Java Code Examples for org.apache.hadoop.security.authentication.client.AuthenticatedURL

The following examples show how to use org.apache.hadoop.security.authentication.client.AuthenticatedURL. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: TestHttpFSWithKerberos.java    License: Apache License 2.0 6 votes vote down vote up
@Test
@TestDir
@TestJetty
@TestHdfs
public void testValidHttpFSAccess() throws Exception {
  createHttpFSServer();

  KerberosTestUtils.doAsClient(new Callable<Void>() {
    @Override
    public Void call() throws Exception {
      URL url = new URL(TestJettyHelper.getJettyURL(),
                        "/webhdfs/v1/?op=GETHOMEDIRECTORY");
      AuthenticatedURL aUrl = new AuthenticatedURL();
      AuthenticatedURL.Token aToken = new AuthenticatedURL.Token();
      HttpURLConnection conn = aUrl.openConnection(url, aToken);
      Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK);
      return null;
    }
  });
}
 
Example 2
Source Project: hadoop   Source File: URLConnectionFactory.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Opens a url with read and connect timeouts
 *
 * @param url
 *          URL to open
 * @param isSpnego
 *          whether the url should be authenticated via SPNEGO
 * @return URLConnection
 * @throws IOException
 * @throws AuthenticationException
 */
public URLConnection openConnection(URL url, boolean isSpnego)
    throws IOException, AuthenticationException {
  if (isSpnego) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("open AuthenticatedURL connection" + url);
    }
    UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
    final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token();
    return new AuthenticatedURL(new KerberosUgiAuthenticator(),
        connConfigurator).openConnection(url, authToken);
  } else {
    if (LOG.isDebugEnabled()) {
      LOG.debug("open URL connection");
    }
    URLConnection connection = url.openConnection();
    if (connection instanceof HttpURLConnection) {
      connConfigurator.configure((HttpURLConnection) connection);
    }
    return connection;
  }
}
 
Example 3
Source Project: Transwarp-Sample-Code   Source File: KerberosWebHDFSConnection2.java    License: MIT License 6 votes vote down vote up
public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password)  {
        this.httpfsUrl = httpfsUrl;
        this.principal = principal;
        this.password = password;

        Configuration conf = new Configuration();
        conf.addResource("conf/hdfs-site.xml");
        conf.addResource("conf/core-site.xml");
        newToken = new AuthenticatedURL.Token();

        KerberosAuthenticator ka = new KerberosAuthenticator();
        ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf);
        ka.setConnectionConfigurator(connectionConfigurator);

        try{
            URL url = new URL(httpfsUrl);
            ka.authenticate(url,newToken);
        }catch(Exception e){
            e.printStackTrace();
        }


         this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator);
//        this.authenticatedURL = new AuthenticatedURL(
//                new KerberosAuthenticator2(principal, password));
    }
 
Example 4
Source Project: Transwarp-Sample-Code   Source File: KerberosAuthenticator2.java    License: MIT License 6 votes vote down vote up
/**
 * Performs SPNEGO authentication against the specified URL.
 * <p/>
 * If a token is given it does a NOP and returns the given token.
 * <p/>
 * If no token is given, it will perform the SPNEGO authentication sequence
 * using an HTTP <code>OPTIONS</code> request.
 *
 * @param url the URl to authenticate against.
 * @param token the authentication token being used for the user.
 * @throws IOException if an IO error occurred.
 * @throws AuthenticationException if an authentication error occurred.
 */
public void authenticate(URL url, AuthenticatedURL.Token token)
        throws IOException, AuthenticationException {
    if (!token.isSet()) {
        this.url = url;
        base64 = new Base64(0);
        conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod(AUTH_HTTP_METHOD);
        conn.connect();
        if (isNegotiate()) {
            doSpnegoSequence(token);
        } else {
            getFallBackAuthenticator().authenticate(url, token);
        }
    }
}
 
Example 5
Source Project: Transwarp-Sample-Code   Source File: PseudoWebHDFSConnection.java    License: MIT License 6 votes vote down vote up
public static synchronized Token generateToken(String srvUrl, String princ,
                                               String passwd) {
    AuthenticatedURL.Token newToken = new AuthenticatedURL.Token();
    Authenticator authenticator = new PseudoAuthenticator(princ);
    try {
        String spec = MessageFormat.format(
                "/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name={0}", princ);
        HttpURLConnection conn = new AuthenticatedURL(authenticator)
                .openConnection(new URL(new URL(srvUrl), spec), newToken);

        conn.connect();
        conn.disconnect();
    } catch (Exception ex) {
        logger.error(ex.getMessage());
        logger.error("[" + princ + ":" + passwd + "]@" + srvUrl, ex);
    }

    return newToken;
}
 
Example 6
Source Project: big-c   Source File: TestHttpFSWithKerberos.java    License: Apache License 2.0 6 votes vote down vote up
@Test
@TestDir
@TestJetty
@TestHdfs
public void testValidHttpFSAccess() throws Exception {
  createHttpFSServer();

  KerberosTestUtils.doAsClient(new Callable<Void>() {
    @Override
    public Void call() throws Exception {
      URL url = new URL(TestJettyHelper.getJettyURL(),
                        "/webhdfs/v1/?op=GETHOMEDIRECTORY");
      AuthenticatedURL aUrl = new AuthenticatedURL();
      AuthenticatedURL.Token aToken = new AuthenticatedURL.Token();
      HttpURLConnection conn = aUrl.openConnection(url, aToken);
      Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK);
      return null;
    }
  });
}
 
Example 7
Source Project: big-c   Source File: URLConnectionFactory.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Opens a url with read and connect timeouts
 *
 * @param url
 *          URL to open
 * @param isSpnego
 *          whether the url should be authenticated via SPNEGO
 * @return URLConnection
 * @throws IOException
 * @throws AuthenticationException
 */
public URLConnection openConnection(URL url, boolean isSpnego)
    throws IOException, AuthenticationException {
  if (isSpnego) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("open AuthenticatedURL connection" + url);
    }
    UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
    final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token();
    return new AuthenticatedURL(new KerberosUgiAuthenticator(),
        connConfigurator).openConnection(url, authToken);
  } else {
    if (LOG.isDebugEnabled()) {
      LOG.debug("open URL connection");
    }
    URLConnection connection = url.openConnection();
    if (connection instanceof HttpURLConnection) {
      connConfigurator.configure((HttpURLConnection) connection);
    }
    return connection;
  }
}
 
Example 8
Source Project: tez   Source File: TimelineReaderFactory.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public HttpURLConnection getHttpURLConnection(URL url) throws IOException {
  try {
    AuthenticatedURL authenticatedURL= ReflectionUtils.createClazzInstance(
        DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME, new Class[] {
        delegationTokenAuthenticatorClazz,
        ConnectionConfigurator.class
    }, new Object[] {
        authenticator,
        connConfigurator
    });
    return ReflectionUtils.invokeMethod(authenticatedURL,
        delegationTokenAuthenticateURLOpenConnectionMethod, url, token, doAsUser);
  } catch (Exception e) {
    throw new IOException(e);
  }
}
 
Example 9
Source Project: ambari-logsearch   Source File: LogsearchKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 *
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 *
 * @throws IOException thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
        tokenStr = cookie.getValue();
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    if(token != null){
      if (!token.getType().equals(authHandler.getType())) {
        throw new AuthenticationException("Invalid AuthenticationToken type");
      }
      if (token.isExpired()) {
        throw new AuthenticationException("AuthenticationToken expired"); 
      }
    }
  }
  return token;
}
 
