Merge -r 1349612:1349613 from trunk to branch. FIXES: HADOOP-8465

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1349615 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2012-06-13 02:26:20 +00:00
parent 5b4080c094
commit 5c15ffdc3e
4 changed files with 52 additions and 32 deletions

View File

@ -347,7 +347,8 @@ public class AuthenticationFilter implements Filter {
LOG.debug("Request [{}] triggering authentication", getRequestURL(httpRequest));
}
token = authHandler.authenticate(httpRequest, httpResponse);
if (token != null && token != AuthenticationToken.ANONYMOUS) {
if (token != null && token.getExpires() != 0 &&
token != AuthenticationToken.ANONYMOUS) {
token.setExpires(System.currentTimeMillis() + getValidity() * 1000);
}
newToken = true;
@ -375,7 +376,7 @@ public class AuthenticationFilter implements Filter {
return (authToken != AuthenticationToken.ANONYMOUS) ? authToken : null;
}
};
if (newToken && token != AuthenticationToken.ANONYMOUS) {
if (newToken && !token.isExpired() && token != AuthenticationToken.ANONYMOUS) {
String signedToken = signer.sign(token.toString());
Cookie cookie = createCookie(signedToken);
httpResponse.addCookie(cookie);

View File

@ -115,10 +115,10 @@ public class AuthenticationToken implements Principal {
*/
private void generateToken() {
StringBuffer sb = new StringBuffer();
sb.append(USER_NAME).append("=").append(userName).append(ATTR_SEPARATOR);
sb.append(PRINCIPAL).append("=").append(principal).append(ATTR_SEPARATOR);
sb.append(TYPE).append("=").append(type).append(ATTR_SEPARATOR);
sb.append(EXPIRES).append("=").append(expires);
sb.append(USER_NAME).append("=").append(getUserName()).append(ATTR_SEPARATOR);
sb.append(PRINCIPAL).append("=").append(getName()).append(ATTR_SEPARATOR);
sb.append(TYPE).append("=").append(getType()).append(ATTR_SEPARATOR);
sb.append(EXPIRES).append("=").append(getExpires());
token = sb.toString();
}
@ -165,7 +165,7 @@ public class AuthenticationToken implements Principal {
* @return if the token has expired.
*/
public boolean isExpired() {
return expires != -1 && System.currentTimeMillis() > expires;
return getExpires() != -1 && System.currentTimeMillis() > getExpires();
}
/**

View File

@ -73,6 +73,7 @@ public class TestAuthenticationFilter extends TestCase {
public static boolean init;
public static boolean managementOperationReturn;
public static boolean destroy;
public static boolean expired;
public static final String TYPE = "dummy";
@ -86,6 +87,7 @@ public class TestAuthenticationFilter extends TestCase {
init = true;
managementOperationReturn =
config.getProperty("management.operation.return", "true").equals("true");
expired = config.getProperty("expired.token", "false").equals("true");
}
@Override
@ -116,7 +118,7 @@ public class TestAuthenticationFilter extends TestCase {
String param = request.getParameter("authenticated");
if (param != null && param.equals("true")) {
token = new AuthenticationToken("u", "p", "t");
token.setExpires(System.currentTimeMillis() + 1000);
token.setExpires((expired) ? 0 : System.currentTimeMillis() + 1000);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
@ -386,12 +388,16 @@ public class TestAuthenticationFilter extends TestCase {
}
}
private void _testDoFilterAuthentication(boolean withDomainPath, boolean invalidToken) throws Exception {
private void _testDoFilterAuthentication(boolean withDomainPath,
boolean invalidToken,
boolean expired) throws Exception {
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
Mockito.when(config.getInitParameter("management.operation.return")).
thenReturn("true");
Mockito.when(config.getInitParameter("expired.token")).
thenReturn(Boolean.toString(expired));
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
DummyAuthenticationHandler.class.getName());
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn("1000");
@ -400,7 +406,8 @@ public class TestAuthenticationFilter extends TestCase {
new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
AuthenticationFilter.AUTH_TOKEN_VALIDITY,
AuthenticationFilter.SIGNATURE_SECRET,
"management.operation.return")).elements());
"management.operation.return",
"expired.token")).elements());
if (withDomainPath) {
Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
@ -457,6 +464,10 @@ public class TestAuthenticationFilter extends TestCase {
filter.doFilter(request, response, chain);
if (expired) {
Mockito.verify(response, Mockito.never()).
addCookie(Mockito.any(Cookie.class));
} else {
assertNotNull(setCookie[0]);
assertEquals(AuthenticatedURL.AUTH_COOKIE, setCookie[0].getName());
assertTrue(setCookie[0].getValue().contains("u="));
@ -469,7 +480,8 @@ public class TestAuthenticationFilter extends TestCase {
Signer signer = new Signer("secret".getBytes());
String value = signer.verifyAndExtract(setCookie[0].getValue());
AuthenticationToken token = AuthenticationToken.parse(value);
assertEquals(System.currentTimeMillis() + 1000 * 1000, token.getExpires(), 100);
assertEquals(System.currentTimeMillis() + 1000 * 1000,
token.getExpires(), 100);
if (withDomainPath) {
assertEquals(".foo.com", setCookie[0].getDomain());
@ -478,21 +490,26 @@ public class TestAuthenticationFilter extends TestCase {
assertNull(setCookie[0].getDomain());
assertNull(setCookie[0].getPath());
}
}
} finally {
filter.destroy();
}
}
public void testDoFilterAuthentication() throws Exception {
_testDoFilterAuthentication(false, false);
_testDoFilterAuthentication(false, false, false);
}
public void testDoFilterAuthenticationImmediateExpiration() throws Exception {
_testDoFilterAuthentication(false, false, true);
}
public void testDoFilterAuthenticationWithInvalidToken() throws Exception {
_testDoFilterAuthentication(false, true);
_testDoFilterAuthentication(false, true, false);
}
public void testDoFilterAuthenticationWithDomainPath() throws Exception {
_testDoFilterAuthentication(true, false);
_testDoFilterAuthentication(true, false, false);
}
public void testDoFilterAuthenticated() throws Exception {

View File

@ -18,6 +18,8 @@ Release 2.0.1-alpha - UNRELEASED
HADOOP-8458. Add management hook to AuthenticationHandler to enable
delegation token operations support (tucu)
HADOOP-8465. hadoop-auth should support ephemeral authentication (tucu)
IMPROVEMENTS
HADOOP-8340. SNAPSHOT build versions should compare as less than their eventual