org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler Java Examples

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 

/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 

@Test
public void testGetConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY,
      "xyz/thehost@REALM");
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
      "thekeytab");
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("xyz/thehost@REALM",
      p.getProperty("kerberos.principal"));
  Assert.assertEquals("thekeytab", p.getProperty("kerberos.keytab"));
  Assert.assertEquals("true",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 

/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 

@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE);
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSClientProvider.TOKEN_KIND);
  return props;
}
 

@Override
public void init(FilterConfig filterConfig) throws ServletException {
  super.init(filterConfig);
  AuthenticationHandler handler = getAuthenticationHandler();
  AbstractDelegationTokenSecretManager dtSecretManager =
      (AbstractDelegationTokenSecretManager) filterConfig.getServletContext().
          getAttribute(DELEGATION_TOKEN_SECRET_MANAGER_ATTR);
  if (dtSecretManager != null && handler
      instanceof DelegationTokenAuthenticationHandler) {
    DelegationTokenAuthenticationHandler dtHandler =
        (DelegationTokenAuthenticationHandler) getAuthenticationHandler();
    dtHandler.setExternalDelegationTokenSecretManager(dtSecretManager);
  }
  if (handler instanceof PseudoAuthenticationHandler ||
      handler instanceof PseudoDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.SIMPLE);
  }
  if (handler instanceof KerberosAuthenticationHandler ||
      handler instanceof KerberosDelegationTokenAuthenticationHandler) {
    setHandlerAuthMethod(SaslRpcServer.AuthMethod.KERBEROS);
  }

  // proxyuser configuration
  Configuration conf = getProxyuserConfiguration(filterConfig);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, PROXYUSER_PREFIX);
}
 

/**
 * Set AUTH_TYPE property to the name of the corresponding authentication
 * handler class based on the input properties.
 * @param props input properties.
 */
protected void setAuthHandlerClass(Properties props)
    throws ServletException {
  String authType = props.getProperty(AUTH_TYPE);
  if (authType == null) {
    throw new ServletException("Config property "
        + AUTH_TYPE + " doesn't exist");
  }
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
}
 

@Test
public void testGetConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY,
      "xyz/thehost@REALM");
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
      "thekeytab");
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("xyz/thehost@REALM",
      p.getProperty("kerberos.principal"));
  Assert.assertEquals("thekeytab", p.getProperty("kerberos.keytab"));
  Assert.assertEquals("true",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

/**
 * Returns the filter configuration properties,
 * including the ones prefixed with {@link #CONF_PREFIX}.
 * The prefix is removed from the returned property names.
 *
 * @param prefix parameter not used.
 * @param config parameter contains the initialization values.
 * @return Hadoop-Auth configuration properties.
 * @throws ServletException 
 */
@Override
protected Properties getConfiguration(String prefix, FilterConfig config)
    throws ServletException {
  final Properties p = super.getConfiguration(CONF_PREFIX, config);
  // set authentication type
  p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
      KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
  // if not set, enable anonymous for pseudo authentication
  if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  }
  //set cookie path
  p.setProperty(COOKIE_PATH, "/");
  return p;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties props = new Properties();
  Configuration conf = KMSWebApp.getConfiguration();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONFIG_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONFIG_PREFIX.length());
      props.setProperty(name, value);
    }
  }
  String authType = props.getProperty(AUTH_TYPE,"simple");
  if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        PseudoDelegationTokenAuthenticationHandler.class.getName());
  } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) {
    props.setProperty(AUTH_TYPE,
        KerberosDelegationTokenAuthenticationHandler.class.getName());
  }
  props.setProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND,
      KMSDelegationToken.TOKEN_KIND.toString());
  return props;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 

@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticator() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 

/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" +
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName, filterConfig);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
  cookieName = config.getProperty(RangerCommonConstants.PROP_COOKIE_NAME, RangerCommonConstants.DEFAULT_COOKIE_NAME);
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
  return conf;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
  return conf;
}
 

@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 

@Test
public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("true",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

@Test
public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
      "false");
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("false",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

/**
 * <p>Initializes the authentication filter and signer secret provider.</p>
 * It instantiates and initializes the specified {@link
 * AuthenticationHandler}.
 *
 * @param filterConfig filter configuration.
 *
 * @throws ServletException thrown if the filter or the authentication handler could not be initialized properly.
 */
@Override
public void init(FilterConfig filterConfig) throws ServletException {
  String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
  configPrefix = (configPrefix != null) ? configPrefix + "." : "";
  config = getConfiguration(configPrefix, filterConfig);
  String authHandlerName = config.getProperty(AUTH_TYPE, null);
  String authHandlerClassName;
  if (authHandlerName == null) {
    throw new ServletException("Authentication type must be specified: " +
        PseudoAuthenticationHandler.TYPE + "|" + 
        KerberosAuthenticationHandler.TYPE + "|<class>");
  }    
  if(StringUtils.equalsIgnoreCase(authHandlerName, PseudoAuthenticationHandler.TYPE)){
    authHandlerClassName = PseudoAuthenticationHandler.class.getName();
  }else if(StringUtils.equalsIgnoreCase(authHandlerName, KerberosAuthenticationHandler.TYPE)){
    authHandlerClassName = KerberosAuthenticationHandler.class.getName();
  } else {
    authHandlerClassName = authHandlerName;
  }

  validity = Long.parseLong(config.getProperty(AUTH_TOKEN_VALIDITY, "36000"))
      * 1000; //10 hours
  initializeSecretProvider(filterConfig);

  initializeAuthHandler(authHandlerClassName);

  cookieDomain = config.getProperty(COOKIE_DOMAIN, null);
  cookiePath = config.getProperty(COOKIE_PATH, null);
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 

@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 

@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticator() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
  return conf;
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) {
  Properties conf = new Properties();
  conf.setProperty(AUTH_TYPE, PseudoAuthenticationHandler.TYPE);
  return conf;
}
 

@Test
public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("true",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

@Test
public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
  AuthFilter filter = new AuthFilter();
  Map<String, String> m = new HashMap<String,String>();
  m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
      "false");
  FilterConfig config = new DummyFilterConfig(m);
  Properties p = filter.getConfiguration("random", config);
  Assert.assertEquals("false",
      p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
 

@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}