Example 10
Source Project: ambari-logsearch   Source File: LogsearchKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Creates the Hadoop authentication HTTP cookie.
 *
 * @param token authentication token for the cookie.
 * @param expires UNIX timestamp that indicates the expire date of the
 *                cookie. It has no effect if its value &lt; 0.
 *
 * XXX the following code duplicate some logic in Jetty / Servlet API,
 * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
 * right now.
 */
private static void createAuthCookie(HttpServletResponse resp, String token,
                                    String domain, String path, long expires,
                                    boolean isSecure) {
  StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
                         .append("=");
  if (token != null && token.length() > 0) {
    sb.append("\"").append(token).append("\"");
  }

  if (path != null) {
    sb.append("; Path=").append(path);
  }

  if (domain != null) {
    sb.append("; Domain=").append(domain);
  }

  if (expires >= 0) {
    Date date = new Date(expires);
    SimpleDateFormat df = new SimpleDateFormat("EEE, " +
            "dd-MMM-yyyy HH:mm:ss zzz");
    df.setTimeZone(TimeZone.getTimeZone("GMT"));
    sb.append("; Expires=").append(df.format(date));
  }

  if (isSecure) {
    sb.append("; Secure");
  }

  sb.append("; HttpOnly");
  resp.addHeader("Set-Cookie", sb.toString());
}
 
Example 11
Source Project: atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
private void createAtlasAuthCookie(HttpServletResponse resp, String token, String domain, String path, long expires, boolean isSecure) {
    StringBuilder sb = (new StringBuilder(AuthenticatedURL.AUTH_COOKIE)).append("=");

    if (token != null && token.length() > 0) {
        sb.append("\"").append(token).append("\"");
    }

    sb.append("; Version=1");

    if (path != null) {
        sb.append("; Path=").append(path);
    }

    if (domain != null) {
        sb.append("; Domain=").append(domain);
    }

    if (expires >= 0L) {
        SimpleDateFormat df = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz");
        df.setTimeZone(TimeZone.getTimeZone("GMT"));
        sb.append("; Expires=").append(df.format(new Date(expires)));
    }

    if (isSecure) {
        sb.append("; Secure");
    }

    sb.append("; HttpOnly");
    resp.addHeader("Set-Cookie", sb.toString());
}
 
Example 12
Source Project: atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationToken getToken(HttpServletRequest request)
        throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String tokenStr = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
                tokenStr = cookie.getValue();
                try {
                    tokenStr = this.signer.verifyAndExtract(tokenStr);
                } catch (SignerException ex) {
                    throw new AuthenticationException(ex);
                }
            }
        }
    }

    if (tokenStr != null) {
        token = AuthenticationToken.parse(tokenStr);
        if (token != null) {
            AuthenticationHandler authHandler = getAuthenticationHandler();
            if (!token.getType().equals(authHandler.getType())) {
                throw new AuthenticationException("Invalid AuthenticationToken type");
            }
            if (token.isExpired()) {
                throw new AuthenticationException("AuthenticationToken expired");
            }
        }
    }
    return token;
}
 
Example 13
Source Project: hadoop   Source File: WhoClient.java    License: Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) {
  try {
    if (args.length != 1) {
      System.err.println("Usage: <URL>");
      System.exit(-1);
    }
    AuthenticatedURL.Token token = new AuthenticatedURL.Token();
    URL url = new URL(args[0]);
    HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token);
    System.out.println();
    System.out.println("Token value: " + token);
    System.out.println("Status code: " + conn.getResponseCode() + " " + conn.getResponseMessage());
    System.out.println();
    if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
      BufferedReader reader = new BufferedReader(
          new InputStreamReader(
              conn.getInputStream(), Charset.forName("UTF-8")));
      String line = reader.readLine();
      while (line != null) {
        System.out.println(line);
        line = reader.readLine();
      }
      reader.close();
    }
    System.out.println();
  }
  catch (Exception ex) {
    System.err.println("ERROR: " + ex.getMessage());
    System.exit(-1);
  }
}
 
