosAuthenticator.Negotiate
.Length).Trim();
Base64 base64 = new Base64(0);
byte[] clientToken = base64.Decode(authorization);
string serverName = request.GetServerName();
try
{
token = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_347(this, serverName
, clientToken, base64, response));
}
catch (PrivilegedActionException ex)
{
if (ex.GetException() is IOException)
{
throw (IOException)ex.GetException();
}
else
{
throw new AuthenticationException(ex.GetException());
}
}
}
return(token);
}