org.apache.hadoop.security.authentication.util.SignerSecretProvider Java Examples

The following examples show how to use org.apache.hadoop.security.authentication.util.SignerSecretProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AtlasAuthenticationFilter.java    From atlas with Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig) throws ServletException {
    LOG.info("==> AtlasAuthenticationFilter.initializeSecretProvider");

    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);

    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);

        configPrefix = (configPrefix != null) ? configPrefix + "." : "";

        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(filterConfig.getServletContext(), super.getConfiguration(configPrefix, filterConfig), false);

            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }

    signer = new Signer(secretProvider);

    LOG.info("<== AtlasAuthenticationFilter.initializeSecretProvider(filterConfig={})", filterConfig);
}
 
Example #2
Source File: AtlasAuthenticationFilter.java    From incubator-atlas with Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig)
        throws ServletException {
    LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider {}", filterConfig);
    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().
            getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);
    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
        configPrefix = (configPrefix != null) ? configPrefix + "." : "";
        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(
                    filterConfig.getServletContext(),
                    super.getConfiguration(configPrefix, filterConfig), false);
            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }
    signer = new Signer(secretProvider);
}
 
Example #3
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private static SignerSecretProvider getMockedServletContextWithStringSigner(
    FilterConfig config) throws Exception {
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET,
                                  "secret");
  SignerSecretProvider secretProvider =
      StringSignerSecretProviderCreator.newStringSignerSecretProvider();
  secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);

  ServletContext context = Mockito.mock(ServletContext.class);
  Mockito.when(context.getAttribute(
          AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE))
          .thenReturn(secretProvider);
  Mockito.when(config.getServletContext()).thenReturn(context);
  return secretProvider;
}
 
Example #4
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 6 votes vote down vote up
private static SignerSecretProvider getMockedServletContextWithStringSigner(
    FilterConfig config) throws Exception {
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET,
                                  "secret");
  SignerSecretProvider secretProvider =
      StringSignerSecretProviderCreator.newStringSignerSecretProvider();
  secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);

  ServletContext context = Mockito.mock(ServletContext.class);
  Mockito.when(context.getAttribute(
          AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE))
          .thenReturn(secretProvider);
  Mockito.when(config.getServletContext()).thenReturn(context);
  return secretProvider;
}
 
Example #5
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #6
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final ConfigurationSource conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #7
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #8
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #9
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}
 
Example #10
Source File: HttpServer2.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #11
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}
 
Example #12
Source File: HttpServer2.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example #13
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testManagementOperation() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("false");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).
      thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).
      thenReturn(new StringBuffer("http://foo:8080/bar"));

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    FilterChain chain = Mockito.mock(FilterChain.class);

    filter.doFilter(request, response, chain);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

    Mockito.reset(request);
    Mockito.reset(response);

    AuthenticationToken token = new AuthenticationToken("u", "p", "t");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());
    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    filter.doFilter(request, response, chain);

    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

  } finally {
    filter.destroy();
  }
}
 
Example #14
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 
Example #15
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 
Example #16
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetTokenExpired() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token =
        new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not expired", failed);
    }
  } finally {
    filter.destroy();
  }
}
 
Example #17
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetTokenInvalidType() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not invalid type", failed);
    }
  } finally {
    filter.destroy();
  }
}
 
Example #18
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private void _testDoFilterAuthentication(boolean withDomainPath,
                                         boolean invalidToken,
                                         boolean expired) throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  FilterConfig config = Mockito.mock(FilterConfig.class);
  Mockito.when(config.getInitParameter("management.operation.return")).
          thenReturn("true");
  Mockito.when(config.getInitParameter("expired.token")).
          thenReturn(Boolean.toString(expired));
  Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE))
          .thenReturn(DummyAuthenticationHandler.class.getName());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .SIGNATURE_SECRET)).thenReturn("secret");
  Mockito.when(config.getInitParameterNames()).thenReturn(new
          Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
          AuthenticationFilter.AUTH_TOKEN_VALIDITY,
          AuthenticationFilter.SIGNATURE_SECRET, "management.operation" +
          ".return", "expired.token")).elements());
  getMockedServletContextWithStringSigner(config);

  if (withDomainPath) {
    Mockito.when(config.getInitParameter(AuthenticationFilter
            .COOKIE_DOMAIN)).thenReturn(".foo.com");
    Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH))
            .thenReturn("/bar");
    Mockito.when(config.getInitParameterNames()).thenReturn(new
            Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
            AuthenticationFilter.AUTH_TOKEN_VALIDITY,
            AuthenticationFilter.SIGNATURE_SECRET,
            AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter
            .COOKIE_PATH, "management.operation.return")).elements());
  }

  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  Mockito.when(request.getParameter("authenticated")).thenReturn("true");
  Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer
          ("http://foo:8080/bar"));
  Mockito.when(request.getQueryString()).thenReturn("authenticated=true");

  if (invalidToken) {
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{new Cookie
            (AuthenticatedURL.AUTH_COOKIE, "foo")});
  }

  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  FilterChain chain = Mockito.mock(FilterChain.class);

  final HashMap<String, String> cookieMap = new HashMap<String, String>();
  Mockito.doAnswer(new Answer<Object>() {
    @Override
    public Object answer(InvocationOnMock invocation) throws Throwable {
      String cookieHeader = (String)invocation.getArguments()[1];
      parseCookieMap(cookieHeader, cookieMap);
      return null;
    }
  }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());

  try {
    filter.init(config);
    filter.doFilter(request, response, chain);

    if (expired) {
      Mockito.verify(response, Mockito.never()).
        addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    } else {
      String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
      Assert.assertNotNull("cookie missing", v);
      Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains
              ("t=") && v.contains("e=") && v.contains("s="));
      Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class),
              Mockito.any(ServletResponse.class));

      SignerSecretProvider secretProvider =
          StringSignerSecretProviderCreator.newStringSignerSecretProvider();
      Properties secretProviderProps = new Properties();
      secretProviderProps.setProperty(
              AuthenticationFilter.SIGNATURE_SECRET, "secret");
      secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
      Signer signer = new Signer(secretProvider);
      String value = signer.verifyAndExtract(v);
      AuthenticationToken token = AuthenticationToken.parse(value);
      assertThat(token.getExpires(), not(0L));

      if (withDomainPath) {
        Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
        Assert.assertEquals("/bar", cookieMap.get("Path"));
      } else {
        Assert.assertFalse(cookieMap.containsKey("Domain"));
        Assert.assertFalse(cookieMap.containsKey("Path"));
      }
    }
  } finally {
    filter.destroy();
  }
}
 
Example #19
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
private void _testDoFilterAuthentication(boolean withDomainPath,
                                         boolean invalidToken,
                                         boolean expired) throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  FilterConfig config = Mockito.mock(FilterConfig.class);
  Mockito.when(config.getInitParameter("management.operation.return")).
          thenReturn("true");
  Mockito.when(config.getInitParameter("expired.token")).
          thenReturn(Boolean.toString(expired));
  Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE))
          .thenReturn(DummyAuthenticationHandler.class.getName());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .SIGNATURE_SECRET)).thenReturn("secret");
  Mockito.when(config.getInitParameterNames()).thenReturn(new
          Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
          AuthenticationFilter.AUTH_TOKEN_VALIDITY,
          AuthenticationFilter.SIGNATURE_SECRET, "management.operation" +
          ".return", "expired.token")).elements());
  getMockedServletContextWithStringSigner(config);

  if (withDomainPath) {
    Mockito.when(config.getInitParameter(AuthenticationFilter
            .COOKIE_DOMAIN)).thenReturn(".foo.com");
    Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH))
            .thenReturn("/bar");
    Mockito.when(config.getInitParameterNames()).thenReturn(new
            Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
            AuthenticationFilter.AUTH_TOKEN_VALIDITY,
            AuthenticationFilter.SIGNATURE_SECRET,
            AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter
            .COOKIE_PATH, "management.operation.return")).elements());
  }

  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  Mockito.when(request.getParameter("authenticated")).thenReturn("true");
  Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer
          ("http://foo:8080/bar"));
  Mockito.when(request.getQueryString()).thenReturn("authenticated=true");

  if (invalidToken) {
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{new Cookie
            (AuthenticatedURL.AUTH_COOKIE, "foo")});
  }

  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  FilterChain chain = Mockito.mock(FilterChain.class);

  final HashMap<String, String> cookieMap = new HashMap<String, String>();
  Mockito.doAnswer(new Answer<Object>() {
    @Override
    public Object answer(InvocationOnMock invocation) throws Throwable {
      String cookieHeader = (String)invocation.getArguments()[1];
      parseCookieMap(cookieHeader, cookieMap);
      return null;
    }
  }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());

  try {
    filter.init(config);
    filter.doFilter(request, response, chain);

    if (expired) {
      Mockito.verify(response, Mockito.never()).
        addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    } else {
      String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
      Assert.assertNotNull("cookie missing", v);
      Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains
              ("t=") && v.contains("e=") && v.contains("s="));
      Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class),
              Mockito.any(ServletResponse.class));

      SignerSecretProvider secretProvider =
          StringSignerSecretProviderCreator.newStringSignerSecretProvider();
      Properties secretProviderProps = new Properties();
      secretProviderProps.setProperty(
              AuthenticationFilter.SIGNATURE_SECRET, "secret");
      secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
      Signer signer = new Signer(secretProvider);
      String value = signer.verifyAndExtract(v);
      AuthenticationToken token = AuthenticationToken.parse(value);
      assertThat(token.getExpires(), not(0L));

      if (withDomainPath) {
        Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
        Assert.assertEquals("/bar", cookieMap.get("Path"));
      } else {
        Assert.assertFalse(cookieMap.containsKey("Domain"));
        Assert.assertFalse(cookieMap.containsKey("Path"));
      }
    }
  } finally {
    filter.destroy();
  }
}
 
Example #20
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 
Example #21
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 
Example #22
Source File: TestAuthenticationFilter.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testManagementOperation() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("false");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).
      thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).
      thenReturn(new StringBuffer("http://foo:8080/bar"));

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    FilterChain chain = Mockito.mock(FilterChain.class);

    filter.doFilter(request, response, chain);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

    Mockito.reset(request);
    Mockito.reset(response);

    AuthenticationToken token = new AuthenticationToken("u", "p", "t");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());
    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    filter.doFilter(request, response, chain);

    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

  } finally {
    filter.destroy();
  }
}
 
Example #23
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetTokenInvalidType() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not invalid type", failed);
    }
  } finally {
    filter.destroy();
  }
}
 
Example #24
Source File: TestAuthenticationFilter.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetTokenExpired() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token =
        new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not expired", failed);
    }
  } finally {
    filter.destroy();
  }
}