Example 14
Source Project: hadoop   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
private boolean hasDelegationToken(URL url, AuthenticatedURL.Token token) {
  boolean hasDt = false;
  if (token instanceof DelegationTokenAuthenticatedURL.Token) {
    hasDt = ((DelegationTokenAuthenticatedURL.Token) token).
        getDelegationToken() != null;
  }
  if (!hasDt) {
    String queryStr = url.getQuery();
    hasDt = (queryStr != null) && queryStr.contains(DELEGATION_PARAM + "=");
  }
  return hasDt;
}
 
Example 15
Source Project: hadoop   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void authenticate(URL url, AuthenticatedURL.Token token)
    throws IOException, AuthenticationException {
  if (!hasDelegationToken(url, token)) {
    authenticator.authenticate(url, token);
  }
}
 
Example 16
Source Project: hadoop   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Cancels a delegation token from the server end-point. It does not require
 * being authenticated by the configured <code>Authenticator</code>.
 *
 * @param url the URL to cancel the delegation token from. Only HTTP/S URLs
 * are supported.
 * @param token the authentication token with the Delegation Token to cancel.
 * @param doAsUser the user to do as, which will be the token owner.
 * @throws IOException if an IO error occurred.
 */
public void cancelDelegationToken(URL url,
    AuthenticatedURL.Token token,
    Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser)
    throws IOException {
  try {
    doDelegationTokenOperation(url, token,
        DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false,
        doAsUser);
  } catch (AuthenticationException ex) {
    throw new IOException("This should not happen: " + ex.getMessage(), ex);
  }
}
 
Example 17
Source Project: hadoop   Source File: AuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 *
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 *
 * @throws IOException thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
        tokenStr = cookie.getValue();
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    if (!token.getType().equals(authHandler.getType())) {
      throw new AuthenticationException("Invalid AuthenticationToken type");
    }
    if (token.isExpired()) {
      throw new AuthenticationException("AuthenticationToken expired");
    }
  }
  return token;
}
 
Example 18
Source Project: hadoop   Source File: AuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Creates the Hadoop authentication HTTP cookie.
 *
 * @param token authentication token for the cookie.
 * @param expires UNIX timestamp that indicates the expire date of the
 *                cookie. It has no effect if its value &lt; 0.
 *
 * XXX the following code duplicate some logic in Jetty / Servlet API,
 * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
 * right now.
 */
public static void createAuthCookie(HttpServletResponse resp, String token,
                                    String domain, String path, long expires,
                                    boolean isSecure) {
  StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
                         .append("=");
  if (token != null && token.length() > 0) {
    sb.append("\"").append(token).append("\"");
  }

  if (path != null) {
    sb.append("; Path=").append(path);
  }

  if (domain != null) {
    sb.append("; Domain=").append(domain);
  }

  if (expires >= 0) {
    Date date = new Date(expires);
    SimpleDateFormat df = new SimpleDateFormat("EEE, " +
            "dd-MMM-yyyy HH:mm:ss zzz");
    df.setTimeZone(TimeZone.getTimeZone("GMT"));
    sb.append("; Expires=").append(df.format(date));
  }

  if (isSecure) {
    sb.append("; Secure");
  }

  sb.append("; HttpOnly");
  resp.addHeader("Set-Cookie", sb.toString());
}
 
Example 19
Source Project: hadoop   Source File: TestAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}
 
Example 20
Source Project: hadoop   Source File: TestAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
private static void parseCookieMap(String cookieHeader, HashMap<String,
        String> cookieMap) {
  List<HttpCookie> cookies = HttpCookie.parse(cookieHeader);
  for (HttpCookie cookie : cookies) {
    if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
      cookieMap.put(cookie.getName(), cookie.getValue());
      if (cookie.getPath() != null) {
        cookieMap.put("Path", cookie.getPath());
      }
      if (cookie.getDomain() != null) {
        cookieMap.put("Domain", cookie.getDomain());
      }
    }
  }
}
 
