/** * Initiate client side Kerberos negotiation with the server. * @param method method to inject the authentication token into. * @param uri the String to parse as a URL. * @throws IOException if unknown protocol is found. */ private void negotiate(HttpUriRequest method, String uri) throws IOException { try { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); KerberosAuthenticator authenticator = new KerberosAuthenticator(); authenticator.authenticate(new URL(uri), token); // Inject the obtained negotiated token in the method cookie injectToken(method, token); } catch (AuthenticationException e) { LOG.error("Failed to negotiate with the server.", e); throw new IOException(e); } }
new KerberosAuthenticator(), clientSslFactory); connection = aUrl.openConnection(url, token); HttpsURLConnection httpsConn = (HttpsURLConnection) connection; httpsConn.setSSLSocketFactory(sslSocketF); } else { aUrl = new AuthenticatedURL(new KerberosAuthenticator()); connection = aUrl.openConnection(url, token);
@Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), true); return null; } });
@Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), true); return null; } });
@Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), true); return null; } });
@Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), false); return null; } });
@Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), false); return null; } });
@Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), true); return null; } });
@Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), false); return null; } });
@Override public Void call() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), true); return null; } });
@Override public Void call() throws Exception { auth._testAuthenticationHttpClient(new KerberosAuthenticator(), true); return null; } });
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); return null; }} ); }
@Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Test(timeout=60000) public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); Properties props = new Properties(); props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true"); AuthenticatorTestCase.setAuthenticationHandlerConfig(props); auth._testAuthentication(new KerberosAuthenticator(), false); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = e.getMessage().contains("No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
@Test(timeout=60000) public void testFallbacktoPseudoAuthenticator() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); Properties props = new Properties(); props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); AuthenticatorTestCase.setAuthenticationHandlerConfig(props); auth._testAuthentication(new KerberosAuthenticator(), false); }
@Test(timeout=60000) public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); Properties props = new Properties(); props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true"); AuthenticatorTestCase.setAuthenticationHandlerConfig(props); auth._testAuthentication(new KerberosAuthenticator(), false); }
@Test(timeout=60000) public void testFallbacktoPseudoAuthenticator() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat); Properties props = new Properties(); props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); AuthenticatorTestCase.setAuthenticationHandlerConfig(props); auth._testAuthentication(new KerberosAuthenticator(), false); }
@Test(timeout=60000) public void testFallbacktoPseudoAuthenticator() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(); Properties props = new Properties(); props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple"); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); AuthenticatorTestCase.setAuthenticationHandlerConfig(props); auth._testAuthentication(new KerberosAuthenticator(), false); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = exceptionContainsMessage(e,"No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }