HADOOP-10911. hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109. (gchanan via tucu)
This commit is contained in:
parent
3de66011c2
commit
156e6a4f8a
@ -61,6 +61,16 @@
|
|||||||
<groupId>org.mortbay.jetty</groupId>
|
<groupId>org.mortbay.jetty</groupId>
|
||||||
<artifactId>jetty</artifactId>
|
<artifactId>jetty</artifactId>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.tomcat.embed</groupId>
|
||||||
|
<artifactId>tomcat-embed-core</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.tomcat.embed</groupId>
|
||||||
|
<artifactId>tomcat-embed-logging-juli</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>javax.servlet</groupId>
|
<groupId>javax.servlet</groupId>
|
||||||
|
@ -519,9 +519,7 @@ public static void createAuthCookie(HttpServletResponse resp, String token,
|
|||||||
StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
|
StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
|
||||||
.append("=");
|
.append("=");
|
||||||
if (token != null && token.length() > 0) {
|
if (token != null && token.length() > 0) {
|
||||||
sb.append("\"")
|
sb.append(token);
|
||||||
.append(token)
|
|
||||||
.append("\"");
|
|
||||||
}
|
}
|
||||||
sb.append("; Version=1");
|
sb.append("; Version=1");
|
||||||
|
|
||||||
|
@ -13,7 +13,22 @@
|
|||||||
*/
|
*/
|
||||||
package org.apache.hadoop.security.authentication.client;
|
package org.apache.hadoop.security.authentication.client;
|
||||||
|
|
||||||
|
import org.apache.catalina.deploy.FilterDef;
|
||||||
|
import org.apache.catalina.deploy.FilterMap;
|
||||||
|
import org.apache.catalina.startup.Tomcat;
|
||||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||||
|
import org.apache.http.HttpResponse;
|
||||||
|
import org.apache.http.auth.AuthScope;
|
||||||
|
import org.apache.http.auth.Credentials;
|
||||||
|
import org.apache.http.client.HttpClient;
|
||||||
|
import org.apache.http.client.methods.HttpGet;
|
||||||
|
import org.apache.http.client.methods.HttpPost;
|
||||||
|
import org.apache.http.client.methods.HttpUriRequest;
|
||||||
|
import org.apache.http.client.params.AuthPolicy;
|
||||||
|
import org.apache.http.entity.InputStreamEntity;
|
||||||
|
import org.apache.http.impl.auth.SPNegoSchemeFactory;
|
||||||
|
import org.apache.http.impl.client.SystemDefaultHttpClient;
|
||||||
|
import org.apache.http.util.EntityUtils;
|
||||||
import org.mortbay.jetty.Server;
|
import org.mortbay.jetty.Server;
|
||||||
import org.mortbay.jetty.servlet.Context;
|
import org.mortbay.jetty.servlet.Context;
|
||||||
import org.mortbay.jetty.servlet.FilterHolder;
|
import org.mortbay.jetty.servlet.FilterHolder;
|
||||||
@ -24,16 +39,19 @@
|
|||||||
import javax.servlet.http.HttpServlet;
|
import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.BufferedReader;
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.OutputStreamWriter;
|
import java.io.OutputStreamWriter;
|
||||||
import java.io.BufferedReader;
|
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.io.Writer;
|
import java.io.Writer;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.ServerSocket;
|
import java.net.ServerSocket;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
import java.security.Principal;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
|
|
||||||
@ -41,10 +59,18 @@ public class AuthenticatorTestCase {
|
|||||||
private Server server;
|
private Server server;
|
||||||
private String host = null;
|
private String host = null;
|
||||||
private int port = -1;
|
private int port = -1;
|
||||||
|
private boolean useTomcat = false;
|
||||||
|
private Tomcat tomcat = null;
|
||||||
Context context;
|
Context context;
|
||||||
|
|
||||||
private static Properties authenticatorConfig;
|
private static Properties authenticatorConfig;
|
||||||
|
|
||||||
|
public AuthenticatorTestCase() {}
|
||||||
|
|
||||||
|
public AuthenticatorTestCase(boolean useTomcat) {
|
||||||
|
this.useTomcat = useTomcat;
|
||||||
|
}
|
||||||
|
|
||||||
protected static void setAuthenticationHandlerConfig(Properties config) {
|
protected static void setAuthenticationHandlerConfig(Properties config) {
|
||||||
authenticatorConfig = config;
|
authenticatorConfig = config;
|
||||||
}
|
}
|
||||||
@ -80,7 +106,19 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected int getLocalPort() throws Exception {
|
||||||
|
ServerSocket ss = new ServerSocket(0);
|
||||||
|
int ret = ss.getLocalPort();
|
||||||
|
ss.close();
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
protected void start() throws Exception {
|
protected void start() throws Exception {
|
||||||
|
if (useTomcat) startTomcat();
|
||||||
|
else startJetty();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void startJetty() throws Exception {
|
||||||
server = new Server(0);
|
server = new Server(0);
|
||||||
context = new Context();
|
context = new Context();
|
||||||
context.setContextPath("/foo");
|
context.setContextPath("/foo");
|
||||||
@ -88,16 +126,42 @@ protected void start() throws Exception {
|
|||||||
context.addFilter(new FilterHolder(TestFilter.class), "/*", 0);
|
context.addFilter(new FilterHolder(TestFilter.class), "/*", 0);
|
||||||
context.addServlet(new ServletHolder(TestServlet.class), "/bar");
|
context.addServlet(new ServletHolder(TestServlet.class), "/bar");
|
||||||
host = "localhost";
|
host = "localhost";
|
||||||
ServerSocket ss = new ServerSocket(0);
|
port = getLocalPort();
|
||||||
port = ss.getLocalPort();
|
|
||||||
ss.close();
|
|
||||||
server.getConnectors()[0].setHost(host);
|
server.getConnectors()[0].setHost(host);
|
||||||
server.getConnectors()[0].setPort(port);
|
server.getConnectors()[0].setPort(port);
|
||||||
server.start();
|
server.start();
|
||||||
System.out.println("Running embedded servlet container at: http://" + host + ":" + port);
|
System.out.println("Running embedded servlet container at: http://" + host + ":" + port);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void startTomcat() throws Exception {
|
||||||
|
tomcat = new Tomcat();
|
||||||
|
File base = new File(System.getProperty("java.io.tmpdir"));
|
||||||
|
org.apache.catalina.Context ctx =
|
||||||
|
tomcat.addContext("/foo",base.getAbsolutePath());
|
||||||
|
FilterDef fd = new FilterDef();
|
||||||
|
fd.setFilterClass(TestFilter.class.getName());
|
||||||
|
fd.setFilterName("TestFilter");
|
||||||
|
FilterMap fm = new FilterMap();
|
||||||
|
fm.setFilterName("TestFilter");
|
||||||
|
fm.addURLPattern("/*");
|
||||||
|
fm.addServletName("/bar");
|
||||||
|
ctx.addFilterDef(fd);
|
||||||
|
ctx.addFilterMap(fm);
|
||||||
|
tomcat.addServlet(ctx, "/bar", TestServlet.class.getName());
|
||||||
|
ctx.addServletMapping("/bar", "/bar");
|
||||||
|
host = "localhost";
|
||||||
|
port = getLocalPort();
|
||||||
|
tomcat.setHostname(host);
|
||||||
|
tomcat.setPort(port);
|
||||||
|
tomcat.start();
|
||||||
|
}
|
||||||
|
|
||||||
protected void stop() throws Exception {
|
protected void stop() throws Exception {
|
||||||
|
if (useTomcat) stopTomcat();
|
||||||
|
else stopJetty();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void stopJetty() throws Exception {
|
||||||
try {
|
try {
|
||||||
server.stop();
|
server.stop();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
@ -109,6 +173,18 @@ protected void stop() throws Exception {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void stopTomcat() throws Exception {
|
||||||
|
try {
|
||||||
|
tomcat.stop();
|
||||||
|
} catch (Exception e) {
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
tomcat.destroy();
|
||||||
|
} catch (Exception e) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected String getBaseURL() {
|
protected String getBaseURL() {
|
||||||
return "http://" + host + ":" + port + "/foo/bar";
|
return "http://" + host + ":" + port + "/foo/bar";
|
||||||
}
|
}
|
||||||
@ -165,4 +241,57 @@ protected void _testAuthentication(Authenticator authenticator, boolean doPost)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private SystemDefaultHttpClient getHttpClient() {
|
||||||
