You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/07/27 12:59:00 UTC
[6/6] ambari git commit: AMBARI-21578. testBadCredential UT fails
(rlevas)
AMBARI-21578. testBadCredential UT fails (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/41a1bc81
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/41a1bc81
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/41a1bc81
Branch: refs/heads/branch-2.6
Commit: 41a1bc81b7e05be9d3293cd7cab3076579bcad5c
Parents: fd8f801
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Jul 27 07:29:35 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Jul 27 07:29:35 2017 -0400
----------------------------------------------------------------------
ambari-server/pom.xml | 2 +-
.../pam/PamAuthenticationFactory.java | 35 +++++
.../AmbariPamAuthenticationProvider.java | 5 +-
.../AmbariPamAuthenticationProviderTest.java | 147 +++++++++++--------
4 files changed, 123 insertions(+), 66 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/41a1bc81/ambari-server/pom.xml
----------------------------------------------------------------------
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index b3e1e9f..3ff8218 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1520,7 +1520,7 @@
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
- <version>4.3.0</version>
+ <version>4.2.2</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
http://git-wip-us.apache.org/repos/asf/ambari/blob/41a1bc81/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/PamAuthenticationFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/PamAuthenticationFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/PamAuthenticationFactory.java
new file mode 100644
index 0000000..6f423c1
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/PamAuthenticationFactory.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security.authentication.pam;
+
+import javax.inject.Singleton;
+
+import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.PAMException;
+
+/**
+ * PamAuthenticationFactory returns Pam library instances.
+ */
+@Singleton
+public class PamAuthenticationFactory {
+
+ public PAM createInstance(String pamConfig) throws PAMException {
+ return new PAM(pamConfig);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/41a1bc81/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
index 1626cd8..18bb510 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
+import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
@@ -54,6 +55,8 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider {
protected UserDAO userDAO;
@Inject
protected GroupDAO groupDAO;
+ @Inject
+ private PamAuthenticationFactory pamAuthenticationFactory;
private static Logger LOG = LoggerFactory.getLogger(AmbariPamAuthenticationProvider.class);
@@ -85,7 +88,7 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider {
try{
//Set PAM configuration file (found under /etc/pam.d)
String pamConfig = configuration.getPamConfigurationFile();
- pam = new PAM(pamConfig);
+ pam = pamAuthenticationFactory.createInstance(pamConfig);
} catch(PAMException ex) {
LOG.error("Unable to Initialize PAM." + ex.getMessage());
http://git-wip-us.apache.org/repos/asf/ambari/blob/41a1bc81/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
index 59a0c7a..9cfd148 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -17,91 +17,120 @@
*/
package org.apache.ambari.server.security.authorization;
-import static org.easymock.EasyMock.createNiceMock;
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.eq;
import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
-import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
-import java.util.HashSet;
-import org.apache.ambari.server.H2DatabaseCleaner;
-import org.apache.ambari.server.audit.AuditLoggerModule;
+import javax.persistence.EntityManager;
+
import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.orm.GuiceJpaInitializer;
+import org.apache.ambari.server.hooks.HookContextFactory;
+import org.apache.ambari.server.hooks.HookService;
+import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
-import org.easymock.EasyMock;
-import org.junit.After;
+import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.crypto.password.StandardPasswordEncoder;
+import com.google.inject.AbstractModule;
import com.google.inject.Guice;
-import com.google.inject.Inject;
import com.google.inject.Injector;
import junit.framework.Assert;
-public class AmbariPamAuthenticationProviderTest {
-
- private static Injector injector;
-
- @Inject
- private AmbariPamAuthenticationProvider authenticationProvider;
- @Inject
- PasswordEncoder passwordEncoder;
- @Inject
- Configuration configuration;
+public class AmbariPamAuthenticationProviderTest extends EasyMockSupport {
private static final String TEST_USER_NAME = "userName";
