You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/09/08 15:15:07 UTC
[14/24] knox git commit: Merge branch 'master' into
KNOX-998-Package_Restructuring
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java
index 1b01d73,0000000..a89ac82
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java
@@@ -1,444 -1,0 +1,443 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.charset.Charset;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.UUID;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.gateway.services.topology.TopologyService;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.hadoop.test.category.ReleaseTest;
+import org.apache.hadoop.test.mock.MockServer;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpStatus;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.log4j.Appender;
+import org.hamcrest.MatcherAssert;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static com.jayway.restassured.RestAssured.given;
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.endsWith;
+import static org.hamcrest.CoreMatchers.equalTo;
- import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+import static org.xmlmatchers.XmlMatchers.hasXPath;
+import static org.xmlmatchers.transform.XmlConverters.the;
+
+@Category(ReleaseTest.class)
+public class GatewayMultiFuncTest {
+
+ private static Logger LOG = LoggerFactory.getLogger( GatewayMultiFuncTest.class );
- private static Class DAT = GatewayMultiFuncTest.class;
++ private static Class<?> DAT = GatewayMultiFuncTest.class;
+
+ private static Enumeration<Appender> appenders;
+ private static GatewayTestConfig config;
+ private static DefaultGatewayServices services;
+ private static GatewayServer gateway;
+ private static int gatewayPort;
+ private static String gatewayUrl;
+ private static TcpTransport ldapTransport;
+ private static Properties params;
+ private static TopologyService topos;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ //appenders = NoOpAppender.setUp();
+ driver.setupLdap(0);
+ setupGateway();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ gateway.stop();
+ driver.cleanup();
+ FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+
+ config = new GatewayTestConfig();
+ config.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ URL svcsFileUrl = TestUtils.getResourceUrl( DAT, "services/readme.txt" );
+ File svcsFile = new File( svcsFileUrl.getFile() );
+ File svcsDir = svcsFile.getParentFile();
+ config.setGatewayServicesDir( svcsDir.getAbsolutePath() );
+
+ URL appsFileUrl = TestUtils.getResourceUrl( DAT, "applications/readme.txt" );
+ File appsFile = new File( appsFileUrl.getFile() );
+ File appsDir = appsFile.getParentFile();
+ config.setGatewayApplicationsDir( appsDir.getAbsolutePath() );
+
+ File topoDir = new File( config.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( config.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ startGatewayServer();
+ }
+
+ public static void startGatewayServer() throws Exception {
+ services = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ services.init( config, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+ topos = services.getService(GatewayServices.TOPOLOGY_SERVICE);
+
+ gateway = GatewayServer.startGateway( config, services );
+ MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+ gatewayPort = gateway.getAddresses()[0].getPort();
+ gatewayUrl = "http://localhost:" + gatewayPort + "/" + config.getGatewayPath();
+
+ LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+ params = new Properties();
+ params.put( "LDAP_URL", driver.getLdapUrl() );
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testDefaultJsonMimeTypeHandlingKnox678() throws Exception {
+ LOG_ENTER();
+
+ MockServer mock = new MockServer( "REPEAT", true );
+
+ params = new Properties();
+ params.put( "LDAP_URL", driver.getLdapUrl() );
+ params.put( "MOCK_SERVER_PORT", mock.getPort() );
+
+ String topoStr = TestUtils.merge( DAT, "topologies/test-knox678-utf8-chars-topology.xml", params );
+ File topoFile = new File( config.getGatewayTopologyDir(), "knox678.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+
+ topos.reloadTopologies();
+
+ String uname = "guest";
+ String pword = uname + "-password";
+
+ mock.expect().method( "GET" )
+ .respond().contentType( "application/json" ).contentLength( -1 ).content( "{\"msg\":\"H\u00eallo\"}", Charset.forName( "UTF-8" ) );
+ String json = given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "application/json; charset=UTF-8" )
+ .when().log().ifError().get( gatewayUrl + "/knox678/repeat" ).andReturn().asString();
+ assertThat( json, is("{\"msg\":\"H\u00eallo\"}") );
+ assertThat( mock.isEmpty(), is(true) );
+
+ mock.expect().method( "GET" )
+ .respond().contentType( "application/octet-stream" ).contentLength( -1 ).content( "H\u00eallo".getBytes() );
+ byte[] bytes = given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "application/octet-stream" )
+ .when().log().ifError().get( gatewayUrl + "/knox678/repeat" ).andReturn().asByteArray();
+ assertThat( bytes, is(equalTo("H\u00eallo".getBytes())) );
+ assertThat( mock.isEmpty(), is(true) );
+
+ mock.stop();
+
+ LOG_EXIT();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testPostWithContentTypeKnox681() throws Exception {
+ LOG_ENTER();
+
+ MockServer mock = new MockServer( "REPEAT", true );
+
+ params = new Properties();
+ params.put( "MOCK_SERVER_PORT", mock.getPort() );
+ params.put( "LDAP_URL", driver.getLdapUrl() );
+
+ String topoStr = TestUtils.merge( DAT, "topologies/test-knox678-utf8-chars-topology.xml", params );
+ File topoFile = new File( config.getGatewayTopologyDir(), "knox681.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+
+ topos.reloadTopologies();
+
+ mock
+ .expect()
+ .method( "PUT" )
