HADOOP-9866. convert hadoop-auth testcases requiring kerberos to use minikdc. (ywskycn via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1515658 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
540896b39e
commit
32bdd011ef
|
@ -33,7 +33,6 @@
|
|||
|
||||
<properties>
|
||||
<maven.build.timestamp.format>yyyyMMdd</maven.build.timestamp.format>
|
||||
<kerberos.realm>LOCALHOST</kerberos.realm>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
@ -83,38 +82,15 @@
|
|||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.hadoop</groupId>
|
||||
<artifactId>hadoop-minikdc</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<testResources>
|
||||
<testResource>
|
||||
<directory>${basedir}/src/test/resources</directory>
|
||||
<filtering>true</filtering>
|
||||
<includes>
|
||||
<include>krb5.conf</include>
|
||||
</includes>
|
||||
</testResource>
|
||||
</testResources>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<configuration>
|
||||
<forkMode>always</forkMode>
|
||||
<forkedProcessTimeoutInSeconds>600</forkedProcessTimeoutInSeconds>
|
||||
<systemPropertyVariables>
|
||||
<java.security.krb5.conf>${project.build.directory}/test-classes/krb5.conf</java.security.krb5.conf>
|
||||
<kerberos.realm>${kerberos.realm}</kerberos.realm>
|
||||
</systemPropertyVariables>
|
||||
<excludes>
|
||||
<exclude>**/${test.exclude}.java</exclude>
|
||||
<exclude>${test.exclude.pattern}</exclude>
|
||||
<exclude>**/TestKerberosAuth*.java</exclude>
|
||||
<exclude>**/TestAltKerberosAuth*.java</exclude>
|
||||
<exclude>**/Test*$*.java</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-source-plugin</artifactId>
|
||||
|
@ -134,33 +110,6 @@
|
|||
</build>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>testKerberos</id>
|
||||
<activation>
|
||||
<activeByDefault>false</activeByDefault>
|
||||
</activation>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<configuration>
|
||||
<forkMode>always</forkMode>
|
||||
<forkedProcessTimeoutInSeconds>600</forkedProcessTimeoutInSeconds>
|
||||
<systemPropertyVariables>
|
||||
<java.security.krb5.conf>${project.build.directory}/test-classes/krb5.conf</java.security.krb5.conf>
|
||||
<kerberos.realm>${kerberos.realm}</kerberos.realm>
|
||||
</systemPropertyVariables>
|
||||
<excludes>
|
||||
<exclude>**/${test.exclude}.java</exclude>
|
||||
<exclude>${test.exclude.pattern}</exclude>
|
||||
<exclude>**/Test*$*.java</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>docs</id>
|
||||
<activation>
|
||||
|
|
|
@ -13,7 +13,6 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication;
|
||||
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
|
@ -26,6 +25,7 @@ import java.io.File;
|
|||
import java.security.Principal;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.UUID;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
|
@ -36,32 +36,23 @@ import java.util.concurrent.Callable;
|
|||
* Test helper class for Java Kerberos setup.
|
||||
*/
|
||||
public class KerberosTestUtils {
|
||||
private static final String PREFIX = "hadoop-auth.test.";
|
||||
|
||||
public static final String REALM = PREFIX + "kerberos.realm";
|
||||
|
||||
public static final String CLIENT_PRINCIPAL = PREFIX + "kerberos.client.principal";
|
||||
|
||||
public static final String SERVER_PRINCIPAL = PREFIX + "kerberos.server.principal";
|
||||
|
||||
public static final String KEYTAB_FILE = PREFIX + "kerberos.keytab.file";
|
||||
private static String keytabFile = new File(System.getProperty("test.dir", "target"),
|
||||
UUID.randomUUID().toString()).toString();
|
||||
|
||||
public static String getRealm() {
|
||||
return System.getProperty(REALM, "LOCALHOST");
|
||||
return "EXAMPLE.COM";
|
||||
}
|
||||
|
||||
public static String getClientPrincipal() {
|
||||
return System.getProperty(CLIENT_PRINCIPAL, "client") + "@" + getRealm();
|
||||
return "client@EXAMPLE.COM";
|
||||
}
|
||||
|
||||
public static String getServerPrincipal() {
|
||||
return System.getProperty(SERVER_PRINCIPAL, "HTTP/localhost") + "@" + getRealm();
|
||||
return "HTTP/localhost@EXAMPLE.COM";
|
||||
}
|
||||
|
||||
public static String getKeytabFile() {
|
||||
String keytabFile =
|
||||
new File(System.getProperty("user.home"), System.getProperty("user.name") + ".keytab").toString();
|
||||
return System.getProperty(KEYTAB_FILE, keytabFile);
|
||||
return keytabFile;
|
||||
}
|
||||
|
||||
private static class KerberosConfiguration extends Configuration {
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
|
@ -13,10 +13,7 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import junit.framework.Assert;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import junit.framework.TestCase;
|
||||
import org.mockito.Mockito;
|
||||
import org.mortbay.jetty.Server;
|
||||
import org.mortbay.jetty.servlet.Context;
|
||||
import org.mortbay.jetty.servlet.FilterHolder;
|
||||
|
@ -27,19 +24,20 @@ import javax.servlet.ServletException;
|
|||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.Writer;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.ServerSocket;
|
||||
import java.net.URL;
|
||||
import java.util.Properties;
|
||||
import org.junit.Assert;
|
||||
|
||||
public abstract class AuthenticatorTestCase extends TestCase {
|
||||
public class AuthenticatorTestCase {
|
||||
private Server server;
|
||||
private String host = null;
|
||||
private int port = -1;
|
||||
|
@ -151,18 +149,18 @@ public abstract class AuthenticatorTestCase extends TestCase {
|
|||
writer.write(POST);
|
||||
writer.close();
|
||||
}
|
||||
assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
if (doPost) {
|
||||
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
|
||||
String echo = reader.readLine();
|
||||
assertEquals(POST, echo);
|
||||
assertNull(reader.readLine());
|
||||
Assert.assertEquals(POST, echo);
|
||||
Assert.assertNull(reader.readLine());
|
||||
}
|
||||
aUrl = new AuthenticatedURL();
|
||||
conn = aUrl.openConnection(url, token);
|
||||
conn.connect();
|
||||
assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
assertEquals(tokenStr, token.toString());
|
||||
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
Assert.assertEquals(tokenStr, token.toString());
|
||||
} finally {
|
||||
stop();
|
||||
}
|
||||
|
|
|
@ -13,8 +13,8 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import junit.framework.Assert;
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import java.net.HttpURLConnection;
|
||||
|
@ -24,46 +24,48 @@ import java.util.HashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class TestAuthenticatedURL extends TestCase {
|
||||
public class TestAuthenticatedURL {
|
||||
|
||||
@Test
|
||||
public void testToken() throws Exception {
|
||||
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
|
||||
assertFalse(token.isSet());
|
||||
Assert.assertFalse(token.isSet());
|
||||
token = new AuthenticatedURL.Token("foo");
|
||||
assertTrue(token.isSet());
|
||||
assertEquals("foo", token.toString());
|
||||
Assert.assertTrue(token.isSet());
|
||||
Assert.assertEquals("foo", token.toString());
|
||||
|
||||
AuthenticatedURL.Token token1 = new AuthenticatedURL.Token();
|
||||
AuthenticatedURL.Token token2 = new AuthenticatedURL.Token();
|
||||
assertEquals(token1.hashCode(), token2.hashCode());
|
||||
assertTrue(token1.equals(token2));
|
||||
Assert.assertEquals(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertTrue(token1.equals(token2));
|
||||
|
||||
token1 = new AuthenticatedURL.Token();
|
||||
token2 = new AuthenticatedURL.Token("foo");
|
||||
assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
assertFalse(token1.equals(token2));
|
||||
Assert.assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertFalse(token1.equals(token2));
|
||||
|
||||
token1 = new AuthenticatedURL.Token("foo");
|
||||
token2 = new AuthenticatedURL.Token();
|
||||
assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
assertFalse(token1.equals(token2));
|
||||
Assert.assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertFalse(token1.equals(token2));
|
||||
|
||||
token1 = new AuthenticatedURL.Token("foo");
|
||||
token2 = new AuthenticatedURL.Token("foo");
|
||||
assertEquals(token1.hashCode(), token2.hashCode());
|
||||
assertTrue(token1.equals(token2));
|
||||
Assert.assertEquals(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertTrue(token1.equals(token2));
|
||||
|
||||
token1 = new AuthenticatedURL.Token("bar");
|
||||
token2 = new AuthenticatedURL.Token("foo");
|
||||
assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
assertFalse(token1.equals(token2));
|
||||
Assert.assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertFalse(token1.equals(token2));
|
||||
|
||||
token1 = new AuthenticatedURL.Token("foo");
|
||||
token2 = new AuthenticatedURL.Token("bar");
|
||||
assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
assertFalse(token1.equals(token2));
|
||||
Assert.assertNotSame(token1.hashCode(), token2.hashCode());
|
||||
Assert.assertFalse(token1.equals(token2));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInjectToken() throws Exception {
|
||||
HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
|
||||
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
|
||||
|
@ -72,6 +74,7 @@ public class TestAuthenticatedURL extends TestCase {
|
|||
Mockito.verify(conn).addRequestProperty(Mockito.eq("Cookie"), Mockito.anyString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testExtractTokenOK() throws Exception {
|
||||
HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
|
||||
|
||||
|
@ -87,9 +90,10 @@ public class TestAuthenticatedURL extends TestCase {
|
|||
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
|
||||
AuthenticatedURL.extractToken(conn, token);
|
||||
|
||||
assertEquals(tokenStr, token.toString());
|
||||
Assert.assertEquals(tokenStr, token.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testExtractTokenFail() throws Exception {
|
||||
HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
|
||||
|
||||
|
@ -106,15 +110,16 @@ public class TestAuthenticatedURL extends TestCase {
|
|||
token.set("bar");
|
||||
try {
|
||||
AuthenticatedURL.extractToken(conn, token);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
Assert.assertFalse(token.isSet());
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testConnectionConfigurator() throws Exception {
|
||||
HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
|
||||
Mockito.when(conn.getResponseCode()).
|
||||
|
|
|
@ -13,17 +13,33 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.client;
|
||||
|
||||
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.File;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
||||
import java.util.Properties;
|
||||
import java.util.concurrent.Callable;
|
||||
|
||||
public class TestKerberosAuthenticator extends AuthenticatorTestCase {
|
||||
public class TestKerberosAuthenticator extends KerberosSecurityTestcase {
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
// create keytab
|
||||
File keytabFile = new File(KerberosTestUtils.getKeytabFile());
|
||||
String clientPrincipal = KerberosTestUtils.getClientPrincipal();
|
||||
String serverPrincipal = KerberosTestUtils.getServerPrincipal();
|
||||
clientPrincipal = clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@"));
|
||||
serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@"));
|
||||
getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal);
|
||||
}
|
||||
|
||||
private Properties getAuthenticationHandlerConfiguration() {
|
||||
Properties props = new Properties();
|
||||
|
@ -35,57 +51,67 @@ public class TestKerberosAuthenticator extends AuthenticatorTestCase {
|
|||
return props;
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testFallbacktoPseudoAuthenticator() throws Exception {
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
Properties props = new Properties();
|
||||
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
||||
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
|
||||
setAuthenticationHandlerConfig(props);
|
||||
_testAuthentication(new KerberosAuthenticator(), false);
|
||||
auth.setAuthenticationHandlerConfig(props);
|
||||
auth._testAuthentication(new KerberosAuthenticator(), false);
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
Properties props = new Properties();
|
||||
props.setProperty(AuthenticationFilter.AUTH_TYPE, "simple");
|
||||
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
|
||||
setAuthenticationHandlerConfig(props);
|
||||
_testAuthentication(new KerberosAuthenticator(), false);
|
||||
auth.setAuthenticationHandlerConfig(props);
|
||||
auth._testAuthentication(new KerberosAuthenticator(), false);
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testNotAuthenticated() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
||||
start();
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
||||
auth.start();
|
||||
try {
|
||||
URL url = new URL(getBaseURL());
|
||||
URL url = new URL(auth.getBaseURL());
|
||||
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
|
||||
conn.connect();
|
||||
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
|
||||
assertTrue(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE) != null);
|
||||
Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
|
||||
Assert.assertTrue(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE) != null);
|
||||
} finally {
|
||||
stop();
|
||||
auth.stop();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testAuthentication() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
||||
final AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration());
|
||||
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||
@Override
|
||||
public Void call() throws Exception {
|
||||
_testAuthentication(new KerberosAuthenticator(), false);
|
||||
auth._testAuthentication(new KerberosAuthenticator(), false);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testAuthenticationPost() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
|
||||
final AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration());
|
||||
KerberosTestUtils.doAsClient(new Callable<Void>() {
|
||||
@Override
|
||||
public Void call() throws Exception {
|
||||
_testAuthentication(new KerberosAuthenticator(), true);
|
||||
auth._testAuthentication(new KerberosAuthenticator(), true);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -15,12 +15,14 @@ package org.apache.hadoop.security.authentication.client;
|
|||
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
||||
import java.util.Properties;
|
||||
|
||||
public class TestPseudoAuthenticator extends AuthenticatorTestCase {
|
||||
public class TestPseudoAuthenticator {
|
||||
|
||||
private Properties getAuthenticationHandlerConfiguration(boolean anonymousAllowed) {
|
||||
Properties props = new Properties();
|
||||
|
@ -29,55 +31,74 @@ public class TestPseudoAuthenticator extends AuthenticatorTestCase {
|
|||
return props;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUserName() throws Exception {
|
||||
PseudoAuthenticator authenticator = new PseudoAuthenticator();
|
||||
assertEquals(System.getProperty("user.name"), authenticator.getUserName());
|
||||
Assert.assertEquals(System.getProperty("user.name"), authenticator.getUserName());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAnonymousAllowed() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(true));
|
||||
start();
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(true));
|
||||
auth.start();
|
||||
try {
|
||||
URL url = new URL(getBaseURL());
|
||||
URL url = new URL(auth.getBaseURL());
|
||||
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
|
||||
conn.connect();
|
||||
assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
|
||||
} finally {
|
||||
stop();
|
||||
auth.stop();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAnonymousDisallowed() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(false));
|
||||
start();
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(false));
|
||||
auth.start();
|
||||
try {
|
||||
URL url = new URL(getBaseURL());
|
||||
URL url = new URL(auth.getBaseURL());
|
||||
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
|
||||
conn.connect();
|
||||
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
|
||||
Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode());
|
||||
} finally {
|
||||
stop();
|
||||
auth.stop();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationAnonymousAllowed() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(true));
|
||||
_testAuthentication(new PseudoAuthenticator(), false);
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(true));
|
||||
auth._testAuthentication(new PseudoAuthenticator(), false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationAnonymousDisallowed() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(false));
|
||||
_testAuthentication(new PseudoAuthenticator(), false);
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(false));
|
||||
auth._testAuthentication(new PseudoAuthenticator(), false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationAnonymousAllowedWithPost() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(true));
|
||||
_testAuthentication(new PseudoAuthenticator(), true);
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(true));
|
||||
auth._testAuthentication(new PseudoAuthenticator(), true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationAnonymousDisallowedWithPost() throws Exception {
|
||||
setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration(false));
|
||||
_testAuthentication(new PseudoAuthenticator(), true);
|
||||
AuthenticatorTestCase auth = new AuthenticatorTestCase();
|
||||
auth.setAuthenticationHandlerConfig(
|
||||
getAuthenticationHandlerConfiguration(false));
|
||||
auth._testAuthentication(new PseudoAuthenticator(), true);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -18,6 +18,8 @@ import java.util.Properties;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
public class TestAltKerberosAuthenticationHandler
|
||||
|
@ -45,6 +47,7 @@ public class TestAltKerberosAuthenticationHandler
|
|||
return AltKerberosAuthenticationHandler.TYPE;
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testAlternateAuthenticationAsBrowser() throws Exception {
