Refine search
HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; boolean isHttps = "https".equals(httpRequest.getScheme()); try { boolean newToken = false; log.warn("AuthenticationToken ignored: " + ex.getMessage()); authenticationEx = ex; if (log.isDebugEnabled()) { log.debug(ex, "Authentication exception: " + ex.getMessage()); } else { log.warn("Authentication exception: " + ex.getMessage()); } else { httpResponse.sendError(errCode, authenticationEx.getMessage());
.getHeader(org.apache.hadoop.security.authentication.client.KerberosAuthenticator.AUTHORIZATION); .trim(); final byte[] clientToken = StringUtils.decodeBase64String(authorization); final String serverName = request.getServerName(); try { token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException());
@Override public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null; String param = request.getParameter("authenticated"); if (param != null && param.equals("true")) { token = new AuthenticationToken("u", "p", "t"); token.setExpires((expired) ? 0 : System.currentTimeMillis() + TOKEN_VALIDITY_SEC); } else { if (request.getHeader("WWW-Authenticate") == null) { response.setHeader("WWW-Authenticate", "dummyauth"); } else { throw new AuthenticationException("AUTH FAILED"); } } return token; } }
throws IOException, AuthenticationException { AuthenticationToken token = null; String authorization = request.getHeader( KerberosAuthenticator.AUTHORIZATION); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if (authorization == null) { LOG.trace("SPNEGO starting for url: {}", request.getRequestURL()); } else { LOG.warn("'" + KerberosAuthenticator.AUTHORIZATION + final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); final String serverName = InetAddress.getByName(request.getServerName()) .getCanonicalHostName(); try { return token; } else { throw new AuthenticationException(lastException); throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException());
throws IOException, AuthenticationException { AuthenticationToken token = null; String authorization = request.getHeader( KerberosAuthenticator.AUTHORIZATION); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if (authorization == null) { LOG.trace("SPNEGO starting for url: {}", request.getRequestURL()); } else { LOG.warn("'" + KerberosAuthenticator.AUTHORIZATION + throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException()); throw new AuthenticationException(ex);
HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; boolean isHttps = "https".equals(httpRequest.getScheme()); AuthenticationHandler authHandler = getAuthenticationHandler(); if (supportTrustedProxy && doAsUser != null && !doAsUser.equals(httpRequest.getRemoteUser())) { LOG.debug("doAsUser is {}", doAsUser); } else if(StringUtils.isNotBlank(httpRequest.getRemoteUser()) && atlasProxyUsers.contains(httpRequest.getRemoteUser())){ LOG.info("Ignoring kerberos login from proxy user "+ httpRequest.getRemoteUser()); LOG.warn("Authentication exception: {}", ex.getMessage(), ex); httpResponse.sendError(errCode, authenticationEx.getMessage());
KerberosDelegationTokenAuthenticator. DelegationTokenOperation.valueOf(op); if (dtOp.getHttpMethod().equals(request.getMethod())) { boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { doAsUser, requestUgi); try { ProxyUsers.authorize(requestUgi, request.getRemoteAddr()); } catch (AuthorizationException ex) { HttpExceptionUtils.createServletExceptionResponse(response, map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); map.put("long", expirationTime); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); MessageFormat.format( "Wrong HTTP method [{0}] for operation [{1}], it should be " + "[{2}]", request.getMethod(), dtOp, dtOp.getHttpMethod())); requestContinues = false;
op = (op != null) ? StringUtils.toUpperCase(op) : null; if (DELEGATION_TOKEN_OPS.contains(op) && !request.getMethod().equals("OPTIONS")) { KerberosDelegationTokenAuthenticator.DelegationTokenOperation dtOp = KerberosDelegationTokenAuthenticator. DelegationTokenOperation.valueOf(op); if (dtOp.getHttpMethod().equals(request.getMethod())) { boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { doAsUser, requestUgi); try { ProxyUsers.authorize(requestUgi, request.getRemoteHost()); } catch (AuthorizationException ex) { HttpExceptionUtils.createServletExceptionResponse(response, map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); map.put("long", expirationTime); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