|
final SystemDefaultHttpClient httpClient = new SystemDefaultHttpClient();
|
||||||
|
httpClient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(true));
|
||||||
|
Credentials use_jaas_creds = new Credentials() {
|
||||||
|
public String getPassword() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Principal getUserPrincipal() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
httpClient.getCredentialsProvider().setCredentials(
|
||||||
|
AuthScope.ANY, use_jaas_creds);
|
||||||
|
return httpClient;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void doHttpClientRequest(HttpClient httpClient, HttpUriRequest request) throws Exception {
|
||||||
|
HttpResponse response = null;
|
||||||
|
try {
|
||||||
|
response = httpClient.execute(request);
|
||||||
|
final int httpStatus = response.getStatusLine().getStatusCode();
|
||||||
|
Assert.assertEquals(HttpURLConnection.HTTP_OK, httpStatus);
|
||||||
|
} finally {
|
||||||
|
if (response != null) EntityUtils.consumeQuietly(response.getEntity());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void _testAuthenticationHttpClient(Authenticator authenticator, boolean doPost) throws Exception {
|
||||||
|
start();
|
||||||
|
try {
|
||||||
|
SystemDefaultHttpClient httpClient = getHttpClient();
|
||||||
|
doHttpClientRequest(httpClient, new HttpGet(getBaseURL()));
|
||||||
|
|
||||||
|
// Always do a GET before POST to trigger the SPNego negotiation
|
||||||
|
if (doPost) {
|
||||||
|
HttpPost post = new HttpPost(getBaseURL());
|
||||||
|
byte [] postBytes = POST.getBytes();
|
||||||
|
ByteArrayInputStream bis = new ByteArrayInputStream(postBytes);
|
||||||
|
InputStreamEntity entity = new InputStreamEntity(bis, postBytes.length);
|
||||||
|
|
||||||
|
// Important that the entity is not repeatable -- this means if
|
||||||
|
// we have to renegotiate (e.g. b/c the cookie wasn't handled properly)
|
||||||
|
// the test will fail.
|
||||||
|
Assert.assertFalse(entity.isRepeatable());
|
||||||
|
post.setEntity(entity);
|
||||||
|
doHttpClientRequest(httpClient, post);
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
stop();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -20,16 +20,36 @@
|
|||||||
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
|
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
import org.junit.runners.Parameterized;
|
||||||
|
import org.junit.runners.Parameterized.Parameters;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
|
|
||||||
|
@RunWith(Parameterized.class)
|
||||||
public class TestKerberosAuthenticator extends KerberosSecurityTestcase {
|
public class TestKerberosAuthenticator extends KerberosSecurityTestcase {
|
||||||
|
|
||||||
|
private boolean useTomcat = false;
|
||||||
|
|
||||||
|
public TestKerberosAuthenticator(boolean useTomcat) {
|
||||||
|
this.useTomcat = useTomcat;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Parameterized.Parameters
|
||||||
|
public static Collection booleans() {
|
||||||
|
return Arrays.asList(new Object[][] {
|
||||||
|
{ false },
|
||||||
|
{ true }
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() throws Exception {
|
public void setup() throws Exception {
|
||||||
// create keytab
|
// create keytab
|
||||||
@ -53,7 +73,7 @@ private Properties getAuthenticationHandlerConfiguration() {
|
|||||||
|
|
||||||
@Test(timeout=60000)
|
@Test(timeout=60000)
|
||||||
public void testFallbacktoPseudoAuthenticator() throws Exception {
|
public void testFallbacktoPseudoAuthenticator() throws Exception {
|
||||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
Properties props = new Properties();
|
Properties props = new Properties();
|
||||||
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
||||||
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
|
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
|
||||||
@ -63,7 +83,7 @@ public void testFallbacktoPseudoAuthenticator() throws Exception {
|
|||||||
|
|
||||||
@Test(timeout=60000)
|
@Test(timeout=60000)
|
||||||
