You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2017/02/05 21:37:19 UTC
[1/7] knox git commit: POC commit to feature branch
Repository: knox
Updated Branches:
refs/heads/master 0b161c91f -> 47c1f4ac2
POC commit to feature branch
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/d6fda9c8
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/d6fda9c8
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/d6fda9c8
Branch: refs/heads/master
Commit: d6fda9c8d6b8d51f931dd715a4792c000820051f
Parents: ebc2ac8
Author: Larry McCay <lm...@hortonworks.com>
Authored: Thu Jan 26 17:34:09 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Thu Jan 26 17:34:09 2017 -0500
----------------------------------------------------------------------
.../jwt/filter/JWTFederationFilter.java | 29 ++--
gateway-release/pom.xml | 4 +
gateway-service-knoxtoken/pom.xml | 67 +++++++++
.../service/knoxtoken/TokenResource.java | 149 +++++++++++++++++++
.../service/knoxtoken/TokenServiceMessages.java | 66 ++++++++
.../TokenServiceDeploymentContributor.java | 55 +++++++
....gateway.deploy.ServiceDeploymentContributor | 19 +++
.../service/knoxsso/WebSSOResourceTest.java | 71 +++++++++
.../hadoop/gateway/shell/AbstractRequest.java | 22 +++
.../org/apache/hadoop/gateway/shell/Hadoop.java | 86 +++++++++++
.../shell/KnoxTokenCredentialCollector.java | 75 ++++++++++
.../hadoop/gateway/shell/knox/token/Get.java | 57 +++++++
.../hadoop/gateway/shell/knox/token/Token.java | 29 ++++
...che.hadoop.gateway.shell.CredentialCollector | 3 +-
pom.xml | 6 +
15 files changed, 722 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
index 48bc51d..9a95421 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTFederationFilter.java
@@ -20,6 +20,7 @@ package org.apache.hadoop.gateway.provider.federation.jwt.filter;
import org.apache.commons.logging.Log;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.provider.federation.jwt.JWTMessages;
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
import org.apache.hadoop.gateway.services.GatewayServices;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
@@ -65,11 +66,12 @@ public class JWTFederationFilter implements Filter {
// what follows the bearer designator should be the JWT token being used to request or as an access token
String wireToken = header.substring(BEARER.length());
JWTToken token;
- try {
- token = JWTToken.parseToken(wireToken);
- } catch (ParseException e) {
- throw new ServletException("ParseException encountered while processing the JWT token: ", e);
- }
+// try {
+ token = new JWTToken(wireToken);
+// token = JWTToken.parseToken(wireToken);
+// } catch (ParseException e) {
+// throw new ServletException("ParseException encountered while processing the JWT token: ", e);
+// }
boolean verified = false;
try {
verified = authority.verifyToken(token);
@@ -78,8 +80,8 @@ public class JWTFederationFilter implements Filter {
}
if (verified) {
// TODO: validate expiration
- // confirm that audience matches intended target - which for this filter must be HSSO
- if (token.getAudience().equals("HSSO")) {
+ // confirm that audience matches intended target - which for this filter must be KNOXSSO
+ if (token.getIssuer().equals("KNOXSSO")) {
// TODO: verify that the user requesting access to the service/resource is authorized for it - need scopes?
Subject subject = createSubjectFromToken(token);
continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response, chain);
@@ -130,26 +132,23 @@ public class JWTFederationFilter implements Filter {
}
private Subject createSubjectFromToken(JWTToken token) {
- final String principal = token.getPrincipal();
+ final String principal = token.getSubject();
+ @SuppressWarnings("rawtypes")
HashSet emptySet = new HashSet();
Set<Principal> principals = new HashSet<Principal>();
- Principal p = new Principal() {
- @Override
- public String getName() {
- return principal;
- }
- };
+ Principal p = new PrimaryPrincipal(principal);
principals.add(p);
// The newly constructed Sets check whether this Subject has been set read-only
// before permitting subsequent modifications. The newly created Sets also prevent
// illegal modifications by ensuring that callers have sufficient permissions.
- //
+//
// To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").
// To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").
// To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals, emptySet, emptySet);
return subject;
}
+
}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-release/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-release/pom.xml b/gateway-release/pom.xml
index 5b3e7c1..09c38fd 100644
--- a/gateway-release/pom.xml
+++ b/gateway-release/pom.xml
@@ -196,6 +196,10 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
+ <artifactId>gateway-service-knoxtoken</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-rewrite</artifactId>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/pom.xml b/gateway-service-knoxtoken/pom.xml
new file mode 100644
index 0000000..7c1d805
--- /dev/null
+++ b/gateway-service-knoxtoken/pom.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway</artifactId>
+ <version>0.12.0-SNAPSHOT</version>
+ </parent>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-service-knoxtoken</artifactId>
+ <version>0.12.0-SNAPSHOT</version>
+ <name>gateway-service-knoxtoken</name>
+ <url>http://maven.apache.org</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-util-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-rewrite</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-jersey</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-test-utils</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency> </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
new file mode 100644
index 0000000..0d7688a
--- /dev/null
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.service.knoxtoken;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import javax.annotation.PostConstruct;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.services.GatewayServices;
