public static HttpURLConnection loginAuthenticatedURL(final URL url, final String keytabPrincipal, final String keytabPath) throws Exception { final List<URL> resources = new ArrayList<>(); resources.add(url); final URLClassLoader ucl = new URLClassLoader(resources.toArray(new URL[resources.size()])); final Configuration conf = new Configuration(); conf.setClassLoader(ucl); UserGroupInformation.setConfiguration(conf); logger.info( "Logging in URL: " + url.toString() + " using Principal: " + keytabPrincipal + ", Keytab: " + keytabPath); UserGroupInformation.loginUserFromKeytab(keytabPrincipal, keytabPath); final HttpURLConnection connection = UserGroupInformation.getLoginUser().doAs( (PrivilegedExceptionAction<HttpURLConnection>) () -> { final Token token = new Token(); return new AuthenticatedURL().openConnection(url, token); }); return connection; } }
/** * Initiate client side Kerberos negotiation with the server. * @param method method to inject the authentication token into. * @param uri the String to parse as a URL. * @throws IOException if unknown protocol is found. */ private void negotiate(HttpUriRequest method, String uri) throws IOException { try { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); KerberosAuthenticator authenticator = new KerberosAuthenticator(); authenticator.authenticate(new URL(uri), token); // Inject the obtained negotiated token in the method cookie injectToken(method, token); } catch (AuthenticationException e) { LOG.error("Failed to negotiate with the server.", e); throw new IOException(e); } }
/** Gets the Hadoop kerberos secure connection (not an SSL connection). */ private HttpURLConnection getSecureConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); try { return new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } }
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testExtractTokenOK() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_OK); String tokenStr = "foo"; Map<String, List<String>> headers = new HashMap<String, List<String>>(); List<String> cookies = new ArrayList<String>(); cookies.add(AuthenticatedURL.AUTH_COOKIE + "=" + tokenStr); headers.put("Set-Cookie", cookies); Mockito.when(conn.getHeaderFields()).thenReturn(headers); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); AuthenticatedURL.extractToken(conn, token); Assert.assertEquals(tokenStr, token.toString()); }
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn; try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException | InstantiationException | IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
@Test public void testPing() throws Exception { runTestAsSubject(new TestOperation(){ @Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn = null; try { conn = new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } return conn; } }));
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = exceptionContainsMessage(e,"No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
@Test public void testToken() throws Exception { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); Assert.assertFalse(token.isSet()); token = new AuthenticatedURL.Token("foo"); Assert.assertTrue(token.isSet()); Assert.assertEquals("foo", token.toString()); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = e.getMessage().contains("No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
@Test public void testInjectToken() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); token.set("foo"); AuthenticatedURL.injectToken(conn, token); Mockito.verify(conn).addRequestProperty(Mockito.eq("Cookie"), Mockito.anyString()); }
@Test public void testToken() throws Exception { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); Assert.assertFalse(token.isSet()); token = new AuthenticatedURL.Token("foo"); Assert.assertTrue(token.isSet()); Assert.assertEquals("foo", token.toString()); }
@Test public void testToken() throws Exception { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); Assert.assertFalse(token.isSet()); token = new AuthenticatedURL.Token("foo"); Assert.assertTrue(token.isSet()); Assert.assertEquals("foo", token.toString()); }
private AuthenticatedURL.Token getEncryptedAuthToken(Signer signer, String user) throws Exception { AuthenticationToken token = new AuthenticationToken(user, user, "kerberos"); token.setExpires(System.currentTimeMillis() + TIMEOUT); return new AuthenticatedURL.Token(signer.sign(token.toString())); }
@Test public void testInjectToken() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); token.set("foo"); AuthenticatedURL.injectToken(conn, token); Mockito.verify(conn).addRequestProperty(Mockito.eq("Cookie"), Mockito.anyString()); }
@Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); return null; }} ); }
@Test public void testInjectToken() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); token.set("foo"); AuthenticatedURL.injectToken(conn, token); Mockito.verify(conn).addRequestProperty(Mockito.eq("Cookie"), Mockito.anyString()); }
AuthenticatedURL.Token token = new AuthenticatedURL.Token(); AuthenticatedURL aUrl; SSLFactory clientSslFactory;