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
|
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
|
||||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
Properties props = new Properties();
|
Properties props = new Properties();
|
||||||
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
||||||
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
|
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
|
||||||
@ -73,7 +93,7 @@ public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
|
|||||||
|
|
||||||
@Test(timeout=60000)
|
@Test(timeout=60000)
|
||||||
public void testNotAuthenticated() throws Exception {
|
public void testNotAuthenticated() throws Exception {
|
||||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
||||||
auth.start();
|
auth.start();
|
||||||
try {
|
try {
|
||||||
@ -89,7 +109,7 @@ public void testNotAuthenticated() throws Exception {
|
|||||||
|
|
||||||
@Test(timeout=60000)
|
@Test(timeout=60000)
|
||||||
public void testAuthentication() throws Exception {
|
public void testAuthentication() throws Exception {
|
||||||
final AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
||||||
getAuthenticationHandlerConfiguration());
|
getAuthenticationHandlerConfiguration());
|
||||||
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||||
@ -103,7 +123,7 @@ public Void call() throws Exception {
|
|||||||
|
|
||||||
@Test(timeout=60000)
|
@Test(timeout=60000)
|
||||||
public void testAuthenticationPost() throws Exception {
|
public void testAuthenticationPost() throws Exception {
|
||||||
final AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
||||||
getAuthenticationHandlerConfiguration());
|
getAuthenticationHandlerConfiguration());
|
||||||
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||||
@ -114,4 +134,32 @@ public Void call() throws Exception {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test(timeout=60000)
|
||||||
|
public void testAuthenticationHttpClient() throws Exception {
|
||||||
|
final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
|
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
||||||
|
getAuthenticationHandlerConfiguration());
|
||||||
|
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void call() throws Exception {
|
||||||
|
auth._testAuthenticationHttpClient(new KerberosAuthenticator(), false);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(timeout=60000)
|
||||||
|
public void testAuthenticationHttpClientPost() throws Exception {
|
||||||
|
final AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
|
||||||
|
AuthenticatorTestCase.setAuthenticationHandlerConfig(
|
||||||
|
getAuthenticationHandlerConfiguration());
|
||||||
|
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void call() throws Exception {
|
||||||
|
auth._testAuthenticationHttpClient(new KerberosAuthenticator(), true);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -710,6 +710,9 @@ Release 2.6.0 - UNRELEASED
|
|||||||
loaded. (umamahesh)
|
loaded. (umamahesh)
|
||||||
--
|
--
|
||||||
|
|
||||||
|
HADOOP-10911. hadoop.auth cookie after HADOOP-10710 still not proper
|
||||||
|
according to RFC2109. (gchanan via tucu)
|
||||||
|
|
||||||
Release 2.5.1 - UNRELEASED
|
Release 2.5.1 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -398,6 +398,16 @@
|
|||||||
<artifactId>jetty-util</artifactId>
|
<artifactId>jetty-util</artifactId>
|
||||||
<version>6.1.26</version>
|
<version>6.1.26</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.tomcat.embed</groupId>
|
||||||
|
<artifactId>tomcat-embed-core</artifactId>
|
||||||
|
<version>7.0.55</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.tomcat.embed</groupId>
|
||||||
|
<artifactId>tomcat-embed-logging-juli</artifactId>
|
||||||
|
<version>7.0.55</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>javax.servlet.jsp</groupId>
|
<groupId>javax.servlet.jsp</groupId>
|
||||||
<artifactId>jsp-api</artifactId>
|
<artifactId>jsp-api</artifactId>
|
||||||
|
Loading…
Reference in New Issue
Block a user