+import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
+import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
+import org.apache.hadoop.gateway.util.JsonUtils;
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
+import static javax.ws.rs.core.MediaType.APPLICATION_XML;
+
+@Path( TokenResource.RESOURCE_PATH )
+public class TokenResource {
+ private static final String EXPIRES_IN = "expires_in";
+ private static final String TOKEN_TYPE = "token_type";
+ private static final String ACCESS_TOKEN = "access_token";
+ private static final String BEARER = "Bearer ";
+ private static final String TOKEN_TTL_PARAM = "knox.token.ttl";
+ private static final String TOKEN_AUDIENCES_PARAM = "knox.token.audiences";
+ static final String RESOURCE_PATH = "knoxtoken/api/v1/token";
+ private static TokenServiceMessages log = MessagesFactory.get( TokenServiceMessages.class );
+ private long tokenTTL = 30000l;
+ private String[] targetAudiences = null;
+
+ @Context
+ private HttpServletRequest request;
+
+ @Context
+ private HttpServletResponse response;
+
+ @Context
+ ServletContext context;
+
+ @PostConstruct
+ public void init() {
+
+ String audiences = context.getInitParameter(TOKEN_AUDIENCES_PARAM);
+ if (audiences != null) {
+ targetAudiences = audiences.split(",");
+ }
+
+ String ttl = context.getInitParameter(TOKEN_TTL_PARAM);
+ if (ttl != null) {
+ try {
+ tokenTTL = Long.parseLong(ttl);
+ }
+ catch (NumberFormatException nfe) {
+ log.invalidTokenTTLEncountered(ttl);
+ }
+ }
+ }
+
+ @GET
+ @Produces({APPLICATION_JSON, APPLICATION_XML})
+ public Response doGet() {
+ return getAuthenticationToken();
+ }
+
+ @POST
+ @Produces({APPLICATION_JSON, APPLICATION_XML})
+ public Response doPost() {
+ return getAuthenticationToken();
+ }
+
+ private Response getAuthenticationToken() {
+ GatewayServices services = (GatewayServices) request.getServletContext()
+ .getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+
+ JWTokenAuthority ts = services.getService(GatewayServices.TOKEN_SERVICE);
+ Principal p = ((HttpServletRequest)request).getUserPrincipal();
+ long expires = getExpiry();
+
+ try {
+ JWT token = null;
+ if (targetAudiences == null || targetAudiences.length == 0) {
+ token = ts.issueToken(p, "RS256", getExpiry());
+ } else {
+ ArrayList<String> aud = new ArrayList<String>();
+ for (int i = 0; i < targetAudiences.length; i++) {
+ aud.add(targetAudiences[i]);
+ }
+ token = ts.issueToken(p, aud, "RS256", expires);
+ }
+
+ String accessToken = token.toString();
+
+ HashMap<String, Object> map = new HashMap<String, Object>();
+ // TODO: populate map from JWT authorization code
+ map.put(ACCESS_TOKEN, accessToken);
+ map.put(TOKEN_TYPE, BEARER);
+ map.put(EXPIRES_IN, expires);
+
+ String jsonResponse = JsonUtils.renderAsJsonString(map);
+
+ response.getWriter().write(jsonResponse);
+ //KNOX-685: response.getWriter().flush();
+// return response; // break filter chain
+ return Response.ok().build();
+
+ }
+ catch (TokenServiceException | IOException e) {
+ log.unableToIssueToken(e);
+ }
+
+ return Response.ok().entity("{ \"Unable to acquire token.\" }").build();
+ }
+
+ private long getExpiry() {
+ long expiry = 0l;
+ if (tokenTTL == -1) {
+ expiry = -1;
+ }
+ else {
+ expiry = System.currentTimeMillis() + tokenTTL;
+ }
+ return expiry;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceMessages.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceMessages.java b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceMessages.java
new file mode 100644
index 0000000..b590614
--- /dev/null
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceMessages.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.service.knoxtoken;
+
+import org.apache.hadoop.gateway.i18n.messages.Message;
+import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
+import org.apache.hadoop.gateway.i18n.messages.Messages;
+import org.apache.hadoop.gateway.i18n.messages.StackTrace;
+
+@Messages(logger="org.apache.hadoop.gateway.service.knoxsso")
+public interface TokenServiceMessages {
+ @Message( level = MessageLevel.INFO, text = "About to redirect to original URL: {0}")
+ void aboutToRedirectToOriginal(String original);
+
+ @Message( level = MessageLevel.DEBUG, text = "Adding the following JWT token as a cookie: {0}")
+ void addingJWTCookie(String token);
+
+ @Message( level = MessageLevel.INFO, text = "Unable to find cookie with name: {0}")
+ void cookieNotFound(String name);
+
+ @Message( level = MessageLevel.ERROR, text = "Unable to properly send needed HTTP status code: {0}, {1}")
+ void unableToCloseOutputStream(String message, String string);
+
+ @Message( level = MessageLevel.ERROR, text = "Unable to add cookie to response. {0}: {1}")
+ void unableAddCookieToResponse(String message, String stackTrace);
+
+ @Message( level = MessageLevel.ERROR, text = "Original URL not found in request.")
+ void originalURLNotFound();
+
+ @Message( level = MessageLevel.INFO, text = "JWT cookie successfully added.")
+ void addedJWTCookie();
+
+ @Message( level = MessageLevel.ERROR, text = "Unable to issue token.")
+ void unableToIssueToken(@StackTrace( level = MessageLevel.DEBUG) Exception e);
+
+ @Message( level = MessageLevel.WARN, text = "The SSO cookie SecureOnly flag is set to FALSE and is therefore insecure.")
+ void cookieSecureOnly(boolean secureOnly);
+
+ @Message( level = MessageLevel.WARN, text = "The SSO cookie max age configuration is invalid: {0} - using default.")
+ void invalidMaxAgeEncountered(String age);
+
+ @Message( level = MessageLevel.WARN, text = "The SSO token time to live - ttl is invalid: {0} - using default.")
+ void invalidTokenTTLEncountered(String ttl);
+
+ @Message( level = MessageLevel.INFO, text = "The cookie max age is being set to: {0}.")
+ void setMaxAge(String age);
+
+ @Message( level = MessageLevel.ERROR, text = "The original URL: {0} for redirecting back after authentication is " +
+ "not valid according to the configured whitelist: {1}. See documentation for KnoxSSO Whitelisting.")
+ void whiteListMatchFail(String original, String whitelist);
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/deploy/TokenServiceDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/deploy/TokenServiceDeploymentContributor.java b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/deploy/TokenServiceDeploymentContributor.java
new file mode 100644
index 0000000..cc92732
--- /dev/null
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/deploy/TokenServiceDeploymentContributor.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.service.knoxtoken.deploy;
+
+import org.apache.hadoop.gateway.jersey.JerseyServiceDeploymentContributorBase;
+
+public class TokenServiceDeploymentContributor extends JerseyServiceDeploymentContributorBase {
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor#getRole()
+ */
+ @Override
+ public String getRole() {
+ return "KNOXTOKEN";
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor#getName()
+ */
+ @Override
+ public String getName() {
+ return "KnoxTokenService";
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.jersey.JerseyServiceDeploymentContributorBase#getPackages()
+ */
+ @Override
+ protected String[] getPackages() {
+ return new String[]{ "org.apache.hadoop.gateway.service.knoxtoken" };
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.jersey.JerseyServiceDeploymentContributorBase#getPatterns()
+ */
+ @Override
+ protected String[] getPatterns() {
+ return new String[]{ "knoxtoken/api/**?**" };
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor b/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor
new file mode 100644
index 0000000..d250459
--- /dev/null
+++ b/gateway-service-knoxtoken/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ServiceDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.service.knoxtoken.deploy.TokenServiceDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
new file mode 100644
index 0000000..73910dd
--- /dev/null
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.service.knoxsso;
+
+import org.apache.hadoop.gateway.util.RegExUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class WebSSOResourceTest {
+
+ @Test
+ public void testWhitelistMatching() throws Exception {
+ String whitelist = "^https?://.*example.com:8080/.*$;" +
+ "^https?://.*example.com/.*$;" +
+ "^https?://.*example2.com:\\d{0,9}/.*$;" +
+ "^https://.*example3.com:\\d{0,9}/.*$;" +
+ "^https?://localhost:\\d{0,9}/.*$;^/.*$";
+
+ // match on explicit hostname/domain and port
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example.com:8080/"));
+ // match on non-required port
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example.com/"));
+ // match on required but any port
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example2.com:1234/"));
+ // fail on missing port
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example2.com/"));
+ // fail on invalid port
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example.com:8081/"));
+ // fail on alphanumeric port
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example.com:A080/"));
+ // fail on invalid hostname/domain
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example.net:8080/"));
+ // fail on required port
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example2.com/"));
+ // fail on required https
+ Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
+ "http://host.example3.com/"));
+ // match on localhost and port
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "http://localhost:8080/"));
+ // match on local/relative path
+ Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
+ "/local/resource/"));
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractRequest.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractRequest.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractRequest.java
index 67ee7ad..4c5dfb3 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractRequest.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractRequest.java
@@ -28,6 +28,7 @@ import org.apache.http.message.BasicNameValuePair;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.List;
+import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.Future;
@@ -44,9 +45,30 @@ public abstract class AbstractRequest<T> {
}
protected CloseableHttpResponse execute(HttpRequest request ) throws IOException {
+ addHeaders(request, session.getHeaders());
return session.executeNow( request );
}
+ /**
+ * @param request
+ * @param headers
+ */
+ private void removeHeaders(HttpRequest request, Map<String, String> headers) {
+ for(String header : headers.keySet()) {
+ request.removeHeaders(header);
+ }
+ }
+
+ /**
+ * @param request
+ * @param headers
+ */
+ private void addHeaders(HttpRequest request, Map<String, String> headers) {
+ for(String header : headers.keySet()) {
+ request.setHeader(header, headers.get(header));
+ }
+ }
+
protected URIBuilder uri( String... parts ) throws URISyntaxException {
return new URIBuilder( session.base() + StringUtils.join( parts ) );
}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
index 1fe28b1..b2e186f 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
@@ -59,6 +59,8 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
+import java.util.HashMap;
+import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
@@ -80,6 +82,15 @@ public class Hadoop implements Closeable {
CloseableHttpClient client;
BasicHttpContext context;
ExecutorService executor;
+ Map<String, String> headers = new HashMap<String, String>();
+
+ public Map<String, String> getHeaders() {
+ return headers;
+ }
+
+ public void setHeaders(Map<String, String> headers) {
+ this.headers = headers;
+ }
public static Hadoop login( String url, String username, String password ) throws URISyntaxException {
return new Hadoop(ClientContext.with(username, password, url));
@@ -90,11 +101,29 @@ public class Hadoop implements Closeable {
.connection().secure(false).end());
}
+<<<<<<< Updated upstream
public Hadoop( ClientContext clientContext) throws HadoopException, URISyntaxException {
+=======
+ public static Hadoop login(String url, Map<String, String> headers) throws URISyntaxException {
+ return new Hadoop( url, headers, true );
+ }
+
+ private Hadoop( String url, Map<String, String> headers ) throws HadoopException, URISyntaxException {
+ this(url, null, null, false);
+ this.headers = headers;
+ }
+
+ private Hadoop( String url, String username, String password ) throws HadoopException, URISyntaxException {
+ this(url, username, password, false);
+ }
+
+ private Hadoop( String url, String username, String password, boolean secure ) throws HadoopException, URISyntaxException {
+>>>>>>> Stashed changes
this.executor = Executors.newCachedThreadPool();
this.base = clientContext.url();
try {
+<<<<<<< Updated upstream
client = createClient(clientContext);
} catch (GeneralSecurityException e) {
throw new HadoopException("Failed to create HTTP client.", e);
