/// <summary> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. /// </summary> /// <remarks> /// Authenticates a request looking for the <code>delegation</code> /// query-string parameter and verifying it is a valid token. If there is not /// <code>delegation</code> query-string parameter, it delegates the /// authentication to the /// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler /// "/> /// unless it is /// disabled. /// </remarks> /// <param name="request">the HTTP client request.</param> /// <param name="response">the HTTP client response.</param> /// <returns>the authentication token for the authenticated request.</returns> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">thrown if the authentication failed.</exception> public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse response) { AuthenticationToken token; string delegationParam = GetDelegationToken(request); if (delegationParam != null) { try { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); dt.DecodeFromUrlString(delegationParam); UserGroupInformation ugi = tokenManager.VerifyToken(dt); string shortName = ugi.GetShortUserName(); // creating a ephemeral token token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType()); token.SetExpires(0); request.SetAttribute(DelegationTokenUgiAttribute, ugi); } catch (Exception ex) { token = null; HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , new AuthenticationException(ex)); } } else { token = authHandler.Authenticate(request, response); } return(token); }
public virtual void TestDelegationTokenOperations() { CreateHttpFSServer(true); Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY" ); HttpURLConnection conn = (HttpURLConnection)url.OpenConnection(); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode ()); AuthenticationToken token = new AuthenticationToken("u", "p", new KerberosDelegationTokenAuthenticationHandler ().GetType()); token.SetExpires(Runtime.CurrentTimeMillis() + 100000000); SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.NewStringSignerSecretProvider (); Properties secretProviderProps = new Properties(); secretProviderProps.SetProperty(AuthenticationFilter.SignatureSecret, "secret"); secretProvider.Init(secretProviderProps, null, -1); Signer signer = new Signer(secretProvider); string tokenSigned = signer.Sign(token.ToString()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned ); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN" ); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned ); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode()); JSONObject json = (JSONObject) new JSONParser().Parse(new InputStreamReader(conn.GetInputStream ())); json = (JSONObject)json[DelegationTokenAuthenticator.DelegationTokenJson]; string tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson ]; url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestMethod("PUT"); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode ()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestMethod("PUT"); conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned ); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); conn.SetRequestMethod("PUT"); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode()); url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection)url.OpenConnection(); NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpForbidden, conn.GetResponseCode ()); }