public virtual void TestExternalDelegationTokenSecretManager() { TestWebDelegationToken.DummyDelegationTokenSecretManager secretMgr = new TestWebDelegationToken.DummyDelegationTokenSecretManager (); Org.Mortbay.Jetty.Server jetty = CreateJettyServer(); Context context = new Context(); context.SetContextPath("/foo"); jetty.SetHandler(context); context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.AFilter)), "/*", 0); context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.PingServlet)), "/bar"); try { secretMgr.StartThreads(); context.SetAttribute(DelegationTokenAuthenticationFilter.DelegationTokenSecretManagerAttr , secretMgr); jetty.Start(); Uri authURL = new Uri(GetJettyURL() + "/foo/bar?authenticated=foo"); DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); aUrl.GetDelegationToken(authURL, token, FooUser); NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken()); Assert.Equal(new Text("fooKind"), token.GetDelegationToken().GetKind ()); } finally { jetty.Stop(); secretMgr.StopThreads(); } }
/// <exception cref="System.Exception"/> public Void Run() { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.OkUser ); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); IList <string> ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal(TestWebDelegationToken.OkUser, ret[0]); conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.FailUser); Assert.Equal(HttpURLConnection.HttpForbidden, conn.GetResponseCode ()); aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser); UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); ugi.AddToken(token.GetDelegationToken()); token = new DelegationTokenAuthenticatedURL.Token(); conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.OkUser); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal(TestWebDelegationToken.FooUser, ret[0]); return(null); }
public _PrivilegedExceptionAction_412(DelegationTokenAuthenticatedURL aUrl, Uri nonAuthURL , bool useQS) { this.aUrl = aUrl; this.nonAuthURL = nonAuthURL; this.useQS = useQS; }
public _Callable_778(DelegationTokenAuthenticatedURL aUrl, Uri url, DelegationTokenAuthenticatedURL.Token token, bool doAs, string doAsUser) { this.aUrl = aUrl; this.url = url; this.token = token; this.doAs = doAs; this.doAsUser = doAsUser; }
/// <exception cref="System.Exception"/> private void TestKerberosDelegationTokenAuthenticator(bool doAs) { string doAsUser = doAs ? OkUser : null; // setting hadoop security to kerberos Configuration conf = new Configuration(); conf.Set("hadoop.security.authentication", "kerberos"); UserGroupInformation.SetConfiguration(conf); FilePath testDir = new FilePath("target/" + UUID.RandomUUID().ToString()); Assert.True(testDir.Mkdirs()); MiniKdc kdc = new MiniKdc(MiniKdc.CreateConf(), testDir); Org.Mortbay.Jetty.Server jetty = CreateJettyServer(); Context context = new Context(); context.SetContextPath("/foo"); jetty.SetHandler(context); context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.KDTAFilter)), "/*" , 0); context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.UserServlet)), "/bar"); try { kdc.Start(); FilePath keytabFile = new FilePath(testDir, "test.keytab"); kdc.CreatePrincipal(keytabFile, "client", "HTTP/localhost"); TestWebDelegationToken.KDTAFilter.keytabFile = keytabFile.GetAbsolutePath(); jetty.Start(); DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); Uri url = new Uri(GetJettyURL() + "/foo/bar"); try { aUrl.GetDelegationToken(url, token, FooUser, doAsUser); NUnit.Framework.Assert.Fail(); } catch (AuthenticationException ex) { Assert.True(ex.Message.Contains("GSSException")); } DoAsKerberosUser("client", keytabFile.GetAbsolutePath(), new _Callable_778(aUrl, url, token, doAs, doAsUser)); } finally { // Make sure the token belongs to the right owner jetty.Stop(); kdc.Stop(); } }
/// <exception cref="System.Exception"/> public Void Run() { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.OpenConnection(url, token); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); IList <string> ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal(TestWebDelegationToken.FooUser, ret[0]); aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser); NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken()); Assert.Equal(new Text("token-kind"), token.GetDelegationToken( ).GetKind()); return(null); }
/// <exception cref="System.Exception"/> public Void Run() { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.OpenConnection(url, token); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); IList <string> ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal("remoteuser="******":ugi=" + TestWebDelegationToken.FooUser, ret[0]); conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.OkUser); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal("realugi=" + TestWebDelegationToken.FooUser + ":remoteuser="******":ugi=" + TestWebDelegationToken.OkUser, ret[ 0]); return(null); }
/// <exception cref="System.Exception"/> public Void Run() { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.OpenConnection(url, token); Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode()); IList <string> ret = IOUtils.ReadLines(conn.GetInputStream()); Assert.Equal(1, ret.Count); Assert.Equal(TestWebDelegationToken.FooUser, ret[0]); try { aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser); NUnit.Framework.Assert.Fail(); } catch (AuthenticationException ex) { Assert.True(ex.Message.Contains("delegation token operation")); } return(null); }
/// <exception cref="System.Exception"/> private void TestDelegationTokenAuthenticatorCalls(bool useQS) { Org.Mortbay.Jetty.Server jetty = CreateJettyServer(); Context context = new Context(); context.SetContextPath("/foo"); jetty.SetHandler(context); context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.AFilter)), "/*", 0); context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.PingServlet)), "/bar"); try { jetty.Start(); Uri nonAuthURL = new Uri(GetJettyURL() + "/foo/bar"); Uri authURL = new Uri(GetJettyURL() + "/foo/bar?authenticated=foo"); Uri authURL2 = new Uri(GetJettyURL() + "/foo/bar?authenticated=bar"); DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); aUrl.SetUseQueryStringForDelegationToken(useQS); try { aUrl.GetDelegationToken(nonAuthURL, token, FooUser); NUnit.Framework.Assert.Fail(); } catch (Exception ex) { Assert.True(ex.Message.Contains("401")); } aUrl.GetDelegationToken(authURL, token, FooUser); NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken()); Assert.Equal(new Text("token-kind"), token.GetDelegationToken( ).GetKind()); aUrl.RenewDelegationToken(authURL, token); try { aUrl.RenewDelegationToken(nonAuthURL, token); NUnit.Framework.Assert.Fail(); } catch (Exception ex) { Assert.True(ex.Message.Contains("401")); } aUrl.GetDelegationToken(authURL, token, FooUser); try { aUrl.RenewDelegationToken(authURL2, token); NUnit.Framework.Assert.Fail(); } catch (Exception ex) { Assert.True(ex.Message.Contains("403")); } aUrl.GetDelegationToken(authURL, token, FooUser); aUrl.CancelDelegationToken(authURL, token); aUrl.GetDelegationToken(authURL, token, FooUser); aUrl.CancelDelegationToken(nonAuthURL, token); aUrl.GetDelegationToken(authURL, token, FooUser); try { aUrl.RenewDelegationToken(nonAuthURL, token); } catch (Exception ex) { Assert.True(ex.Message.Contains("401")); } aUrl.GetDelegationToken(authURL, token, "foo"); UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); ugi.AddToken(token.GetDelegationToken()); ugi.DoAs(new _PrivilegedExceptionAction_412(aUrl, nonAuthURL, useQS)); } finally { jetty.Stop(); } }