Java Code Examples for org.apache.hadoop.security.authentication.server.AuthenticationToken

The following examples show how to use org.apache.hadoop.security.authentication.server.AuthenticationToken. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@SuppressWarnings("unchecked")
private void testValidDelegationTokenQueryString() throws Exception {
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getQueryString()).thenReturn(
      DelegationTokenAuthenticator.DELEGATION_PARAM + "=" +
      dToken.encodeToUrlString());

  AuthenticationToken token = handler.authenticate(request, response);
  Assert.assertEquals(UserGroupInformation.getCurrentUser().
          getShortUserName(), token.getUserName());
  Assert.assertEquals(0, token.getExpires());
  Assert.assertEquals(handler.getType(),
      token.getType());
  Assert.assertTrue(token.isExpired());
}
 
Example 2
@SuppressWarnings("unchecked")
private void testValidDelegationTokenHeader() throws Exception {
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getHeader(Mockito.eq(
      DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn(
      dToken.encodeToUrlString());

  AuthenticationToken token = handler.authenticate(request, response);
  Assert.assertEquals(UserGroupInformation.getCurrentUser().
      getShortUserName(), token.getUserName());
  Assert.assertEquals(0, token.getExpires());
  Assert.assertEquals(handler.getType(),
      token.getType());
  Assert.assertTrue(token.isExpired());
}
 
Example 3
@SuppressWarnings("unchecked")
private void testValidDelegationTokenQueryString() throws Exception {
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getQueryString()).thenReturn(
      DelegationTokenAuthenticator.DELEGATION_PARAM + "=" +
      dToken.encodeToUrlString());

  AuthenticationToken token = handler.authenticate(request, response);
  Assert.assertEquals(UserGroupInformation.getCurrentUser().
          getShortUserName(), token.getUserName());
  Assert.assertEquals(0, token.getExpires());
  Assert.assertEquals(handler.getType(),
      token.getType());
  Assert.assertTrue(token.isExpired());
}
 
Example 4
@SuppressWarnings("unchecked")
private void testValidDelegationTokenHeader() throws Exception {
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getHeader(Mockito.eq(
      DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn(
      dToken.encodeToUrlString());

  AuthenticationToken token = handler.authenticate(request, response);
  Assert.assertEquals(UserGroupInformation.getCurrentUser().
      getShortUserName(), token.getUserName());
  Assert.assertEquals(0, token.getExpires());
  Assert.assertEquals(handler.getType(),
      token.getType());
  Assert.assertTrue(token.isExpired());
}
 
Example 5
@Override
public AuthenticationToken authenticate(HttpServletRequest request,
                                        HttpServletResponse response)
    throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String userName = getHttpParam(request, USER_PARAM);
  if (userName == null) {
    //check if this is an internal request
    userName = request.getHeader(INTERNAL_REQUEST_HEADER);
  }
  if (userName != null) {
    return new AuthenticationToken(userName, userName, "test");
  } else {
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    response.setHeader("WWW-Authenticate", "dummy");
  }
  return token;
}
 
Example 6
Source Project: ambari-logsearch   Source File: LogsearchKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 *
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 *
 * @throws IOException thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
        tokenStr = cookie.getValue();
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    if(token != null){
      if (!token.getType().equals(authHandler.getType())) {
        throw new AuthenticationException("Invalid AuthenticationToken type");
      }
      if (token.isExpired()) {
        throw new AuthenticationException("AuthenticationToken expired"); 
      }
    }
  }
  return token;
}
 
Example 7
Source Project: atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationToken getToken(HttpServletRequest request)
        throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String tokenStr = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
                tokenStr = cookie.getValue();
                try {
                    tokenStr = this.signer.verifyAndExtract(tokenStr);
                } catch (SignerException ex) {
                    throw new AuthenticationException(ex);
                }
            }
        }
    }

    if (tokenStr != null) {
        token = AuthenticationToken.parse(tokenStr);
        if (token != null) {
            AuthenticationHandler authHandler = getAuthenticationHandler();
            if (!token.getType().equals(authHandler.getType())) {
                throw new AuthenticationException("Invalid AuthenticationToken type");
            }
            if (token.isExpired()) {
                throw new AuthenticationException("AuthenticationToken expired");
            }
        }
    }
    return token;
}
 
Example 8
public boolean managementOperation(AuthenticationToken token,
                                   HttpServletRequest request,
                                   HttpServletResponse response)
    throws IOException, AuthenticationException {
  boolean result = authHandler.managementOperation(token, request, response);
  request.setAttribute(RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR, Boolean.toString(result));
  return result;
}
 