@@ -118,6 +147,63 @@ public class Hadoop implements Closeable {
+ "*******************************************");
}
+=======
+ if (!secure) {
+ client = createInsecureClient();
+ }
+ else {
+ client = createClient();
+ }
+ if (username != null && password != null) {
+ client.getCredentialsProvider().setCredentials(
+ new AuthScope( host.getHostName(), host.getPort() ),
+ new UsernamePasswordCredentials( username, password ) );
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme authScheme = new BasicScheme();
+ authCache.put( host, authScheme );
+ context = new BasicHttpContext();
+ context.setAttribute( ClientContext.AUTH_CACHE, authCache );
+ }
+ } catch( GeneralSecurityException e ) {
+ throw new HadoopException( "Failed to create HTTP client.", e );
+ }
+ }
+
+ private Hadoop(String url, Map<String,String> headers, boolean secure)
+ throws HadoopException, URISyntaxException {
+ this.executor = Executors.newCachedThreadPool();
+ this.base = url;
+ this.headers = headers;
+
+ URI uri = new URI( url );
+ host = new HttpHost( uri.getHost(), uri.getPort(), uri.getScheme() );
+
+ try {
+ if (!secure) {
+ client = createInsecureClient();
+ }
+ else {
+ client = createClient();
+ }
+ if (username != null && password != null) {
+ client.getCredentialsProvider().setCredentials(
+ new AuthScope( host.getHostName(), host.getPort() ),
+ new UsernamePasswordCredentials( username, password ) );
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme authScheme = new BasicScheme();
+ authCache.put( host, authScheme );
+ context = new BasicHttpContext();
+ context.setAttribute( ClientContext.AUTH_CACHE, authCache );
+ }
+ } catch( GeneralSecurityException e ) {
+ throw new HadoopException( "Failed to create HTTP client.", e );
+ }
+ }
+
+
+ private static DefaultHttpClient createClient() throws GeneralSecurityException {
+ SchemeRegistry registry = new SchemeRegistry();
+>>>>>>> Stashed changes
KeyStore trustStore = getTrustStore();
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, trustStrategy).build();
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
new file mode 100644
index 0000000..9972da2
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.hadoop.gateway.util.JsonUtils;
+
+public class KnoxTokenCredentialCollector extends AbstractCredentialCollector {
+ /**
+ *
+ */
+ private static final String KNOXTOKENCACHE = ".knoxtokencache";
+ public static final String COLLECTOR_TYPE = "KnoxToken";
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#collect()
+ */
+ @Override
+ public void collect() throws CredentialCollectionException {
+ String userDir = System.getProperty("user.home");
+ File knoxtoken = new File(userDir, KNOXTOKENCACHE);
+ if (knoxtoken.exists()) {
+ Path path = Paths.get(knoxtoken.toURI());
+ List<String> lines;
+ try {
+ lines = Files.readAllLines(path, StandardCharsets.UTF_8);
+ Map<String, String> attrs = JsonUtils.getMapFromJsonString(lines.get(0));
+ value = attrs.get("access_token");
+ Date expires = new Date(Long.parseLong(attrs.get("expires_in")));
+ if (expires.before(new Date())) {
+ System.out.println("Cached knox token has expired. Please relogin through knoxinit.");
+ System.exit(1);
+ }
+ } catch (IOException e) {
+ System.out.println("Cached knox token cannot be read. Please login through knoxinit.");
+ System.exit(1);
+ e.printStackTrace();
+ }
+ } else {
+ System.out.println("Cached knox token cannot be found. Please login through knoxinit.");
+ System.exit(1);
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#name()
+ */
+ @Override
+ public String type() {
+ return COLLECTOR_TYPE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Get.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Get.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Get.java
new file mode 100644
index 0000000..f946db5
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Get.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell.knox.token;
+
+import java.io.IOException;
+import java.util.concurrent.Callable;
+
+import org.apache.hadoop.gateway.shell.AbstractRequest;
+import org.apache.hadoop.gateway.shell.BasicResponse;
+import org.apache.hadoop.gateway.shell.Hadoop;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.utils.URIBuilder;
+
+/**
+ * Acquire a Knox access token for token based authentication
+ * to access REST APIs
+ */
+public class Get {
+ public static class Request extends AbstractRequest<Response> {
+ Request(Hadoop session) {
+ super(session);
+ }
+
+ protected Callable<Response> callable() {
+ return new Callable<Response>() {
+ @Override
+ public Response call() throws Exception {
+ URIBuilder uri = uri(Token.SERVICE_PATH);
+ HttpGet request = new HttpGet(uri.build());
+ return new Response(execute(request));
+ }
+ };
+ }
+ }
+
+ public static class Response extends BasicResponse {
+ Response(HttpResponse response) throws IOException {
+ super(response);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Token.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Token.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Token.java
new file mode 100644
index 0000000..b7f5115
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/knox/token/Token.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell.knox.token;
+
+import org.apache.hadoop.gateway.shell.Hadoop;
+
+public class Token {
+
+ static String SERVICE_PATH = "/knoxtoken/api/v1/token";
+
+ public static Get.Request get( Hadoop session ) {
+ return new Get.Request( session );
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector b/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
index eb6d5b8..e4f8462 100644
--- a/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
+++ b/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
@@ -17,4 +17,5 @@
##########################################################################
org.apache.hadoop.gateway.shell.ClearInputCredentialCollector
-org.apache.hadoop.gateway.shell.HiddenInputCredentialCollector
\ No newline at end of file
+org.apache.hadoop.gateway.shell.HiddenInputCredentialCollector
+org.apache.hadoop.gateway.shell.KnoxTokenCredentialCollector
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/d6fda9c8/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 43ad583..c317165 100644
--- a/pom.xml
+++ b/pom.xml
@@ -76,6 +76,7 @@
<module>gateway-service-hive</module>
<module>gateway-service-knoxsso</module>
<module>gateway-service-knoxssout</module>
+ <module>gateway-service-knoxtoken</module>
<module>gateway-service-webhdfs</module>
<module>gateway-service-tgs</module>
<module>gateway-service-storm</module>
@@ -582,6 +583,11 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
+ <artifactId>gateway-service-knoxtoken</artifactId>
+ <version>${gateway-version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
<artifactId>gateway-service-admin</artifactId>
<version>${gateway-version}</version>
</dependency>
[2/7] knox git commit: checkpoint
Posted by lm...@apache.org.
checkpoint
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/b5bf07d7
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/b5bf07d7
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/b5bf07d7
Branch: refs/heads/master
Commit: b5bf07d7d8ebee2861054a516d21c32912cd7f82
Parents: d6fda9c
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sun Jan 29 08:49:34 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sun Jan 29 08:49:34 2017 -0500
----------------------------------------------------------------------
gateway-shell/pom.xml | 4 +
.../org/apache/hadoop/gateway/shell/Hadoop.java | 110 ++-------
.../org/apache/hadoop/gateway/shell/KnoxSh.java | 246 +++++++++++++++++++
pom.xml | 5 +
4 files changed, 274 insertions(+), 91 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/b5bf07d7/gateway-shell/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-shell/pom.xml b/gateway-shell/pom.xml
index a6f1ea2..f17cfd8 100644
--- a/gateway-shell/pom.xml
+++ b/gateway-shell/pom.xml
@@ -65,6 +65,10 @@
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ </dependency>
+ <dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/b5bf07d7/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
index b2e186f..6bb6ba2 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
@@ -91,7 +91,7 @@ public class Hadoop implements Closeable {
public void setHeaders(Map<String, String> headers) {
this.headers = headers;
}
-
+
public static Hadoop login( String url, String username, String password ) throws URISyntaxException {
return new Hadoop(ClientContext.with(username, password, url));
}
@@ -101,29 +101,11 @@ public class Hadoop implements Closeable {
.connection().secure(false).end());
}
-<<<<<<< Updated upstream
public Hadoop( ClientContext clientContext) throws HadoopException, URISyntaxException {
-=======
- public static Hadoop login(String url, Map<String, String> headers) throws URISyntaxException {
- return new Hadoop( url, headers, true );
- }
-
- private Hadoop( String url, Map<String, String> headers ) throws HadoopException, URISyntaxException {
- this(url, null, null, false);
- this.headers = headers;
- }
-
- private Hadoop( String url, String username, String password ) throws HadoopException, URISyntaxException {
- this(url, username, password, false);
- }
-
- private Hadoop( String url, String username, String password, boolean secure ) throws HadoopException, URISyntaxException {
->>>>>>> Stashed changes
this.executor = Executors.newCachedThreadPool();
this.base = clientContext.url();
try {
-<<<<<<< Updated upstream
client = createClient(clientContext);
} catch (GeneralSecurityException e) {
throw new HadoopException("Failed to create HTTP client.", e);
@@ -147,63 +129,6 @@ public class Hadoop implements Closeable {
+ "*******************************************");
}
-=======
- if (!secure) {
- client = createInsecureClient();
- }
- else {
- client = createClient();
- }
- if (username != null && password != null) {
- client.getCredentialsProvider().setCredentials(
- new AuthScope( host.getHostName(), host.getPort() ),
- new UsernamePasswordCredentials( username, password ) );
- AuthCache authCache = new BasicAuthCache();
- BasicScheme authScheme = new BasicScheme();
- authCache.put( host, authScheme );
- context = new BasicHttpContext();
- context.setAttribute( ClientContext.AUTH_CACHE, authCache );
- }
- } catch( GeneralSecurityException e ) {
- throw new HadoopException( "Failed to create HTTP client.", e );
- }
- }
-
- private Hadoop(String url, Map<String,String> headers, boolean secure)
- throws HadoopException, URISyntaxException {
- this.executor = Executors.newCachedThreadPool();
- this.base = url;
- this.headers = headers;
-
- URI uri = new URI( url );
- host = new HttpHost( uri.getHost(), uri.getPort(), uri.getScheme() );
-
- try {
- if (!secure) {
- client = createInsecureClient();
- }
- else {
- client = createClient();
- }
- if (username != null && password != null) {
- client.getCredentialsProvider().setCredentials(
- new AuthScope( host.getHostName(), host.getPort() ),
- new UsernamePasswordCredentials( username, password ) );
- AuthCache authCache = new BasicAuthCache();
- BasicScheme authScheme = new BasicScheme();
- authCache.put( host, authScheme );
- context = new BasicHttpContext();
- context.setAttribute( ClientContext.AUTH_CACHE, authCache );
- }
- } catch( GeneralSecurityException e ) {
- throw new HadoopException( "Failed to create HTTP client.", e );
- }
- }
-
-
- private static DefaultHttpClient createClient() throws GeneralSecurityException {
- SchemeRegistry registry = new SchemeRegistry();
->>>>>>> Stashed changes
KeyStore trustStore = getTrustStore();
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, trustStrategy).build();
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
@@ -232,22 +157,25 @@ public class Hadoop implements Closeable {
// Auth
URI uri = URI.create(clientContext.url());
host = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
-
- CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
- credentialsProvider.setCredentials(
- new AuthScope(host.getHostName(), host.getPort()),
- new UsernamePasswordCredentials(clientContext.username(), clientContext.password()));
-
- AuthCache authCache = new BasicAuthCache();
- BasicScheme authScheme = new BasicScheme();
- authCache.put(host, authScheme);
- context = new BasicHttpContext();
- context.setAttribute(org.apache.http.client.protocol.HttpClientContext.AUTH_CACHE, authCache);
-
+
+ CredentialsProvider credentialsProvider = null;
+ if (clientContext.username() != null && clientContext.password() != null) {
+ credentialsProvider = new BasicCredentialsProvider();
+ credentialsProvider.setCredentials(
+ new AuthScope(host.getHostName(), host.getPort()),
+ new UsernamePasswordCredentials(clientContext.username(), clientContext.password()));
+
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme authScheme = new BasicScheme();
+ authCache.put(host, authScheme);
+ context = new BasicHttpContext();
+ context.setAttribute(org.apache.http.client.protocol.HttpClientContext.AUTH_CACHE, authCache);
+ }
return HttpClients.custom()
- .setConnectionManager(connectionManager)
- .setDefaultCredentialsProvider(credentialsProvider)
- .build();
+ .setConnectionManager(connectionManager)
+ .setDefaultCredentialsProvider(credentialsProvider)
+ .build();
+
}
private static KeyStore getTrustStore() throws GeneralSecurityException {
http://git-wip-us.apache.org/repos/asf/knox/blob/b5bf07d7/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
new file mode 100644
index 0000000..088bd6c
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
@@ -0,0 +1,246 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import org.apache.hadoop.gateway.shell.knox.token.Token;
+import org.apache.hadoop.gateway.util.JsonUtils;
+
+/**
+ *
+ */
+public class KnoxSh {
+
+ private static final String USAGE_PREFIX = "KnoxCLI {cmd} [options]";
+ final static private String COMMANDS =
+ " [--help]\n" +
+ " [" + KnoxInit.USAGE + "]\n" +
+ " [" + KnoxDestroy.USAGE + "]\n" +
+ " [" + KnoxList.USAGE + "]\n";
+
+ /** allows stdout to be captured if necessary */
+ public PrintStream out = System.out;
+ /** allows stderr to be captured if necessary */
+ public PrintStream err = System.err;
+
+ private Command command;
+ private String gateway = null;
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.util.Tool#run(java.lang.String[])
+ */
+ public int run(String[] args) throws Exception {
+ int exitCode = 0;
+ try {
+ exitCode = init(args);
+ if (exitCode != 0) {
+ return exitCode;
+ }
+ if (command != null && command.validate()) {
+ command.execute();
+ } else {
+ out.println("ERROR: Invalid Command" + "\n" + "Unrecognized option:" +
+ args[0] + "\n" +
+ "A fatal exception has occurred. Program will exit.");
+ exitCode = -2;
+ }
+ } catch (Exception e) {
+ e.printStackTrace( err );
+ err.flush();
+ return -3;
+ }
+ return exitCode;
+ }
+
+ /**
+ * Parse the command line arguments and initialize the data
+ * <pre>
+ * % knoxcli version
+ * % knoxcli service-test [--u user] [--p password] [--cluster clustername] [--hostname name] [--port port]
+ *
+ * </pre>
+ * @param args
+ * @return
+ * @throws IOException
+ */
+ private int init(String[] args) throws IOException {
+ if (args.length == 0) {
+ printKnoxShellUsage();
+ return -1;
+ }
+ for (int i = 0; i < args.length; i++) { // parse command line
+ if ( args[i].equals("destroy") ) {
+ command = new KnoxDestroy();
+ } else if ( args[i].equals("init") ) {
+ command = new KnoxInit();
+ } else if ( args[i].equals("list") ) {
+ command = new KnoxList();
+ } else if (args[i].equals("--gateway")) {
+ if( i+1 >= args.length || args[i+1].startsWith( "-" ) ) {
+ printKnoxShellUsage();
+ return -1;
+ }
+ this.gateway = args[++i];
+ } else if (args[i].equals("--help")) {
+ printKnoxShellUsage();
+ return -1;
+ } else {
+ printKnoxShellUsage();
+ //ToolRunner.printGenericCommandUsage(System.err);
+ return -1;
+ }
+ }
+ return 0;
+ }
+
+ private void printKnoxShellUsage() {
+ out.println( USAGE_PREFIX + "\n" + COMMANDS );
+ if ( command != null ) {
+ out.println(command.getUsage());
+ } else {
+ char[] chars = new char[79];
+ Arrays.fill( chars, '=' );
+ String div = new String( chars );
+
+ out.println( div );
+ out.println( KnoxInit.USAGE + "\n\n" + KnoxInit.DESC );
+ out.println();
+ out.println( div );
+ out.println(KnoxDestroy.USAGE + "\n\n" + KnoxDestroy.DESC);
+ out.println();
+ out.println( div );
+ out.println(KnoxList.USAGE + "\n\n" + KnoxList.DESC);
+ out.println();
+ out.println( div );
+ }
+ }
+
+ private abstract class Command {
+ public boolean validate() {
+ return true;
+ }
+
+ public abstract void execute() throws Exception;
+
+ public abstract String getUsage();
+ }
+
+ private class KnoxInit extends Command {
+
+ public static final String USAGE = "init";
+ public static final String DESC = "Initializes a Knox token session.";
+
+ @Override
+ public void execute() throws Exception {
+ Credentials credentials = new Credentials();
+ credentials.add("ClearInput", "Enter username: ", "user")
+ .add("HiddenInput", "Enter pas" + "sword: ", "pass");
+ credentials.collect();
+
+ String username = credentials.get("user").string();
+ String pass = credentials.get("pass").string();
+
+ if (gateway == null) {
+ gateway = System.getenv("GATEWAY_HOME");
+ }
+
+ Hadoop session = Hadoop.login(gateway, username, pass);
+
+ String text = Token.get( session ).now().toString();
+ Map<String, String> json = JsonUtils.getMapFromJsonString(text);
+
+ //println "Access Token: " + json.access_token
+ System.out.println("knoxinit successful!");
+ System.out.println("Token Type: " + json.get("token_type"));
+ System.out.println("Expires On: " + new Date(json.get("expires_in")));
+
+ File tokenfile = new File(System.getProperty("user.home"), ".knoxtokencache");
+ FileOutputStream fos = new FileOutputStream(tokenfile);
+ fos.write(text.getBytes("UTF-8"));
+
+ Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
+ fos.close();
+
+ //add owners permission only
+ perms.add(PosixFilePermission.OWNER_READ);
+ perms.add(PosixFilePermission.OWNER_WRITE);
+
+ Files.setPosixFilePermissions(Paths.get(System.getProperty("user.home") + "/.knoxtokencache"), perms);
+
+ session.shutdown();
+ }
+
+ @Override
+ public String getUsage() {
+ return USAGE + ":\n\n" + DESC;
+ }
+
+ }
+
+ private class KnoxDestroy extends Command {
+
+ public static final String USAGE = "version";
+ public static final String DESC = "Displays Knox version information.";
+
+ @Override
+ public void execute() throws Exception {
+ }
+
+ @Override
+ public String getUsage() {
+ return USAGE + ":\n\n" + DESC;
+ }
+
+ }
+
+ private class KnoxList extends Command {
+
+ public static final String USAGE = "version";
+ public static final String DESC = "Displays Knox version information.";
+
+ @Override
+ public void execute() throws Exception {
+ }
+
+ @Override
+ public String getUsage() {
+ return USAGE + ":\n\n" + DESC;
+ }
+
+ }
+
+ /**
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String[] args) throws Exception {
+ KnoxSh sh = new KnoxSh();
+ int res = sh.run(args);
+ System.exit(res);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/b5bf07d7/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c317165..ed49cd8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -790,6 +790,11 @@
<version>4.5.1</version>
</dependency>
<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ <version>4.4.6</version>
+ </dependency>
+ <dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.2</version>
[7/7] knox git commit: KNOX-850 - KnoxToken API for Acquiring a Knox
Access Token
Posted by lm...@apache.org.
