/// <exception cref="System.Exception"/> public virtual void TestRequestWithAuthorization() { string token = KerberosTestUtils.DoAsClient(new _Callable_225()); HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); Org.Mockito.Mockito.When(request.GetHeader(KerberosAuthenticator.Authorization)). ThenReturn(KerberosAuthenticator.Negotiate + " " + token); Org.Mockito.Mockito.When(request.GetServerName()).ThenReturn("localhost"); AuthenticationToken authToken = handler.Authenticate(request, response); if (authToken != null) { Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator .WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate + " .*")); Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk); Assert.Equal(KerberosTestUtils.GetClientPrincipal(), authToken .GetName()); Assert.True(KerberosTestUtils.GetClientPrincipal().StartsWith(authToken .GetUserName())); Assert.Equal(GetExpectedType(), authToken.GetType()); } else { Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator .WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate + " .*")); Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScUnauthorized ); } }
/// <summary> /// It enforces the the Kerberos SPNEGO authentication sequence returning an /// <see cref="AuthenticationToken"/> /// only /// after the Kerberos SPNEGO sequence has completed successfully. /// </summary> /// <param name="request">the HTTP client request.</param> /// <param name="response">the HTTP client response.</param> /// <returns> /// an authentication token if the Kerberos SPNEGO sequence is complete and valid, /// <code>null</code> if it is in progress (in this case the handler handles the response to the client). /// </returns> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">thrown if Kerberos SPNEGO sequence failed.</exception> public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse response) { AuthenticationToken token = null; string authorization = request.GetHeader(KerberosAuthenticator.Authorization); if (authorization == null || !authorization.StartsWith(KerberosAuthenticator.Negotiate )) { response.SetHeader(WwwAuthenticate, KerberosAuthenticator.Negotiate); response.SetStatus(HttpServletResponse.ScUnauthorized); if (authorization == null) { Log.Trace("SPNEGO starting"); } else { Log.Warn("'" + KerberosAuthenticator.Authorization + "' does not start with '" + KerberosAuthenticator.Negotiate + "' : {}", authorization); } } else { authorization = Runtime.Substring(authorization, KerberosAuthenticator.Negotiate .Length).Trim(); Base64 base64 = new Base64(0); byte[] clientToken = base64.Decode(authorization); string serverName = request.GetServerName(); try { token = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_347(this, serverName , clientToken, base64, response)); } catch (PrivilegedActionException ex) { if (ex.GetException() is IOException) { throw (IOException)ex.GetException(); } else { throw new AuthenticationException(ex.GetException()); } } } return(token); }