You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@falcon.apache.org by ve...@apache.org on 2014/08/08 19:43:43 UTC
[4/9] FALCON-464 Enforce Authorization for REST API. Contributed by
Venkatesh Seetharam
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
new file mode 100644
index 0000000..289e232
--- /dev/null
+++ b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
@@ -0,0 +1,168 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.security;
+
+import org.apache.falcon.cluster.util.EntityBuilderTestUtil;
+import org.apache.falcon.entity.store.ConfigurationStore;
+import org.apache.falcon.entity.v0.EntityType;
+import org.apache.falcon.entity.v0.cluster.Cluster;
+import org.apache.falcon.util.StartupProperties;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.MockitoAnnotations;
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test for FalconAuthorizationFilter using mock objects.
+ */
+public class FalconAuthorizationFilterTest {
+
+ public static final String CLUSTER_ENTITY_NAME = "primary-cluster";
+ public static final String PROCESS_ENTITY_NAME = "sample-process";
+
+ @Mock
+ private HttpServletRequest mockRequest;
+
+ @Mock
+ private HttpServletResponse mockResponse;
+
+ @Mock
+ private FilterChain mockChain;
+
+ @Mock
+ private FilterConfig mockConfig;
+
+ @Mock
+ private UserGroupInformation mockUgi;
+
+ private ConfigurationStore configStore;
+ private Cluster clusterEntity;
+ private org.apache.falcon.entity.v0.process.Process processEntity;
+
+ @BeforeClass
+ public void setUp() throws Exception {
+ MockitoAnnotations.initMocks(this);
+
+ CurrentUser.authenticate(EntityBuilderTestUtil.USER);
+ Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER);
+
+ configStore = ConfigurationStore.get();
+
+ addClusterEntity();
+ addProcessEntity();
+ Assert.assertNotNull(processEntity);
+ }
+
+ @DataProvider(name = "resourceWithNoEntity")
+ private Object[][] createOptions() {
+ return new Object[][] {
+ {"/admin/version"},
+ {"/entities/list/feed"},
+ {"/entities/list/process"},
+ {"/entities/list/cluster"},
+ {"/graphs/lineage/vertices/all"},
+ {"/graphs/lineage/vertices/_1"},
+ {"/graphs/lineage/vertices/properties/_1"},
+ };
+ }
+
+ @Test (dataProvider = "resourceWithNoEntity")
+ public void testDoFilter(String resource) throws Exception {
+ Filter filter = new FalconAuthorizationFilter();
+ synchronized (StartupProperties.get()) {
+ filter.init(mockConfig);
+ }
+
+ try {
+ boolean[] enabledFlags = {false, true};
+ for (boolean enabled : enabledFlags) {
+ StartupProperties.get().setProperty(
+ "falcon.security.authorization.enabled", String.valueOf(enabled));
+
+ StringBuffer requestUrl = new StringBuffer("http://localhost" + resource);
+ Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
+ Mockito.when(mockRequest.getRequestURI()).thenReturn("/api" + resource);
+ Mockito.when(mockRequest.getPathInfo()).thenReturn(resource);
+
+ filter.doFilter(mockRequest, mockResponse, mockChain);
+ }
+ } finally {
+ filter.destroy();
+ }
+ }
+
+ @DataProvider(name = "resourceWithEntity")
+ private Object[][] createOptionsForResourceWithEntity() {
+ return new Object[][] {
+ {"/entities/status/process/"},
+ {"/entities/suspend/process/"},
+ {"/instance/running/process/"},
+ };
+ }
+
+ @Test (dataProvider = "resourceWithEntity")
+ public void testDoFilterForEntity(String resource) throws Exception {
+ Filter filter = new FalconAuthorizationFilter();
+ synchronized (StartupProperties.get()) {
+ filter.init(mockConfig);
+ }
+
+ try {
+ boolean[] enabledFlags = {false, true};
+ for (boolean enabled : enabledFlags) {
+ StartupProperties.get().setProperty(
+ "falcon.security.authorization.enabled", String.valueOf(enabled));
+
+ String uri = resource + processEntity.getName();
+ StringBuffer requestUrl = new StringBuffer("http://localhost" + uri);
+ Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
+ Mockito.when(mockRequest.getRequestURI()).thenReturn("/api" + uri);
+ Mockito.when(mockRequest.getPathInfo()).thenReturn(uri);
+
+ filter.doFilter(mockRequest, mockResponse, mockChain);
+ }
+ } finally {
+ filter.destroy();
+ }
+ }
+
+ public void addClusterEntity() throws Exception {
+ clusterEntity = EntityBuilderTestUtil.buildCluster(CLUSTER_ENTITY_NAME);
+ configStore.publish(EntityType.CLUSTER, clusterEntity);
+ }
+
+ public void addProcessEntity() throws Exception {
+ processEntity = EntityBuilderTestUtil.buildProcess(PROCESS_ENTITY_NAME,
+ clusterEntity, "classified-as=Critical");
+ EntityBuilderTestUtil.addProcessWorkflow(processEntity);
+ EntityBuilderTestUtil.addProcessACL(processEntity);
+
+ configStore.publish(EntityType.PROCESS, processEntity);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/src/conf/startup.properties
----------------------------------------------------------------------
diff --git a/src/conf/startup.properties b/src/conf/startup.properties
index 038026d..526656f 100644
--- a/src/conf/startup.properties
+++ b/src/conf/startup.properties
@@ -144,8 +144,16 @@ prism.configstore.listeners=org.apache.falcon.entity.v0.EntityGraph,\
######### Authorization Properties #########
+# Authorization Enabled flag: false (default)|true
*.falcon.security.authorization.enabled=false
-#*.falcon.security.authorization.admin.users=seetharam
-#*.falcon.security.authorization.admin.groups=seetharam
+
+# Admin Users, comma separated users
+*.falcon.security.authorization.admin.users=falcon,ambari-qa,seetharam
+
+# Admin Group Membership, comma separated users
+*.falcon.security.authorization.admin.groups=falcon,testgroup,staff
+
+# Authorization Provider Implementation Fully Qualified Class Name
+*.falcon.security.authorization.provider=org.apache.falcon.security.DefaultAuthorizationProvider
######### Authorization Properties #########
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
----------------------------------------------------------------------
diff --git a/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java b/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
new file mode 100644
index 0000000..edcc728
--- /dev/null
+++ b/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.cluster.util;
+
+import org.apache.falcon.entity.v0.Frequency;
+import org.apache.falcon.entity.v0.cluster.Cluster;
+import org.apache.falcon.entity.v0.cluster.Interface;
+import org.apache.falcon.entity.v0.cluster.Interfaces;
+import org.apache.falcon.entity.v0.cluster.Interfacetype;
+import org.apache.falcon.entity.v0.feed.Feed;
+import org.apache.falcon.entity.v0.process.Clusters;
+import org.apache.falcon.entity.v0.process.EngineType;
+import org.apache.falcon.entity.v0.process.Input;
+import org.apache.falcon.entity.v0.process.Inputs;
+import org.apache.falcon.entity.v0.process.Output;
+import org.apache.falcon.entity.v0.process.Outputs;
+import org.apache.falcon.entity.v0.process.Process;
+import org.apache.falcon.entity.v0.process.Workflow;
+
+/**
+ * Utility class to build entity objects.
+ */
+public final class EntityBuilderTestUtil {
+
+ public static final String USER = System.getProperty("user.name");
+ public static final String COLO_NAME = "west-coast";
+ public static final String WORKFLOW_NAME = "imp-click-join-workflow";
+ public static final String WORKFLOW_VERSION = "1.0.9";
+
+ private EntityBuilderTestUtil() {
+ }
+
+ public static Cluster buildCluster(String name) {
+ return buildCluster(name, COLO_NAME, "classification=production");
+ }
+
+ public static Cluster buildCluster(String name, String colo, String tags) {
+ Cluster cluster = new Cluster();
+ cluster.setName(name);
+ cluster.setColo(colo);
+ cluster.setTags(tags);
+
+ Interfaces interfaces = new Interfaces();
+ cluster.setInterfaces(interfaces);
+
+ Interface storage = new Interface();
+ storage.setEndpoint("jail://global:00");
+ storage.setType(Interfacetype.WRITE);
+ cluster.getInterfaces().getInterfaces().add(storage);
+
+ org.apache.falcon.entity.v0.cluster.ACL clusterACL = new org.apache.falcon.entity.v0
+ .cluster.ACL();
+ clusterACL.setOwner(USER);
+ clusterACL.setGroup(USER);
+ clusterACL.setPermission("*");
+ cluster.setACL(clusterACL);
+
+ return cluster;
+ }
+
+ public static Feed buildFeed(String feedName, Cluster cluster, String tags, String groups) {
+ Feed feed = new Feed();
+ feed.setName(feedName);
+ feed.setTags(tags);
+ feed.setGroups(groups);
+ feed.setFrequency(Frequency.fromString("hours(1)"));
+
+ org.apache.falcon.entity.v0.feed.Clusters
+ clusters = new org.apache.falcon.entity.v0.feed.Clusters();
+ feed.setClusters(clusters);
+ org.apache.falcon.entity.v0.feed.Cluster feedCluster =
+ new org.apache.falcon.entity.v0.feed.Cluster();
+ feedCluster.setName(cluster.getName());
+ clusters.getClusters().add(feedCluster);
+
+ org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
+ feedACL.setOwner(USER);
+ feedACL.setGroup(USER);
+ feedACL.setPermission("*");
+ feed.setACL(feedACL);
+
+ return feed;
+ }
+
+ public static org.apache.falcon.entity.v0.process.Process buildProcess(String processName,
+ Cluster cluster,
+ String tags) throws Exception {
+ org.apache.falcon.entity.v0.process.Process processEntity = new Process();
+ processEntity.setName(processName);
+ processEntity.setTags(tags);
+
+ org.apache.falcon.entity.v0.process.Cluster processCluster =
+ new org.apache.falcon.entity.v0.process.Cluster();
+ processCluster.setName(cluster.getName());
+ processEntity.setClusters(new Clusters());
+ processEntity.getClusters().getClusters().add(processCluster);
+
+ addProcessACL(processEntity);
+
+ return processEntity;
+ }
+
+ public static void addProcessWorkflow(Process process) {
+ addProcessWorkflow(process, WORKFLOW_NAME, WORKFLOW_VERSION);
+ }
+
+ public static void addProcessWorkflow(Process process, String workflowName, String version) {
+ Workflow workflow = new Workflow();
+ workflow.setName(workflowName);
+ workflow.setVersion(version);
+ workflow.setEngine(EngineType.PIG);
+ workflow.setPath("/falcon/test/workflow");
+
+ process.setWorkflow(workflow);
+ }
+
+ public static void addProcessACL(Process processEntity) throws Exception {
+ addProcessACL(processEntity, USER, USER);
+ }
+
+ public static void addProcessACL(Process processEntity, String user,
+ String group) throws Exception {
+ org.apache.falcon.entity.v0.process.ACL processACL = new org.apache.falcon.entity.v0.process.ACL();
+ processACL.setOwner(user);
+ processACL.setGroup(group);
+ processACL.setPermission("*");
+ processEntity.setACL(processACL);
+ }
+
+ public static void addInput(Process process, Feed feed) {
+ if (process.getInputs() == null) {
+ process.setInputs(new Inputs());
+ }
+
+ Inputs inputs = process.getInputs();
+ Input input = new Input();
+ input.setFeed(feed.getName());
+ inputs.getInputs().add(input);
+ }
+
+ public static void addOutput(Process process, Feed feed) {
+ if (process.getOutputs() == null) {
+ process.setOutputs(new Outputs());
+ }
+
+ Outputs outputs = process.getOutputs();
+ Output output = new Output();
+ output.setFeed(feed.getName());
+ outputs.getOutputs().add(output);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/distributed/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/distributed/web.xml b/webapp/src/main/webapp/WEB-INF/distributed/web.xml
index a5e1161..7a4de55 100644
--- a/webapp/src/main/webapp/WEB-INF/distributed/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/distributed/web.xml
