org.apache.hadoop.security.authentication.server.AuthenticationToken Java Examples
The following examples show how to use
org.apache.hadoop.security.authentication.server.AuthenticationToken.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From hadoop with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private void testValidDelegationTokenQueryString() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()).thenReturn( DelegationTokenAuthenticator.DELEGATION_PARAM + "=" + dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
Example #2
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From hadoop with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private void testValidDelegationTokenHeader() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getHeader(Mockito.eq( DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn( dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
Example #3
Source File: HttpParamDelegationTokenPlugin.java From lucene-solr with Apache License 2.0 | 6 votes |
@Override public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { AuthenticationToken token = null; String userName = getHttpParam(request, USER_PARAM); if (userName == null) { //check if this is an internal request userName = request.getHeader(INTERNAL_REQUEST_HEADER); } if (userName != null) { return new AuthenticationToken(userName, userName, "test"); } else { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.setHeader("WWW-Authenticate", "dummy"); } return token; }
Example #4
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From big-c with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private void testValidDelegationTokenQueryString() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()).thenReturn( DelegationTokenAuthenticator.DELEGATION_PARAM + "=" + dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
Example #5
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From big-c with Apache License 2.0 | 6 votes |
@SuppressWarnings("unchecked") private void testValidDelegationTokenHeader() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getHeader(Mockito.eq( DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn( dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
Example #6
Source File: AtlasAuthenticationFilter.java From atlas with Apache License 2.0 | 5 votes |
@Override protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); try { tokenStr = this.signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if (token != null) { AuthenticationHandler authHandler = getAuthenticationHandler(); if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #7
Source File: RangerKrbFilter.java From ranger with Apache License 2.0 | 5 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) { tokenStr = cookie.getValue(); try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if(token != null){ if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #8
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 5 votes |
private static AuthenticationToken getTokenFromCookies(Cookie[] cookies) throws AuthenticationException { AuthenticationToken token = null; String tokenStr = null; if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); if (tokenStr.isEmpty()) { throw new AuthenticationException("Empty token"); } try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); boolean match = verifyTokenType(token); if (!match) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } return token; }
Example #9
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 5 votes |
/** * This is called when Kerberos authentication is done and a {@link KerberosToken} has * been acquired. * This function returns a Shiro {@link SimpleAccount} based on the {@link KerberosToken} * provided. Null otherwise. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( org.apache.shiro.authc.AuthenticationToken authenticationToken) throws org.apache.shiro.authc.AuthenticationException { if (null != authenticationToken) { KerberosToken kerberosToken = (KerberosToken) authenticationToken; SimpleAccount account = new SimpleAccount(kerberosToken.getPrincipal(), kerberosToken.getCredentials(), kerberosToken.getClass().getName()); account.addRole(mapGroupPrincipals((String)kerberosToken.getPrincipal())); return account; } return null; }
Example #10
Source File: AtlasAuthenticationFilter.java From incubator-atlas with Apache License 2.0 | 5 votes |
@Override protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); try { tokenStr = this.signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if (token != null) { AuthenticationHandler authHandler = getAuthenticationHandler(); if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #11
Source File: RequestContinuesRecorderAuthenticationHandler.java From lucene-solr with Apache License 2.0 | 5 votes |
public boolean managementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { boolean result = authHandler.managementOperation(token, request, response); request.setAttribute(RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR, Boolean.toString(result)); return result; }
Example #12
Source File: LogsearchKrbFilter.java From ambari-logsearch with Apache License 2.0 | 5 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) { tokenStr = cookie.getValue(); try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if(token != null){ if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #13
Source File: RequestContinuesRecorderAuthenticationHandler.java From lucene-solr with Apache License 2.0 | 4 votes |
public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { return authHandler.authenticate(request, response); }
Example #14
Source File: HttpParamDelegationTokenPlugin.java From lucene-solr with Apache License 2.0 | 4 votes |
@Override public boolean managementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { return false; }
Example #15
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From big-c with Apache License 2.0 | 4 votes |
@SuppressWarnings("unchecked") private void testRenewToken() throws Exception { DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation. RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getQueryString()). thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED)); Mockito.verify(response).setHeader(Mockito.eq( KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.eq("mock") ); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" + dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken); }
Example #16
Source File: TestWebDelegationToken.java From big-c with Apache License 2.0 | 4 votes |
@Override public boolean managementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { return false; }
Example #17
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 4 votes |
@Override public boolean supports(org.apache.shiro.authc.AuthenticationToken token) { return token instanceof KerberosToken; }
Example #18
Source File: TestDelegationTokenAuthenticationHandlerWithMocks.java From hadoop with Apache License 2.0 | 4 votes |
@SuppressWarnings("unchecked") private void testRenewToken() throws Exception { DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation. RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getQueryString()). thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED)); Mockito.verify(response).setHeader(Mockito.eq( KerberosAuthenticator.WWW_AUTHENTICATE), Mockito.eq("mock") ); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" + dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken); }
Example #19
Source File: TestWebDelegationToken.java From hadoop with Apache License 2.0 | 4 votes |
@Override public boolean managementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException { return false; }
Example #20
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 3 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the * {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the * {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured * {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ private AuthenticationToken getToken(HttpServletRequest request) throws AuthenticationException { AuthenticationToken token; Cookie[] cookies = request.getCookies(); token = getTokenFromCookies(cookies); return token; }
Example #21
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 2 votes |
/** * This is an empty implementation, it always returns <code>TRUE</code>. * * @param token the authentication token if any, otherwise <code>NULL</code>. * @param request the HTTP client request. * @param response the HTTP client response. * * @return <code>TRUE</code> * @throws IOException it is never thrown. * @throws AuthenticationException it is never thrown. */ public boolean managementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) { return true; }
Example #22
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 2 votes |
/** * This method verifies if the specified token type matches one of the the * token types supported by our Authentication provider : {@link KerberosRealm} * * @param token The token whose type needs to be verified. * @return true If the token type matches one of the supported token types * false Otherwise */ protected static boolean verifyTokenType(AuthenticationToken token) { return TYPE.equals(token.getType()); }