org.apache.hadoop.security.authentication.client.PseudoAuthenticator Java Examples

The following examples show how to use org.apache.hadoop.security.authentication.client.PseudoAuthenticator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestPseudoAuthenticationHandler.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private void _testUserName(boolean anonymous) throws Exception {
  PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
  try {
    Properties props = new Properties();
    props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous));
    handler.init(props);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getQueryString()).thenReturn(PseudoAuthenticator.USER_NAME + "=" + "user");

    AuthenticationToken token = handler.authenticate(request, response);

    Assert.assertNotNull(token);
    Assert.assertEquals("user", token.getUserName());
    Assert.assertEquals("user", token.getName());
    Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType());
  } finally {
    handler.destroy();
  }
}
 
Example #2
Source File: TestDelegationWithHadoopAuth.java    From lucene-solr with Apache License 2.0 6 votes vote down vote up
private long renewDelegationToken(final String token, final int expectedStatusCode,
    final String user, HttpSolrClient client) throws Exception {
  DelegationTokenRequest.Renew renew = new DelegationTokenRequest.Renew(token) {
    @Override
    public SolrParams getParams() {
      ModifiableSolrParams params = new ModifiableSolrParams(super.getParams());
      params.set(PseudoAuthenticator.USER_NAME, user);
      return params;
    }

    @Override
    public Set<String> getQueryParams() {
      Set<String> queryParams = super.getQueryParams();
      queryParams.add(PseudoAuthenticator.USER_NAME);
      return queryParams;
    }
  };
  try {
    DelegationTokenResponse.Renew renewResponse = renew.process(client);
    assertEquals(HttpStatus.SC_OK, expectedStatusCode);
    return renewResponse.getExpirationTime();
  } catch (BaseHttpSolrClient.RemoteSolrException ex) {
    assertEquals(expectedStatusCode, ex.code());
    return -1;
  }
}
 
Example #3
Source File: TestPseudoAuthenticationHandler.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void _testUserName(boolean anonymous) throws Exception {
  PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
  try {
    Properties props = new Properties();
    props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous));
    handler.init(props);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(request.getQueryString()).thenReturn(PseudoAuthenticator.USER_NAME + "=" + "user");

    AuthenticationToken token = handler.authenticate(request, response);

    Assert.assertNotNull(token);
    Assert.assertEquals("user", token.getUserName());
    Assert.assertEquals("user", token.getName());
    Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType());
  } finally {
    handler.destroy();
  }
}
 
Example #4
Source File: SqoopClient.java    From ranger with Apache License 2.0 5 votes vote down vote up
private static ClientResponse getClientResponse(String sqoopUrl, String sqoopApi, String userName) {
	ClientResponse response = null;
	String[] sqoopUrls = sqoopUrl.trim().split("[,;]");
	if (ArrayUtils.isEmpty(sqoopUrls)) {
		return null;
	}

	Client client = Client.create();

	for (String currentUrl : sqoopUrls) {
		if (StringUtils.isBlank(currentUrl)) {
			continue;
		}

		String url = currentUrl.trim() + sqoopApi + "?" + PseudoAuthenticator.USER_NAME + "=" + userName;
		try {
			response = getClientResponse(url, client);

			if (response != null) {
				if (response.getStatus() == HttpStatus.SC_OK) {
					break;
				} else {
					response.close();
				}
			}
		} catch (Throwable t) {
			String msgDesc = "Exception while getting sqoop response, sqoopUrl: " + url;
			LOG.error(msgDesc, t);
		}
	}
	client.destroy();

	return response;
}
 
Example #5
Source File: KerberosUgiAuthenticator.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
protected Authenticator getFallBackAuthenticator() {
  return new PseudoAuthenticator() {
    @Override
    protected String getUserName() {
      try {
        return UserGroupInformation.getLoginUser().getUserName();
      } catch (IOException e) {
        throw new SecurityException("Failed to obtain current username", e);
      }
    }
  };
}
 
Example #6
Source File: RequestContext.java    From sqoop-on-spark with Apache License 2.0 5 votes vote down vote up
/**
 * Get username specified by custom username HTTP header.
 *
 * @return Name of user sending the request
 */
public String getUserName() {
  if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
    return HttpUserGroupInformation.get().getShortUserName();
  } else {
    return request.getParameter(PseudoAuthenticator.USER_NAME);
  }
}
 
Example #7
Source File: ImpersonatorCollectionsHandler.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
@Override
public void handleRequestBody(SolrQueryRequest req, SolrQueryResponse rsp) throws Exception {
  called.set(true);
  super.handleRequestBody(req, rsp);
  String doAs = req.getParams().get(KerberosPlugin.IMPERSONATOR_DO_AS_HTTP_PARAM);
  if (doAs != null) {
    HttpServletRequest httpRequest = (HttpServletRequest)req.getContext().get("httpRequest");
    Assert.assertNotNull(httpRequest);
    String user = req.getParams().get(PseudoAuthenticator.USER_NAME);
    Assert.assertNotNull(user);
    Assert.assertEquals(user, httpRequest.getAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME));
  }
}
 
Example #8
Source File: ImpersonationUtil.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings({"rawtypes"})
static SolrRequest getProxyRequest(String user, String doAs) {
  return new CollectionAdminRequest.List() {
    @Override
    public SolrParams getParams() {
      ModifiableSolrParams params = new ModifiableSolrParams(super.getParams());
      params.set(PseudoAuthenticator.USER_NAME, user);
      params.set(KerberosPlugin.IMPERSONATOR_DO_AS_HTTP_PARAM, doAs);
      return params;
    }
  };
}
 
