@Test public void testGetNonProxyUgi() throws IOException { conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/"); ServletContext context = mock(ServletContext.class); String realUser = "******"; String user = "******"; conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation ugi; HttpServletRequest request; // have to be auth-ed with remote user request = getMockRequest(null, null, null); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Security enabled but user not authenticated by filter", ioe.getMessage()); } request = getMockRequest(null, realUser, null); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Security enabled but user not authenticated by filter", ioe.getMessage()); } // ugi for remote user request = getMockRequest(realUser, null, null); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNull(ugi.getRealUser()); Assert.assertEquals(ugi.getShortUserName(), realUser); checkUgiFromAuth(ugi); // ugi for remote user = real user request = getMockRequest(realUser, realUser, null); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNull(ugi.getRealUser()); Assert.assertEquals(ugi.getShortUserName(), realUser); checkUgiFromAuth(ugi); // ugi for remote user != real user request = getMockRequest(realUser, user, null); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Usernames not matched: name=" + user + " != expected=" + realUser, ioe.getMessage()); } }
@Test public void testDelegationTokenUrlParam() { conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); String tokenString = "xyzabc"; String delegationTokenParam = JspHelper.getDelegationTokenUrlParam(tokenString); // Security is enabled Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc", delegationTokenParam); conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple"); UserGroupInformation.setConfiguration(conf); delegationTokenParam = JspHelper.getDelegationTokenUrlParam(tokenString); // Empty string must be returned because security is disabled. Assert.assertEquals("", delegationTokenParam); }
@Test public void testPrintGotoFormWritesValidXML() throws IOException, ParserConfigurationException, SAXException { JspWriter mockJspWriter = mock(JspWriter.class); ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class); doAnswer( new Answer<Object>() { @Override public Object answer(InvocationOnMock invok) { Object[] args = invok.getArguments(); jspWriterOutput += (String) args[0]; return null; } }) .when(mockJspWriter) .print(arg.capture()); jspWriterOutput = ""; JspHelper.printGotoForm(mockJspWriter, 424242, "a token string", "foobar/file", "0.0.0.0"); DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder(); InputSource is = new InputSource(); is.setCharacterStream(new StringReader(jspWriterOutput)); parser.parse(is); }
private String getRemoteAddr(String clientAddr, String proxyAddr, boolean trusted) { HttpServletRequest req = mock(HttpServletRequest.class); when(req.getRemoteAddr()).thenReturn("1.2.3.4"); Configuration conf = new Configuration(); if (proxyAddr == null) { when(req.getRemoteAddr()).thenReturn(clientAddr); } else { when(req.getRemoteAddr()).thenReturn(proxyAddr); when(req.getHeader("X-Forwarded-For")).thenReturn(clientAddr); if (trusted) { conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, proxyAddr); } } ProxyUsers.refreshSuperUserGroupsConfiguration(conf); return JspHelper.getRemoteAddr(req); }
@Test public void testPrintMethods() throws IOException { JspWriter out = mock(JspWriter.class); HttpServletRequest req = mock(HttpServletRequest.class); final StringBuffer buffer = new StringBuffer(); ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class); doAnswer( new Answer<String>() { @Override public String answer(InvocationOnMock invok) { Object[] args = invok.getArguments(); buffer.append(args[0]); return null; } }) .when(out) .print(arg.capture()); JspHelper.createTitle(out, req, "testfile.txt"); verify(out, times(1)).print(Mockito.anyString()); JspHelper.addTableHeader(out); verify(out, times(1 + 2)).print(anyString()); JspHelper.addTableRow(out, new String[] {" row11", "row12 "}); verify(out, times(1 + 2 + 4)).print(anyString()); JspHelper.addTableRow(out, new String[] {" row11", "row12 "}, 3); verify(out, times(1 + 2 + 4 + 4)).print(Mockito.anyString()); JspHelper.addTableRow(out, new String[] {" row21", "row22"}); verify(out, times(1 + 2 + 4 + 4 + 4)).print(anyString()); JspHelper.addTableFooter(out); verify(out, times(1 + 2 + 4 + 4 + 4 + 1)).print(anyString()); assertFalse(isNullOrEmpty(buffer.toString())); }
@Test public void testSortNodeByFields() throws Exception { DatanodeID dnId1 = new DatanodeID("127.0.0.1", "localhost1", "datanode1", 1234, 2345, 3456, 4567); DatanodeID dnId2 = new DatanodeID("127.0.0.2", "localhost2", "datanode2", 1235, 2346, 3457, 4568); // Setup DatanodeDescriptors with one storage each. DatanodeDescriptor dnDesc1 = new DatanodeDescriptor(dnId1, "rack1"); DatanodeDescriptor dnDesc2 = new DatanodeDescriptor(dnId2, "rack2"); // Update the DatanodeDescriptors with their attached storages. BlockManagerTestUtil.updateStorage(dnDesc1, new DatanodeStorage("dnStorage1")); BlockManagerTestUtil.updateStorage(dnDesc2, new DatanodeStorage("dnStorage2")); DatanodeStorage dns1 = new DatanodeStorage("dnStorage1"); DatanodeStorage dns2 = new DatanodeStorage("dnStorage2"); StorageReport[] report1 = new StorageReport[] {new StorageReport(dns1, false, 1024, 100, 924, 100)}; StorageReport[] report2 = new StorageReport[] {new StorageReport(dns2, false, 2500, 200, 1848, 200)}; dnDesc1.updateHeartbeat(report1, 5L, 3L, 10, 2); dnDesc2.updateHeartbeat(report2, 10L, 2L, 20, 1); ArrayList<DatanodeDescriptor> live = new