/// <exception cref="System.Exception"/>
public virtual void TestRequestWithAuthorization()
{
string token = KerberosTestUtils.DoAsClient(new _Callable_225());
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetHeader(KerberosAuthenticator.Authorization)).
ThenReturn(KerberosAuthenticator.Negotiate + " " + token);
Org.Mockito.Mockito.When(request.GetServerName()).ThenReturn("localhost");
AuthenticationToken authToken = handler.Authenticate(request, response);
if (authToken != null)
{
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
" .*"));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
Assert.Equal(KerberosTestUtils.GetClientPrincipal(), authToken
.GetName());
Assert.True(KerberosTestUtils.GetClientPrincipal().StartsWith(authToken
.GetUserName()));
Assert.Equal(GetExpectedType(), authToken.GetType());
}
else
{
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
" .*"));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScUnauthorized
);
}
}
/// <exception cref="System.Exception"/>
public virtual void TestNonDefaultNonBrowserUserAgentAsBrowser()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
if (handler != null)
{
handler.Destroy();
handler = null;
}
handler = GetNewAuthenticationHandler();
Properties props = GetDefaultProperties();
props.SetProperty("alt-kerberos.non-browser.user-agents", "foo, bar");
try
{
handler.Init(props);
}
catch (Exception ex)
{
handler = null;
throw;
}
// Pretend we're something that will not match with "foo" (or "bar")
Org.Mockito.Mockito.When(request.GetHeader("User-Agent")).ThenReturn("blah");
// Should use alt authentication
AuthenticationToken token = handler.Authenticate(request, response);
Assert.Equal("A", token.GetUserName());
Assert.Equal("B", token.GetName());
Assert.Equal(GetExpectedType(), token.GetType());
}
/// <exception cref="System.Exception"/>
private void _testUserName(bool anonymous)
{
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
try
{
Properties props = new Properties();
props.SetProperty(PseudoAuthenticationHandler.AnonymousAllowed, bool.ToString(anonymous
));
handler.Init(props);
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(PseudoAuthenticator
.UserName + "=" + "user");
AuthenticationToken token = handler.Authenticate(request, response);
NUnit.Framework.Assert.IsNotNull(token);
Assert.Equal("user", token.GetUserName());
Assert.Equal("user", token.GetName());
Assert.Equal(PseudoAuthenticationHandler.Type, token.GetType()
);
}
finally
{
handler.Destroy();
}
}
/// <exception cref="System.Exception"/>
public virtual void TestAlternateAuthenticationAsBrowser()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
// By default, a User-Agent without "java", "curl", "wget", or "perl" in it
// is considered a browser
Org.Mockito.Mockito.When(request.GetHeader("User-Agent")).ThenReturn("Some Browser"
);
AuthenticationToken token = handler.Authenticate(request, response);
Assert.Equal("A", token.GetUserName());
Assert.Equal("B", token.GetName());
Assert.Equal(GetExpectedType(), token.GetType());
}
/// <summary>
/// Returns the
/// <see cref="AuthenticationToken"/>
/// for the request.
/// <p>
/// It looks at the received HTTP cookies and extracts the value of the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticatedURL.AuthCookie
/// "/>
/// if present. It verifies the signature and if correct it creates the
/// <see cref="AuthenticationToken"/>
/// and returns
/// it.
/// <p>
/// If this method returns <code>null</code> the filter will invoke the configured
/// <see cref="AuthenticationHandler"/>
/// to perform user authentication.
/// </summary>
/// <param name="request">request object.</param>
/// <returns>the Authentication token if the request is authenticated, <code>null</code> otherwise.
/// </returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if the token is invalid or if it has expired.</exception>
protected internal virtual AuthenticationToken GetToken(HttpServletRequest request
)
{
AuthenticationToken token = null;
string tokenStr = null;
Cookie[] cookies = request.GetCookies();
if (cookies != null)
{
foreach (Cookie cookie in cookies)
{
if (cookie.GetName().Equals(AuthenticatedURL.AuthCookie))
{
tokenStr = cookie.GetValue();
try
{
tokenStr = signer.VerifyAndExtract(tokenStr);
}
catch (SignerException ex)
{
throw new AuthenticationException(ex);
}
break;
}
}
}
if (tokenStr != null)
{
token = ((AuthenticationToken)AuthenticationToken.Parse(tokenStr));
if (!token.GetType().Equals(authHandler.GetType()))
{
throw new AuthenticationException("Invalid AuthenticationToken type");
}
if (token.IsExpired())
{
throw new AuthenticationException("AuthenticationToken expired");
}
}
return(token);
}