@@ -26,8 +26,13 @@
<description>Apache Falcon Distributed Server</description>
<filter>
- <filter-name>auth</filter-name>
- <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+ <filter-name>authentication</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
+ </filter>
+
+ <filter>
+ <filter-name>authorization</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
</filter>
<filter>
@@ -36,12 +41,17 @@
</filter>
<filter-mapping>
- <filter-name>auth</filter-name>
+ <filter-name>authentication</filter-name>
+ <servlet-name>FalconRESTApi</servlet-name>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authorization</filter-name>
<servlet-name>FalconRESTApi</servlet-name>
</filter-mapping>
<filter-mapping>
- <filter-name>auth</filter-name>
+ <filter-name>authentication</filter-name>
<servlet-name>SecureApi</servlet-name>
</filter-mapping>
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/embedded/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/embedded/web.xml b/webapp/src/main/webapp/WEB-INF/embedded/web.xml
index 9dc371f..7d0cb08 100644
--- a/webapp/src/main/webapp/WEB-INF/embedded/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/embedded/web.xml
@@ -26,12 +26,22 @@
<description>Apache Falcon Embedded Server</description>
<filter>
- <filter-name>auth</filter-name>
- <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+ <filter-name>authentication</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>authorization</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>authentication</filter-name>
+ <servlet-name>FalconRESTApi</servlet-name>
+ </filter-mapping>
+
<filter-mapping>
- <filter-name>auth</filter-name>
+ <filter-name>authorization</filter-name>
<servlet-name>FalconRESTApi</servlet-name>
</filter-mapping>
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml
index 971fcdd..08c30cb 100644
--- a/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -26,12 +26,22 @@
<description>Apache Falcon Placeholder</description>
<filter>
- <filter-name>auth</filter-name>
- <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+ <filter-name>authentication</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>authorization</filter-name>
+ <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>authentication</filter-name>
+ <servlet-name>FalconRESTApi</servlet-name>
+ </filter-mapping>
+
<filter-mapping>
- <filter-name>auth</filter-name>
+ <filter-name>authorization</filter-name>
<servlet-name>FalconRESTApi</servlet-name>
</filter-mapping>
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java b/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
deleted file mode 100644
index 62e889a..0000000
--- a/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
+++ /dev/null
@@ -1,214 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.falcon.security;
-
-import org.apache.falcon.util.StartupProperties;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
-import org.mockito.Mock;
-import org.mockito.Mockito;
-import org.mockito.MockitoAnnotations;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.Test;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
-
-
-/**
- * Test for BasicAuthFilter using mock objects.
- */
-public class BasicAuthFilterTest {
-
- @Mock
- private HttpServletRequest mockRequest;
-
- @Mock
- private HttpServletResponse mockResponse;
-
- @Mock
- private FilterChain mockChain;
-
- @Mock
- private FilterConfig mockConfig;
-
- @Mock
- private UserGroupInformation mockUgi;
-
- @BeforeClass
- public void init() {
- MockitoAnnotations.initMocks(this);
- }
-
- @BeforeMethod
- private void initAuthType() {
- ConcurrentHashMap<String, String> conf = new ConcurrentHashMap<String, String>();
- conf.put("type", "simple");
- conf.put("config.prefix.type", "");
- conf.put("anonymous.allowed", "true");
- Mockito.when(mockConfig.getInitParameterNames()).thenReturn(conf.keys());
-
- for (Map.Entry<String, String> entry : conf.entrySet()) {
- Mockito.when(mockConfig.getInitParameter(entry.getKey())).thenReturn(entry.getValue());
- }
-
- Mockito.when(mockRequest.getMethod()).thenReturn("OPTIONS");
-
- StringBuffer requestUrl = new StringBuffer("http://localhost");
- Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
- }
-
- @Test
- public void testDoFilter() throws Exception {
- Filter filter = new BasicAuthFilter();
- synchronized (StartupProperties.get()) {
- filter.init(mockConfig);
- }
-
