Exemplo n.º 1
0
        /// <summary>
        /// Authenticates a request looking for the <code>delegation</code>
        /// query-string parameter and verifying it is a valid token.
        /// </summary>
        /// <remarks>
        /// Authenticates a request looking for the <code>delegation</code>
        /// query-string parameter and verifying it is a valid token. If there is not
        /// <code>delegation</code> query-string parameter, it delegates the
        /// authentication to the
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Server.KerberosAuthenticationHandler
        ///     "/>
        /// unless it is
        /// disabled.
        /// </remarks>
        /// <param name="request">the HTTP client request.</param>
        /// <param name="response">the HTTP client response.</param>
        /// <returns>the authentication token for the authenticated request.</returns>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     ">thrown if the authentication failed.</exception>
        public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                         response)
        {
            AuthenticationToken token;
            string delegationParam = GetDelegationToken(request);

            if (delegationParam != null)
            {
                try
                {
                    Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new
                                                                                                    Org.Apache.Hadoop.Security.Token.Token();
                    dt.DecodeFromUrlString(delegationParam);
                    UserGroupInformation ugi = tokenManager.VerifyToken(dt);
                    string shortName         = ugi.GetShortUserName();
                    // creating a ephemeral token
                    token = new AuthenticationToken(shortName, ugi.GetUserName(), GetType());
                    token.SetExpires(0);
                    request.SetAttribute(DelegationTokenUgiAttribute, ugi);
                }
                catch (Exception ex)
                {
                    token = null;
                    HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
                                                                      , new AuthenticationException(ex));
                }
            }
            else
            {
                token = authHandler.Authenticate(request, response);
            }
            return(token);
        }
Exemplo n.º 2
0
        public virtual void TestDelegationTokenOperations()
        {
            CreateHttpFSServer(true);
            Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"
                              );
            HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();

            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode
                                                ());
            AuthenticationToken token = new AuthenticationToken("u", "p", new KerberosDelegationTokenAuthenticationHandler
                                                                    ().GetType());

            token.SetExpires(Runtime.CurrentTimeMillis() + 100000000);
            SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.NewStringSignerSecretProvider
                                                      ();
            Properties secretProviderProps = new Properties();

            secretProviderProps.SetProperty(AuthenticationFilter.SignatureSecret, "secret");
            secretProvider.Init(secretProviderProps, null, -1);
            Signer signer      = new Signer(secretProvider);
            string tokenSigned = signer.Sign(token.ToString());

            url  = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY");
            conn = (HttpURLConnection)url.OpenConnection();
            conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
                                    );
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"
                          );
            conn = (HttpURLConnection)url.OpenConnection();
            conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
                                    );
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
            JSONObject json = (JSONObject) new JSONParser().Parse(new InputStreamReader(conn.GetInputStream
                                                                                            ()));

            json = (JSONObject)json[DelegationTokenAuthenticator.DelegationTokenJson];
            string tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson
                              ];

            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
                          + tokenStr);
            conn = (HttpURLConnection)url.OpenConnection();
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
                          + tokenStr);
            conn = (HttpURLConnection)url.OpenConnection();
            conn.SetRequestMethod("PUT");
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpUnauthorized, conn.GetResponseCode
                                                ());
            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
                          + tokenStr);
            conn = (HttpURLConnection)url.OpenConnection();
            conn.SetRequestMethod("PUT");
            conn.SetRequestProperty("Cookie", AuthenticatedURL.AuthCookie + "=" + tokenSigned
                                    );
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token="
                          + tokenStr);
            conn = (HttpURLConnection)url.OpenConnection();
            conn.SetRequestMethod("PUT");
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpOk, conn.GetResponseCode());
            url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
                          + tokenStr);
            conn = (HttpURLConnection)url.OpenConnection();
            NUnit.Framework.Assert.AreEqual(HttpURLConnection.HttpForbidden, conn.GetResponseCode
                                                ());
        }