public virtual void TestDTManager()
{
Configuration conf = new Configuration(false);
conf.SetLong(DelegationTokenManager.UpdateInterval, DayInSecs);
conf.SetLong(DelegationTokenManager.MaxLifetime, DayInSecs);
conf.SetLong(DelegationTokenManager.RenewInterval, DayInSecs);
conf.SetLong(DelegationTokenManager.RemovalScanInterval, DayInSecs);
conf.GetBoolean(DelegationTokenManager.EnableZkKey, enableZKKey);
DelegationTokenManager tm = new DelegationTokenManager(conf, new Text("foo"));
tm.Init();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)tm.CreateToken(UserGroupInformation.GetCurrentUser()
, "foo");
NUnit.Framework.Assert.IsNotNull(token);
tm.VerifyToken(token);
Assert.True(tm.RenewToken(token, "foo") > Runtime.CurrentTimeMillis
());
tm.CancelToken(token, "foo");
try
{
tm.VerifyToken(token);
NUnit.Framework.Assert.Fail();
}
catch (IOException)
{
}
catch (Exception)
{
//NOP
NUnit.Framework.Assert.Fail();
}
tm.Destroy();
}
/// <summary>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token.
/// </summary>
/// <remarks>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token. If there is not
/// <code>delegation</code> query-string parameter, it delegates the
/// authentication to the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler
/// "/>
/// unless it is
/// disabled.
/// </remarks>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>the authentication token for the authenticated request.</returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if the authentication failed.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token;
string delegationParam = GetDelegationToken(request);
if (delegationParam != null)
{
try
{
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new
Org.Apache.Hadoop.Security.Token.Token();
dt.DecodeFromUrlString(delegationParam);
UserGroupInformation ugi = tokenManager.VerifyToken(dt);
string shortName = ugi.GetShortUserName();
// creating a ephemeral token
token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType());
token.SetExpires(0);
request.SetAttribute(DelegationTokenUgiAttribute, ugi);
}
catch (Exception ex)
{
token = null;
HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
, new AuthenticationException(ex));
}
}
else
{
token = authHandler.Authenticate(request, response);
}
return(token);
}