getType()); token.setExpires(0); request.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, ugi); } catch (Throwable ex) { token = null; HttpExceptionUtils.createServletExceptionResponse(response, HttpServletResponse.SC_FORBIDDEN, new AuthenticationException(ex));
Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { throw new AuthenticationException(ex); token = AuthenticationToken.parse(tokenStr); if (!token.getType().equals(getAuthenticationHandler().getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); throw new AuthenticationException("AuthenticationToken expired");
Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie}); filter.getToken(request); } catch (AuthenticationException ex) { Assert.assertEquals("AuthenticationToken expired", ex.getMessage()); failed = true; } finally {
throw new AuthenticationException(le);
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser) throws IOException { try { doDelegationTokenOperation(url, token, DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false, doAsUser); } catch (AuthenticationException ex) { throw new IOException("This should not happen: " + ex.getMessage(), ex); } }
@Override public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null; String param = request.getParameter("authenticated"); if (param != null && param.equals("true")) { token = new AuthenticationToken("u", "p", "t"); token.setExpires((expired) ? 0 : System.currentTimeMillis() + TOKEN_VALIDITY_SEC); } else { if (request.getHeader("WWW-Authenticate") == null) { response.setHeader("WWW-Authenticate", "dummyauth"); } else { throw new AuthenticationException("AUTH FAILED"); } } return token; } }
throws IOException, AuthenticationException { AuthenticationToken token = null; String authorization = request.getHeader( KerberosAuthenticator.AUTHORIZATION); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if (authorization == null) { LOG.trace("SPNEGO starting for url: {}", request.getRequestURL()); } else { LOG.warn("'" + KerberosAuthenticator.AUTHORIZATION + final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); final String serverName = InetAddress.getByName(request.getServerName()) .getCanonicalHostName(); try { return token; } else { throw new AuthenticationException(lastException); throw (IOException) ex.getException(); } else { throw new AuthenticationException(ex.getException());
KerberosDelegationTokenAuthenticator. DelegationTokenOperation.valueOf(op); if (dtOp.getHttpMethod().equals(request.getMethod())) { boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { doAsUser, requestUgi); try { ProxyUsers.authorize(requestUgi, request.getRemoteAddr()); } catch (AuthorizationException ex) { HttpExceptionUtils.createServletExceptionResponse(response, map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); map.put("long", expirationTime); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); MessageFormat.format( "Wrong HTTP method [{0}] for operation [{1}], it should be " + "[{2}]", request.getMethod(), dtOp, dtOp.getHttpMethod())); requestContinues = false;
op = (op != null) ? StringUtils.toUpperCase(op) : null; if (DELEGATION_TOKEN_OPS.contains(op) && !request.getMethod().equals("OPTIONS")) { KerberosDelegationTokenAuthenticator.DelegationTokenOperation dtOp = KerberosDelegationTokenAuthenticator. DelegationTokenOperation.valueOf(op); if (dtOp.getHttpMethod().equals(request.getMethod())) { boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { doAsUser, requestUgi); try { ProxyUsers.authorize(requestUgi, request.getRemoteHost()); } catch (AuthorizationException ex) { HttpExceptionUtils.createServletExceptionResponse(response, map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex); map.put("long", expirationTime); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
getType()); token.setExpires(0); request.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, ugi); } catch (Throwable ex) { token = null; HttpExceptionUtils.createServletExceptionResponse(response, HttpServletResponse.SC_FORBIDDEN, new AuthenticationException(ex));
AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { tokenStr = cookie.getValue(); if (tokenStr.isEmpty()) { throw new AuthenticationException("Unauthorized access"); throw new AuthenticationException(ex); boolean match = verifyTokenType(getAuthenticationHandler(), token); if (!match) { throw new AuthenticationException("Invalid AuthenticationToken type"); throw new AuthenticationException("AuthenticationToken expired");
Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie}); filter.getToken(request); } catch (AuthenticationException ex) { Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage()); failed = true; } finally {