Example 9
Source Project: incubator-atlas   Source File: AtlasAuthenticationFilter.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationToken getToken(HttpServletRequest request)
        throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String tokenStr = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
                tokenStr = cookie.getValue();
                try {
                    tokenStr = this.signer.verifyAndExtract(tokenStr);
                } catch (SignerException ex) {
                    throw new AuthenticationException(ex);
                }
            }
        }
    }

    if (tokenStr != null) {
        token = AuthenticationToken.parse(tokenStr);
        if (token != null) {
            AuthenticationHandler authHandler = getAuthenticationHandler();
            if (!token.getType().equals(authHandler.getType())) {
                throw new AuthenticationException("Invalid AuthenticationToken type");
            }
            if (token.isExpired()) {
                throw new AuthenticationException("AuthenticationToken expired");
            }
        }
    }
    return token;
}
 
Example 10
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * This is called when Kerberos authentication is done and a {@link KerberosToken} has
 * been acquired.
 * This function returns a Shiro {@link SimpleAccount} based on the {@link KerberosToken}
 * provided. Null otherwise.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
    org.apache.shiro.authc.AuthenticationToken authenticationToken)
    throws org.apache.shiro.authc.AuthenticationException {
  if (null != authenticationToken) {
    KerberosToken kerberosToken = (KerberosToken) authenticationToken;
    SimpleAccount account = new SimpleAccount(kerberosToken.getPrincipal(),
        kerberosToken.getCredentials(), kerberosToken.getClass().getName());
    account.addRole(mapGroupPrincipals((String)kerberosToken.getPrincipal()));
    return account;
  }
  return null;
}
 
Example 11
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 5 votes vote down vote up
private static AuthenticationToken getTokenFromCookies(Cookie[] cookies)
    throws AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
        tokenStr = cookie.getValue();
        if (tokenStr.isEmpty()) {
          throw new AuthenticationException("Empty token");
        }
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    boolean match = verifyTokenType(token);
    if (!match) {
      throw new AuthenticationException("Invalid AuthenticationToken type");
    }
    if (token.isExpired()) {
      throw new AuthenticationException("AuthenticationToken expired");
    }
  }
  return token;
}
 
Example 12
Source Project: ranger   Source File: RangerKrbFilter.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 *
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 *
 * @throws IOException thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException {
  AuthenticationToken token = null;
  String tokenStr = null;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
    for (Cookie cookie : cookies) {
      if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
        tokenStr = cookie.getValue();
        try {
          tokenStr = signer.verifyAndExtract(tokenStr);
        } catch (SignerException ex) {
          throw new AuthenticationException(ex);
        }
        break;
      }
    }
  }
  if (tokenStr != null) {
    token = AuthenticationToken.parse(tokenStr);
    if(token != null){
     if (!token.getType().equals(authHandler.getType())) {
      	throw new AuthenticationException("Invalid AuthenticationToken type");
     }
     if (token.isExpired()) {
      	throw new AuthenticationException("AuthenticationToken expired");
     }
    }
  }
  return token;
}
 
Example 13
Source Project: hadoop   Source File: TestWebDelegationToken.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public boolean managementOperation(AuthenticationToken token,
    HttpServletRequest request, HttpServletResponse response)
    throws IOException, AuthenticationException {
  return false;
}
 
Example 14
@SuppressWarnings("unchecked")
private void testRenewToken() throws Exception {
  DelegationTokenAuthenticator.DelegationTokenOperation op =
      DelegationTokenAuthenticator.DelegationTokenOperation.
          RENEWDELEGATIONTOKEN;
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Mockito.when(request.getQueryString()).
      thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString());
  Mockito.when(request.getMethod()).
      thenReturn(op.getHttpMethod());

  Assert.assertFalse(handler.managementOperation(null, request, response));
  Mockito.verify(response).setStatus(
      Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED));
  Mockito.verify(response).setHeader(Mockito.eq(
          KerberosAuthenticator.WWW_AUTHENTICATE),
      Mockito.eq("mock")
  );

  Mockito.reset(response);
  AuthenticationToken token = Mockito.mock(AuthenticationToken.class);
  Mockito.when(token.getUserName()).thenReturn("user");
  Assert.assertFalse(handler.managementOperation(token, request, response));
  Mockito.verify(response).sendError(
      Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
      Mockito.contains("requires the parameter [token]"));

  Mockito.reset(response);
  StringWriter writer = new StringWriter();
  PrintWriter pwriter = new PrintWriter(writer);
  Mockito.when(response.getWriter()).thenReturn(pwriter);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getQueryString()).
      thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
          "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
          dToken.encodeToUrlString());
  Assert.assertFalse(handler.managementOperation(token, request, response));
  Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
  pwriter.close();
  Assert.assertTrue(writer.toString().contains("long"));
  handler.getTokenManager().verifyToken(dToken);
}
 
