public virtual void TestCancelledDelegationToken()
{
string token = GetDelegationToken("client");
CancelDelegationToken(token);
ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
string appid = "application_123_0";
app.SetApplicationId(appid);
string requestBody = GetMarshalledAppInfo(app);
Uri url = new Uri("http://localhost:8088/ws/v1/cluster/apps");
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestProperty(delegationTokenHeader, token);
SetupConn(conn, "POST", MediaType.ApplicationXml, requestBody);
// this should fail with unauthorized because only
// auth is kerberos or delegation token
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("Authentication should fail with expired delegation tokens"
);
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Forbidden.GetStatusCode(),
conn.GetResponseCode());
}
}
public virtual void TestDelegationTokenAuth()
{
string token = GetDelegationToken("test");
ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
string appid = "application_123_0";
app.SetApplicationId(appid);
string requestBody = GetMarshalledAppInfo(app);
Uri url = new Uri("http://localhost:8088/ws/v1/cluster/apps");
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
SetupConn(conn, "POST", "application/xml", requestBody);
// this should fail with unauthorized because only
// auth is kerberos or delegation token
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("we should not be here");
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Unauthorized.GetStatusCode(
), conn.GetResponseCode());
}
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestProperty(delegationTokenHeader, token);
SetupConn(conn, "POST", MediaType.ApplicationXml, requestBody);
// this should not fail
try
{
conn.GetInputStream();
}
catch (IOException)
{
InputStream errorStream = conn.GetErrorStream();
string error = string.Empty;
BufferedReader reader = null;
reader = new BufferedReader(new InputStreamReader(errorStream, "UTF8"));
for (string line; (line = reader.ReadLine()) != null;)
{
error += line;
}
reader.Close();
errorStream.Close();
NUnit.Framework.Assert.Fail("Response " + conn.GetResponseCode() + "; " + error);
}
bool appExists = rm.GetRMContext().GetRMApps().Contains(ConverterUtils.ToApplicationId
(appid));
NUnit.Framework.Assert.IsTrue(appExists);
RMApp actualApp = rm.GetRMContext().GetRMApps()[ConverterUtils.ToApplicationId(appid
)];
string owner = actualApp.GetUser();
NUnit.Framework.Assert.AreEqual("client", owner);
}
/// <exception cref="System.Exception"/>
private void TestAnonymousKerberosUser()
{
ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
string appid = "application_123_0";
app.SetApplicationId(appid);
string requestBody = TestRMWebServicesDelegationTokenAuthentication.GetMarshalledAppInfo
(app);
Uri url = new Uri("http://localhost:8088/ws/v1/cluster/apps/new-application");
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "POST", "application/xml"
, requestBody);
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("Anonymous users should not be allowed to get new application ids in secure mode."
);
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Forbidden.GetStatusCode(),
conn.GetResponseCode());
}
url = new Uri("http://localhost:8088/ws/v1/cluster/apps");
conn = (HttpURLConnection)url.OpenConnection();
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "POST", "application/xml"
, requestBody);
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("Anonymous users should not be allowed to submit apps in secure mode."
);
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Forbidden.GetStatusCode(),
conn.GetResponseCode());
}
requestBody = "{ \"state\": \"KILLED\"}";
url = new Uri("http://localhost:8088/ws/v1/cluster/apps/application_123_0/state");
conn = (HttpURLConnection)url.OpenConnection();
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "PUT", "application/json"
, requestBody);
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("Anonymous users should not be allowed to kill apps in secure mode."
);
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Forbidden.GetStatusCode(),
conn.GetResponseCode());
}
}
/// <exception cref="System.Exception"/>
internal static string GetMarshalledAppInfo(ApplicationSubmissionContextInfo appInfo
)
{
StringWriter writer = new StringWriter();
JAXBContext context = JAXBContext.NewInstance(typeof(ApplicationSubmissionContextInfo
));
Marshaller m = context.CreateMarshaller();
m.Marshal(appInfo, writer);
return(writer.ToString());
}
/// <exception cref="System.Exception"/>
private void TestAnonymousSimpleUser()
{
ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
string appid = "application_123_0";
app.SetApplicationId(appid);
string requestBody = TestRMWebServicesDelegationTokenAuthentication.GetMarshalledAppInfo
(app);
Uri url = new Uri("http://localhost:8088/ws/v1/cluster/apps");
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "POST", "application/xml"
, requestBody);
conn.GetInputStream();
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Accepted.GetStatusCode(), conn
.GetResponseCode());
bool appExists = rm.GetRMContext().GetRMApps().Contains(ConverterUtils.ToApplicationId
(appid));
NUnit.Framework.Assert.IsTrue(appExists);
RMApp actualApp = rm.GetRMContext().GetRMApps()[ConverterUtils.ToApplicationId(appid
)];
string owner = actualApp.GetUser();
NUnit.Framework.Assert.AreEqual(rm.GetConfig().Get(CommonConfigurationKeys.HadoopHttpStaticUser
, CommonConfigurationKeys.DefaultHadoopHttpStaticUser), owner);
appid = "application_123_1";
app.SetApplicationId(appid);
requestBody = TestRMWebServicesDelegationTokenAuthentication.GetMarshalledAppInfo
(app);
url = new Uri("http://localhost:8088/ws/v1/cluster/apps?user.name=client");
conn = (HttpURLConnection)url.OpenConnection();
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "POST", MediaType.
ApplicationXml, requestBody);
conn.GetInputStream();
appExists = rm.GetRMContext().GetRMApps().Contains(ConverterUtils.ToApplicationId
(appid));
NUnit.Framework.Assert.IsTrue(appExists);
actualApp = rm.GetRMContext().GetRMApps()[ConverterUtils.ToApplicationId(appid)];
owner = actualApp.GetUser();
NUnit.Framework.Assert.AreEqual("client", owner);
}
public virtual void TestWebServiceAccess()
{
ApplicationSubmissionContextInfo app = new ApplicationSubmissionContextInfo();
string appid = "application_123_0";
app.SetApplicationId(appid);
string submitAppRequestBody = TestRMWebServicesDelegationTokenAuthentication.GetMarshalledAppInfo
(app);
Uri url = new Uri("http://localhost:8088/ws/v1/cluster/apps");
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
// we should be access the apps page with the static user
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, "GET", string.Empty
, string.Empty);
try
{
conn.GetInputStream();
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Ok.GetStatusCode(), conn.GetResponseCode
());
}
catch (IOException)
{
NUnit.Framework.Assert.Fail("Got " + conn.GetResponseCode() + " instead of 200 accessing "
+ url.ToString());
}
conn.Disconnect();
// new-application, submit app and kill should fail with
// forbidden
IDictionary <string, TestRMWebServicesHttpStaticUserPermissions.Helper> urlRequestMap
= new Dictionary <string, TestRMWebServicesHttpStaticUserPermissions.Helper>();
string killAppRequestBody = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n"
+ "<appstate>\n" + " <state>KILLED</state>\n" + "</appstate>";
urlRequestMap["http://localhost:8088/ws/v1/cluster/apps"] = new TestRMWebServicesHttpStaticUserPermissions.Helper
("POST", submitAppRequestBody);
urlRequestMap["http://localhost:8088/ws/v1/cluster/apps/new-application"] = new TestRMWebServicesHttpStaticUserPermissions.Helper
("POST", string.Empty);
urlRequestMap["http://localhost:8088/ws/v1/cluster/apps/app_123_1/state"] = new TestRMWebServicesHttpStaticUserPermissions.Helper
("PUT", killAppRequestBody);
foreach (KeyValuePair <string, TestRMWebServicesHttpStaticUserPermissions.Helper>
entry in urlRequestMap)
{
Uri reqURL = new Uri(entry.Key);
conn = (HttpURLConnection)reqURL.OpenConnection();
string method = entry.Value.method;
string body = entry.Value.requestBody;
TestRMWebServicesDelegationTokenAuthentication.SetupConn(conn, method, "application/xml"
, body);
try
{
conn.GetInputStream();
NUnit.Framework.Assert.Fail("Request " + entry.Key + "succeeded but should have failed"
);
}
catch (IOException)
{
NUnit.Framework.Assert.AreEqual(ClientResponse.Status.Forbidden.GetStatusCode(),
conn.GetResponseCode());
InputStream errorStream = conn.GetErrorStream();
string error = string.Empty;
BufferedReader reader = new BufferedReader(new InputStreamReader(errorStream, "UTF8"
));
for (string line; (line = reader.ReadLine()) != null;)
{
error += line;
}
reader.Close();
errorStream.Close();
NUnit.Framework.Assert.AreEqual("The default static user cannot carry out this operation."
, error);
}
conn.Disconnect();
}
}
