Beispiel #1
0
  @Test
  public void testGetNonProxyUgi() throws IOException {
    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
    ServletContext context = mock(ServletContext.class);
    String realUser = "******";
    String user = "******";
    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation ugi;
    HttpServletRequest request;

    // have to be auth-ed with remote user
    request = getMockRequest(null, null, null);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Security enabled but user not authenticated by filter", ioe.getMessage());
    }
    request = getMockRequest(null, realUser, null);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Security enabled but user not authenticated by filter", ioe.getMessage());
    }

    // ugi for remote user
    request = getMockRequest(realUser, null, null);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getShortUserName(), realUser);
    checkUgiFromAuth(ugi);

    // ugi for remote user = real user
    request = getMockRequest(realUser, realUser, null);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getShortUserName(), realUser);
    checkUgiFromAuth(ugi);

    // ugi for remote user != real user
    request = getMockRequest(realUser, user, null);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Usernames not matched: name=" + user + " != expected=" + realUser, ioe.getMessage());
    }
  }
Beispiel #2
0
 @Test
 public void testDelegationTokenUrlParam() {
   conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
   UserGroupInformation.setConfiguration(conf);
   String tokenString = "xyzabc";
   String delegationTokenParam = JspHelper.getDelegationTokenUrlParam(tokenString);
   // Security is enabled
   Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc", delegationTokenParam);
   conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple");
   UserGroupInformation.setConfiguration(conf);
   delegationTokenParam = JspHelper.getDelegationTokenUrlParam(tokenString);
   // Empty string must be returned because security is disabled.
   Assert.assertEquals("", delegationTokenParam);
 }
Beispiel #3
0
  @Test
  public void testPrintGotoFormWritesValidXML()
      throws IOException, ParserConfigurationException, SAXException {
    JspWriter mockJspWriter = mock(JspWriter.class);
    ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class);
    doAnswer(
            new Answer<Object>() {
              @Override
              public Object answer(InvocationOnMock invok) {
                Object[] args = invok.getArguments();
                jspWriterOutput += (String) args[0];
                return null;
              }
            })
        .when(mockJspWriter)
        .print(arg.capture());

    jspWriterOutput = "";

    JspHelper.printGotoForm(mockJspWriter, 424242, "a token string", "foobar/file", "0.0.0.0");

    DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
    InputSource is = new InputSource();
    is.setCharacterStream(new StringReader(jspWriterOutput));
    parser.parse(is);
  }
Beispiel #4
0
  private String getRemoteAddr(String clientAddr, String proxyAddr, boolean trusted) {
    HttpServletRequest req = mock(HttpServletRequest.class);
    when(req.getRemoteAddr()).thenReturn("1.2.3.4");

    Configuration conf = new Configuration();
    if (proxyAddr == null) {
      when(req.getRemoteAddr()).thenReturn(clientAddr);
    } else {
      when(req.getRemoteAddr()).thenReturn(proxyAddr);
      when(req.getHeader("X-Forwarded-For")).thenReturn(clientAddr);
      if (trusted) {
        conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, proxyAddr);
      }
    }
    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
    return JspHelper.getRemoteAddr(req);
  }
Beispiel #5
0
  @Test
  public void testPrintMethods() throws IOException {
    JspWriter out = mock(JspWriter.class);
    HttpServletRequest req = mock(HttpServletRequest.class);

    final StringBuffer buffer = new StringBuffer();

    ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class);
    doAnswer(
            new Answer<String>() {
              @Override
              public String answer(InvocationOnMock invok) {
                Object[] args = invok.getArguments();
                buffer.append(args[0]);
                return null;
              }
            })
        .when(out)
        .print(arg.capture());

    JspHelper.createTitle(out, req, "testfile.txt");
    verify(out, times(1)).print(Mockito.anyString());

    JspHelper.addTableHeader(out);
    verify(out, times(1 + 2)).print(anyString());

    JspHelper.addTableRow(out, new String[] {" row11", "row12 "});
    verify(out, times(1 + 2 + 4)).print(anyString());

