Exemplo n.º 1
0
            /// <exception cref="System.Exception"/>
            public Void Run()
            {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                HttpURLConnection conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.OkUser
                                                             );

                Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
                IList <string> ret = IOUtils.ReadLines(conn.GetInputStream());

                Assert.Equal(1, ret.Count);
                Assert.Equal(TestWebDelegationToken.OkUser, ret[0]);
                conn = aUrl.OpenConnection(url, token, TestWebDelegationToken.FailUser);
                Assert.Equal(HttpURLConnection.HttpForbidden, conn.GetResponseCode
                                 ());
                aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser);
                UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

                ugi.AddToken(token.GetDelegationToken());
                token = new DelegationTokenAuthenticatedURL.Token();
                conn  = aUrl.OpenConnection(url, token, TestWebDelegationToken.OkUser);
                Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
                ret = IOUtils.ReadLines(conn.GetInputStream());
                Assert.Equal(1, ret.Count);
                Assert.Equal(TestWebDelegationToken.FooUser, ret[0]);
                return(null);
            }
Exemplo n.º 2
0
        public virtual void TestExternalDelegationTokenSecretManager()
        {
            TestWebDelegationToken.DummyDelegationTokenSecretManager secretMgr = new TestWebDelegationToken.DummyDelegationTokenSecretManager
                                                                                     ();
            Org.Mortbay.Jetty.Server jetty = CreateJettyServer();
            Context context = new Context();

            context.SetContextPath("/foo");
            jetty.SetHandler(context);
            context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.AFilter)), "/*",
                              0);
            context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.PingServlet)),
                               "/bar");
            try
            {
                secretMgr.StartThreads();
                context.SetAttribute(DelegationTokenAuthenticationFilter.DelegationTokenSecretManagerAttr
                                     , secretMgr);
                jetty.Start();
                Uri authURL = new Uri(GetJettyURL() + "/foo/bar?authenticated=foo");
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                aUrl.GetDelegationToken(authURL, token, FooUser);
                NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken());
                Assert.Equal(new Text("fooKind"), token.GetDelegationToken().GetKind
                                 ());
            }
            finally
            {
                jetty.Stop();
                secretMgr.StopThreads();
            }
        }
Exemplo n.º 3
0
        /// <exception cref="System.Exception"/>
        private void TestKerberosDelegationTokenAuthenticator(bool doAs)
        {
            string doAsUser = doAs ? OkUser : null;
            // setting hadoop security to kerberos
            Configuration conf = new Configuration();

            conf.Set("hadoop.security.authentication", "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            FilePath testDir = new FilePath("target/" + UUID.RandomUUID().ToString());

            Assert.True(testDir.Mkdirs());
            MiniKdc kdc = new MiniKdc(MiniKdc.CreateConf(), testDir);

            Org.Mortbay.Jetty.Server jetty = CreateJettyServer();
            Context context = new Context();

            context.SetContextPath("/foo");
            jetty.SetHandler(context);
            context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.KDTAFilter)), "/*"
                              , 0);
            context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.UserServlet)),
                               "/bar");
            try
            {
                kdc.Start();
                FilePath keytabFile = new FilePath(testDir, "test.keytab");
                kdc.CreatePrincipal(keytabFile, "client", "HTTP/localhost");
                TestWebDelegationToken.KDTAFilter.keytabFile = keytabFile.GetAbsolutePath();
                jetty.Start();
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                Uri url = new Uri(GetJettyURL() + "/foo/bar");
                try
                {
                    aUrl.GetDelegationToken(url, token, FooUser, doAsUser);
                    NUnit.Framework.Assert.Fail();
                }
                catch (AuthenticationException ex)
                {
                    Assert.True(ex.Message.Contains("GSSException"));
                }
                DoAsKerberosUser("client", keytabFile.GetAbsolutePath(), new _Callable_778(aUrl,
                                                                                           url, token, doAs, doAsUser));
            }
            finally
            {
                // Make sure the token belongs to the right owner
                jetty.Stop();
                kdc.Stop();
            }
        }
Exemplo n.º 4
0
            /// <exception cref="System.Exception"/>
            public Void Run()
            {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                HttpURLConnection conn = aUrl.OpenConnection(url, token);

                Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
                IList <string> ret = IOUtils.ReadLines(conn.GetInputStream());

                Assert.Equal(1, ret.Count);
                Assert.Equal(TestWebDelegationToken.FooUser, ret[0]);
                aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser);
                NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken());
                Assert.Equal(new Text("token-kind"), token.GetDelegationToken(
                                 ).GetKind());
                return(null);
            }
Exemplo n.º 5
0
            /// <exception cref="System.Exception"/>
            public Void Run()
            {
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                HttpURLConnection conn = aUrl.OpenConnection(url, token);

                Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
                IList <string> ret = IOUtils.ReadLines(conn.GetInputStream());

                Assert.Equal(1, ret.Count);
                Assert.Equal(TestWebDelegationToken.FooUser, ret[0]);
                try
                {
                    aUrl.GetDelegationToken(url, token, TestWebDelegationToken.FooUser);
                    NUnit.Framework.Assert.Fail();
                }
                catch (AuthenticationException ex)
                {
                    Assert.True(ex.Message.Contains("delegation token operation"));
                }
                return(null);
            }
Exemplo n.º 6
0
        /// <exception cref="System.Exception"/>
        private void TestDelegationTokenAuthenticatorCalls(bool useQS)
        {
            Org.Mortbay.Jetty.Server jetty = CreateJettyServer();
            Context context = new Context();

            context.SetContextPath("/foo");
            jetty.SetHandler(context);
            context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.AFilter)), "/*",
                              0);
            context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.PingServlet)),
                               "/bar");
            try
            {
                jetty.Start();
                Uri nonAuthURL = new Uri(GetJettyURL() + "/foo/bar");
                Uri authURL    = new Uri(GetJettyURL() + "/foo/bar?authenticated=foo");
                Uri authURL2   = new Uri(GetJettyURL() + "/foo/bar?authenticated=bar");
                DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
                                                                  ();
                DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
                aUrl.SetUseQueryStringForDelegationToken(useQS);
                try
                {
                    aUrl.GetDelegationToken(nonAuthURL, token, FooUser);
                    NUnit.Framework.Assert.Fail();
                }
                catch (Exception ex)
                {
                    Assert.True(ex.Message.Contains("401"));
                }
                aUrl.GetDelegationToken(authURL, token, FooUser);
                NUnit.Framework.Assert.IsNotNull(token.GetDelegationToken());
                Assert.Equal(new Text("token-kind"), token.GetDelegationToken(
                                 ).GetKind());
                aUrl.RenewDelegationToken(authURL, token);
                try
                {
                    aUrl.RenewDelegationToken(nonAuthURL, token);
                    NUnit.Framework.Assert.Fail();
                }
                catch (Exception ex)
                {
                    Assert.True(ex.Message.Contains("401"));
                }
                aUrl.GetDelegationToken(authURL, token, FooUser);
                try
                {
                    aUrl.RenewDelegationToken(authURL2, token);
                    NUnit.Framework.Assert.Fail();
                }
                catch (Exception ex)
                {
                    Assert.True(ex.Message.Contains("403"));
                }
                aUrl.GetDelegationToken(authURL, token, FooUser);
                aUrl.CancelDelegationToken(authURL, token);
                aUrl.GetDelegationToken(authURL, token, FooUser);
                aUrl.CancelDelegationToken(nonAuthURL, token);
                aUrl.GetDelegationToken(authURL, token, FooUser);
                try
                {
                    aUrl.RenewDelegationToken(nonAuthURL, token);
                }
                catch (Exception ex)
                {
                    Assert.True(ex.Message.Contains("401"));
                }
                aUrl.GetDelegationToken(authURL, token, "foo");
                UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
                ugi.AddToken(token.GetDelegationToken());
                ugi.DoAs(new _PrivilegedExceptionAction_412(aUrl, nonAuthURL, useQS));
            }
            finally
            {
                jetty.Stop();
            }
        }