private static final String TEST_USER_PASS = "userPass";
private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass";
+ private Injector injector;
+
@Before
- public void setUp() {
- injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule());
- injector.injectMembers(this);
- injector.getInstance(GuiceJpaInitializer.class);
+ public void setup() {
+ injector = Guice.createInjector(new AbstractModule() {
+
+ @Override
+ protected void configure() {
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(HookContextFactory.class).toInstance(createNiceMock(HookContextFactory.class));
+ bind(HookService.class).toInstance(createNiceMock(HookService.class));
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class));
+ bind(PamAuthenticationFactory.class).toInstance(createMock(PamAuthenticationFactory.class));
+ bind(PasswordEncoder.class).toInstance(new StandardPasswordEncoder());
+ }
+ });
+
+ Configuration configuration = injector.getInstance(Configuration.class);
configuration.setClientSecurityType(ClientSecurityType.PAM);
configuration.setProperty(Configuration.PAM_CONFIGURATION_FILE, "ambari-pam");
}
- @After
- public void tearDown() throws Exception {
- H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector);
- }
-
@Test(expected = AuthenticationException.class)
public void testBadCredential() throws Exception {
- UserEntity userEntity = combineUserEntity();
- User user = new User(userEntity);
- Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
- Authentication authentication = new AmbariUserAuthentication("wrong", user, userAuthorities);
+
+ PAM pam = createMock(PAM.class);
+ expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_INCORRECT_PASS)))
+ .andThrow(new PAMException())
+ .once();
+ pam.dispose();
+ expectLastCall().once();
+
+ PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class);
+ expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once();
+
+ replayAll();
+
+ Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_INCORRECT_PASS);
+
+ AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class);
authenticationProvider.authenticate(authentication);
+
+ verifyAll();
}
@Test
public void testAuthenticate() throws Exception {
- PAM pam = createNiceMock(PAM.class);
+
UnixUser unixUser = createNiceMock(UnixUser.class);
- UserEntity userEntity = combineUserEntity();
- User user = new User(userEntity);
- UserDAO userDAO = createNiceMock(UserDAO.class);
- Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
- expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce();
- expect(unixUser.getGroups()).andReturn(new HashSet<String>(Arrays.asList("group"))).atLeastOnce();
- EasyMock.replay(unixUser);
- EasyMock.replay(pam);
- Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
- Authentication result = authenticationProvider.authenticateViaPam(pam,authentication);
- expect(userDAO.findUserByName("userName")).andReturn(null).once();
+ expect(unixUser.getGroups()).andReturn(Collections.singleton("group")).atLeastOnce();
+
+ PAM pam = createMock(PAM.class);
+ expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_PASS)))
+ .andReturn(unixUser)
+ .once();
+ pam.dispose();
+ expectLastCall().once();
+
+ PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class);
+ expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once();
+
+ replayAll();
+
+ Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS);
+
+ AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class);
+
+ Authentication result = authenticationProvider.authenticate(authentication);
+
+ verifyAll();
+
Assert.assertNotNull(result);
Assert.assertEquals(true, result.isAuthenticated());
Assert.assertTrue(result instanceof AmbariUserAuthentication);
@@ -109,24 +138,14 @@ public class AmbariPamAuthenticationProviderTest {
@Test
public void testDisabled() throws Exception {
- UserEntity userEntity = combineUserEntity();
- User user = new User(userEntity);
- Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
+
+ Configuration configuration = injector.getInstance(Configuration.class);
configuration.setClientSecurityType(ClientSecurityType.LOCAL);
- Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
+
+ Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS);
+
+ AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class);
Authentication auth = authenticationProvider.authenticate(authentication);
Assert.assertTrue(auth == null);
}
-
- private UserEntity combineUserEntity() {
- PrincipalEntity principalEntity = new PrincipalEntity();
- UserEntity userEntity = new UserEntity();
- userEntity.setUserId(1);
- userEntity.setUserName(UserName.fromString(TEST_USER_NAME));
- userEntity.setUserPassword(passwordEncoder.encode(TEST_USER_PASS));
- userEntity.setUserType(UserType.PAM);
- userEntity.setPrincipal(principalEntity);
- return userEntity;
- }
-
}