/// <exception cref="System.Exception"/>
private void TestGetToken(string renewer, Text expectedTokenKind)
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Getdelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>();
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(new PrintWriter(new StringWriter
()));
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.RenewerParam
+ "=" + renewer);
Org.Mockito.Mockito.Reset(response);
Org.Mockito.Mockito.Reset(token);
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
StringWriter writer = new StringWriter();
PrintWriter pwriter = new PrintWriter(writer);
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter);
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
if (renewer == null)
{
Org.Mockito.Mockito.Verify(token).GetUserName();
}
else
{
Org.Mockito.Mockito.Verify(token).GetUserName();
}
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
Org.Mockito.Mockito.Verify(response).SetContentType(MediaType.ApplicationJson);
pwriter.Close();
string responseOutput = writer.ToString();
string tokenLabel = DelegationTokenAuthenticator.DelegationTokenJson;
Assert.True(responseOutput.Contains(tokenLabel));
Assert.True(responseOutput.Contains(DelegationTokenAuthenticator
.DelegationTokenUrlStringJson));
ObjectMapper jsonMapper = new ObjectMapper();
IDictionary json = jsonMapper.ReadValue <IDictionary>(responseOutput);
json = (IDictionary)json[tokenLabel];
string tokenStr;
tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson
];
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
dt.DecodeFromUrlString(tokenStr);
handler.GetTokenManager().VerifyToken(dt);
Assert.Equal(expectedTokenKind, dt.GetKind());
}
/// <summary>Returns the full URL of the request including the query string.</summary>
/// <remarks>
/// Returns the full URL of the request including the query string.
/// <p>
/// Used as a convenience method for logging purposes.
/// </remarks>
/// <param name="request">the request object.</param>
/// <returns>the full URL of the request including the query string.</returns>
protected internal virtual string GetRequestURL(HttpServletRequest request)
{
StringBuilder sb = request.GetRequestURL();
if (request.GetQueryString() != null)
{
sb.Append("?").Append(request.GetQueryString());
}
return(sb.ToString());
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
resp.SetStatus(HttpServletResponse.ScOk);
resp.GetWriter().Write("ping");
if (req.GetHeader(DelegationTokenAuthenticator.DelegationTokenHeader) != null)
{
resp.SetHeader("UsingHeader", "true");
}
if (req.GetQueryString() != null && req.GetQueryString().Contains(DelegationTokenAuthenticator
.DelegationParam + "="))
{
resp.SetHeader("UsingQueryString", "true");
}
}
/// <exception cref="System.Exception"/>
private void _testUserName(bool anonymous)
{
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
try
{
Properties props = new Properties();
props.SetProperty(PseudoAuthenticationHandler.AnonymousAllowed, bool.ToString(anonymous
));
handler.Init(props);
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(PseudoAuthenticator
.UserName + "=" + "user");
AuthenticationToken token = handler.Authenticate(request, response);
NUnit.Framework.Assert.IsNotNull(token);
Assert.Equal("user", token.GetUserName());
Assert.Equal("user", token.GetName());
Assert.Equal(PseudoAuthenticationHandler.Type, token.GetType()
);
}
finally
{
handler.Destroy();
}
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse res)
{
string queryString = req.GetQueryString();
switch (counter)
{
case 0:
{
VerifyQuery(queryString, "SUCCEEDED");
break;
}
case 2:
{
VerifyQuery(queryString, "KILLED");
break;
}
case 4:
{
VerifyQuery(queryString, "FAILED");
break;
}
}
if (counter % 2 == 0)
{
res.SendError(HttpServletResponse.ScBadRequest, "forcing error");
}
else
{
res.SetStatus(HttpServletResponse.ScOk);
}
counter++;
}
/// <exception cref="System.Exception"/>
private void TestRenewToken()
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Renewdelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScUnauthorized));
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Eq("mock"));
Org.Mockito.Mockito.Reset(response);
AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>();
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]"));
Org.Mockito.Mockito.Reset(response);
StringWriter writer = new StringWriter();
PrintWriter pwriter = new PrintWriter(writer);
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dToken = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "user");
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam +
"=" + dToken.EncodeToUrlString());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
pwriter.Close();
Assert.True(writer.ToString().Contains("long"));
handler.GetTokenManager().VerifyToken(dToken);
}
/// <exception cref="System.Exception"/>
private void TestCancelToken()
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Canceldelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]"));
Org.Mockito.Mockito.Reset(response);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "foo");
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam +
"=" + token.EncodeToUrlString());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
try
{
handler.GetTokenManager().VerifyToken(token);
NUnit.Framework.Assert.Fail();
}
catch (SecretManager.InvalidToken)
{
}
catch
{
//NOP
NUnit.Framework.Assert.Fail();
}
}
/// <exception cref="System.Exception"/>
private void TestInvalidDelegationTokenQueryString()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.DelegationParam + "=invalid");
StringWriter writer = new StringWriter();
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(new PrintWriter(writer)
);
NUnit.Framework.Assert.IsNull(handler.Authenticate(request, response));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScForbidden);
Assert.True(writer.ToString().Contains("AuthenticationException"
));
}
/// <summary>
/// Extract a query string parameter without triggering http parameters
/// processing by the servlet container.
/// </summary>
/// <param name="request">the request</param>
/// <param name="name">the parameter to get the value.</param>
/// <returns>
/// the parameter value, or <code>NULL</code> if the parameter is not
/// defined.
/// </returns>
/// <exception cref="System.IO.IOException">thrown if there was an error parsing the query string.
/// </exception>
public static string GetParameter(HttpServletRequest request, string name)
{
IList <NameValuePair> list = URLEncodedUtils.Parse(request.GetQueryString(), Utf8Charset
);
if (list != null)
{
foreach (NameValuePair nv in list)
{
if (name.Equals(nv.GetName()))
{
return(nv.GetValue());
}
}
}
return(null);
}
private string GetUserName(HttpServletRequest request)
{
IList <NameValuePair> list = URLEncodedUtils.Parse(request.GetQueryString(), Utf8Charset
);
if (list != null)
{
foreach (NameValuePair nv in list)
{
if (PseudoAuthenticator.UserName.Equals(nv.GetName()))
{
return(nv.GetValue());
}
}
}
return(null);
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest request, HttpServletResponse response
)
{
InputStreamReader @in = new InputStreamReader(request.GetInputStream());
TextWriter @out = new TextWriter(response.GetOutputStream());
calledTimes++;
try
{
requestUri = new URI(null, null, request.GetRequestURI(), request.GetQueryString(
), null);
}
catch (URISyntaxException)
{
}
@in.Close();
@out.Close();
}
internal static string GetDoAs(HttpServletRequest request)
{
IList <NameValuePair> list = URLEncodedUtils.Parse(request.GetQueryString(), Utf8Charset
);
if (list != null)
{
foreach (NameValuePair nv in list)
{
if (Runtime.EqualsIgnoreCase(DelegationTokenAuthenticatedURL.DoAs, nv.GetName
()))
{
return(nv.GetValue());
}
}
}
return(null);
}
/// <exception cref="System.Exception"/>
private void TestValidDelegationTokenQueryString()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dToken = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "user");
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.DelegationParam + "=" + dToken.EncodeToUrlString());
AuthenticationToken token = handler.Authenticate(request, response);
Assert.Equal(UserGroupInformation.GetCurrentUser().GetShortUserName
(), token.GetUserName());
Assert.Equal(0, token.GetExpires());
Assert.Equal(handler.GetType(), token.GetType());
Assert.True(token.IsExpired());
}
/// <exception cref="System.Exception"/>
private void TestManagementOperationErrors()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + DelegationTokenAuthenticator.DelegationTokenOperation.Getdelegationtoken
.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn("FOO");
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScBadRequest), Org.Mockito.Mockito.StartsWith("Wrong HTTP method"));
Org.Mockito.Mockito.Reset(response);
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(DelegationTokenAuthenticator.DelegationTokenOperation
.Getdelegationtoken.GetHttpMethod());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScUnauthorized));
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Eq("mock"));
}
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
try
{
string userApprovedParamS = req.GetParameter(ProxyUriUtils.ProxyApprovalParam);
bool userWasWarned = false;
bool userApproved = Sharpen.Extensions.ValueOf(userApprovedParamS);
bool securityEnabled = IsSecurityEnabled();
string remoteUser = req.GetRemoteUser();
string pathInfo = req.GetPathInfo();
string[] parts = pathInfo.Split("/", 3);
if (parts.Length < 2)
{
Log.Warn("{} gave an invalid proxy path {}", remoteUser, pathInfo);
NotFound(resp, "Your path appears to be formatted incorrectly.");
return;
}
//parts[0] is empty because path info always starts with a /
string appId = parts[1];
string rest = parts.Length > 2 ? parts[2] : string.Empty;
ApplicationId id = Apps.ToAppID(appId);
if (id == null)
{
Log.Warn("{} attempting to access {} that is invalid", remoteUser, appId);
NotFound(resp, appId + " appears to be formatted incorrectly.");
return;
}
if (securityEnabled)
{
string cookieName = GetCheckCookieName(id);
Cookie[] cookies = req.GetCookies();
if (cookies != null)
{
foreach (Cookie c in cookies)
{
if (cookieName.Equals(c.GetName()))
{
userWasWarned = true;
userApproved = userApproved || Sharpen.Extensions.ValueOf(c.GetValue());
break;
}
}
}
}
bool checkUser = securityEnabled && (!userWasWarned || !userApproved);
AppReportFetcher.FetchedAppReport fetchedAppReport = null;
ApplicationReport applicationReport = null;
try
{
fetchedAppReport = GetApplicationReport(id);
if (fetchedAppReport != null)
{
if (fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Rm &&
fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Ahs)
{
throw new NotSupportedException("Application report not " + "fetched from RM or history server."
);
}
applicationReport = fetchedAppReport.GetApplicationReport();
}
}
catch (ApplicationNotFoundException)
{
applicationReport = null;
}
if (applicationReport == null)
{
Log.Warn("{} attempting to access {} that was not found", remoteUser, id);
URI toFetch = ProxyUriUtils.GetUriFromTrackingPlugins(id, this.trackingUriPlugins
);
if (toFetch != null)
{
ProxyUtils.SendRedirect(req, resp, toFetch.ToString());
return;
}
NotFound(resp, "Application " + appId + " could not be found " + "in RM or history server"
);
return;
}
string original = applicationReport.GetOriginalTrackingUrl();
URI trackingUri;
if (original == null || original.Equals("N/A") || original.Equals(string.Empty))
{
if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Rm)
{
// fallback to ResourceManager's app page if no tracking URI provided
// and Application Report was fetched from RM
Log.Debug("Original tracking url is '{}'. Redirecting to RM app page", original ==
null ? "NULL" : original);
ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(rmAppPageUrlBase, id.ToString
()));
}
else
{
if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Ahs)
{
// fallback to Application History Server app page if the application
// report was fetched from AHS
Log.Debug("Original tracking url is '{}'. Redirecting to AHS app page", original
== null ? "NULL" : original);
ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(ahsAppPageUrlBase, id.ToString
()));
}
}
return;
}
else
{
if (ProxyUriUtils.GetSchemeFromUrl(original).IsEmpty())
{
trackingUri = ProxyUriUtils.GetUriFromAMUrl(WebAppUtils.GetHttpSchemePrefix(conf)
, original);
}
else
{
trackingUri = new URI(original);
}
}
string runningUser = applicationReport.GetUser();
if (checkUser && !runningUser.Equals(remoteUser))
{
Log.Info("Asking {} if they want to connect to the " + "app master GUI of {} owned by {}"
, remoteUser, appId, runningUser);
WarnUserPage(resp, ProxyUriUtils.GetPathAndQuery(id, rest, req.GetQueryString(),
true), runningUser, id);
return;
}
// Append the user-provided path and query parameter to the original
// tracking url.
IList <NameValuePair> queryPairs = URLEncodedUtils.Parse(req.GetQueryString(), null
);
UriBuilder builder = UriBuilder.FromUri(trackingUri);
foreach (NameValuePair pair in queryPairs)
{
builder.QueryParam(pair.GetName(), pair.GetValue());
}
URI toFetch_1 = builder.Path(rest).Build();
Log.Info("{} is accessing unchecked {}" + " which is the app master GUI of {} owned by {}"
, remoteUser, toFetch_1, appId, runningUser);
switch (applicationReport.GetYarnApplicationState())
{
case YarnApplicationState.Killed:
case YarnApplicationState.Finished:
case YarnApplicationState.Failed:
{
ProxyUtils.SendRedirect(req, resp, toFetch_1.ToString());
return;
}
default:
{
break;
}
}
// fall out of the switch
Cookie c_1 = null;
if (userWasWarned && userApproved)
{
c_1 = MakeCheckCookie(id, true);
}
ProxyLink(req, resp, toFetch_1, c_1, GetProxyHost());
}
catch (Exception e)
{
throw new IOException(e);
}
}
/// <summary>Shuffle specific utils - build string for encoding from URL</summary>
/// <param name="request"/>
/// <returns>string for encoding</returns>
public static string BuildMsgFrom(HttpServletRequest request)
{
return(BuildMsgFrom(request.GetRequestURI(), request.GetQueryString(), request.GetLocalPort
()));
}