private void testValidDelegationToken(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.DELEGATION_PARAM)). thenReturn(dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser().getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(HttpFSKerberosAuthenticationHandler.TYPE, token.getType()); Assert.assertTrue(token.isExpired()); }
private void testValidDelegationToken(AuthenticationHandler handler) throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "user"); Mockito.when( request.getParameter(HttpFSKerberosAuthenticator.DELEGATION_PARAM)). thenReturn(dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert .assertEquals(UserGroupInformation.getCurrentUser().getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(HttpFSKerberosAuthenticationHandler.TYPE, token.getType()); Assert.assertTrue(token.isExpired()); }
@SuppressWarnings("unchecked") private static Map delegationTokenToJSON(Token token) throws IOException { Map json = new LinkedHashMap(); json.put(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON, token.encodeToUrlString()); Map response = new LinkedHashMap(); response.put(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON, json); return response; }
private void testCancelToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.CANCELDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); Token<DelegationTokenIdentifier> token = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "foo"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(token.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); try { HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(token); Assert.fail(); } catch (DelegationTokenManagerException ex) { Assert.assertTrue(ex.toString().contains("DT01")); } }
private void testRenewToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("equires SPNEGO authentication established")); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).sendError( Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class).createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(dToken); }
private void testCancelToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.CANCELDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); Token<DelegationTokenIdentifier> token = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "foo"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(token.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); try { HttpFSServerWebApp.get().get(DelegationTokenManager.class) .verifyToken(token); Assert.fail(); } catch (DelegationTokenManagerException ex) { Assert.assertTrue(ex.toString().contains("DT01")); } }
private void testRenewToken(AuthenticationHandler handler) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.RENEWDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.contains("equires SPNEGO authentication established")); Mockito.reset(response); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response) .sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST), Mockito.contains("requires the parameter [token]")); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = HttpFSServerWebApp.get().get(DelegationTokenManager.class) .createToken(UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.TOKEN_PARAM)). thenReturn(dToken.encodeToUrlString()); Assert.assertFalse(handler.managementOperation(token, request, response)); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); HttpFSServerWebApp.get().get(DelegationTokenManager.class) .verifyToken(dToken); }
private void testGetToken(AuthenticationHandler handler, String renewer) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.GETDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.RENEWER_PARAM)). thenReturn(renewer); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Assert.assertFalse(handler.managementOperation(token, request, response)); if (renewer == null) { Mockito.verify(token).getUserName(); } else { Mockito.verify(token, Mockito.never()).getUserName(); } Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Mockito.verify(response).setContentType(MediaType.APPLICATION_JSON); pwriter.close(); String responseOutput = writer.toString(); String tokenLabel = HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON; Assert.assertTrue(responseOutput.contains(tokenLabel)); Assert.assertTrue(responseOutput.contains( HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON)); JSONObject json = (JSONObject) new JSONParser().parse(responseOutput); json = (JSONObject) json.get(tokenLabel); String tokenStr; tokenStr = (String) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); Token<DelegationTokenIdentifier> dt = new Token<DelegationTokenIdentifier>(); dt.decodeFromUrlString(tokenStr); HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(dt); }
@Test @TestDir @TestJetty @TestHdfs public void testDelegationTokenHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { //get delegation token doing SPNEGO authentication URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) new JSONParser() .parse(new InputStreamReader(conn.getInputStream())); json = (JSONObject) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON); String tokenStr = (String) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); //access httpfs using the delegation token url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //try to renew the delegation token without SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_UNAUTHORIZED); //renew the delegation token with SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = aUrl.openConnection(url, aToken); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //cancel delegation token, no need for SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //try to access httpfs with the canceled delegation token url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_UNAUTHORIZED); return null; } }); }
@Test @TestDir @TestJetty @TestHdfs public void testDelegationTokenOperations() throws Exception { createHttpFSServer(true); URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); AuthenticationToken token = new AuthenticationToken("u", "p", HttpFSKerberosAuthenticationHandlerForTesting.TYPE); token.setExpires(System.currentTimeMillis() + 100000000); Signer signer = new Signer("secret".getBytes()); String tokenSigned = signer.sign(token.toString()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); JSONObject json = (JSONObject) new JSONParser().parse(new InputStreamReader(conn.getInputStream())); json = (JSONObject) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); }
