/** * Returns an authenticated {@link HttpURLConnection}, it uses a Delegation * Token only if the given auth token is an instance of {@link Token} and * it contains a Delegation Token, otherwise use the configured * {@link DelegationTokenAuthenticator} to authenticate the connection. * * @param url the URL to connect to. Only HTTP/S URLs are supported. * @param token the authentication token being used for the user. * @return an authenticated {@link HttpURLConnection}. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ @Override public HttpURLConnection openConnection(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException { return (token instanceof Token) ? openConnection(url, (Token) token) : super.openConnection(url ,token); }
/** Gets the Hadoop kerberos secure connection (not an SSL connection). */ private HttpURLConnection getSecureConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); try { return new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } }
public static HttpURLConnection loginAuthenticatedURL(final URL url, final String keytabPrincipal, final String keytabPath) throws Exception { final List<URL> resources = new ArrayList<>(); resources.add(url); final URLClassLoader ucl = new URLClassLoader(resources.toArray(new URL[resources.size()])); final Configuration conf = new Configuration(); conf.setClassLoader(ucl); UserGroupInformation.setConfiguration(conf); logger.info( "Logging in URL: " + url.toString() + " using Principal: " + keytabPrincipal + ", Keytab: " + keytabPath); UserGroupInformation.loginUserFromKeytab(keytabPrincipal, keytabPath); final HttpURLConnection connection = UserGroupInformation.getLoginUser().doAs( (PrivilegedExceptionAction<HttpURLConnection>) () -> { final Token token = new Token(); return new AuthenticatedURL().openConnection(url, token); }); return connection; } }
HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod(operation.getHttpMethod()); HttpExceptionUtils.validateResponse(conn, HttpURLConnection.HTTP_OK);
connection = aUrl.openConnection(url, token); HttpsURLConnection httpsConn = (HttpsURLConnection) connection; httpsConn.setSSLSocketFactory(sslSocketF); } else { aUrl = new AuthenticatedURL(new KerberosAuthenticator()); connection = aUrl.openConnection(url, token);
HttpURLConnection conn = super.openConnection(url, token); if (!token.isSet() && !useQueryStringForDelegationToken() && dToken != null) {
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn; try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException | InstantiationException | IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
private static HttpURLConnection getConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn; try { conn = new AuthenticatedURL(AuthenticatorClass.newInstance()).openConnection(url, token); } catch (AuthenticationException | InstantiationException | IllegalAccessException ex) { throw new IOException("Could not authenticate, " + ex.getMessage(), ex); } if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new IOException("Unexpected response code [" + conn.getResponseCode() + "], message [" + conn.getResponseMessage() + "]"); } return conn; }
@Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); HttpURLConnection conn = null; try { conn = new AuthenticatedURL().openConnection(url, token); } catch (AuthenticationException e) { throw new IOException(e); } return conn; } }));
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Test public void testConnectionConfigurator() throws Exception { HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); Mockito.when(conn.getResponseCode()). thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); ConnectionConfigurator connConf = Mockito.mock(ConnectionConfigurator.class); Mockito.when(connConf.configure(Mockito.<HttpURLConnection>any())). thenReturn(conn); Authenticator authenticator = Mockito.mock(Authenticator.class); AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf); aURL.openConnection(new URL("http://foo"), new AuthenticatedURL.Token()); Mockito.verify(connConf).configure(Mockito.<HttpURLConnection>any()); }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); return null; }} ); }
@Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = e.getMessage().contains("No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/metrics"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); //make sure we are able to access the metrics page Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); SentryWebMetricParser mp = new SentryWebMetricParser(response); Assert.assertEquals(Boolean.FALSE,mp.isHA()); Assert.assertEquals(Boolean.TRUE,mp.isActive()); return null; }} ); }
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!e.getMessage().contains(expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } });
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!exceptionContainsMessage(e, expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } });
@Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Login with user1 should fail"); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!exceptionContainsMessage(e, expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } });
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = exceptionContainsMessage(e,"No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }