public virtual void TestDTManager() { Configuration conf = new Configuration(false); conf.SetLong(DelegationTokenManager.UpdateInterval, DayInSecs); conf.SetLong(DelegationTokenManager.MaxLifetime, DayInSecs); conf.SetLong(DelegationTokenManager.RenewInterval, DayInSecs); conf.SetLong(DelegationTokenManager.RemovalScanInterval, DayInSecs); conf.GetBoolean(DelegationTokenManager.EnableZkKey, enableZKKey); DelegationTokenManager tm = new DelegationTokenManager(conf, new Text("foo")); tm.Init(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)tm.CreateToken(UserGroupInformation.GetCurrentUser() , "foo"); NUnit.Framework.Assert.IsNotNull(token); tm.VerifyToken(token); Assert.True(tm.RenewToken(token, "foo") > Runtime.CurrentTimeMillis ()); tm.CancelToken(token, "foo"); try { tm.VerifyToken(token); NUnit.Framework.Assert.Fail(); } catch (IOException) { } catch (Exception) { //NOP NUnit.Framework.Assert.Fail(); } tm.Destroy(); }
/// <summary> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. /// </summary> /// <remarks> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. If there is not /// <code>delegation</code> query-string parameter, it delegates the /// authentication to the /// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler /// "/> /// unless it is /// disabled. /// </remarks> /// <param name="request">the HTTP client request.</param> /// <param name="response">the HTTP client response.</param> /// <returns>the authentication token for the authenticated request.</returns> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">thrown if the authentication failed.</exception> public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse response) { AuthenticationToken token; string delegationParam = GetDelegationToken(request); if (delegationParam != null) { try { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); dt.DecodeFromUrlString(delegationParam); UserGroupInformation ugi = tokenManager.VerifyToken(dt); string shortName = ugi.GetShortUserName(); // creating a ephemeral token token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType()); token.SetExpires(0); request.SetAttribute(DelegationTokenUgiAttribute, ugi); } catch (Exception ex) { token = null; HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , new AuthenticationException(ex)); } } else { token = authHandler.Authenticate(request, response); } return(token); }