Example 21
Source Project: hadoop   Source File: TestAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
private static void verifyUnauthorized(AuthenticationFilter filter,
                                       HttpServletRequest request,
                                       HttpServletResponse response,
                                       FilterChain chain) throws
                                                          IOException,
                                                          ServletException {
  final HashMap<String, String> cookieMap = new HashMap<String, String>();
  Mockito.doAnswer(new Answer<Object>() {
    @Override
    public Object answer(InvocationOnMock invocation) throws Throwable {
      String cookieHeader = (String) invocation.getArguments()[1];
      parseCookieMap(cookieHeader, cookieMap);
      return null;
    }
  }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());

  filter.doFilter(request, response, chain);

  Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse
          .SC_UNAUTHORIZED), Mockito.anyString());
  Mockito.verify(chain, Mockito.never()).doFilter(Mockito.any
          (ServletRequest.class), Mockito.any(ServletResponse.class));

  Assert.assertTrue("cookie is missing",
      cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE));
  Assert.assertEquals("", cookieMap.get(AuthenticatedURL.AUTH_COOKIE));
}
 
Example 22
Source Project: Transwarp-Sample-Code   Source File: KerberosWebHDFSConnection2.java    License: MIT License 5 votes vote down vote up
/**
     * <b>GETHOMEDIRECTORY</b>
     *
     * curl -i "http://<HOST>:<PORT>/webhdfs/v1/?op=GETHOMEDIRECTORY"
     *
     * @return
     * @throws MalformedURLException
     * @throws IOException
     * @throws AuthenticationException
     */
    public String getHomeDirectory() throws MalformedURLException, IOException,
            AuthenticationException {
//        ensureValidToken();
        Configuration conf = new Configuration();
        conf.addResource("conf/hdfs-site.xml");
        conf.addResource("conf/core-site.xml");
        UserGroupInformation.setConfiguration(conf);
        UserGroupInformation.loginUserFromPassword("hdfs", "123456");
        FileSystem fs = FileSystem.get(conf);
        System.out.println(fs.getDelegationToken("hdfs"));

        Token token0 = new AuthenticatedURL.Token("HAAEaGRmcwRoZGZzAIoBWOLlnNuKAVkG8iDbbwgU246eZ3EbfUsfNlF4F0xoew3LW3QSV0VCSERGUyBkZWxlZ2F0aW9uEDE3Mi4xNi4yLjk2OjgwMjA");
        System.out.println(token0.toString());
        System.out.println(fs.getDelegationToken("hdfs").encodeToUrlString());


        HttpURLConnection connection = authenticatedURL.openConnection(new URL(
                new URL(httpfsUrl), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"), token);
        HttpURLConnection conn = authenticatedURL.openConnection(new URL(
                new URL(httpfsUrl), "/webhdfs/v1/?delegation=HAAEaGRmcwRoZGZzAIoBWOLlnNuKAVkG8iDbbwgU246eZ3EbfUsfNlF4F0xoew3LW3QSV0VCSERGUyBkZWxlZ2F0aW9uEDE3Mi4xNi4yLjk2OjgwMjA&op=GETHOMEDIRECTORY"), token0);


        conn.connect();
        connection.connect();
       String ss = result(connection,true);
        System.out.println(ss);
        String resp = result(conn, true);
        conn.disconnect();
        return resp;
    }
 
Example 23
Source Project: Transwarp-Sample-Code   Source File: PseudoWebHDFSConnection.java    License: MIT License 5 votes vote down vote up
public PseudoWebHDFSConnection(String httpfsUrl, String principal,
                               String password) {
    this.httpfsUrl = httpfsUrl;
    this.principal = principal;
    this.password = password;
    this.authenticatedURL = new AuthenticatedURL(new PseudoAuthenticator(
            principal));
}
 