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
@ -54,11 +57,12 @@ public class TestAltKerberosAuthenticationHandler
|
|||
Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser");
|
||||
|
||||
AuthenticationToken token = handler.authenticate(request, response);
|
||||
assertEquals("A", token.getUserName());
|
||||
assertEquals("B", token.getName());
|
||||
assertEquals(getExpectedType(), token.getType());
|
||||
Assert.assertEquals("A", token.getUserName());
|
||||
Assert.assertEquals("B", token.getName());
|
||||
Assert.assertEquals(getExpectedType(), token.getType());
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception {
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
@ -81,11 +85,12 @@ public class TestAltKerberosAuthenticationHandler
|
|||
Mockito.when(request.getHeader("User-Agent")).thenReturn("blah");
|
||||
// Should use alt authentication
|
||||
AuthenticationToken token = handler.authenticate(request, response);
|
||||
assertEquals("A", token.getUserName());
|
||||
assertEquals("B", token.getName());
|
||||
assertEquals(getExpectedType(), token.getType());
|
||||
Assert.assertEquals("A", token.getUserName());
|
||||
Assert.assertEquals("B", token.getName());
|
||||
Assert.assertEquals(getExpectedType(), token.getType());
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testNonDefaultNonBrowserUserAgentAsNonBrowser() throws Exception {
|
||||
if (handler != null) {
|
||||
handler.destroy();
|
||||
|
|
|
@ -16,7 +16,8 @@ package org.apache.hadoop.security.authentication.server;
|
|||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.util.Signer;
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
|
@ -34,8 +35,9 @@ import java.util.Arrays;
|
|||
import java.util.Properties;
|
||||
import java.util.Vector;
|
||||
|
||||
public class TestAuthenticationFilter extends TestCase {
|
||||
public class TestAuthenticationFilter {
|
||||
|
||||
@Test
|
||||
public void testGetConfiguration() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
FilterConfig config = Mockito.mock(FilterConfig.class);
|
||||
|
@ -43,27 +45,28 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
Mockito.when(config.getInitParameter("a")).thenReturn("A");
|
||||
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList("a")).elements());
|
||||
Properties props = filter.getConfiguration("", config);
|
||||
assertEquals("A", props.getProperty("a"));
|
||||
Assert.assertEquals("A", props.getProperty("a"));
|
||||
|
||||
config = Mockito.mock(FilterConfig.class);
|
||||
Mockito.when(config.getInitParameter(AuthenticationFilter.CONFIG_PREFIX)).thenReturn("foo");
|
||||
Mockito.when(config.getInitParameter("foo.a")).thenReturn("A");
|
||||
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList("foo.a")).elements());
|
||||
props = filter.getConfiguration("foo.", config);
|
||||
assertEquals("A", props.getProperty("a"));
|
||||
Assert.assertEquals("A", props.getProperty("a"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInitEmpty() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
FilterConfig config = Mockito.mock(FilterConfig.class);
|
||||
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>().elements());
|
||||
filter.init(config);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (ServletException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
|
@ -126,6 +129,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInit() throws Exception {
|
||||
|
||||
// minimal configuration & simple auth handler (Pseudo)
|
||||
|
@ -138,11 +142,11 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
|
||||
AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
|
||||
filter.init(config);
|
||||
assertEquals(PseudoAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
|
||||
assertTrue(filter.isRandomSecret());
|
||||
assertNull(filter.getCookieDomain());
|
||||
assertNull(filter.getCookiePath());
|
||||
assertEquals(1000, filter.getValidity());
|
||||
Assert.assertEquals(PseudoAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
|
||||
Assert.assertTrue(filter.isRandomSecret());
|
||||
Assert.assertNull(filter.getCookieDomain());
|
||||
Assert.assertNull(filter.getCookiePath());
|
||||
Assert.assertEquals(1000, filter.getValidity());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
|
@ -157,7 +161,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
|
||||
AuthenticationFilter.SIGNATURE_SECRET)).elements());
|
||||
filter.init(config);
|
||||
assertFalse(filter.isRandomSecret());
|
||||
Assert.assertFalse(filter.isRandomSecret());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
|
@ -174,13 +178,12 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
AuthenticationFilter.COOKIE_DOMAIN,
|
||||
AuthenticationFilter.COOKIE_PATH)).elements());
|
||||
filter.init(config);
|
||||
assertEquals(".foo.com", filter.getCookieDomain());
|
||||
assertEquals("/bar", filter.getCookiePath());
|
||||
Assert.assertEquals(".foo.com", filter.getCookieDomain());
|
||||
Assert.assertEquals("/bar", filter.getCookiePath());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
|
||||
|
||||
// authentication handler lifecycle, and custom impl
|
||||
DummyAuthenticationHandler.reset();
|
||||
filter = new AuthenticationFilter();
|
||||
|
@ -195,10 +198,10 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
Arrays.asList(AuthenticationFilter.AUTH_TYPE,
|
||||
"management.operation.return")).elements());
|
||||
filter.init(config);
|
||||
assertTrue(DummyAuthenticationHandler.init);
|
||||
Assert.assertTrue(DummyAuthenticationHandler.init);
|
||||
} finally {
|
||||
filter.destroy();
|
||||
assertTrue(DummyAuthenticationHandler.destroy);
|
||||
Assert.assertTrue(DummyAuthenticationHandler.destroy);
|
||||
}
|
||||
|
||||
// kerberos auth handler
|
||||
|
@ -212,11 +215,12 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
} catch (ServletException ex) {
|
||||
// Expected
|
||||
} finally {
|
||||
assertEquals(KerberosAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
|
||||
Assert.assertEquals(KerberosAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetRequestURL() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -235,12 +239,13 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
|
||||
Mockito.when(request.getQueryString()).thenReturn("a=A&b=B");
|
||||
|
||||
assertEquals("http://foo:8080/bar?a=A&b=B", filter.getRequestURL(request));
|
||||
Assert.assertEquals("http://foo:8080/bar?a=A&b=B", filter.getRequestURL(request));
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetToken() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -268,12 +273,13 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
|
||||
AuthenticationToken newToken = filter.getToken(request);
|
||||
|
||||
assertEquals(token.toString(), newToken.toString());
|
||||
Assert.assertEquals(token.toString(), newToken.toString());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetTokenExpired() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -300,17 +306,18 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
|
||||
try {
|
||||
filter.getToken(request);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetTokenInvalidType() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -338,17 +345,18 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
|
||||
try {
|
||||
filter.getToken(request);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterNotAuthenticated() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -374,7 +382,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
new Answer<Object>() {
|
||||
@Override
|
||||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
fail();
|
||||
Assert.fail();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -468,27 +476,27 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
Mockito.verify(response, Mockito.never()).
|
||||
addCookie(Mockito.any(Cookie.class));
|
||||
} else {
|
||||
assertNotNull(setCookie[0]);
|
||||
assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
assertTrue(setCookie[0].getValue().contains("u="));
|
||||
assertTrue(setCookie[0].getValue().contains("p="));
|
||||
assertTrue(setCookie[0].getValue().contains("t="));
|
||||
assertTrue(setCookie[0].getValue().contains("e="));
|
||||
assertTrue(setCookie[0].getValue().contains("s="));
|
||||
assertTrue(calledDoFilter[0]);
|
||||
Assert.assertNotNull(setCookie[0]);
|
||||
Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
Assert.assertTrue(setCookie[0].getValue().contains("u="));
|
||||
Assert.assertTrue(setCookie[0].getValue().contains("p="));
|
||||
Assert.assertTrue(setCookie[0].getValue().contains("t="));
|
||||
Assert.assertTrue(setCookie[0].getValue().contains("e="));
|
||||
Assert.assertTrue(setCookie[0].getValue().contains("s="));
|
||||
Assert.assertTrue(calledDoFilter[0]);
|
||||
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
String value = signer.verifyAndExtract(setCookie[0].getValue());
|
||||
AuthenticationToken token = AuthenticationToken.parse(value);
|
||||
assertEquals(System.currentTimeMillis() + 1000 * 1000,
|
||||
Assert.assertEquals(System.currentTimeMillis() + 1000 * 1000,
|
||||
token.getExpires(), 100);
|
||||
|
||||
if (withDomainPath) {
|
||||
assertEquals(".foo.com", setCookie[0].getDomain());
|
||||
assertEquals("/bar", setCookie[0].getPath());
|
||||
Assert.assertEquals(".foo.com", setCookie[0].getDomain());
|
||||
Assert.assertEquals("/bar", setCookie[0].getPath());
|
||||
} else {
|
||||
assertNull(setCookie[0].getDomain());
|
||||
assertNull(setCookie[0].getPath());
|
||||
Assert.assertNull(setCookie[0].getDomain());
|
||||
Assert.assertNull(setCookie[0].getPath());
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
|
@ -496,22 +504,27 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthentication() throws Exception {
|
||||
_testDoFilterAuthentication(false, false, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticationImmediateExpiration() throws Exception {
|
||||
_testDoFilterAuthentication(false, false, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticationWithInvalidToken() throws Exception {
|
||||
_testDoFilterAuthentication(false, true, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticationWithDomainPath() throws Exception {
|
||||
_testDoFilterAuthentication(true, false, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticated() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -547,8 +560,8 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
Object[] args = invocation.getArguments();
|
||||
HttpServletRequest request = (HttpServletRequest) args[0];
|
||||
assertEquals("u", request.getRemoteUser());
|
||||
assertEquals("p", request.getUserPrincipal().getName());
|
||||
Assert.assertEquals("u", request.getRemoteUser());
|
||||
Assert.assertEquals("p", request.getUserPrincipal().getName());
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -561,6 +574,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticatedExpired() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -594,7 +608,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
new Answer<Object>() {
|
||||
@Override
|
||||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
fail();
|
||||
Assert.fail();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -616,15 +630,15 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
||||
|
||||
assertNotNull(setCookie[0]);
|
||||
assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
assertEquals("", setCookie[0].getValue());
|
||||
Assert.assertNotNull(setCookie[0]);
|
||||
Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
Assert.assertEquals("", setCookie[0].getValue());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testDoFilterAuthenticatedInvalidType() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
@ -658,7 +672,7 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
new Answer<Object>() {
|
||||
@Override
|
||||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
fail();
|
||||
Assert.fail();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -680,14 +694,15 @@ public class TestAuthenticationFilter extends TestCase {
|
|||
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
||||
|
||||
assertNotNull(setCookie[0]);
|
||||
assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
assertEquals("", setCookie[0].getValue());
|
||||
Assert.assertNotNull(setCookie[0]);
|
||||
Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
|
||||
Assert.assertEquals("", setCookie[0].getValue());
|
||||
} finally {
|
||||
filter.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testManagementOperation() throws Exception {
|
||||
AuthenticationFilter filter = new AuthenticationFilter();
|
||||
try {
|
||||
|
|
|
@ -14,98 +14,104 @@
|
|||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
public class TestAuthenticationToken extends TestCase {
|
||||
public class TestAuthenticationToken {
|
||||
|
||||
@Test
|
||||
public void testAnonymous() {
|
||||
assertNotNull(AuthenticationToken.ANONYMOUS);
|
||||
assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName());
|
||||
assertEquals(null, AuthenticationToken.ANONYMOUS.getName());
|
||||
assertEquals(null, AuthenticationToken.ANONYMOUS.getType());
|
||||
assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires());
|
||||
assertFalse(AuthenticationToken.ANONYMOUS.isExpired());
|
||||
Assert.assertNotNull(AuthenticationToken.ANONYMOUS);
|
||||
Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName());
|
||||
Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getName());
|
||||
Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getType());
|
||||
Assert.assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires());
|
||||
