Java Code Examples for org.apache.hadoop.security.authentication.server.AuthenticationFilter

The following examples show how to use org.apache.hadoop.security.authentication.server.AuthenticationFilter. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop-ozone   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(ConfigurationSource conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example 2
Source Project: atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig) throws ServletException {
    LOG.info("==> AtlasAuthenticationFilter.initializeSecretProvider");

    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);

    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);

        configPrefix = (configPrefix != null) ? configPrefix + "." : "";

        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(filterConfig.getServletContext(), super.getConfiguration(configPrefix, filterConfig), false);

            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }

    signer = new Signer(secretProvider);

    LOG.info("<== AtlasAuthenticationFilter.initializeSecretProvider(filterConfig={})", filterConfig);
}
 
Example 3
Source Project: hadoop   Source File: TestRMWebServicesAppsModification.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 
Example 4
Source Project: hadoop   Source File: HttpServer.java    License: Apache License 2.0 6 votes vote down vote up
protected void initSpnego(Configuration conf,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<String, String>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal",
               SecurityUtil.getServerPrincipal(principalInConf, listener.getHost()));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example 5
Source Project: hadoop   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example 6
Source Project: hadoop   Source File: TestFileSignerSecretProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));
  testDir.mkdirs();
  String secretValue = "hadoop";
  File secretFile = new File(testDir, "http-secret.txt");
  Writer writer = new FileWriter(secretFile);
  writer.write(secretValue);
  writer.close();

  FileSignerSecretProvider secretProvider
          = new FileSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET_FILE,
      secretFile.getAbsolutePath());
  secretProvider.init(secretProviderProps, null, -1);
  Assert.assertArrayEquals(secretValue.getBytes(),
      secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]);
}
 
Example 7
Source Project: big-c   Source File: TestRMWebServicesAppsModification.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties props = new Properties();
  Enumeration<?> names = filterConfig.getInitParameterNames();
  while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    if (name.startsWith(configPrefix)) {
      String value = filterConfig.getInitParameter(name);
      props.put(name.substring(configPrefix.length()), value);
    }
  }
  props.put(AuthenticationFilter.AUTH_TYPE, "simple");
  props.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return props;
}
 
Example 8
Source Project: big-c   Source File: HttpServer.java    License: Apache License 2.0 6 votes vote down vote up
protected void initSpnego(Configuration conf,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<String, String>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal",
               SecurityUtil.getServerPrincipal(principalInConf, listener.getHost()));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example 9
Source Project: big-c   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
    String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");

  defineFilter(webAppContext, SPNEGO_FILTER,
               AuthenticationFilter.class.getName(), params, null);
}
 
Example 10
Source Project: big-c   Source File: TestFileSignerSecretProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));
  testDir.mkdirs();
  String secretValue = "hadoop";
  File secretFile = new File(testDir, "http-secret.txt");
  Writer writer = new FileWriter(secretFile);
  writer.write(secretValue);
  writer.close();

  FileSignerSecretProvider secretProvider
          = new FileSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET_FILE,
      secretFile.getAbsolutePath());
  secretProvider.init(secretProviderProps, null, -1);
  Assert.assertArrayEquals(secretValue.getBytes(),
      secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]);
}
 
Example 11
Source Project: lucene-solr   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example 12
Source Project: incubator-atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void initializeSecretProvider(FilterConfig filterConfig)
        throws ServletException {
    LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider {}", filterConfig);
    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().
            getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);
    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
        configPrefix = (configPrefix != null) ? configPrefix + "." : "";
        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(
                    filterConfig.getServletContext(),
                    super.getConfiguration(configPrefix, filterConfig), false);
            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }
    signer = new Signer(secretProvider);
}
 
Example 13
Source Project: knox   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example 14
Source Project: knox   Source File: HttpServer2.java    License: Apache License 2.0 6 votes vote down vote up
private void initSpnego(Configuration conf, String hostName,
                        String usernameConfKey, String keytabConfKey) throws IOException {
  Map<String, String> params = new HashMap<>();
  String principalInConf = conf.get(usernameConfKey);
  if (principalInConf != null && !principalInConf.isEmpty()) {
    params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
        principalInConf, hostName));
  }
  String httpKeytab = conf.get(keytabConfKey);
  if (httpKeytab != null && !httpKeytab.isEmpty()) {
    params.put("kerberos.keytab", httpKeytab);
  }
  params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  defineFilter(webAppContext, SPNEGO_FILTER,
      AuthenticationFilter.class.getName(), params, null);
}
 