+ .pathInfo( "/repeat-context/" )
+ .respond()
+ .status( HttpStatus.SC_CREATED )
+ .content( "{\"name\":\"value\"}".getBytes() )
+ .contentLength( -1 )
+ .contentType( "application/json; charset=UTF-8" )
+ .header( "Location", gatewayUrl + "/knox681/repeat" );
+
+ String uname = "guest";
+ String pword = uname + "-password";
+
+ HttpHost targetHost = new HttpHost( "localhost", gatewayPort, "http" );
+ CredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(
+ new AuthScope( targetHost.getHostName(), targetHost.getPort() ),
+ new UsernamePasswordCredentials( uname, pword ) );
+
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme basicAuth = new BasicScheme();
+ authCache.put( targetHost, basicAuth );
+
+ HttpClientContext context = HttpClientContext.create();
+ context.setCredentialsProvider( credsProvider );
+ context.setAuthCache( authCache );
+
+ CloseableHttpClient client = HttpClients.createDefault();
+ HttpPut request = new HttpPut( gatewayUrl + "/knox681/repeat" );
+ request.addHeader( "X-XSRF-Header", "jksdhfkhdsf" );
+ request.addHeader( "Content-Type", "application/json" );
+ CloseableHttpResponse response = client.execute( request, context );
+ assertThat( response.getStatusLine().getStatusCode(), is( HttpStatus.SC_CREATED ) );
+ assertThat( response.getFirstHeader( "Location" ).getValue(), endsWith("/gateway/knox681/repeat" ) );
+ assertThat( response.getFirstHeader( "Content-Type" ).getValue(), is("application/json; charset=UTF-8") );
+ String body = new String( IOUtils.toByteArray( response.getEntity().getContent() ), Charset.forName( "UTF-8" ) );
+ assertThat( body, is( "{\"name\":\"value\"}" ) );
+ response.close();
+ client.close();
+
+ mock
+ .expect()
+ .method( "PUT" )
+ .pathInfo( "/repeat-context/" )
+ .respond()
+ .status( HttpStatus.SC_CREATED )
+ .content( "<test-xml/>".getBytes() )
+ .contentType( "application/xml; charset=UTF-8" )
+ .header( "Location", gatewayUrl + "/knox681/repeat" );
+
+ client = HttpClients.createDefault();
+ request = new HttpPut( gatewayUrl + "/knox681/repeat" );
+ request.addHeader( "X-XSRF-Header", "jksdhfkhdsf" );
+ request.addHeader( "Content-Type", "application/xml" );
+ response = client.execute( request, context );
+ assertThat( response.getStatusLine().getStatusCode(), is( HttpStatus.SC_CREATED ) );
+ assertThat( response.getFirstHeader( "Location" ).getValue(), endsWith("/gateway/knox681/repeat" ) );
+ assertThat( response.getFirstHeader( "Content-Type" ).getValue(), is("application/xml; charset=UTF-8") );
+ body = new String( IOUtils.toByteArray( response.getEntity().getContent() ), Charset.forName( "UTF-8" ) );
+ assertThat( the(body), hasXPath( "/test-xml" ) );
+ response.close();
+ client.close();
+
+ mock.stop();
+
+ LOG_EXIT();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testLdapSearchConfigEnhancementsKnox694() throws Exception {
+ LOG_ENTER();
+
+ String topoStr;
+ File topoFile;
+
+ String adminUName = "uid=admin,ou=people,dc=hadoop,dc=apache,dc=org";
+ String adminPWord = "admin-password";
+ String uname = "people\\guest";
+ String pword = "guest-password";
+ String invalidPword = "invalid-guest-password";
+
+ params = new Properties();
+ params.put( "LDAP_URL", driver.getLdapUrl() );
+ params.put( "LDAP_SYSTEM_USERNAME", adminUName );
+ params.put( "LDAP_SYSTEM_PASSWORD", adminPWord );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-user-dn-template.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-1.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().log().ifError().get( gatewayUrl + "/knox694-1/test-service-path/test-resource-path" );
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, invalidPword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-1/test-service-path/test-resource-path" );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-attribute.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-2.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().log().ifError().get( gatewayUrl + "/knox694-2/test-service-path/test-resource-path" );
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, invalidPword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-2/test-service-path/test-resource-path" );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-filter.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-3.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().log().ifError().get( gatewayUrl + "/knox694-3/test-service-path/test-resource-path" );
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, invalidPword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-3/test-service-path/test-resource-path" );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-object.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-4.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().log().ifError().get( gatewayUrl + "/knox694-4/test-service-path/test-resource-path" );
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, invalidPword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-4/test-service-path/test-resource-path" );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-onelevel-positive.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-5.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().log().ifError().get( gatewayUrl + "/knox694-5/test-service-path/test-resource-path" );
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, invalidPword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-5/test-service-path/test-resource-path" );
+
+ topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-onelevel-negative.xml", params );
+ topoFile = new File( config.getGatewayTopologyDir(), "knox694-6.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+ topos.reloadTopologies();
+
+ given()
+ //.log().all()
+ .auth().preemptive().basic( uname, pword )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_UNAUTHORIZED )
+ .when().get( gatewayUrl + "/knox694-6/test-service-path/test-resource-path" );
+
+ LOG_EXIT();
+ }
+
+}
+
+
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
index 7df6b7a,0000000..96e64cf
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
@@@ -1,203 -1,0 +1,180 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import com.mycila.xmltool.XMLDoc;
+import com.mycila.xmltool.XMLTag;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.http.HttpStatus;
+import org.apache.log4j.Appender;
+import org.hamcrest.MatcherAssert;
- import org.hamcrest.Matchers;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
- import java.io.InputStream;
- import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import static com.jayway.restassured.RestAssured.given;
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.notNullValue;
- import static org.junit.Assert.assertThat;
+
+public class GatewaySampleFuncTest {
+
- private static Class RESOURCE_BASE_CLASS = GatewaySampleFuncTest.class;
+ private static Logger LOG = LoggerFactory.getLogger( GatewaySampleFuncTest.class );
+
+ public static Enumeration<Appender> appenders;
+ public static GatewayConfig config;
+ public static GatewayServer gateway;
+ public static String gatewayUrl;
+ public static String clusterUrl;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ //appenders = NoOpAppender.setUp();
+ driver.setupLdap(0);
+ setupGateway();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ gateway.stop();
+ driver.cleanup();
+ //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+
+ GatewayTestConfig testConfig = new GatewayTestConfig();
+ config = testConfig;
+ testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( testConfig.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ File descriptor = new File( topoDir, "test-cluster.xml" );
+ FileOutputStream stream = new FileOutputStream( descriptor );
+ createTopology().toStream( stream );
+ stream.close();
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ srvcs.init( testConfig, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+
+ gateway = GatewayServer.startGateway( testConfig, srvcs );
+ MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+ LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+ gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
+ clusterUrl = gatewayUrl + "/test-cluster";
+ }
+
+ private static XMLTag createTopology() {
+ XMLTag xml = XMLDoc.newDocument( true )
+ .addRoot( "topology" )
+ .addTag( "gateway" )
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "authentication" )
+ .addTag( "name" ).addText( "ShiroProvider" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm" )
+ .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
+ .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
+ .addTag( "value" ).addText( driver.getLdapUrl() ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
+ .addTag( "value" ).addText( "simple" ).gotoParent()
+ .addTag( "param" )
+ .addTag( "name" ).addText( "urls./**" )
+ .addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent()
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "identity-assertion" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "name" ).addText( "Default" ).gotoParent()
+ .addTag( "provider" )
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "test-service-role" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
- public static InputStream getResourceStream( String resource ) throws IOException {
- return getResourceUrl( resource ).openStream();
- }
-
- public static URL getResourceUrl( String resource ) {
- URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
- assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
- return url;
- }
-
- public static String getResourceName( String resource ) {
- return getResourceBaseName() + resource;
- }
-
- public static String getResourceBaseName() {
- return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
- }
-
+ //@Test
+ public void waitForManualTesting() throws IOException {
+ System.in.read();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testTestService() throws ClassNotFoundException {
+ LOG_ENTER();
+ String username = "guest";
+ String password = "guest-password";
+ String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
+ given()
+ //.log().all()
+ .auth().preemptive().basic( username, password )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().get( serviceUrl );
+ LOG_EXIT();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
index 69b5c1c,0000000..02bb3dd
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
@@@ -1,304 -1,0 +1,304 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import java.io.File;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import java.util.UUID;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.gateway.services.topology.TopologyService;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.hadoop.test.category.ReleaseTest;
+import org.apache.hadoop.test.mock.MockServer;
+import org.apache.http.HttpHost;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.log4j.Appender;
+import org.hamcrest.MatcherAssert;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.xmlmatchers.transform.XmlConverters.the;
+import static org.xmlmatchers.xpath.HasXPath.hasXPath;
+
+@Category( ReleaseTest.class )
+public class GatewaySslFuncTest {
+
+ private static Logger LOG = LoggerFactory.getLogger( GatewaySslFuncTest.class );
- private static Class DAT = GatewaySslFuncTest.class;
++ private static Class<?> DAT = GatewaySslFuncTest.class;
+
+ private static Enumeration<Appender> appenders;
+ private static GatewayTestConfig config;
