Пример #1
0
 /// <summary>
 /// Implements the SPNEGO authentication sequence interaction using the current default principal
 /// in the Kerberos cache (normally set via kinit).
 /// </summary>
 /// <param name="token">the authentication token being used for the user.</param>
 /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
 /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 private void DoSpnegoSequence(AuthenticatedURL.Token token)
 {
     try
     {
         AccessControlContext context = AccessController.GetContext();
         Subject subject = Subject.GetSubject(context);
         if (subject == null || (subject.GetPrivateCredentials <KerberosKey>().IsEmpty() &&
                                 subject.GetPrivateCredentials <KerberosTicket>().IsEmpty()))
         {
             Log.Debug("No subject in context, logging in");
             subject = new Subject();
             LoginContext login = new LoginContext(string.Empty, subject, null, new KerberosAuthenticator.KerberosConfiguration
                                                       ());
             login.Login();
         }
         if (Log.IsDebugEnabled())
         {
             Log.Debug("Using subject: " + subject);
         }
         Subject.DoAs(subject, new _PrivilegedExceptionAction_287(this));
     }
     catch (PrivilegedActionException ex)
     {
         // Loop while the context is still not established
         throw new AuthenticationException(ex.GetException());
     }
     catch (LoginException ex)
     {
         throw new AuthenticationException(ex);
     }
     AuthenticatedURL.ExtractToken(conn, token);
 }
Пример #2
0
        public virtual void TestExtractTokenFail()
        {
            HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();

            Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpUnauthorized
                                                                        );
            string tokenStr = "foo";
            IDictionary <string, IList <string> > headers = new Dictionary <string, IList <string>
                                                                            >();
            IList <string> cookies = new AList <string>();

            cookies.AddItem(AuthenticatedURL.AuthCookie + "=" + tokenStr);
            headers["Set-Cookie"] = cookies;
            Org.Mockito.Mockito.When(conn.GetHeaderFields()).ThenReturn(headers);
            AuthenticatedURL.Token token = new AuthenticatedURL.Token();
            token.Set("bar");
            try
            {
                AuthenticatedURL.ExtractToken(conn, token);
                NUnit.Framework.Assert.Fail();
            }
            catch (AuthenticationException)
            {
                // Expected
                NUnit.Framework.Assert.IsFalse(token.IsSet());
            }
            catch (Exception)
            {
                NUnit.Framework.Assert.Fail();
            }
        }
Пример #3
0
        /// <summary>Performs simple authentication against the specified URL.</summary>
        /// <remarks>
        /// Performs simple authentication against the specified URL.
        /// <p>
        /// If a token is given it does a NOP and returns the given token.
        /// <p>
        /// If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
        /// parameter
        /// <see cref="UserName"/>
        /// in the query string with the value returned by the
        /// <see cref="GetUserName()"/>
        /// method.
        /// <p>
        /// If the response is successful it will update the authentication token.
        /// </remarks>
        /// <param name="url">the URl to authenticate against.</param>
        /// <param name="token">the authencation token being used for the user.</param>
        /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
        /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     "/>
        public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
        {
            string strUrl         = url.ToString();
            string paramSeparator = (strUrl.Contains("?")) ? "&" : "?";

            strUrl += paramSeparator + UserNameEq + GetUserName();
            url     = new Uri(strUrl);
            HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();

            if (connConfigurator != null)
            {
                conn = connConfigurator.Configure(conn);
            }
            conn.SetRequestMethod("OPTIONS");
            conn.Connect();
            AuthenticatedURL.ExtractToken(conn, token);
        }
Пример #4
0
        public virtual void TestExtractTokenOK()
        {
            HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();

            Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpOk
                                                                        );
            string tokenStr = "foo";
            IDictionary <string, IList <string> > headers = new Dictionary <string, IList <string>
                                                                            >();
            IList <string> cookies = new AList <string>();

            cookies.AddItem(AuthenticatedURL.AuthCookie + "=" + tokenStr);
            headers["Set-Cookie"] = cookies;
            Org.Mockito.Mockito.When(conn.GetHeaderFields()).ThenReturn(headers);
            AuthenticatedURL.Token token = new AuthenticatedURL.Token();
            AuthenticatedURL.ExtractToken(conn, token);
            Assert.Equal(tokenStr, token.ToString());
        }
Пример #5
0
 /// <summary>Performs SPNEGO authentication against the specified URL.</summary>
 /// <remarks>
 /// Performs SPNEGO authentication against the specified URL.
 /// <p>
 /// If a token is given it does a NOP and returns the given token.
 /// <p>
 /// If no token is given, it will perform the SPNEGO authentication sequence using an
 /// HTTP <code>OPTIONS</code> request.
 /// </remarks>
 /// <param name="url">the URl to authenticate against.</param>
 /// <param name="token">the authentication token being used for the user.</param>
 /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
 /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
 {
     if (!token.IsSet())
     {
         this.url = url;
         base64   = new Base64(0);
         conn     = (HttpURLConnection)url.OpenConnection();
         if (connConfigurator != null)
         {
             conn = connConfigurator.Configure(conn);
         }
         conn.SetRequestMethod(AuthHttpMethod);
         conn.Connect();
         bool needFallback = false;
         if (conn.GetResponseCode() == HttpURLConnection.HttpOk)
         {
             Log.Debug("JDK performed authentication on our behalf.");
             // If the JDK already did the SPNEGO back-and-forth for
             // us, just pull out the token.
             AuthenticatedURL.ExtractToken(conn, token);
             if (IsTokenKerberos(token))
             {
                 return;
             }
             needFallback = true;
         }
         if (!needFallback && IsNegotiate())
         {
             Log.Debug("Performing our own SPNEGO sequence.");
             DoSpnegoSequence(token);
         }
         else
         {
             Log.Debug("Using fallback authenticator sequence.");
             Authenticator auth = GetFallBackAuthenticator();
             // Make sure that the fall back authenticator have the same
             // ConnectionConfigurator, since the method might be overridden.
             // Otherwise the fall back authenticator might not have the information
             // to make the connection (e.g., SSL certificates)
             auth.SetConnectionConfigurator(connConfigurator);
             auth.Authenticate(url, token);
         }
     }
 }