Assert.assertFalse(AuthenticationToken.ANONYMOUS.isExpired());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testConstructor() throws Exception {
|
||||
try {
|
||||
new AuthenticationToken(null, "p", "t");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
new AuthenticationToken("", "p", "t");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
new AuthenticationToken("u", null, "t");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
new AuthenticationToken("u", "", "t");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
new AuthenticationToken("u", "p", null);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
new AuthenticationToken("u", "p", "");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
new AuthenticationToken("u", "p", "t");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetters() throws Exception {
|
||||
long expires = System.currentTimeMillis() + 50;
|
||||
AuthenticationToken token = new AuthenticationToken("u", "p", "t");
|
||||
token.setExpires(expires);
|
||||
assertEquals("u", token.getUserName());
|
||||
assertEquals("p", token.getName());
|
||||
assertEquals("t", token.getType());
|
||||
assertEquals(expires, token.getExpires());
|
||||
assertFalse(token.isExpired());
|
||||
Assert.assertEquals("u", token.getUserName());
|
||||
Assert.assertEquals("p", token.getName());
|
||||
Assert.assertEquals("t", token.getType());
|
||||
Assert.assertEquals(expires, token.getExpires());
|
||||
Assert.assertFalse(token.isExpired());
|
||||
Thread.sleep(51);
|
||||
assertTrue(token.isExpired());
|
||||
Assert.assertTrue(token.isExpired());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testToStringAndParse() throws Exception {
|
||||
long expires = System.currentTimeMillis() + 50;
|
||||
AuthenticationToken token = new AuthenticationToken("u", "p", "t");
|
||||
token.setExpires(expires);
|
||||
String str = token.toString();
|
||||
token = AuthenticationToken.parse(str);
|
||||
assertEquals("p", token.getName());
|
||||
assertEquals("t", token.getType());
|
||||
assertEquals(expires, token.getExpires());
|
||||
assertFalse(token.isExpired());
|
||||
Assert.assertEquals("p", token.getName());
|
||||
Assert.assertEquals("t", token.getType());
|
||||
Assert.assertEquals(expires, token.getExpires());
|
||||
Assert.assertFalse(token.isExpired());
|
||||
Thread.sleep(51);
|
||||
assertTrue(token.isExpired());
|
||||
Assert.assertTrue(token.isExpired());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testParseInvalid() throws Exception {
|
||||
long expires = System.currentTimeMillis() + 50;
|
||||
AuthenticationToken token = new AuthenticationToken("u", "p", "t");
|
||||
|
@ -114,11 +120,11 @@ public class TestAuthenticationToken extends TestCase {
|
|||
str = str.substring(0, str.indexOf("e="));
|
||||
try {
|
||||
AuthenticationToken.parse(str);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,25 +13,31 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||
import org.apache.hadoop.security.authentication.util.KerberosUtil;
|
||||
import org.ietf.jgss.GSSContext;
|
||||
import org.ietf.jgss.GSSManager;
|
||||
import org.ietf.jgss.GSSName;
|
||||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
import org.ietf.jgss.Oid;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.File;
|
||||
import java.util.Properties;
|
||||
import java.util.concurrent.Callable;
|
||||
|
||||
public class TestKerberosAuthenticationHandler extends TestCase {
|
||||
public class TestKerberosAuthenticationHandler
|
||||
extends KerberosSecurityTestcase {
|
||||
|
||||
protected KerberosAuthenticationHandler handler;
|
||||
|
||||
|
@ -54,9 +60,16 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
return props;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
// create keytab
|
||||
File keytabFile = new File(KerberosTestUtils.getKeytabFile());
|
||||
String clientPrincipal = KerberosTestUtils.getClientPrincipal();
|
||||
String serverPrincipal = KerberosTestUtils.getServerPrincipal();
|
||||
clientPrincipal = clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@"));
|
||||
serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@"));
|
||||
getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal);
|
||||
// handler
|
||||
handler = getNewAuthenticationHandler();
|
||||
Properties props = getDefaultProperties();
|
||||
try {
|
||||
|
@ -67,18 +80,10 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void tearDown() throws Exception {
|
||||
if (handler != null) {
|
||||
handler.destroy();
|
||||
handler = null;
|
||||
}
|
||||
super.tearDown();
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testNameRules() throws Exception {
|
||||
KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
|
||||
assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
|
||||
Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
|
||||
|
||||
//destroy handler created in setUp()
|
||||
handler.destroy();
|
||||
|
@ -93,30 +98,32 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
} catch (Exception ex) {
|
||||
}
|
||||
kn = new KerberosName("bar@BAR");
|
||||
assertEquals("bar", kn.getShortName());
|
||||
Assert.assertEquals("bar", kn.getShortName());
|
||||
kn = new KerberosName("bar@FOO");
|
||||
try {
|
||||
kn.getShortName();
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
catch (Exception ex) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testInit() throws Exception {
|
||||
assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
|
||||
assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
|
||||
Assert.assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
|
||||
Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testType() throws Exception {
|
||||
assertEquals(getExpectedType(), handler.getType());
|
||||
Assert.assertEquals(getExpectedType(), handler.getType());
|
||||
}
|
||||
|
||||
public void testRequestWithoutAuthorization() throws Exception {
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
||||
assertNull(handler.authenticate(request, response));
|
||||
Assert.assertNull(handler.authenticate(request, response));
|
||||
Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE);
|
||||
Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
|
@ -126,11 +133,12 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
||||
Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn("invalid");
|
||||
assertNull(handler.authenticate(request, response));
|
||||
Assert.assertNull(handler.authenticate(request, response));
|
||||
Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE);
|
||||
Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test(timeout=60000)
|
||||
public void testRequestWithIncompleteAuthorization() throws Exception {
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
@ -139,15 +147,14 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
.thenReturn(KerberosAuthenticator.NEGOTIATE);
|
||||
try {
|
||||
handler.authenticate(request, response);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public void testRequestWithAuthorization() throws Exception {
|
||||
String token = KerberosTestUtils.doAsClient(new Callable<String>() {
|
||||
@Override
|
||||
|
@ -191,9 +198,9 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
|
||||
Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
|
||||
|
||||
assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
|
||||
assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
|
||||
assertEquals(getExpectedType(), authToken.getType());
|
||||
Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
|
||||
Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
|
||||
Assert.assertEquals(getExpectedType(), authToken.getType());
|
||||
} else {
|
||||
Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE),
|
||||
Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
|
||||
|
@ -213,12 +220,19 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
|||
|
||||
try {
|
||||
handler.authenticate(request, response);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
if (handler != null) {
|
||||
handler.destroy();
|
||||
handler = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,33 +14,37 @@
|
|||
package org.apache.hadoop.security.authentication.server;
|
||||
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Properties;
|
||||
|
||||
public class TestPseudoAuthenticationHandler extends TestCase {
|
||||
public class TestPseudoAuthenticationHandler {
|
||||
|
||||
@Test
|
||||
public void testInit() throws Exception {
|
||||
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
|
||||
try {
|
||||
Properties props = new Properties();
|
||||
props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
|
||||
handler.init(props);
|
||||
assertEquals(false, handler.getAcceptAnonymous());
|
||||
Assert.assertEquals(false, handler.getAcceptAnonymous());
|
||||
} finally {
|
||||
handler.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testType() throws Exception {
|
||||
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
|
||||
assertEquals(PseudoAuthenticationHandler.TYPE, handler.getType());
|
||||
Assert.assertEquals(PseudoAuthenticationHandler.TYPE, handler.getType());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAnonymousOn() throws Exception {
|
||||
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
|
||||
try {
|
||||
|
@ -53,12 +57,13 @@ public class TestPseudoAuthenticationHandler extends TestCase {
|
|||
|
||||
AuthenticationToken token = handler.authenticate(request, response);
|
||||
|
||||
assertEquals(AuthenticationToken.ANONYMOUS, token);
|
||||
Assert.assertEquals(AuthenticationToken.ANONYMOUS, token);
|
||||
} finally {
|
||||
handler.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAnonymousOff() throws Exception {
|
||||
PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
|
||||
try {
|
||||
|
@ -70,11 +75,11 @@ public class TestPseudoAuthenticationHandler extends TestCase {
|
|||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
|
||||
handler.authenticate(request, response);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (AuthenticationException ex) {
|
||||
// Expected
|
||||
} catch (Exception ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
} finally {
|
||||
handler.destroy();
|
||||
}
|
||||
|
@ -93,19 +98,21 @@ public class TestPseudoAuthenticationHandler extends TestCase {
|
|||
|
||||
AuthenticationToken token = handler.authenticate(request, response);
|
||||
|
||||
assertNotNull(token);
|
||||
assertEquals("user", token.getUserName());
|
||||
assertEquals("user", token.getName());
|
||||
assertEquals(PseudoAuthenticationHandler.TYPE, token.getType());
|
||||
Assert.assertNotNull(token);
|
||||
Assert.assertEquals("user", token.getUserName());
|
||||
Assert.assertEquals("user", token.getName());
|
||||
Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType());
|
||||
} finally {
|
||||
handler.destroy();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUserNameAnonymousOff() throws Exception {
|
||||
_testUserName(false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUserNameAnonymousOn() throws Exception {
|
||||
_testUserName(true);
|
||||
}
|
||||
|
|
|
@ -21,14 +21,19 @@ package org.apache.hadoop.security.authentication.util;
|
|||
import java.io.IOException;
|
||||
|
||||
import org.apache.hadoop.security.authentication.KerberosTestUtils;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.Assert;
|
||||
|
||||
public class TestKerberosName {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
System.setProperty("java.security.krb5.realm", KerberosTestUtils.getRealm());
|
||||
System.setProperty("java.security.krb5.kdc", "localhost:88");
|
||||
|
||||
String rules =
|
||||
"RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" +
|
||||
"RULE:[2:$1](johndoe)s/^.*$/guest/\n" +
|
||||
|
@ -44,7 +49,7 @@ public class TestKerberosName {