+ private static DefaultGatewayServices services;
+ private static GatewayServer gateway;
+ private static String gatewayScheme;
+ private static int gatewayPort;
+ private static String gatewayUrl;
+ private static Properties params;
+ private static TopologyService topos;
+ private static MockServer mockWebHdfs;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ //appenders = NoOpAppender.setUp();
+ driver.setupLdap(0);
+ setupGateway();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ gateway.stop();
+ driver.cleanup();
+ FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ @After
+ public void cleanupTest() throws Exception {
+ FileUtils.cleanDirectory( new File( config.getGatewayTopologyDir() ) );
+ FileUtils.cleanDirectory( new File( config.getGatewayDeploymentDir() ) );
+ }
+
+ public static void setupGateway() throws Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+
+ config = new GatewayTestConfig();
+ config.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( config.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( config.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ File securityDir = new File( config.getGatewaySecurityDir() );
+ securityDir.mkdirs();
+
+ config.setSSLEnabled( true );
+
+ setupMockServers();
+ startGatewayServer();
+ }
+
+ public static void setupMockServers() throws Exception {
+ mockWebHdfs = new MockServer( "WEBHDFS", true );
+ }
+
+ private static GatewayServices instantiateGatewayServices() {
+ ServiceLoader<GatewayServices> loader = ServiceLoader.load( GatewayServices.class );
+ Iterator<GatewayServices> services = loader.iterator();
+ if (services.hasNext()) {
+ return services.next();
+ }
+ return null;
+ }
+
+ public static void startGatewayServer() throws Exception {
+ instantiateGatewayServices();
+ services = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ services.init( config, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+ topos = services.getService(GatewayServices.TOPOLOGY_SERVICE);
+
+ gateway = GatewayServer.startGateway( config, services );
+ MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+ gatewayScheme = config.isSSLEnabled() ? "https" : "http";
+ gatewayPort = gateway.getAddresses()[0].getPort();
+ gatewayUrl = gatewayScheme + "://localhost:" + gatewayPort + "/" + config.getGatewayPath();
+
+ LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+ params = new Properties();
+ params.put( "LDAP_URL", driver.getLdapUrl() );
+ params.put( "WEBHDFS_URL", "http://localhost:" + mockWebHdfs.getPort() );
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testKnox674SslCipherSuiteConfig() throws Exception {
+ LOG_ENTER();
+
+ String topoStr = TestUtils.merge( DAT, "test-admin-topology.xml", params );
+ File topoFile = new File( config.getGatewayTopologyDir(), "test-topology.xml" );
+ FileUtils.writeStringToFile( topoFile, topoStr );
+
+ topos.reloadTopologies();
+
+ String username = "guest";
+ String password = "guest-password";
+ String serviceUrl = gatewayUrl + "/test-topology/api/v1/version";
+
+ HttpHost targetHost = new HttpHost( "localhost", gatewayPort, gatewayScheme );
+ CredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(
+ new AuthScope( targetHost.getHostName(), targetHost.getPort() ),
+ new UsernamePasswordCredentials( username, password ) );
+
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme basicAuth = new BasicScheme();
+ authCache.put( targetHost, basicAuth );
+
+ HttpClientContext context = HttpClientContext.create();
+ context.setCredentialsProvider( credsProvider );
+ context.setAuthCache( authCache );
+
+ CloseableHttpClient client = HttpClients.custom()
+ .setSSLSocketFactory(
+ new SSLConnectionSocketFactory(
+ createInsecureSslContext(),
+ new String[]{"TLSv1.2"},
+ new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+ new TrustAllHosts() ) )
+ .build();
+ HttpGet request = new HttpGet( serviceUrl );
+ CloseableHttpResponse response = client.execute( request, context );
+ assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) );
+ response.close();
+ client.close();
+
+ gateway.stop();
+ config.setExcludedSSLCiphers( Arrays.asList( new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } ) );
+ config.setIncludedSSLCiphers( Arrays.asList( new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" } ) );
+
+ startGatewayServer();
+ serviceUrl = gatewayUrl + "/test-topology/api/v1/version";
+
+ try {
+ client = HttpClients.custom()
+ .setSSLSocketFactory(
+ new SSLConnectionSocketFactory(
+ createInsecureSslContext(),
+ new String[]{ "TLSv1.2" },
+ new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
+ new TrustAllHosts() ) ).build();
+ request = new HttpGet( serviceUrl );
+ client.execute( request, context );
+ fail( "Expected SSLHandshakeException" );
+ } catch ( SSLHandshakeException e ) {
+ // Expected.
+ client.close();
+ }
+
+ client = HttpClients.custom()
+ .setSSLSocketFactory(
+ new SSLConnectionSocketFactory(
+ createInsecureSslContext(),
+ new String[]{ "TLSv1.2" },
+ new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
+ new TrustAllHosts() ) ).build();
+ request = new HttpGet( serviceUrl );
+ response = client.execute( request, context );
+ assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) );
+ response.close();
+ client.close();
+
+ LOG_EXIT();
+ }
+
+ public static class TrustAllHosts implements HostnameVerifier {
+ @Override
+ public boolean verify( String host, SSLSession sslSession ) {
+ // Trust all hostnames.
+ return true;
+ }
+ }
+
+ public static class TrustAllCerts implements X509TrustManager {
+
+ public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
+ // Trust all certificates.
+ }
+
+ public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
+ // Trust all certificates.
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ }
+
+ public static SSLContext createInsecureSslContext() throws NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sslContext = SSLContext.getInstance( "SSL" );
+ sslContext.init( null, new TrustManager[]{ new TrustAllCerts() }, new SecureRandom() );
+ return sslContext;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
index ecbb09c,0000000..30c6ec8
mode 100755,000000..100755
--- a/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
@@@ -1,307 -1,0 +1,284 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import static com.jayway.restassured.RestAssured.given;
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.notNullValue;
- import static org.junit.Assert.assertThat;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetSocketAddress;
+import java.net.URL;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
- import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.knox.gateway.config.GatewayConfig;
- import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.gateway.services.security.AliasService;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.http.HttpStatus;
+import org.apache.log4j.Appender;
+import org.hamcrest.MatcherAssert;
- import org.hamcrest.Matchers;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.mycila.xmltool.XMLDoc;
+import com.mycila.xmltool.XMLTag;
+
+/**
+ * Functional test to verify : KNOX-242 LDAP Enhancements
+ * Please see
+ * https://issues.apache.org/jira/browse/KNOX-242
+ *
+ */
+public class Knox242FuncTest {
+
- private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class;
+ private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class );
+
+ public static Enumeration<Appender> appenders;
+ public static GatewayConfig config;
+ public static GatewayServer gateway;
+ public static String gatewayUrl;
+ public static String clusterUrl;
+ public static String serviceUrl;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ //appenders = NoOpAppender.setUp();
+ String basedir = System.getProperty("basedir");
+ if (basedir == null) {
+ basedir = new File(".").getCanonicalPath();
+ }
+ Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users-dynamic.ldif");
+ driver.setupLdap( 0 , path.toFile() );
+ setupGateway();
+ TestUtils.awaitNon404HttpStatus( new URL( serviceUrl ), 10000, 100 );
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ gateway.stop();
+ driver.cleanup();
+ //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws IOException, Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+
+ GatewayTestConfig testConfig = new GatewayTestConfig();
+ config = testConfig;
+ testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( testConfig.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ srvcs.init( testConfig, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+
+ gateway = GatewayServer.startGateway( testConfig, srvcs );
+ MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+ LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+ gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
+ clusterUrl = gatewayUrl + "/testdg-cluster";
+ serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
+
+ GatewayServices services = GatewayServer.getGatewayServices();
+ AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE);
+ aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password");
+
+ char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword");
+ //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1)));
+
+ File descriptor = new File( topoDir, "testdg-cluster.xml" );
+ FileOutputStream stream = new FileOutputStream( descriptor );
+ createTopology().toStream( stream );
+ stream.close();
+ }
+
+ private static XMLTag createTopology() {
+ XMLTag xml = XMLDoc.newDocument( true )
+ .addRoot( "topology" )
+ .addTag( "gateway" )
+
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "authentication" )
+ .addTag( "name" ).addText( "ShiroProvider" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm" )
+ .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapGroupContextFactory" )
+ .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory" )
+ .addTag( "value" ).addText( "$ldapGroupContextFactory" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
+ .addTag( "value" ).addText( "simple" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
+ .addTag( "value" ).addText( driver.getLdapUrl())
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
+ .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
+
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.searchBase" )
+ .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
+
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" )
+ .addTag( "value" ).addText( "uid" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" )
+ .addTag( "value" ).addText( "person" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" )
+ .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" )
+ .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" )
+
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" )
+ .addTag( "value" ).addText( "true" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" )
+ .addTag( "value" ).addText( "simple" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" )
+ .addTag( "value" ).addText( "groupofurls" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" )
+ .addTag( "value" ).addText( "memberurl" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" )
+ .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" )
+ .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" )
+ .addTag( "value" ).addText( "testdg-cluster" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" )
+ .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" )
+ // .addTag( "value" ).addText( "guest-password" )
+ .gotoParent().addTag( "param" )
+ .addTag( "name" ).addText( "urls./**" )
+ .addTag( "value" ).addText( "authcBasic" )
+
+ .gotoParent().gotoParent().addTag( "provider" )
+ .addTag( "role" ).addText( "authorization" )
+ .addTag( "name" ).addText( "AclsAuthz" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "param" )
+ .addTag( "name" ).addText( "test-service-role.acl" )
+ .addTag( "value" ).addText( "*;directors;*" )
+
+ .gotoParent().gotoParent().addTag( "provider" )
+ .addTag( "role" ).addText( "identity-assertion" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "name" ).addText( "Default" ).gotoParent()
+
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "test-service-role" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
- public static InputStream getResourceStream( String resource ) throws IOException {
- return getResourceUrl( resource ).openStream();
- }
-
- public static URL getResourceUrl( String resource ) {
- URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
- assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
- return url;
- }
-
- public static String getResourceName( String resource ) {
- return getResourceBaseName() + resource;
- }
-
- public static String getResourceBaseName() {
- return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
- }
-
+ @Ignore
+ // @Test
+ public void waitForManualTesting() throws IOException {
+ System.in.read();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testGroupMember() throws ClassNotFoundException, Exception {
+ LOG_ENTER();
+ String username = "joe";
+ String password = "joe-password";
+ String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
+ given()
+ //.log().all()
+ .auth().preemptive().basic( username, password )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_OK )
+ .contentType( "text/plain" )
+ .body( is( "test-service-response" ) )
+ .when().get( serviceUrl );
+ LOG_EXIT();
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testNonGroupMember() throws ClassNotFoundException {
+ LOG_ENTER();
+ String username = "guest";
+ String password = "guest-password";
+ String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
+ given()
+ //.log().all()
+ .auth().preemptive().basic( username, password )
+ .expect()
+ //.log().all()
+ .statusCode( HttpStatus.SC_FORBIDDEN )
+ .when().get( serviceUrl );
+ LOG_EXIT();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
index cdd5c8e,0000000..fc2f601
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
@@@ -1,323 -1,0 +1,294 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import com.mycila.xmltool.XMLDoc;
+import com.mycila.xmltool.XMLTag;
- import org.apache.directory.server.protocol.shared.transport.TcpTransport;
- import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.gateway.util.KnoxCLI;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.hadoop.test.log.NoOpAppender;
+import org.apache.log4j.Appender;
- import org.hamcrest.Matchers;
+import org.junit.BeforeClass;
+import org.junit.AfterClass;
+import org.junit.Test;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
+
+import java.io.PrintStream;
- import java.io.InputStream;
+import java.io.File;
+import java.io.FileOutputStream;
- import java.io.IOException;
+import java.io.ByteArrayOutputStream;
- import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThat;
+
+public class KnoxCliLdapFuncTestNegative {
+
- private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
- private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
-
+ public static Enumeration<Appender> appenders;
+ public static GatewayTestConfig config;
+ public static GatewayServer gateway;
+ public static String gatewayUrl;
+ public static String clusterUrl;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
+ private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
+ private static final String uuid = UUID.randomUUID().toString();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ System.setOut(new PrintStream(outContent));
+ System.setErr(new PrintStream(errContent));
+ driver.setupLdap(0);
+ setupGateway();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ driver.cleanup();
+
+ //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
+ gatewayDir.mkdirs();
+
+ GatewayTestConfig testConfig = new GatewayTestConfig();
+ config = testConfig;
+ testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( testConfig.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ createTopology(topoDir, "test-cluster.xml", true);
+ createTopology(topoDir, "bad-cluster.xml", false);
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ srvcs.init( testConfig, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+ }
+
+ private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
+ File descriptor = new File(topoDir, name);
+
+ if(descriptor.exists()){
+ descriptor.delete();
+ descriptor = new File(topoDir, name);
+ }
+
+ FileOutputStream stream = new FileOutputStream( descriptor, false );
+ if(goodTopology){
+ createTopology().toStream( stream );
+ } else {
+ createBadTopology().toStream( stream );
+ }
+ stream.close();
+
+ }
+
- public static InputStream getResourceStream( String resource ) throws IOException {
- return getResourceUrl( resource ).openStream();
- }
-
- public static URL getResourceUrl( String resource ) {
- URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
- assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
- return url;
- }
-
- public static String getResourceName( String resource ) {
- return getResourceBaseName() + resource;
- }
-
- public static String getResourceBaseName() {
- return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
- }
-
+ private static XMLTag createBadTopology(){
+ XMLTag xml = XMLDoc.newDocument(true)
+ .addRoot("topology")
+ .addTag("gateway")
+ .addTag( "provider" )
+ .addTag("role").addText("authentication")
+ .addTag( "name" ).addText( "ShiroProvider" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag("param")
+ .addTag( "name" ).addText("main.ldapRealm")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+ .addTag("param")
+ .addTag( "name" ).addText("main.ldapRealm.userDnTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag( "name" ).addText("main.ldapRealm.contextFactory.url")
+ .addTag("value").addText(driver.getLdapUrl()).gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+ .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+ .addTag( "value" ).addText("guest-password").gotoParent()
+ .addTag("param")
+ .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism")
+ .addTag("value").addText("simple").gotoParent()
+ .addTag("param")
+ .addTag( "name" ).addText("urls./**")
+ .addTag("value").addText("authcBasic").gotoParent().gotoParent()
+ .addTag("provider")
+ .addTag( "role" ).addText("identity-assertion")
+ .addTag("enabled").addText("true")
+ .addTag("name").addText("Default").gotoParent()
+ .addTag("provider")
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "KNOX" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
+ private static XMLTag createTopology() {
+
+ XMLTag xml = XMLDoc.newDocument(true)
+ .addRoot("topology")
+ .addTag("gateway" )
+ .addTag("provider")
+ .addTag("role").addText("authentication")
+ .addTag("name").addText("ShiroProvider")