Example 24
Source Project: big-c   Source File: WhoClient.java    License: Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) {
  try {
    if (args.length != 1) {
      System.err.println("Usage: <URL>");
      System.exit(-1);
    }
    AuthenticatedURL.Token token = new AuthenticatedURL.Token();
    URL url = new URL(args[0]);
    HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token);
    System.out.println();
    System.out.println("Token value: " + token);
    System.out.println("Status code: " + conn.getResponseCode() + " " + conn.getResponseMessage());
    System.out.println();
    if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
      BufferedReader reader = new BufferedReader(
          new InputStreamReader(
              conn.getInputStream(), Charset.forName("UTF-8")));
      String line = reader.readLine();
      while (line != null) {
        System.out.println(line);
        line = reader.readLine();
      }
      reader.close();
    }
    System.out.println();
  }
  catch (Exception ex) {
    System.err.println("ERROR: " + ex.getMessage());
    System.exit(-1);
  }
}
 
Example 25
Source Project: big-c   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
private boolean hasDelegationToken(URL url, AuthenticatedURL.Token token) {
  boolean hasDt = false;
  if (token instanceof DelegationTokenAuthenticatedURL.Token) {
    hasDt = ((DelegationTokenAuthenticatedURL.Token) token).
        getDelegationToken() != null;
  }
  if (!hasDt) {
    String queryStr = url.getQuery();
    hasDt = (queryStr != null) && queryStr.contains(DELEGATION_PARAM + "=");
  }
  return hasDt;
}
 
Example 26
Source Project: big-c   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void authenticate(URL url, AuthenticatedURL.Token token)
    throws IOException, AuthenticationException {
  if (!hasDelegationToken(url, token)) {
    authenticator.authenticate(url, token);
  }
}
 
Example 27
Source Project: big-c   Source File: DelegationTokenAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Cancels a delegation token from the server end-point. It does not require
 * being authenticated by the configured <code>Authenticator</code>.
 *
 * @param url the URL to cancel the delegation token from. Only HTTP/S URLs
 * are supported.
 * @param token the authentication token with the Delegation Token to cancel.
 * @param doAsUser the user to do as, which will be the token owner.
 * @throws IOException if an IO error occurred.
 */
public void cancelDelegationToken(URL url,
    AuthenticatedURL.Token token,
    Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser)
    throws IOException {
  try {
    doDelegationTokenOperation(url, token,
        DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false,
        doAsUser);
  } catch (AuthenticationException ex) {
    throw new IOException("This should not happen: " + ex.getMessage(), ex);
  }
}
 
Example 28
Source Project: big-c   Source File: AuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 *
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 *
 * @throws IOException thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
        tokenStr = cookie.getValue();
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    if (!token.getType().equals(authHandler.getType())) {
      throw new AuthenticationException("Invalid AuthenticationToken type");
    }
    if (token.isExpired()) {
      throw new AuthenticationException("AuthenticationToken expired");
    }
  }
  return token;
}
 
Example 29
Source Project: big-c   Source File: AuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Creates the Hadoop authentication HTTP cookie.
 *
 * @param token authentication token for the cookie.
 * @param expires UNIX timestamp that indicates the expire date of the
 *                cookie. It has no effect if its value &lt; 0.
 *
 * XXX the following code duplicate some logic in Jetty / Servlet API,
 * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
 * right now.
 */
public static void createAuthCookie(HttpServletResponse resp, String token,
                                    String domain, String path, long expires,
                                    boolean isSecure) {
  StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
                         .append("=");
  if (token != null && token.length() > 0) {
    sb.append("\"").append(token).append("\"");
  }

  if (path != null) {
    sb.append("; Path=").append(path);
  }

  if (domain != null) {
    sb.append("; Domain=").append(domain);
  }

  if (expires >= 0) {
    Date date = new Date(expires);
    SimpleDateFormat df = new SimpleDateFormat("EEE, " +
            "dd-MMM-yyyy HH:mm:ss zzz");
    df.setTimeZone(TimeZone.getTimeZone("GMT"));
    sb.append("; Expires=").append(df.format(date));
  }

  if (isSecure) {
    sb.append("; Secure");
  }

  sb.append("; HttpOnly");
  resp.addHeader("Set-Cookie", sb.toString());
}
 
Example 30
Source Project: big-c   Source File: TestAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}