- CurrentUser.authenticate("nouser");
- Assert.assertEquals(CurrentUser.getUser(), "nouser");
-
- CurrentUser.authenticate("guest");
- Mockito.when(mockRequest.getQueryString()).thenReturn("user.name=guest");
- filter.doFilter(mockRequest, mockResponse, mockChain);
- Assert.assertEquals(CurrentUser.getUser(), "guest");
-
- CurrentUser.authenticate("nouser");
- Assert.assertEquals(CurrentUser.getUser(), "nouser");
- CurrentUser.authenticate("testuser");
- Mockito.when(mockRequest.getRemoteUser()).thenReturn("testuser");
- filter.doFilter(mockRequest, mockResponse, mockChain);
- Assert.assertEquals(CurrentUser.getUser(), "testuser");
- }
-
- @Test
- public void testAnonymous() throws Exception {
- Filter filter = new BasicAuthFilter();
-
- synchronized (StartupProperties.get()) {
- filter.init(mockConfig);
- }
-
- CurrentUser.authenticate("nouser");
- Assert.assertEquals(CurrentUser.getUser(), "nouser");
-
- CurrentUser.authenticate("testuser");
- Mockito.when(mockRequest.getRemoteUser()).thenReturn("testuser");
- filter.doFilter(mockRequest, mockResponse, mockChain);
- Assert.assertEquals(CurrentUser.getUser(), "testuser");
- }
-
- @Test
- public void testEmptyUser() throws Exception {
- Filter filter = new BasicAuthFilter();
-
- synchronized (StartupProperties.get()) {
- filter.init(mockConfig);
- }
-
- final String userName = System.getProperty("user.name");
- try {
- System.setProperty("user.name", "");
-
- Mockito.when(mockRequest.getMethod()).thenReturn("POST");
- Mockito.when(mockRequest.getQueryString()).thenReturn("");
- Mockito.when(mockRequest.getRemoteUser()).thenReturn(null);
-
- HttpServletResponse errorResponse = Mockito.mock(HttpServletResponse.class);
- filter.doFilter(mockRequest, errorResponse, mockChain);
- } finally {
- System.setProperty("user.name", userName);
- }
- }
-
- @Test
- public void testDoFilterForClientBackwardsCompatibility() throws Exception {
- Filter filter = new BasicAuthFilter();
-
- final String userName = System.getProperty("user.name");
- final String httpAuthType =
- StartupProperties.get().getProperty("falcon.http.authentication.type", "simple");
- try {
- System.setProperty("user.name", "");
- StartupProperties.get().setProperty("falcon.http.authentication.type",
- "org.apache.falcon.security.RemoteUserInHeaderBasedAuthenticationHandler");
-
- synchronized (StartupProperties.get()) {
- filter.init(mockConfig);
- }
-
- Mockito.when(mockRequest.getMethod()).thenReturn("POST");
- Mockito.when(mockRequest.getQueryString()).thenReturn("");
- Mockito.when(mockRequest.getRemoteUser()).thenReturn(null);
- Mockito.when(mockRequest.getHeader("Remote-User")).thenReturn("remote-user");
-
- filter.doFilter(mockRequest, mockResponse, mockChain);
-
- Assert.assertEquals(CurrentUser.getUser(), "remote-user");
-
- } finally {
- System.setProperty("user.name", userName);
- StartupProperties.get().setProperty("falcon.http.authentication.type", httpAuthType);
- }
- }
-
- @Test
- public void testGetKerberosPrincipalWithSubstitutedHostSecure() throws Exception {
- String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL);
-
- String expectedPrincipal = "falcon/" + SecurityUtil.getLocalHostName() + "@Example.com";
- try {
- Configuration conf = new Configuration(false);
- conf.set("hadoop.security.authentication", "kerberos");
- UserGroupInformation.setConfiguration(conf);
- Assert.assertTrue(UserGroupInformation.isSecurityEnabled());
-
- StartupProperties.get().setProperty(
- BasicAuthFilter.KERBEROS_PRINCIPAL, "falcon/_HOST@Example.com");
- BasicAuthFilter filter = new BasicAuthFilter();
- Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX, null);
- Assert.assertEquals(
- properties.get(KerberosAuthenticationHandler.PRINCIPAL), expectedPrincipal);
- } finally {
- StartupProperties.get().setProperty(BasicAuthFilter.KERBEROS_PRINCIPAL, principal);
- }
- }
-
- @Test
- public void testGetKerberosPrincipalWithSubstitutedHostNonSecure() throws Exception {
- String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL);
- Configuration conf = new Configuration(false);
- conf.set("hadoop.security.authentication", "simple");
- UserGroupInformation.setConfiguration(conf);
- Assert.assertFalse(UserGroupInformation.isSecurityEnabled());
-
- BasicAuthFilter filter = new BasicAuthFilter();
- Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX, null);
- Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), principal);
- }
-}