ArrayList<DatanodeDescriptor>(); live.add(dnDesc1); live.add(dnDesc2); JspHelper.sortNodeList(live, "unexists", "ASC"); Assert.assertEquals(dnDesc1, live.get(0)); Assert.assertEquals(dnDesc2, live.get(1)); JspHelper.sortNodeList(live, "unexists", "DSC"); Assert.assertEquals(dnDesc2, live.get(0)); Assert.assertEquals(dnDesc1, live.get(1)); // test sorting by capacity JspHelper.sortNodeList(live, "capacity", "ASC"); Assert.assertEquals(dnDesc1, live.get(0)); Assert.assertEquals(dnDesc2, live.get(1)); JspHelper.sortNodeList(live, "capacity", "DSC"); Assert.assertEquals(dnDesc2, live.get(0)); Assert.assertEquals(dnDesc1, live.get(1)); // test sorting by used JspHelper.sortNodeList(live, "used", "ASC"); Assert.assertEquals(dnDesc1, live.get(0)); Assert.assertEquals(dnDesc2, live.get(1)); JspHelper.sortNodeList(live, "used", "DSC"); Assert.assertEquals(dnDesc2, live.get(0)); Assert.assertEquals(dnDesc1, live.get(1)); // test sorting by nondfsused JspHelper.sortNodeList(live, "nondfsused", "ASC"); Assert.assertEquals(dnDesc1, live.get(0)); Assert.assertEquals(dnDesc2, live.get(1)); JspHelper.sortNodeList(live, "nondfsused", "DSC"); Assert.assertEquals(dnDesc2, live.get(0)); Assert.assertEquals(dnDesc1, live.get(1)); // test sorting by remaining JspHelper.sortNodeList(live, "remaining", "ASC"); Assert.assertEquals(dnDesc1, live.get(0)); Assert.assertEquals(dnDesc2, live.get(1)); JspHelper.sortNodeList(live, "remaining", "DSC"); Assert.assertEquals(dnDesc2, live.get(0)); Assert.assertEquals(dnDesc1, live.get(1)); }
@Test public void testGetProxyUgi() throws IOException { conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/"); ServletContext context = mock(ServletContext.class); String realUser = "******"; String user = "******"; conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); conf.set(DefaultImpersonationProvider.getProxySuperuserGroupConfKey(realUser), "*"); conf.set(DefaultImpersonationProvider.getProxySuperuserIpConfKey(realUser), "*"); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); UserGroupInformation.setConfiguration(conf); UserGroupInformation ugi; HttpServletRequest request; // have to be auth-ed with remote user request = getMockRequest(null, null, user); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Security enabled but user not authenticated by filter", ioe.getMessage()); } request = getMockRequest(null, realUser, user); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Security enabled but user not authenticated by filter", ioe.getMessage()); } // proxy ugi for user via remote user request = getMockRequest(realUser, null, user); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromAuth(ugi); // proxy ugi for user vi a remote user = real user request = getMockRequest(realUser, realUser, user); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromAuth(ugi); // proxy ugi for user via remote user != real user request = getMockRequest(realUser, user, user); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Usernames not matched: name=" + user + " != expected=" + realUser, ioe.getMessage()); } // try to get get a proxy user with unauthorized user try { request = getMockRequest(user, null, realUser); JspHelper.getUGI(context, request, conf); Assert.fail("bad proxy request allowed"); } catch (AuthorizationException ae) { Assert.assertEquals( "User: "******" is not allowed to impersonate " + realUser, ae.getMessage()); } try { request = getMockRequest(user, user, realUser); JspHelper.getUGI(context, request, conf); Assert.fail("bad proxy request allowed"); } catch (AuthorizationException ae) { Assert.assertEquals( "User: "******" is not allowed to impersonate " + realUser, ae.getMessage()); } }
@Test public void testGetUgiFromToken() throws IOException { conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/"); ServletContext context = mock(ServletContext.class); String realUser = "******"; String user = "******"; conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); UserGroupInformation ugi; HttpServletRequest request; Text ownerText = new Text(user); DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(ownerText, ownerText, new Text(realUser)); Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(dtId, new DummySecretManager(0, 0, 0, 0)); String tokenString = token.encodeToUrlString(); // token with no auth-ed user request = getMockRequest(null, null, null); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromToken(ugi); // token with auth-ed user request = getMockRequest(realUser, null, null); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromToken(ugi); // completely different user, token trumps auth request = getMockRequest("rogue", null, null); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromToken(ugi); // expected case request = getMockRequest(null, user, null); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); ugi = JspHelper.getUGI(context, request, conf); Assert.assertNotNull(ugi.getRealUser()); Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser); Assert.assertEquals(ugi.getShortUserName(), user); checkUgiFromToken(ugi); // can't proxy with a token! request = getMockRequest(null, null, "rogue"); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Usernames not matched: name=rogue != expected=" + user, ioe.getMessage()); } // can't proxy with a token! request = getMockRequest(null, user, "rogue"); when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString); try { JspHelper.getUGI(context, request, conf); Assert.fail("bad request allowed"); } catch (IOException ioe) { Assert.assertEquals( "Usernames not matched: name=rogue != expected=" + user, ioe.getMessage()); } }
private void verifyServiceInToken( ServletContext context, HttpServletRequest request, String expected) throws IOException { UserGroupInformation ugi = JspHelper.getUGI(context, request, conf); Token<? extends TokenIdentifier> tokenInUgi = ugi.getTokens().iterator().next(); Assert.assertEquals(expected, tokenInUgi.getService().toString()); }