Example 15
Source Project: incubator-sentry   Source File: SentryWebServer.java    License: Apache License 2.0 6 votes vote down vote up
private static Map<String, String> loadWebAuthenticationConf(Configuration conf) {
  Map<String,String> prop = new HashMap<String, String>();
  prop.put(AuthenticationFilter.CONFIG_PREFIX, ServerConfig.SENTRY_WEB_SECURITY_PREFIX);
  String allowUsers = conf.get(ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS);
  if (allowUsers == null || allowUsers.equals("")) {
    allowUsers = conf.get(ServerConfig.ALLOW_CONNECT);
    conf.set(ServerConfig.SENTRY_WEB_SECURITY_ALLOW_CONNECT_USERS, allowUsers);
  }
  validateConf(conf);
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(ServerConfig.SENTRY_WEB_SECURITY_PREFIX)) {
      String value = conf.get(name);
      prop.put(name, value);
    }
  }
  return prop;
}
 
Example 16
Source Project: hadoop-ozone   Source File: HttpServer2.java    License: Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final ConfigurationSource conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example 17
private static void setupAndStartRM() throws Exception {
  Configuration rmconf = new Configuration();
  rmconf.setInt(YarnConfiguration.RM_AM_MAX_ATTEMPTS,
    YarnConfiguration.DEFAULT_RM_AM_MAX_ATTEMPTS);
  rmconf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
    ResourceScheduler.class);
  rmconf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  String httpPrefix = "hadoop.http.authentication.";
  rmconf.setStrings(httpPrefix + "type", "kerberos");
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  rmconf.set(httpPrefix + KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  // use any file for signature secret
  rmconf.set(httpPrefix + AuthenticationFilter.SIGNATURE_SECRET + ".file",
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
    "kerberos");
  rmconf.setBoolean(YarnConfiguration.RM_WEBAPP_DELEGATION_TOKEN_AUTH_FILTER,
    true);
  rmconf.set("hadoop.http.filter.initializers",
    AuthenticationFilterInitializer.class.getName());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.RM_KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.RM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY,
    httpSpnegoPrincipal);
  rmconf.set(YarnConfiguration.NM_WEBAPP_SPNEGO_KEYTAB_FILE_KEY,
    httpSpnegoKeytabFile.getAbsolutePath());
  rmconf.setBoolean("mockrm.webapp.enabled", true);
  rmconf.set("yarn.resourcemanager.proxyuser.client.hosts", "*");
  rmconf.set("yarn.resourcemanager.proxyuser.client.groups", "*");
  UserGroupInformation.setConfiguration(rmconf);
  rm = new MockRM(rmconf);
  rm.start();

}
 
Example 18
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
  return properties;
}
 
Example 19
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {

  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);

  properties.put(KerberosAuthenticationHandler.PRINCIPAL,
    httpSpnegoPrincipal);
  properties.put(KerberosAuthenticationHandler.KEYTAB,
    httpSpnegoKeytabFile.getAbsolutePath());
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example 20
Source Project: hadoop   Source File: TestAHSWebServices.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException {
  Properties properties =
      super.getConfiguration(configPrefix, filterConfig);
  properties.put(AuthenticationFilter.AUTH_TYPE, "simple");
  properties.put(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  return properties;
}
 
Example 21
Source Project: hadoop   Source File: HttpFSAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the hadoop-auth configuration from HttpFSServer's configuration.
 * <p>
 * It returns all HttpFSServer's configuration properties prefixed with
 * <code>httpfs.authentication</code>. The <code>httpfs.authentication</code>
 * prefix is removed from the returned property names.
 *
 * @param configPrefix parameter not used.
 * @param filterConfig parameter not used.
 *
 * @return hadoop-auth configuration read from HttpFSServer's configuration.
 */
@Override
protected Properties getConfiguration(String configPrefix,
    FilterConfig filterConfig) throws ServletException{
  Properties props = new Properties();
  Configuration conf = HttpFSServerWebApp.get().getConfig();

  props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(CONF_PREFIX)) {
      String value = conf.get(name);
      name = name.substring(CONF_PREFIX.length());
      props.setProperty(name, value);
    }
  }

  String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE, null);
  if (signatureSecretFile == null) {
    throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE);
  }

  try {
    StringBuilder secret = new StringBuilder();
    Reader reader = new InputStreamReader(new FileInputStream(
        signatureSecretFile), Charsets.UTF_8);
    int c = reader.read();
    while (c > -1) {
      secret.append((char)c);
      c = reader.read();
    }
    reader.close();
    props.setProperty(AuthenticationFilter.SIGNATURE_SECRET, secret.toString());
  } catch (IOException ex) {
    throw new RuntimeException("Could not read HttpFS signature secret file: " + signatureSecretFile);
  }
  return props;
}
 
Example 22
Source Project: hadoop   Source File: AuthenticationFilterInitializer.java    License: Apache License 2.0 5 votes vote down vote up
public static Map<String, String> getFilterConfigMap(Configuration conf,
    String prefix) {
  Map<String, String> filterConfig = new HashMap<String, String>();

  //setting the cookie path to root '/' so it is used for all resources.
  filterConfig.put(AuthenticationFilter.COOKIE_PATH, "/");

  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(prefix)) {
      String value = conf.get(name);
      name = name.substring(prefix.length());
      filterConfig.put(name, value);
    }
  }

  //Resolve _HOST into bind address
  String bindAddress = conf.get(HttpServer2.BIND_ADDRESS);
  String principal = filterConfig.get(KerberosAuthenticationHandler.PRINCIPAL);
  if (principal != null) {
    try {
      principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
    }
    catch (IOException ex) {
      throw new RuntimeException("Could not resolve Kerberos principal name: " + ex.toString(), ex);
    }
    filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
  }
  return filterConfig;
}
 
Example 23
Source Project: hadoop   Source File: HttpServer2.java    License: Apache License 2.0 5 votes vote down vote up
private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 
Example 24
Source Project: hadoop   Source File: TestHttpCookieFlag.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain) throws IOException,
                                               ServletException {
  HttpServletResponse resp = (HttpServletResponse) response;
  boolean isHttps = "https".equals(request.getScheme());
  AuthenticationFilter.createAuthCookie(resp, "token", null, null, -1,
          isHttps);
  chain.doFilter(request, resp);
}
 
Example 25
Source Project: hadoop   Source File: FileSignerSecretProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void init(Properties config, ServletContext servletContext,
                 long tokenValidity) throws Exception {

  String signatureSecretFile = config.getProperty(
      AuthenticationFilter.SIGNATURE_SECRET_FILE, null);

  Reader reader = null;
  if (signatureSecretFile != null) {
    try {
      StringBuilder sb = new StringBuilder();
      reader = new InputStreamReader(
          new FileInputStream(signatureSecretFile), Charsets.UTF_8);
      int c = reader.read();
      while (c > -1) {
        sb.append((char) c);
        c = reader.read();
      }
      secret = sb.toString().getBytes(Charset.forName("UTF-8"));
    } catch (IOException ex) {
      throw new RuntimeException("Could not read signature secret file: " +
          signatureSecretFile);
    } finally {
      if (reader != null) {
        try {
          reader.close();
        } catch (IOException e) {
          // nothing to do
        }
      }
    }
  }

  secrets = new byte[][]{secret};
}
 
Example 26
Source Project: hadoop   Source File: TestKerberosAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
private Properties getAuthenticationHandlerConfiguration() {
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "kerberos");
  props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
  props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
  props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
                    "RULE:[1:[email protected]$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n");
  return props;
}
 
Example 27
Source Project: hadoop   Source File: TestKerberosAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticator() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 
Example 28
Source Project: hadoop   Source File: TestKerberosAuthenticator.java    License: Apache License 2.0 5 votes vote down vote up
@Test(timeout=60000)
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
  AuthenticatorTestCase auth = new AuthenticatorTestCase(useTomcat);
  Properties props = new Properties();
  props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
  props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
  AuthenticatorTestCase.setAuthenticationHandlerConfig(props);
  auth._testAuthentication(new KerberosAuthenticator(), false);
}
 
Example 29
Source Project: hadoop   Source File: TestStringSignerSecretProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testGetSecrets() throws Exception {
  String secretStr = "secret";
  StringSignerSecretProvider secretProvider
          = new StringSignerSecretProvider();
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(
          AuthenticationFilter.SIGNATURE_SECRET, "secret");
  secretProvider.init(secretProviderProps, null, -1);
  byte[] secretBytes = secretStr.getBytes();
  Assert.assertArrayEquals(secretBytes, secretProvider.getCurrentSecret());
  byte[][] allSecrets = secretProvider.getAllSecrets();
  Assert.assertEquals(1, allSecrets.length);
  Assert.assertArrayEquals(secretBytes, allSecrets[0]);
}
 
Example 30
Source Project: hadoop   Source File: StringSignerSecretProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void init(Properties config, ServletContext servletContext,
        long tokenValidity) throws Exception {
  String signatureSecret = config.getProperty(
          AuthenticationFilter.SIGNATURE_SECRET, null);
  secret = signatureSecret.getBytes(Charset.forName("UTF-8"));
  secrets = new byte[][]{secret};
}