Example #9
Source File: TestDelegationWithHadoopAuth.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings({"unchecked"})
private int getStatusCode(String token, final String user, final String op, HttpSolrClient client)
throws Exception {
  SolrClient delegationTokenClient;
  if (random().nextBoolean()) delegationTokenClient = new HttpSolrClient.Builder(client.getBaseURL().toString())
      .withKerberosDelegationToken(token)
      .withResponseParser(client.getParser())
      .build();
  else delegationTokenClient = new CloudSolrClient.Builder(Collections.singletonList(cluster.getZkServer().getZkAddress()), Optional.empty())
      .withLBHttpSolrClientBuilder(new LBHttpSolrClient.Builder()
          .withResponseParser(client.getParser())
          .withSocketTimeout(30000).withConnectionTimeout(15000)
          .withHttpSolrClientBuilder(
              new HttpSolrClient.Builder()
                  .withKerberosDelegationToken(token)
          ))
      .build();
  try {
    ModifiableSolrParams p = new ModifiableSolrParams();
    if (user != null) p.set(PseudoAuthenticator.USER_NAME, user);
    if (op != null) p.set("op", op);
    @SuppressWarnings({"rawtypes"})
    SolrRequest req = getAdminRequest(p);
    if (user != null || op != null) {
      Set<String> queryParams = new HashSet<>();
      if (user != null) queryParams.add(PseudoAuthenticator.USER_NAME);
      if (op != null) queryParams.add("op");
      req.setQueryParams(queryParams);
    }
    try {
      delegationTokenClient.request(req, null);
      return HttpStatus.SC_OK;
    } catch (BaseHttpSolrClient.RemoteSolrException re) {
      return re.code();
    }
  } finally {
    delegationTokenClient.close();
  }
}
 
Example #10
Source File: TestDelegationWithHadoopAuth.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
private String getDelegationToken(final String renewer, final String user, HttpSolrClient solrClient) throws Exception {
  DelegationTokenRequest.Get get = new DelegationTokenRequest.Get(renewer) {
    @Override
    public SolrParams getParams() {
      ModifiableSolrParams params = new ModifiableSolrParams(super.getParams());
      params.set(PseudoAuthenticator.USER_NAME, user);
      return params;
    }
  };
  DelegationTokenResponse.Get getResponse = get.process(solrClient);
  return getResponse.getDelegationToken();
}
 
Example #11
Source File: PseudoAuthenticationHandler.java    From big-c with Apache License 2.0 5 votes vote down vote up
private String getUserName(HttpServletRequest request) {
  List<NameValuePair> list = URLEncodedUtils.parse(request.getQueryString(), UTF8_CHARSET);
  if (list != null) {
    for (NameValuePair nv : list) {
      if (PseudoAuthenticator.USER_NAME.equals(nv.getName())) {
        return nv.getValue();
      }
    }
  }
  return null;
}
 
Example #12
Source File: PseudoDelegationTokenAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
public PseudoDelegationTokenAuthenticator() {
  super(new PseudoAuthenticator() {
    @Override
    protected String getUserName() {
      try {
        return UserGroupInformation.getCurrentUser().getShortUserName();
      } catch (IOException ex) {
        throw new RuntimeException(ex);
      }
    }
  });
}
 
Example #13
Source File: KerberosUgiAuthenticator.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
protected Authenticator getFallBackAuthenticator() {
  return new PseudoAuthenticator() {
    @Override
    protected String getUserName() {
      try {
        return UserGroupInformation.getLoginUser().getUserName();
      } catch (IOException e) {
        throw new SecurityException("Failed to obtain current username", e);
      }
    }
  };
}
 
Example #14
Source File: PseudoAuthenticationHandler.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private String getUserName(HttpServletRequest request) {
  List<NameValuePair> list = URLEncodedUtils.parse(request.getQueryString(), UTF8_CHARSET);
  if (list != null) {
    for (NameValuePair nv : list) {
      if (PseudoAuthenticator.USER_NAME.equals(nv.getName())) {
        return nv.getValue();
      }
    }
  }
  return null;
}
 
Example #15
Source File: PseudoDelegationTokenAuthenticator.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public PseudoDelegationTokenAuthenticator() {
  super(new PseudoAuthenticator() {
    @Override
    protected String getUserName() {
      try {
        return UserGroupInformation.getCurrentUser().getShortUserName();
      } catch (IOException ex) {
        throw new RuntimeException(ex);
      }
    }
  });
}
 
Example #16
Source File: ResourceRequest.java    From sqoop-on-spark with Apache License 2.0 4 votes vote down vote up
private String addUsername(String strUrl) {
  String paramSeparator = (strUrl.contains("?")) ? "&" : "?";
  strUrl += paramSeparator + PseudoAuthenticator.USER_NAME + "=" + System.getProperty("user.name");
  return strUrl;
}
 
Example #17
Source File: KerberosAuthenticator2.java    From Transwarp-Sample-Code with MIT License 2 votes vote down vote up
/**
 * If the specified URL does not support SPNEGO authentication, a fallback
 * {@link Authenticator} will be used.
 * <p/>
 * This implementation returns a {@link PseudoAuthenticator}.
 *
 * @return the fallback {@link Authenticator}.
 */
protected Authenticator getFallBackAuthenticator() {
    return new PseudoAuthenticator();
}