+ .addTag("enabled").addText("true")
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+ .addTag("param" )
+ .addTag("name").addText("main.ldapGroupContextFactory")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.searchBase")
+ .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.groupObjectClass")
+ .addTag("value").addText("groupOfNames").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param" )
+ .addTag("name").addText("main.ldapRealm.memberAttribute")
+ .addTag("value").addText("member").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+ .addTag("value").addText("true").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+ .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+ .addTag( "value" ).addText("guest-password").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.userDnTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.url")
+ .addTag("value").addText(driver.getLdapUrl()).gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+ .addTag("value").addText("simple").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.cachingEnabled")
+ .addTag("value").addText("false").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("com.sun.jndi.ldap.connect.pool")
+ .addTag("value").addText("false").gotoParent()
+ .addTag("param")
+ .addTag("name" ).addText("urls./**")
+ .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
+ .addTag("provider" )
+ .addTag("role").addText( "identity-assertion" )
+ .addTag( "enabled").addText( "true" )
+ .addTag("name").addText( "Default" ).gotoParent()
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "test-service-role" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testBadTopology() throws Exception {
+ LOG_ENTER();
+
+ // Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology
+ outContent.reset();
+ String username = "tom";
+ String password = "tom-password";
+ KnoxCLI cli = new KnoxCLI();
+ cli.setConf(config);
+
+ String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+ "--u", username, "--p", password, "--g" };
+ cli.run( args1 );
+
+ assertThat(outContent.toString(), containsString("LDAP authentication successful"));
+ assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
+ assertThat(outContent.toString(), containsString("Warn: "));
+ assertFalse(outContent.toString().contains("analyst"));
+
+
+ outContent.reset();
+ username = "bad-name";
+ password = "bad-password";
+ cli = new KnoxCLI();
+ cli.setConf( config );
+
+ String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+ "--u", username, "--p", password, "--g" };
+ Enumeration<Appender> before = NoOpAppender.setUp();
+ try {
+ cli.run( args2 );
+ } finally {
+ NoOpAppender.tearDown( before );
+ }
+
+ assertThat(outContent.toString(), containsString("LDAP authentication failed"));
+ assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS"));
+
+ outContent.reset();
+ username = "sam";
+ password = "sam-password";
+ cli = new KnoxCLI();
+ cli.setConf( config );
+
+ String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+ "--u", username, "--p", password, "--g" };
+ cli.run( args3 );
+
+ assertThat(outContent.toString(), containsString("LDAP authentication successful"));
+ assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
+ assertThat(outContent.toString(), containsString("Warn:"));
+ assertFalse(outContent.toString().contains("analyst"));
+ assertFalse(outContent.toString().contains("scientist"));
+
+ LOG_EXIT();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
index 1783a7f,0000000..f612a4e
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
@@@ -1,327 -1,0 +1,300 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import com.mycila.xmltool.XMLDoc;
+import com.mycila.xmltool.XMLTag;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
+import org.apache.knox.gateway.services.DefaultGatewayServices;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
+import org.apache.knox.gateway.util.KnoxCLI;
+import org.apache.hadoop.test.TestUtils;
+import org.apache.hadoop.test.log.NoOpAppender;
+import org.apache.log4j.Appender;
- import org.hamcrest.Matchers;
+import org.junit.BeforeClass;
+import org.junit.AfterClass;
+import org.junit.Test;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
+
+import java.io.PrintStream;
- import java.io.InputStream;
+import java.io.File;
+import java.io.FileOutputStream;
- import java.io.IOException;
+import java.io.ByteArrayOutputStream;
- import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
+import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.junit.Assert.assertThat;
+
+public class KnoxCliLdapFuncTestPositive {
+
- private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
- private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
-
+ public static Enumeration<Appender> appenders;
+ public static GatewayTestConfig config;
+ public static GatewayServer gateway;
+ public static String gatewayUrl;
+ public static String clusterUrl;
+ private static GatewayTestDriver driver = new GatewayTestDriver();
+
+ private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
+ private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
+ private static final String uuid = UUID.randomUUID().toString();
+
+ @BeforeClass
+ public static void setupSuite() throws Exception {
+ LOG_ENTER();
+ System.setOut(new PrintStream(outContent));
+ System.setErr(new PrintStream(errContent));
+ driver.setupLdap(0);
+ setupGateway();
+ LOG_EXIT();
+ }
+
+ @AfterClass
+ public static void cleanupSuite() throws Exception {
+ LOG_ENTER();
+ driver.cleanup();
+
+ //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+ //NoOpAppender.tearDown( appenders );
+ LOG_EXIT();
+ }
+
+ public static void setupGateway() throws Exception {
+
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
+ gatewayDir.mkdirs();
+
+ GatewayTestConfig testConfig = new GatewayTestConfig();
+ config = testConfig;
+ testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+ File topoDir = new File( testConfig.getGatewayTopologyDir() );
+ topoDir.mkdirs();
+
+ File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+ deployDir.mkdirs();
+
+ createTopology(topoDir, "test-cluster.xml", true);
+ createTopology(topoDir, "bad-cluster.xml", false);
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<>();
+ options.put( "persist-master", "false" );
+ options.put( "master", "password" );
+ try {
+ srvcs.init( testConfig, options );
+ } catch ( ServiceLifecycleException e ) {
+ e.printStackTrace(); // I18N not required.
