/** * Test that invalid paths return a 404 Not Found. * * @throws Exception */ @Test public void testInvalidPath() throws Exception { HttpURLConnection urlConn = openConnection(getURL("invalid")); try { Optional.ofNullable(getAuthRequestHeader()).ifPresent(m -> m.forEach(urlConn::addRequestProperty)); Assert.assertEquals(404, urlConn.getResponseCode()); } finally { urlConn.disconnect(); } }
/** * Returns the full URL for the given request path */ protected URL getURL(String path) throws MalformedURLException { InetSocketAddress serverAddr = server.getSocketAddress(); while (path.startsWith("/")) { path = path.substring(1); } return new URL(String.format("%s://%s:%d/%s", getProtocol(), serverAddr.getHostName(), serverAddr.getPort(), path)); }
protected void tearDown() throws Exception { stopExternalAuthenticationServer(); server.stopAndWait(); // Clear any security properties for zookeeper. System.clearProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1); Configuration.setConfiguration(null); }
/** * Test an unauthorized status request to server. * * @throws Exception */ @Test public void testStatusResponse() throws Exception { HttpURLConnection urlConn = openConnection(getURL(Constants.EndPoints.STATUS)); try { // Status request is authorized without any extra headers Assert.assertEquals(200, urlConn.getResponseCode()); } finally { urlConn.disconnect(); } }
HttpURLConnection urlConn = openConnection(getURL(GrantAccessToken.Paths.GET_EXTENDED_TOKEN)); try { Optional.ofNullable(getAuthRequestHeader()).ifPresent(m -> m.forEach(urlConn::addRequestProperty)); Assert.assertEquals(getAuthenticatedUserName(), token.getIdentifier().getUsername()); LOG.info("AccessToken got from ExternalAuthenticationServer is: " + encodedToken); } finally {
protected void setup() throws Exception { Assert.assertNotNull("CConfiguration needs to be set by derived classes", configuration); // Intentionally set "security.auth.server.announce.urls" to invalid // values verify that they are not used by external authentication server configuration.set(Constants.Security.AUTH_SERVER_ANNOUNCE_URLS, "invalid.urls"); Module securityModule = Modules.override(new SecurityModules().getInMemoryModules()).with( new AbstractModule() { @Override protected void configure() { bind(AuditLogHandler.class) .annotatedWith(Names.named( ExternalAuthenticationServer.NAMED_EXTERNAL_AUTH)) .toInstance(new AuditLogHandler(TEST_AUDIT_LOGGER)); } } ); Injector injector = Guice.createInjector(new IOModule(), securityModule, new ConfigModule(getConfiguration(configuration), HBaseConfiguration.create(), sConfiguration), new InMemoryDiscoveryModule()); server = injector.getInstance(ExternalAuthenticationServer.class); tokenCodec = injector.getInstance(AccessTokenCodec.class); discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class); startExternalAuthenticationServer(); server.startAndWait(); LOG.info("Auth server running on address {}", server.getSocketAddress()); TimeUnit.SECONDS.sleep(3); }
private HttpsURLConnection openConnection(URL url, String keyStoreResource) throws Exception { HttpsURLConnection urlConn = (HttpsURLConnection) super.openConnection(url); URL clientKeystoreURL = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource(keyStoreResource); Assert.assertNotNull(clientKeystoreURL); KeyStore ks = KeyStore.getInstance("JKS"); try (InputStream is = clientKeystoreURL.openConnection().getInputStream()) { ks.load(is, "secret".toCharArray()); } return new HttpsEnabler().setKeyStore(ks, () -> configuration.get("security.auth.server.ssl.keystore.password", "secret").toCharArray()) .setTrustAll(true) .enable(urlConn); }
HttpURLConnection urlConn = openConnection(getURL(GrantAccessToken.Paths.GET_TOKEN)); try { Optional.ofNullable(getAuthRequestHeader()).ifPresent(m -> m.forEach(urlConn::addRequestProperty)); Assert.assertEquals(200, urlConn.getResponseCode()); verify(TEST_AUDIT_LOGGER, timeout(10000).atLeastOnce()).trace(contains(getAuthenticatedUserName())); Assert.assertEquals(getAuthenticatedUserName(), token.getIdentifier().getUsername()); LOG.info("AccessToken got from ExternalAuthenticationServer is: " + encodedToken); } finally {
/** * Test an unauthorized request to server. * * @throws Exception */ @Test public void testInvalidAuthentication() throws Exception { HttpURLConnection urlConn = openConnection(getURL(GrantAccessToken.Paths.GET_TOKEN)); try { Optional.ofNullable(getAuthRequestHeader()) .ifPresent(m -> m.forEach((k, v) -> urlConn.addRequestProperty(k, "xxxxx"))); // Request is Unauthorized Assert.assertEquals(401, urlConn.getResponseCode()); verify(TEST_AUDIT_LOGGER, timeout(10000).atLeastOnce()).trace(contains("401")); } finally { urlConn.disconnect(); } }