Example 15
Source Project: big-c   Source File: TestWebDelegationToken.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public boolean managementOperation(AuthenticationToken token,
    HttpServletRequest request, HttpServletResponse response)
    throws IOException, AuthenticationException {
  return false;
}
 
Example 16
@SuppressWarnings("unchecked")
private void testRenewToken() throws Exception {
  DelegationTokenAuthenticator.DelegationTokenOperation op =
      DelegationTokenAuthenticator.DelegationTokenOperation.
          RENEWDELEGATIONTOKEN;
  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  Mockito.when(request.getQueryString()).
      thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString());
  Mockito.when(request.getMethod()).
      thenReturn(op.getHttpMethod());

  Assert.assertFalse(handler.managementOperation(null, request, response));
  Mockito.verify(response).setStatus(
      Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED));
  Mockito.verify(response).setHeader(Mockito.eq(
          KerberosAuthenticator.WWW_AUTHENTICATE),
      Mockito.eq("mock")
  );

  Mockito.reset(response);
  AuthenticationToken token = Mockito.mock(AuthenticationToken.class);
  Mockito.when(token.getUserName()).thenReturn("user");
  Assert.assertFalse(handler.managementOperation(token, request, response));
  Mockito.verify(response).sendError(
      Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
      Mockito.contains("requires the parameter [token]"));

  Mockito.reset(response);
  StringWriter writer = new StringWriter();
  PrintWriter pwriter = new PrintWriter(writer);
  Mockito.when(response.getWriter()).thenReturn(pwriter);
  Token<DelegationTokenIdentifier> dToken =
      (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
          UserGroupInformation.getCurrentUser(), "user");
  Mockito.when(request.getQueryString()).
      thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
          "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
          dToken.encodeToUrlString());
  Assert.assertFalse(handler.managementOperation(token, request, response));
  Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
  pwriter.close();
  Assert.assertTrue(writer.toString().contains("long"));
  handler.getTokenManager().verifyToken(dToken);
}
 
Example 17
public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response)
    throws IOException, AuthenticationException {
  return authHandler.authenticate(request, response);
}
 
Example 18
@Override
public boolean managementOperation(AuthenticationToken token,
                                   HttpServletRequest request, HttpServletResponse response)
    throws IOException, AuthenticationException {
  return false;
}
 
Example 19
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public boolean supports(org.apache.shiro.authc.AuthenticationToken token) {
  return token instanceof KerberosToken;
}
 
Example 20
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 3 votes vote down vote up
/**
 * Returns the {@link AuthenticationToken} for the request.
 * <p>
 * It looks at the received HTTP cookies and extracts the value of the
 * {@link AuthenticatedURL#AUTH_COOKIE}
 * if present. It verifies the signature and if correct it creates the
 * {@link AuthenticationToken} and returns
 * it.
 * <p>
 * If this method returns <code>null</code> the filter will invoke the configured
 * {@link AuthenticationHandler}
 * to perform user authentication.
 *
 * @param request request object.
 * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
 * @throws IOException             thrown if an IO error occurred.
 * @throws AuthenticationException thrown if the token is invalid or if it has expired.
 */
private AuthenticationToken getToken(HttpServletRequest request)
    throws AuthenticationException {
  AuthenticationToken token;
  Cookie[] cookies = request.getCookies();
  token = getTokenFromCookies(cookies);
  return token;
}
 
Example 21
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 2 votes vote down vote up
/**
 * This is an empty implementation, it always returns <code>TRUE</code>.
 *
 * @param token the authentication token if any, otherwise <code>NULL</code>.
 * @param request the HTTP client request.
 * @param response the HTTP client response.
 *
 * @return <code>TRUE</code>
 * @throws IOException it is never thrown.
 * @throws AuthenticationException it is never thrown.
 */
public boolean managementOperation(AuthenticationToken token,
                                   HttpServletRequest request,
                                   HttpServletResponse response) {
  return true;
}
 
Example 22
Source Project: zeppelin   Source File: KerberosRealm.java    License: Apache License 2.0 2 votes vote down vote up
/**
 * This method verifies if the specified token type matches one of the the
 * token types supported by our Authentication provider : {@link KerberosRealm}
 *
 * @param token The token whose type needs to be verified.
 * @return true   If the token type matches one of the supported token types
 * false  Otherwise
 */
protected static boolean verifyTokenType(AuthenticationToken token) {
  return TYPE.equals(token.getType());
}