+ }
+ }
+
+ private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
+ File descriptor = new File(topoDir, name);
+
+ if(descriptor.exists()){
+ descriptor.delete();
+ descriptor = new File(topoDir, name);
+ }
+
+ FileOutputStream stream = new FileOutputStream( descriptor, false );
+ if(goodTopology){
+ createTopology().toStream( stream );
+ } else {
+ createBadTopology().toStream( stream );
+ }
+ stream.close();
+
+ }
+
- public static InputStream getResourceStream( String resource ) throws IOException {
- return getResourceUrl( resource ).openStream();
- }
-
- public static URL getResourceUrl( String resource ) {
- URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
- assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
- return url;
- }
-
- public static String getResourceName( String resource ) {
- return getResourceBaseName() + resource;
- }
-
- public static String getResourceBaseName() {
- return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
- }
-
+ private static XMLTag createBadTopology(){
+ XMLTag xml = XMLDoc.newDocument(true)
+ .addRoot("topology")
+ .addTag( "gateway" )
+ .addTag("provider")
+ .addTag("role").addText("authentication")
+ .addTag("name").addText("ShiroProvider")
+ .addTag("enabled").addText("true")
+ .addTag( "param" )
+ .addTag("name").addText("main.ldapRealm")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+ .addTag( "param" )
+ .addTag("name").addText("main.ldapRealm.userDnTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag( "param" )
+ .addTag("name").addText("main.ldapRealm.contextFactory.url")
+ .addTag("value").addText(driver.getLdapUrl()).gotoParent()
+ .addTag( "param" )
+ .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+ .addTag("value").addText("simple").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+ .addTag("value").addText("true").gotoParent()
+ .addTag("param")
+ .addTag( "name").addText( "urls./**")
+ .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent()
+ .addTag( "provider" )
+ .addTag( "role" ).addText( "identity-assertion" )
+ .addTag( "enabled" ).addText( "true" )
+ .addTag( "name" ).addText( "Default" ).gotoParent()
+ .gotoRoot()
+ .addTag( "service")
+ .addTag("role").addText( "KNOX" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
+ private static XMLTag createTopology() {
+
+ XMLTag xml = XMLDoc.newDocument(true)
+ .addRoot("topology")
+ .addTag("gateway")
+ .addTag("provider")
+ .addTag("role").addText("authentication")
+ .addTag("name").addText("ShiroProvider")
+ .addTag("enabled").addText("true")
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+ .addTag("param" )
+ .addTag("name").addText("main.ldapGroupContextFactory")
+ .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.searchBase")
+ .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.groupObjectClass")
+ .addTag("value").addText("groupOfNames").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param" )
+ .addTag("name").addText("main.ldapRealm.memberAttribute")
+ .addTag("value").addText("member").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+ .addTag("value").addText("true").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+ .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+ .addTag( "value" ).addText("guest-password").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.userDnTemplate")
+ .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.url")
+ .addTag("value").addText(driver.getLdapUrl()).gotoParent()
+ .addTag("param")
+ .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+ .addTag("value").addText("simple").gotoParent()
+ .addTag("param")
+ .addTag("name" ).addText("urls./**")
+ .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
+ .addTag("provider" )
+ .addTag("role").addText( "identity-assertion" )
+ .addTag( "enabled").addText( "true" )
+ .addTag("name").addText( "Default" ).gotoParent()
+ .gotoRoot()
+ .addTag( "service" )
+ .addTag( "role" ).addText( "test-service-role" )
+ .gotoRoot();
+ // System.out.println( "GATEWAY=" + xml.toString() );
+ return xml;
+ }
+
+ @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
+ public void testLDAPAuth() throws Exception {
+ LOG_ENTER();
+
+// Test 1: Make sure authenication is successful and return groups
+ outContent.reset();
+ String username = "sam";
+ String password = "sam-password";
+ String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password,
+ "--g"};
+ KnoxCLI cli = new KnoxCLI();
+ cli.setConf(config);
+ cli.run(args);
+ assertThat(outContent.toString(), containsString("success"));
+ assertThat(outContent.toString(), containsString("analyst"));
+ assertThat(outContent.toString(), containsString("scientist"));
+
+// Test 2: Give an invalid name and password combinatinon.
+ outContent.reset();
+ cli = new KnoxCLI();
+ cli.setConf(config);
+ username = "bad-name";
+ password = "bad-password";
+ String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password};
+ Enumeration<Appender> before = NoOpAppender.setUp();
+ try {
+ cli.run( args2 );
+ } finally {
+ NoOpAppender.tearDown( before );
+ }
+ assertThat(outContent.toString(), containsString("LDAP authentication failed"));
+
+// Test 3: Authenticate a user who belongs to no groups, but specify groups with --g
+ outContent.reset();
+ cli = new KnoxCLI();
+ cli.setConf(config);
+ username = "guest";
+ password = "guest-password";
+ String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
+ "--u", username, "--p", password, "--g" };
+ cli.run(args3);
+ assertThat(outContent.toString(), containsString("LDAP authentication success"));
+ assertThat(outContent.toString(), containsString("does not belong to any groups"));
+
+ // Test 4: Pass a non-existent topology
+ outContent.reset();
+ cli = new KnoxCLI();
+ cli.setConf(config);
+ username = "guest";
+ password = "guest-password";
+ String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne",
+ "--u", username, "--p", password };
+ cli.run(args4);
+ assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist"));
+
+
+ // Test 5: Authenticate a user who belongs to no groups, but specify groups with --g
+ outContent.reset();
+ cli = new KnoxCLI();
+ cli.setConf(config);
+ username = "guest";
+ password = "guest-password";
+ String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
+ "--u", username, "--p", password };
+ cli.run( args5 );
+ assertThat(outContent.toString(), containsString("LDAP authentication success"));
+ assertThat(outContent.toString(), not(containsString("does not belong to any groups")));
+
+ LOG_EXIT();
+ }
+
+
+}