|
|||
KerberosName nm = new KerberosName(from);
|
||||
String simple = nm.getShortName();
|
||||
System.out.println("to " + simple);
|
||||
assertEquals("short name incorrect", to, simple);
|
||||
Assert.assertEquals("short name incorrect", to, simple);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -61,7 +66,7 @@ public class TestKerberosName {
|
|||
System.out.println("Checking " + name + " to ensure it is bad.");
|
||||
try {
|
||||
new KerberosName(name);
|
||||
fail("didn't get exception for " + name);
|
||||
Assert.fail("didn't get exception for " + name);
|
||||
} catch (IllegalArgumentException iae) {
|
||||
// PASS
|
||||
}
|
||||
|
@ -72,7 +77,7 @@ public class TestKerberosName {
|
|||
KerberosName nm = new KerberosName(from);
|
||||
try {
|
||||
nm.getShortName();
|
||||
fail("didn't get exception for " + from);
|
||||
Assert.fail("didn't get exception for " + from);
|
||||
} catch (IOException ie) {
|
||||
// PASS
|
||||
}
|
||||
|
@ -85,4 +90,10 @@ public class TestKerberosName {
|
|||
checkBadTranslation("foo@ACME.COM");
|
||||
checkBadTranslation("root/joe@FOO.COM");
|
||||
}
|
||||
|
||||
@After
|
||||
public void clear() {
|
||||
System.clearProperty("java.security.krb5.realm");
|
||||
System.clearProperty("java.security.krb5.kdc");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,11 +16,10 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Assert;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.apache.hadoop.security.authentication.util.KerberosUtil;
|
||||
import org.junit.Test;
|
||||
|
||||
public class TestKerberosUtil {
|
||||
|
@ -32,23 +31,23 @@ public class TestKerberosUtil {
|
|||
String testHost = "FooBar";
|
||||
|
||||
// send null hostname
|
||||
assertEquals("When no hostname is sent",
|
||||
Assert.assertEquals("When no hostname is sent",
|
||||
service + "/" + localHostname.toLowerCase(),
|
||||
KerberosUtil.getServicePrincipal(service, null));
|
||||
// send empty hostname
|
||||
assertEquals("When empty hostname is sent",
|
||||
Assert.assertEquals("When empty hostname is sent",
|
||||
service + "/" + localHostname.toLowerCase(),
|
||||
KerberosUtil.getServicePrincipal(service, ""));
|
||||
// send 0.0.0.0 hostname
|
||||
assertEquals("When 0.0.0.0 hostname is sent",
|
||||
Assert.assertEquals("When 0.0.0.0 hostname is sent",
|
||||
service + "/" + localHostname.toLowerCase(),
|
||||
KerberosUtil.getServicePrincipal(service, "0.0.0.0"));
|
||||
// send uppercase hostname
|
||||
assertEquals("When uppercase hostname is sent",
|
||||
Assert.assertEquals("When uppercase hostname is sent",
|
||||
service + "/" + testHost.toLowerCase(),
|
||||
KerberosUtil.getServicePrincipal(service, testHost));
|
||||
// send lowercase hostname
|
||||
assertEquals("When lowercase hostname is sent",
|
||||
Assert.assertEquals("When lowercase hostname is sent",
|
||||
service + "/" + testHost.toLowerCase(),
|
||||
KerberosUtil.getServicePrincipal(service, testHost.toLowerCase()));
|
||||
}
|
||||
|
|
|
@ -13,68 +13,75 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.authentication.util;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
public class TestSigner extends TestCase {
|
||||
public class TestSigner {
|
||||
|
||||
@Test
|
||||
public void testNoSecret() throws Exception {
|
||||
try {
|
||||
new Signer(null);
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
catch (IllegalArgumentException ex) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNullAndEmptyString() throws Exception {
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
try {
|
||||
signer.sign(null);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
try {
|
||||
signer.sign("");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignature() throws Exception {
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
String s1 = signer.sign("ok");
|
||||
String s2 = signer.sign("ok");
|
||||
String s3 = signer.sign("wrong");
|
||||
assertEquals(s1, s2);
|
||||
assertNotSame(s1, s3);
|
||||
Assert.assertEquals(s1, s2);
|
||||
Assert.assertNotSame(s1, s3);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testVerify() throws Exception {
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
String t = "test";
|
||||
String s = signer.sign(t);
|
||||
String e = signer.verifyAndExtract(s);
|
||||
assertEquals(t, e);
|
||||
Assert.assertEquals(t, e);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInvalidSignedText() throws Exception {
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
try {
|
||||
signer.verifyAndExtract("test");
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (SignerException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTampering() throws Exception {
|
||||
Signer signer = new Signer("secret".getBytes());
|
||||
String t = "test";
|
||||
|
@ -82,12 +89,11 @@ public class TestSigner extends TestCase {
|
|||
s += "x";
|
||||
try {
|
||||
signer.verifyAndExtract(s);
|
||||
fail();
|
||||
Assert.fail();
|
||||
} catch (SignerException ex) {
|
||||
// Expected
|
||||
} catch (Throwable ex) {
|
||||
fail();
|
||||
Assert.fail();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
#
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
[libdefaults]
|
||||
default_realm = ${kerberos.realm}
|
||||
udp_preference_limit = 1
|
||||
extra_addresses = 127.0.0.1
|
||||
[realms]
|
||||
${kerberos.realm} = {
|
||||
admin_server = localhost:88
|
||||
kdc = localhost:88
|
||||
}
|
||||
[domain_realm]
|
||||
localhost = ${kerberos.realm}
|
|
@ -35,6 +35,9 @@ Release 2.3.0 - UNRELEASED
|
|||
HADOOP-9860. Remove class HackedKeytab and HackedKeytabEncoder from
|
||||
hadoop-minikdc once jira DIRSERVER-1882 solved. (ywskycn via tucu)
|
||||
|
||||
HADOOP-9866. convert hadoop-auth testcases requiring kerberos to
|
||||
use minikdc. (ywskycn via tucu)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn)
|
||||
|
|
Loading…
Reference in New Issue