KNOX-850 - KnoxToken API for Acquiring a Knox Access Token
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/47c1f4ac
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/47c1f4ac
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/47c1f4ac
Branch: refs/heads/master
Commit: 47c1f4ac2ec942cad7472f7aa3ef6201b96f1e0b
Parents: 0b161c9 fef119a
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sun Feb 5 16:22:53 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sun Feb 5 16:22:53 2017 -0500
----------------------------------------------------------------------
.../jwt/filter/JWTFederationFilter.java | 29 +-
gateway-release/pom.xml | 4 +
gateway-service-knoxtoken/pom.xml | 67 ++++
.../service/knoxtoken/TokenResource.java | 157 ++++++++++
.../service/knoxtoken/TokenServiceMessages.java | 66 ++++
.../TokenServiceDeploymentContributor.java | 55 ++++
....gateway.deploy.ServiceDeploymentContributor | 19 ++
.../knoxsso/TokenServiceResourceTest.java | 32 ++
.../hadoop/gateway/shell/AbstractRequest.java | 22 ++
.../hadoop/gateway/shell/ClientContext.java | 7 +-
.../org/apache/hadoop/gateway/shell/Hadoop.java | 50 ++-
.../org/apache/hadoop/gateway/shell/KnoxSh.java | 304 +++++++++++++++++++
.../shell/KnoxTokenCredentialCollector.java | 82 +++++
.../hadoop/gateway/shell/knox/token/Get.java | 57 ++++
.../hadoop/gateway/shell/knox/token/Token.java | 29 ++
...che.hadoop.gateway.shell.CredentialCollector | 3 +-
pom.xml | 13 +-
17 files changed, 963 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
[6/7] knox git commit: added error message for failed auth for token
acquisition
Posted by lm...@apache.org.
added error message for failed auth for token acquisition
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/fef119af
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/fef119af
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/fef119af
Branch: refs/heads/master
Commit: fef119af69f8145fefd0ab68d18afbbb5d98728e
Parents: 9032f64
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sun Feb 5 15:13:07 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sun Feb 5 15:13:07 2017 -0500
----------------------------------------------------------------------
.../org/apache/hadoop/gateway/shell/KnoxSh.java | 63 ++++++++++++--------
1 file changed, 37 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/fef119af/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
index 468b6b7..68fe771 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
@@ -35,6 +35,8 @@ import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
+
+import org.apache.hadoop.gateway.shell.knox.token.Get.Response;
import org.apache.hadoop.gateway.shell.knox.token.Token;
import org.apache.hadoop.gateway.util.JsonUtils;
@@ -170,33 +172,36 @@ public class KnoxSh {
String username = credentials.get("user").string();
String pass = credentials.get("pass").string();
-
- if (gateway == null) {
- gateway = System.getenv("GATEWAY_HOME");
+
+ Hadoop session = null;
+ Response response = null;
+ try {
+ session = Hadoop.login(gateway, username, pass);
+
+ response = Token.get( session ).now();
+ String text = response.getString();
+ Map<String, String> json = JsonUtils.getMapFromJsonString(text);
+
+ //println "Access Token: " + json.access_token
+ System.out.println("knoxinit successful!");
+ displayTokenDetails(json);
+
+ File tokenfile = new File(System.getProperty("user.home"), ".knoxtokencache");
+ FileOutputStream fos = new FileOutputStream(tokenfile);
+ fos.write(text.getBytes("UTF-8"));
+
+ Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
+ fos.close();
+
+ //add owners permission only
+ perms.add(PosixFilePermission.OWNER_READ);
+ perms.add(PosixFilePermission.OWNER_WRITE);
+
+ Files.setPosixFilePermissions(Paths.get(System.getProperty("user.home") + "/.knoxtokencache"), perms);
+ }
+ catch(HadoopException he) {
+ System.out.println("Failuire to acquire token. Please verify your credentials and Knox URL and try again.");
}
-
- Hadoop session = Hadoop.login(gateway, username, pass);
-
- String text = Token.get( session ).now().getString();
- Map<String, String> json = JsonUtils.getMapFromJsonString(text);
-
- //println "Access Token: " + json.access_token
- System.out.println("knoxinit successful!");
- displayTokenDetails(json);
-
- File tokenfile = new File(System.getProperty("user.home"), ".knoxtokencache");
- FileOutputStream fos = new FileOutputStream(tokenfile);
- fos.write(text.getBytes("UTF-8"));
-
- Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
- fos.close();
-
- //add owners permission only
- perms.add(PosixFilePermission.OWNER_READ);
- perms.add(PosixFilePermission.OWNER_WRITE);
-
- Files.setPosixFilePermissions(Paths.get(System.getProperty("user.home") + "/.knoxtokencache"), perms);
-
session.shutdown();
}
@@ -259,6 +264,12 @@ public class KnoxSh {
Calendar calendar = Calendar.getInstance();
calendar.setTimeInMillis(milliSeconds);
System.out.println("Expires On: " + formatter.format(calendar.getTime()));
+ String targetUrl = json.get("target_url");
+ if (targetUrl != null) {
+ System.out.println("Target URL: " + json.get("target_url"));
+ } else {
+ System.out.println("No specific target URL configured.");
+ }
}
private String readFile(String file) throws IOException {
[5/7] knox git commit: added targetUrl to json for token response
Posted by lm...@apache.org.
