/** Gets the Hadoop kerberos secure connection (not an SSL connection). */ private HttpURLConnection getSecureConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); try { return new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } }
public static HttpURLConnection loginAuthenticatedURL(final URL url, final String keytabPrincipal, final String keytabPath) throws Exception { final List<URL> resources = new ArrayList<>(); resources.add(url); final URLClassLoader ucl = new URLClassLoader(resources.toArray(new URL[resources.size()])); final Configuration conf = new Configuration(); conf.setClassLoader(ucl); UserGroupInformation.setConfiguration(conf); logger.info( "Logging in URL: " + url.toString() + " using Principal: " + keytabPrincipal + ", Keytab: " + keytabPath); UserGroupInformation.loginUserFromKeytab(keytabPrincipal, keytabPath); final HttpURLConnection connection = UserGroupInformation.getLoginUser().doAs( (PrivilegedExceptionAction<HttpURLConnection>) () -> { final Token token = new Token(); return new AuthenticatedURL().openConnection(url, token); }); return connection; } }
AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator); org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> dt = null;
SSLSocketFactory sslSocketF = clientSslFactory.createSSLSocketFactory(); aUrl = new AuthenticatedURL( new KerberosAuthenticator(), clientSslFactory); connection = aUrl.openConnection(url, token); httpsConn.setSSLSocketFactory(sslSocketF); } else { aUrl = new AuthenticatedURL(new KerberosAuthenticator()); connection = aUrl.openConnection(url, token);
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn; try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException | InstantiationException | IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn; try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException | InstantiationException | IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
@Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn = null; try { conn = new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } return conn; } }));
URL url = new URL("http://youhost:8080/your-kerberised-resource"); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token); String authorizationTokenString = conn.getRequestProperty("Authorization"); String delegationToken = conn.getRequestProperty("X-Hadoop-Delegation-Token"); ... // do what you have to to get your basic client connection ... myBasicClientConnection.setRequestProperty("Authorization", authorizationTokenString); myBasicClientConnection.setRequestProperty("Cookie", "hadoop.auth=" + token.toString()); myBasicClientConnection.setRequestProperty("X-Hadoop-Delegation-Token", delegationToken);
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testGetAuthenticator() throws Exception { Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator); Assert.assertEquals(authenticator, aURL.getAuthenticator()); }
@Test public void testGetAuthenticator() throws Exception { Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator); Assert.assertEquals(authenticator, aURL.getAuthenticator()); }
@Test public void testGetAuthenticator() throws Exception { Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator); Assert.assertEquals(authenticator, aURL.getAuthenticator()); }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); return null; }} ); }
@Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = e.getMessage().contains("No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
@Test public void testPing() throws Exception { runTestAsSubject(new TestOperation(){ @Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/metrics"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); //make sure we are able to access the metrics page Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); SentryWebMetricParser mp = new SentryWebMetricParser(response); Assert.assertEquals(Boolean.FALSE,mp.isHA()); Assert.assertEquals(Boolean.TRUE,mp.isActive()); return null; }} ); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = exceptionContainsMessage(e,"No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }