You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ve...@apache.org on 2015/05/13 23:28:26 UTC
[45/50] [abbrv] incubator-atlas git commit: securing the metadata
client
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
deleted file mode 100644
index 7e8472b..0000000
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.metadata.web;
-
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.hadoop.minikdc.MiniKdc;
-import org.apache.zookeeper.Environment;
-import org.mortbay.jetty.Server;
-import org.mortbay.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.Writer;
-import java.nio.file.Files;
-import java.util.Locale;
-import java.util.Properties;
-
-/**
- *
- */
-public class BaseSecurityTest {
- private static final String JAAS_ENTRY =
- "%s { \n"
- + " %s required\n"
- // kerberos module
- + " keyTab=\"%s\"\n"
- + " debug=true\n"
- + " principal=\"%s\"\n"
- + " useKeyTab=true\n"
- + " useTicketCache=false\n"
- + " doNotPrompt=true\n"
- + " storeKey=true;\n"
- + "}; \n";
- protected MiniKdc kdc;
-
- protected String getWarPath() {
- return String.format("/target/metadata-webapp-%s.war",
- System.getProperty("release.version", "0.1-incubating-SNAPSHOT"));
- }
-
- protected void generateTestProperties(Properties props) throws ConfigurationException, IOException {
- PropertiesConfiguration config = new PropertiesConfiguration(System.getProperty("user.dir") +
- "/../src/conf/application.properties");
- for (String propName : props.stringPropertyNames()) {
- config.setProperty(propName, props.getProperty(propName));
- }
- File file = new File(System.getProperty("user.dir"), "application.properties");
- file.deleteOnExit();
- Writer fileWriter = new FileWriter(file);
- config.save(fileWriter);
- }
-
- protected void startEmbeddedServer(Server server) throws Exception {
- WebAppContext webapp = new WebAppContext();
- webapp.setContextPath("/");
- webapp.setWar(System.getProperty("user.dir") + getWarPath());
- server.setHandler(webapp);
-
- server.start();
- }
-
- protected File startKDC() throws Exception {
- File target = Files.createTempDirectory("sectest").toFile();
- File kdcWorkDir = new File(target, "kdc");
- Properties kdcConf = MiniKdc.createConf();
- kdcConf.setProperty(MiniKdc.DEBUG, "true");
- kdc = new MiniKdc(kdcConf, kdcWorkDir);
- kdc.start();
-
- Assert.assertNotNull(kdc.getRealm());
- return kdcWorkDir;
- }
-
- public String createJAASEntry(
- String context,
- String principal,
- File keytab) {
- String keytabpath = keytab.getAbsolutePath();
- // fix up for windows; no-op on unix
- keytabpath = keytabpath.replace('\\', '/');
- return String.format(
- Locale.ENGLISH,
- JAAS_ENTRY,
- context,
- getKerberosAuthModuleForJVM(),
- keytabpath,
- principal);
- }
-
- protected String getKerberosAuthModuleForJVM() {
- if (System.getProperty("java.vendor").contains("IBM")) {
- return "com.ibm.security.auth.module.Krb5LoginModule";
- } else {
- return "com.sun.security.auth.module.Krb5LoginModule";
- }
- }
-
- protected void bindJVMtoJAASFile(File jaasFile) {
- String path = jaasFile.getAbsolutePath();
- System.setProperty(Environment.JAAS_CONF_KEY, path);
- }
-
- protected File createKeytab(MiniKdc kdc, File kdcWorkDir, String principal, String filename) throws Exception {
- File keytab = new File(kdcWorkDir, filename);
- kdc.createPrincipal(keytab,
- principal,
- principal + "/localhost",
- principal + "/127.0.0.1");
- return keytab;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
index 4296243..857a42a 100644
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
+++ b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
@@ -19,7 +19,7 @@ package org.apache.hadoop.metadata.web.filters;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdfs.web.URLConnectionFactory;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
import org.apache.hadoop.metadata.web.service.EmbeddedServer;
import org.mortbay.jetty.Server;
import org.testng.Assert;
@@ -59,6 +59,9 @@ public class MetadataAuthenticationKerberosFilterIT extends BaseSecurityTest {
@Test
public void testKerberosBasedLogin() throws Exception {
+ String originalConf = System.getProperty("metadata.conf");
+ System.setProperty("metadata.conf", System.getProperty("user.dir"));
+
setupKDCAndPrincipals();
TestEmbeddedServer server = null;
@@ -102,6 +105,12 @@ public class MetadataAuthenticationKerberosFilterIT extends BaseSecurityTest {
server.getServer().stop();
kdc.stop();
+ if (originalConf != null) {
+ System.setProperty("metadata.conf", originalConf);
+ } else {
+ System.clearProperty("metadata.conf");
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
index 96523f5..f41ad0a 100644
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
+++ b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
@@ -17,7 +17,7 @@
package org.apache.hadoop.metadata.web.filters;
import org.apache.commons.configuration.ConfigurationException;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
import org.apache.hadoop.metadata.web.service.EmbeddedServer;
import org.mortbay.jetty.Server;
import org.testng.Assert;
@@ -45,6 +45,8 @@ public class MetadataAuthenticationSimpleFilterIT extends BaseSecurityTest {
@Test
public void testSimpleLogin() throws Exception {
+ String originalConf = System.getProperty("metadata.conf");
+ System.setProperty("metadata.conf", System.getProperty("user.dir"));
generateSimpleLoginConfiguration();
TestEmbeddedServer server = new TestEmbeddedServer(23001, "webapp/target/metadata-governance");
@@ -71,6 +73,11 @@ public class MetadataAuthenticationSimpleFilterIT extends BaseSecurityTest {
Assert.assertEquals(connection.getResponseCode(), 200);
} finally {
server.getServer().stop();
+ if (originalConf != null) {
+ System.setProperty("metadata.conf", originalConf);
+ } else {
+ System.clearProperty("metadata.conf");
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
index 4fb516f..be7171b 100644
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
+++ b/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
@@ -18,12 +18,10 @@ package org.apache.hadoop.metadata.web.listeners;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.util.Shell;
import org.testng.Assert;
import org.testng.annotations.Test;
@@ -99,15 +97,6 @@ public class LoginProcessorIT extends BaseSecurityTest {
Assert.assertNotNull(kdc.getRealm());
File keytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
- String dgiServerPrincipal = Shell.WINDOWS ? "dgi/127.0.0.1" : "dgi/localhost";
-
- StringBuilder jaas = new StringBuilder(1024);
- jaas.append(createJAASEntry("Client", "dgi", keytabFile));
- jaas.append(createJAASEntry("Server", dgiServerPrincipal, keytabFile));
-
- File jaasFile = new File(kdcWorkDir, "jaas.txt");
- FileUtils.write(jaasFile, jaas.toString());
- bindJVMtoJAASFile(jaasFile);
return keytabFile;
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
index 63b48e9..3c5b229 100644
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
+++ b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
@@ -24,12 +24,14 @@ import org.testng.annotations.Test;
import java.net.HttpURLConnection;
import java.net.URL;
+import static org.apache.hadoop.metadata.security.SecurityProperties.*;
+
public class SecureEmbeddedServerIT extends SecureEmbeddedServerITBase{
@Test
public void testServerConfiguredUsingCredentialProvider() throws Exception {
// setup the configuration
final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
+ configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
// setup the credential provider
setupCredentials();
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
index 785939a..64358b8 100755
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
+++ b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
@@ -45,6 +45,8 @@ import java.net.URL;
import java.nio.file.Files;
import java.util.List;
+import static org.apache.hadoop.metadata.security.SecurityProperties.*;
+
/**
*
*/
@@ -69,7 +71,7 @@ public class SecureEmbeddedServerITBase {
return false;
}
});
- System.setProperty("javax.net.ssl.trustStore", SecureEmbeddedServer.DEFAULT_KEYSTORE_FILE_LOCATION);
+ System.setProperty("javax.net.ssl.trustStore", DEFAULT_KEYSTORE_FILE_LOCATION);
System.setProperty("javax.net.ssl.trustStorePassword", "keypass");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
}
@@ -122,7 +124,7 @@ public class SecureEmbeddedServerITBase {
public void testMissingEntriesInCredentialProvider() throws Exception {
// setup the configuration
final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
+ configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
try {
secureEmbeddedServer = new SecureEmbeddedServer(21443, "webapp/target/metadata-governance") {
@@ -147,7 +149,7 @@ public class SecureEmbeddedServerITBase {
@Test
public void runOtherSuitesAgainstSecureServer() throws Exception {
final PropertiesConfiguration configuration = new PropertiesConfiguration();
- configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
+ configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
// setup the credential provider
setupCredentials();
@@ -198,15 +200,15 @@ public class SecureEmbeddedServerITBase {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(
- SecureEmbeddedServer.KEYSTORE_PASSWORD_KEY, storepass);
+ KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(
- SecureEmbeddedServer.TRUSTSTORE_PASSWORD_KEY, trustpass);
+ TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(
- SecureEmbeddedServer.SERVER_CERT_PASSWORD_KEY, certpass);
+ SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();