/// <summary>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token.
/// </summary>
/// <remarks>
/// Authenticates a request looking for the <code>delegation</code>
/// query-string parameter and verifying it is a valid token. If there is not
/// <code>delegation</code> query-string parameter, it delegates the
/// authentication to the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler
/// "/>
/// unless it is
/// disabled.
/// </remarks>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>the authentication token for the authenticated request.</returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if the authentication failed.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token;
string delegationParam = GetDelegationToken(request);
if (delegationParam != null)
{
try
{
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new
Org.Apache.Hadoop.Security.Token.Token();
dt.DecodeFromUrlString(delegationParam);
UserGroupInformation ugi = tokenManager.VerifyToken(dt);
string shortName = ugi.GetShortUserName();
// creating a ephemeral token
token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType());
token.SetExpires(0);
request.SetAttribute(DelegationTokenUgiAttribute, ugi);
}
catch (Exception ex)
{
token = null;
HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
, new AuthenticationException(ex));
}
}
else
{
token = authHandler.Authenticate(request, response);
}
return(token);
}
public virtual void TestDelegationTokenOperations()
{
CreateHttpFSServer(true);
Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"
);
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode
());
AuthenticationToken token = new AuthenticationToken("u", "p", new KerberosDelegationTokenAuthenticationHandler
().GetType());
token.SetExpires(Runtime.CurrentTimeMillis() + 100000000);
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.NewStringSignerSecretProvider
();
Properties secretProviderProps = new Properties();
secretProviderProps.SetProperty(AuthenticationFilter.SignatureSecret, "secret");
secretProvider.Init(secretProviderProps, null, -1);
Signer signer = new Signer(secretProvider);
string tokenSigned = signer.Sign(token.ToString());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
);
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"
);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
);
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
JSONObject json = (JSONObject) new JSONParser().Parse(new InputStreamReader(conn.GetInputStream
()));
json = (JSONObject)json[DelegationTokenAuthenticator.DelegationTokenJson];
string tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson
];
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestMethod("PUT");
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode
());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestMethod("PUT");
conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
);
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestMethod("PUT");
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpForbidden, conn.GetResponseCode
());
}