private void testGetToken(AuthenticationHandler handler, String renewer) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.GETDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito .when(request.getParameter(HttpFSKerberosAuthenticator.RENEWER_PARAM)). thenReturn(renewer); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Assert.assertFalse(handler.managementOperation(token, request, response)); if (renewer == null) { Mockito.verify(token).getUserName(); } else { Mockito.verify(token, Mockito.never()).getUserName(); } Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Mockito.verify(response).setContentType(MediaType.APPLICATION_JSON); pwriter.close(); String responseOutput = writer.toString(); String tokenLabel = HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON; Assert.assertTrue(responseOutput.contains(tokenLabel)); Assert.assertTrue(responseOutput.contains( HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON)); JSONObject json = (JSONObject) new JSONParser().parse(responseOutput); json = (JSONObject) json.get(tokenLabel); String tokenStr; tokenStr = (String) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); Token<DelegationTokenIdentifier> dt = new Token<>(); dt.decodeFromUrlString(tokenStr); HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(dt); }
@Test @TestDir @TestJetty @TestHdfs @Ignore public void testDelegationTokenHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { //get delegation token doing SPNEGO authentication URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) new JSONParser() .parse(new InputStreamReader(conn.getInputStream())); json = (JSONObject) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON); String tokenStr = (String) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); //access httpfs using the delegation token url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //try to renew the delegation token without SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_UNAUTHORIZED); //renew the delegation token with SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = aUrl.openConnection(url, aToken); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //cancel delegation token, no need for SPNEGO credentials url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); //try to access httpfs with the canceled delegation token url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_UNAUTHORIZED); return null; } }); }
@Test @TestDir @TestJetty @TestHdfs public void testDelegationTokenOperations() throws Exception { createHttpFSServer(true); URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); AuthenticationToken token = new AuthenticationToken("u", "p", HttpFSKerberosAuthenticationHandlerForTesting.TYPE); token.setExpires(System.currentTimeMillis() + 100000000); SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider(); Properties secretProviderProps = new Properties(); secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret"); secretProvider.init(secretProviderProps, null, -1); Signer signer = new Signer(secretProvider); String tokenSigned = signer.sign(token.toString()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); JSONObject json = (JSONObject) new JSONParser() .parse(new InputStreamReader(conn.getInputStream())); json = (JSONObject) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON); String tokenStr = (String) json .get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert .assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); }
private void testGetToken(AuthenticationHandler handler, String renewer, Text expectedTokenKind) throws Exception { DelegationTokenOperation op = DelegationTokenOperation.GETDELEGATIONTOKEN; HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)). thenReturn(op.toString()); Mockito.when(request.getMethod()). thenReturn(op.getHttpMethod()); AuthenticationToken token = Mockito.mock(AuthenticationToken.class); Mockito.when(token.getUserName()).thenReturn("user"); Assert.assertFalse(handler.managementOperation(null, request, response)); Mockito.when(request.getParameter(HttpFSKerberosAuthenticator.RENEWER_PARAM)). thenReturn(renewer); Mockito.reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Mockito.when(response.getWriter()).thenReturn(pwriter); Assert.assertFalse(handler.managementOperation(token, request, response)); if (renewer == null) { Mockito.verify(token).getUserName(); } else { Mockito.verify(token, Mockito.never()).getUserName(); } Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Mockito.verify(response).setContentType(MediaType.APPLICATION_JSON); pwriter.close(); String responseOutput = writer.toString(); String tokenLabel = HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON; Assert.assertTrue(responseOutput.contains(tokenLabel)); Assert.assertTrue(responseOutput.contains( HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON)); JSONObject json = (JSONObject) new JSONParser().parse(responseOutput); json = (JSONObject) json.get(tokenLabel); String tokenStr; tokenStr = (String) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); Token<DelegationTokenIdentifier> dt = new Token<DelegationTokenIdentifier>(); dt.decodeFromUrlString(tokenStr); HttpFSServerWebApp.get().get(DelegationTokenManager.class).verifyToken(dt); Assert.assertEquals(expectedTokenKind, dt.getKind()); }
@Test @TestDir @TestJetty @TestHdfs public void testDelegationTokenOperations() throws Exception { createHttpFSServer(true); URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); AuthenticationToken token = new AuthenticationToken("u", "p", HttpFSKerberosAuthenticationHandlerForTesting.TYPE); token.setExpires(System.currentTimeMillis() + 100000000); Signer signer = new Signer("secret".getBytes()); String tokenSigned = signer.sign(token.toString()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"); conn = (HttpURLConnection) url.openConnection(); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); JSONObject json = (JSONObject) new JSONParser().parse(new InputStreamReader(conn.getInputStream())); json = (JSONObject) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); conn.setRequestProperty("Cookie", AuthenticatedURL.AUTH_COOKIE + "=" + tokenSigned); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + tokenStr); conn = (HttpURLConnection) url.openConnection(); Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); }