    JspHelper.addTableRow(out, new String[] {" row11", "row12 "}, 3);
    verify(out, times(1 + 2 + 4 + 4)).print(Mockito.anyString());

    JspHelper.addTableRow(out, new String[] {" row21", "row22"});
    verify(out, times(1 + 2 + 4 + 4 + 4)).print(anyString());

    JspHelper.addTableFooter(out);
    verify(out, times(1 + 2 + 4 + 4 + 4 + 1)).print(anyString());

    assertFalse(isNullOrEmpty(buffer.toString()));
  }
Beispiel #6
0
  @Test
  public void testSortNodeByFields() throws Exception {
    DatanodeID dnId1 =
        new DatanodeID("127.0.0.1", "localhost1", "datanode1", 1234, 2345, 3456, 4567);
    DatanodeID dnId2 =
        new DatanodeID("127.0.0.2", "localhost2", "datanode2", 1235, 2346, 3457, 4568);

    // Setup DatanodeDescriptors with one storage each.
    DatanodeDescriptor dnDesc1 = new DatanodeDescriptor(dnId1, "rack1");
    DatanodeDescriptor dnDesc2 = new DatanodeDescriptor(dnId2, "rack2");

    // Update the DatanodeDescriptors with their attached storages.
    BlockManagerTestUtil.updateStorage(dnDesc1, new DatanodeStorage("dnStorage1"));
    BlockManagerTestUtil.updateStorage(dnDesc2, new DatanodeStorage("dnStorage2"));

    DatanodeStorage dns1 = new DatanodeStorage("dnStorage1");
    DatanodeStorage dns2 = new DatanodeStorage("dnStorage2");

    StorageReport[] report1 =
        new StorageReport[] {new StorageReport(dns1, false, 1024, 100, 924, 100)};
    StorageReport[] report2 =
        new StorageReport[] {new StorageReport(dns2, false, 2500, 200, 1848, 200)};
    dnDesc1.updateHeartbeat(report1, 5L, 3L, 10, 2);
    dnDesc2.updateHeartbeat(report2, 10L, 2L, 20, 1);

    ArrayList<DatanodeDescriptor> live = new ArrayList<DatanodeDescriptor>();
    live.add(dnDesc1);
    live.add(dnDesc2);

    JspHelper.sortNodeList(live, "unexists", "ASC");
    Assert.assertEquals(dnDesc1, live.get(0));
    Assert.assertEquals(dnDesc2, live.get(1));
    JspHelper.sortNodeList(live, "unexists", "DSC");
    Assert.assertEquals(dnDesc2, live.get(0));
    Assert.assertEquals(dnDesc1, live.get(1));

    // test sorting by capacity
    JspHelper.sortNodeList(live, "capacity", "ASC");
    Assert.assertEquals(dnDesc1, live.get(0));
    Assert.assertEquals(dnDesc2, live.get(1));
    JspHelper.sortNodeList(live, "capacity", "DSC");
    Assert.assertEquals(dnDesc2, live.get(0));
    Assert.assertEquals(dnDesc1, live.get(1));

    // test sorting by used
    JspHelper.sortNodeList(live, "used", "ASC");
    Assert.assertEquals(dnDesc1, live.get(0));
    Assert.assertEquals(dnDesc2, live.get(1));
    JspHelper.sortNodeList(live, "used", "DSC");
    Assert.assertEquals(dnDesc2, live.get(0));
    Assert.assertEquals(dnDesc1, live.get(1));

    // test sorting by nondfsused
    JspHelper.sortNodeList(live, "nondfsused", "ASC");
    Assert.assertEquals(dnDesc1, live.get(0));
    Assert.assertEquals(dnDesc2, live.get(1));

    JspHelper.sortNodeList(live, "nondfsused", "DSC");
    Assert.assertEquals(dnDesc2, live.get(0));
    Assert.assertEquals(dnDesc1, live.get(1));

    // test sorting by remaining
    JspHelper.sortNodeList(live, "remaining", "ASC");
    Assert.assertEquals(dnDesc1, live.get(0));
    Assert.assertEquals(dnDesc2, live.get(1));

    JspHelper.sortNodeList(live, "remaining", "DSC");
    Assert.assertEquals(dnDesc2, live.get(0));
    Assert.assertEquals(dnDesc1, live.get(1));
  }
Beispiel #7
0
  @Test
  public void testGetProxyUgi() throws IOException {
    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
    ServletContext context = mock(ServletContext.class);
    String realUser = "******";
    String user = "******";
    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");

    conf.set(DefaultImpersonationProvider.getProxySuperuserGroupConfKey(realUser), "*");
    conf.set(DefaultImpersonationProvider.getProxySuperuserIpConfKey(realUser), "*");
    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation ugi;
    HttpServletRequest request;

    // have to be auth-ed with remote user
    request = getMockRequest(null, null, user);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Security enabled but user not authenticated by filter", ioe.getMessage());
    }
    request = getMockRequest(null, realUser, user);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Security enabled but user not authenticated by filter", ioe.getMessage());
    }

    // proxy ugi for user via remote user
    request = getMockRequest(realUser, null, user);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromAuth(ugi);

    // proxy ugi for user vi a remote user = real user
    request = getMockRequest(realUser, realUser, user);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromAuth(ugi);

    // proxy ugi for user via remote user != real user
    request = getMockRequest(realUser, user, user);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Usernames not matched: name=" + user + " != expected=" + realUser, ioe.getMessage());
    }

    // try to get get a proxy user with unauthorized user
    try {
      request = getMockRequest(user, null, realUser);
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad proxy request allowed");
    } catch (AuthorizationException ae) {
      Assert.assertEquals(
          "User: "******" is not allowed to impersonate " + realUser, ae.getMessage());
    }
    try {
      request = getMockRequest(user, user, realUser);
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad proxy request allowed");
    } catch (AuthorizationException ae) {
      Assert.assertEquals(
          "User: "******" is not allowed to impersonate " + realUser, ae.getMessage());
    }
  }
Beispiel #8
0
  @Test
  public void testGetUgiFromToken() throws IOException {
    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
    ServletContext context = mock(ServletContext.class);
    String realUser = "******";
    String user = "******";
    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation ugi;
    HttpServletRequest request;

    Text ownerText = new Text(user);
    DelegationTokenIdentifier dtId =
        new DelegationTokenIdentifier(ownerText, ownerText, new Text(realUser));
    Token<DelegationTokenIdentifier> token =
        new Token<DelegationTokenIdentifier>(dtId, new DummySecretManager(0, 0, 0, 0));
    String tokenString = token.encodeToUrlString();

    // token with no auth-ed user
    request = getMockRequest(null, null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);

    // token with auth-ed user
    request = getMockRequest(realUser, null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);

    // completely different user, token trumps auth
    request = getMockRequest("rogue", null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);

    // expected case
    request = getMockRequest(null, user, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);

    // can't proxy with a token!
    request = getMockRequest(null, null, "rogue");
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Usernames not matched: name=rogue != expected=" + user, ioe.getMessage());
    }

    // can't proxy with a token!
    request = getMockRequest(null, user, "rogue");
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    try {
      JspHelper.getUGI(context, request, conf);
      Assert.fail("bad request allowed");
    } catch (IOException ioe) {
      Assert.assertEquals(
          "Usernames not matched: name=rogue != expected=" + user, ioe.getMessage());
    }
  }
Beispiel #9
0
 private void verifyServiceInToken(
     ServletContext context, HttpServletRequest request, String expected) throws IOException {
   UserGroupInformation ugi = JspHelper.getUGI(context, request, conf);
   Token<? extends TokenIdentifier> tokenInUgi = ugi.getTokens().iterator().next();
   Assert.assertEquals(expected, tokenInUgi.getService().toString());
 }