return super.authenticate(request, response);
throws IOException, AuthenticationException { AuthenticationToken token; String delegationParam = getDelegationToken(request); if (delegationParam != null) { LOG.debug("Authenticating with dt param: {}", delegationParam); getType()); token.setExpires(0); request.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, ugi);
@Override public void init(Properties config) throws ServletException { authHandler.init(config); initTokenManager(config); initJsonFactory(config); }
KerberosDelegationTokenAuthenticator.OP_PARAM); op = (op != null) ? StringUtils.toUpperCase(op) : null; if (isManagementOperation(request)) { KerberosDelegationTokenAuthenticator.DelegationTokenOperation dtOp = KerberosDelegationTokenAuthenticator. Token<?> dToken = tokenManager.createToken(requestUgi, renewer, service); map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
@SuppressWarnings("unchecked") private void testValidDelegationTokenHeader() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getHeader(Mockito.eq( DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn( dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { token = authenticate(request, response); if (token == null) { requestContinues = false; try { Token<?> dToken = tokenManager.createToken(requestUgi, renewer); map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
@Override public void init(Properties config) throws ServletException { authHandler.init(config); initTokenManager(config); }
@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED)); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" + dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken);
@After public void cleanUp() { handler.destroy(); }
@SuppressWarnings("unchecked") private void testValidDelegationTokenHeader() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getHeader(Mockito.eq( DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn( dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { token = authenticate(request, response); if (token == null) { requestContinues = false; try { Token<?> dToken = tokenManager.createToken(requestUgi, renewer); map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
@Override public void init(Properties config) throws ServletException { authHandler.init(config); initTokenManager(config); }
@Override public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); AuthenticationHandler handler = getAuthenticationHandler(); AbstractDelegationTokenSecretManager dtSecretManager = (AbstractDelegationTokenSecretManager) filterConfig.getServletContext(). getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR); if (dtSecretManager != null && handler instanceof DelegationTokenAuthenticationHandler) { DelegationTokenAuthenticationHandler dtHandler = (DelegationTokenAuthenticationHandler) getAuthenticationHandler(); dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager); } if (handler instanceof PseudoAuthenticationHandler || handler instanceof PseudoDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE); } if (handler instanceof KerberosAuthenticationHandler || handler instanceof KerberosDelegationTokenAuthenticationHandler) { setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS); } // proxyuser configuration Configuration conf = getProxyuserConfiguration(filterConfig); ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX); }
KerberosDelegationTokenAuthenticator.OP_PARAM); op = (op != null) ? StringUtils.toUpperCase(op) : null; if (isManagementOperation(request)) { KerberosDelegationTokenAuthenticator.DelegationTokenOperation dtOp = KerberosDelegationTokenAuthenticator. try { Token<?> dToken = tokenManager.createToken(requestUgi, renewer); map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);
thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED)); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" + dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken);
@After public void cleanUp() { handler.destroy(); }
@SuppressWarnings("unchecked") private void testValidDelegationTokenQueryString() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()).thenReturn( DelegationTokenAuthenticator.DELEGATION_PARAM + "=" + dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
throws IOException, AuthenticationException { AuthenticationToken token; String delegationParam = getDelegationToken(request); if (delegationParam != null) { try { getType()); token.setExpires(0); request.setAttribute(DELEGATION_TOKEN_UGI_ATTRIBUTE, ugi);
boolean doManagement; if (dtOp.requiresKerberosCredentials() && token == null) { token = authenticate(request, response); if (token == null) { requestContinues = false; try { Token<?> dToken = tokenManager.createToken(requestUgi, renewer); map = delegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.toString(), ex);