added targetUrl to json for token response
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9032f641
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9032f641
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9032f641
Branch: refs/heads/master
Commit: 9032f6416320679ffb2802a89bb610803fd4bbf0
Parents: 54281ba
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sat Feb 4 16:31:03 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sat Feb 4 16:31:03 2017 -0500
----------------------------------------------------------------------
.../service/knoxtoken/TokenResource.java | 10 ++-
.../knoxsso/TokenServiceResourceTest.java | 32 +++++++++
.../service/knoxsso/WebSSOResourceTest.java | 71 --------------------
.../shell/KnoxTokenCredentialCollector.java | 7 ++
4 files changed, 48 insertions(+), 72 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
index 0d7688a..16b3852 100644
--- a/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/hadoop/gateway/service/knoxtoken/TokenResource.java
@@ -45,13 +45,16 @@ public class TokenResource {
private static final String EXPIRES_IN = "expires_in";
private static final String TOKEN_TYPE = "token_type";
private static final String ACCESS_TOKEN = "access_token";
+ private static final String TARGET_URL = "target_url";
private static final String BEARER = "Bearer ";
private static final String TOKEN_TTL_PARAM = "knox.token.ttl";
private static final String TOKEN_AUDIENCES_PARAM = "knox.token.audiences";
+ private static final String TOKEN_TARGET_URL = "knox.token.target.url";
static final String RESOURCE_PATH = "knoxtoken/api/v1/token";
private static TokenServiceMessages log = MessagesFactory.get( TokenServiceMessages.class );
private long tokenTTL = 30000l;
private String[] targetAudiences = null;
+ private String tokenTargetUrl = null;
@Context
private HttpServletRequest request;
@@ -79,6 +82,8 @@ public class TokenResource {
log.invalidTokenTTLEncountered(ttl);
}
}
+
+ tokenTargetUrl = context.getInitParameter(TOKEN_TARGET_URL);
}
@GET
@@ -120,7 +125,10 @@ public class TokenResource {
map.put(ACCESS_TOKEN, accessToken);
map.put(TOKEN_TYPE, BEARER);
map.put(EXPIRES_IN, expires);
-
+ if (tokenTargetUrl != null) {
+ map.put(TARGET_URL, tokenTargetUrl);
+ }
+
String jsonResponse = JsonUtils.renderAsJsonString(map);
response.getWriter().write(jsonResponse);
http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java
new file mode 100644
index 0000000..f9aa676
--- /dev/null
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/TokenServiceResourceTest.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.service.knoxsso;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class TokenServiceResourceTest {
+
+ @Test
+ public void testTokenService() throws Exception {
+ Assert.assertTrue(true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
deleted file mode 100644
index 73910dd..0000000
--- a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.service.knoxsso;
-
-import org.apache.hadoop.gateway.util.RegExUtils;
-import org.junit.Assert;
-import org.junit.Test;
-
-/**
- *
- */
-public class WebSSOResourceTest {
-
- @Test
- public void testWhitelistMatching() throws Exception {
- String whitelist = "^https?://.*example.com:8080/.*$;" +
- "^https?://.*example.com/.*$;" +
- "^https?://.*example2.com:\\d{0,9}/.*$;" +
- "^https://.*example3.com:\\d{0,9}/.*$;" +
- "^https?://localhost:\\d{0,9}/.*$;^/.*$";
-
- // match on explicit hostname/domain and port
- Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
- "http://host.example.com:8080/"));
- // match on non-required port
- Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
- "http://host.example.com/"));
- // match on required but any port
- Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
- "http://host.example2.com:1234/"));
- // fail on missing port
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example2.com/"));
- // fail on invalid port
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example.com:8081/"));
- // fail on alphanumeric port
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example.com:A080/"));
- // fail on invalid hostname/domain
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example.net:8080/"));
- // fail on required port
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example2.com/"));
- // fail on required https
- Assert.assertFalse("Matched whitelist inappropriately", RegExUtils.checkWhitelist(whitelist,
- "http://host.example3.com/"));
- // match on localhost and port
- Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
- "http://localhost:8080/"));
- // match on local/relative path
- Assert.assertTrue("Failed to match whitelist", RegExUtils.checkWhitelist(whitelist,
- "/local/resource/"));
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/9032f641/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
index 9972da2..5fcf31a 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxTokenCredentialCollector.java
@@ -35,6 +35,8 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector {
*/
private static final String KNOXTOKENCACHE = ".knoxtokencache";
public static final String COLLECTOR_TYPE = "KnoxToken";
+ public String targetUrl = null;
+
/* (non-Javadoc)
* @see org.apache.hadoop.gateway.shell.CredentialCollector#collect()
*/
@@ -49,6 +51,7 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector {
lines = Files.readAllLines(path, StandardCharsets.UTF_8);
Map<String, String> attrs = JsonUtils.getMapFromJsonString(lines.get(0));
value = attrs.get("access_token");
+ targetUrl = attrs.get("target_url");
Date expires = new Date(Long.parseLong(attrs.get("expires_in")));
if (expires.before(new Date())) {
System.out.println("Cached knox token has expired. Please relogin through knoxinit.");
@@ -65,6 +68,10 @@ public class KnoxTokenCredentialCollector extends AbstractCredentialCollector {
}
}
+ public String getTargetUrl() {
+ return targetUrl;
+ }
+
/* (non-Javadoc)
* @see org.apache.hadoop.gateway.shell.CredentialCollector#name()
*/
[4/7] knox git commit: checkpoint
Posted by lm...@apache.org.
checkpoint
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/54281ba5
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/54281ba5
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/54281ba5
Branch: refs/heads/master
Commit: 54281ba585b67c8cd387c0076bc9d86184fd8351
Parents: b8a2b11
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sat Feb 4 15:04:47 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sat Feb 4 15:04:47 2017 -0500
----------------------------------------------------------------------
gateway-shell/pom.xml | 5 --
.../hadoop/gateway/shell/ClientContext.java | 7 ++-
.../org/apache/hadoop/gateway/shell/Hadoop.java | 8 ++-
.../org/apache/hadoop/gateway/shell/KnoxSh.java | 53 ++++++++++++++++++--
4 files changed, 63 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/54281ba5/gateway-shell/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-shell/pom.xml b/gateway-shell/pom.xml
index a91ade1..a6f1ea2 100644
--- a/gateway-shell/pom.xml
+++ b/gateway-shell/pom.xml
@@ -65,11 +65,6 @@
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpcore</artifactId>
- <version>4.4.6</version>
- </dependency>
- <dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/knox/blob/54281ba5/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClientContext.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClientContext.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClientContext.java
index 6055f68..b83daf4 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClientContext.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClientContext.java
@@ -191,6 +191,12 @@ public class ClientContext {
return context;
}
+ public static ClientContext with(final String url) {
+ ClientContext context = new ClientContext();
+ context.configuration.addProperty("url", url);
+ return context;
+ }
+
public String username() {
return configuration.getString("username");
}
@@ -202,5 +208,4 @@ public class ClientContext {
public String url() {
return configuration.getString("url");
}
-
}
http://git-wip-us.apache.org/repos/asf/knox/blob/54281ba5/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
index 6bb6ba2..ed0feb3 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java
@@ -91,7 +91,13 @@ public class Hadoop implements Closeable {
public void setHeaders(Map<String, String> headers) {
this.headers = headers;
}
-
+
+ public static Hadoop login( String url, Map<String,String> headers ) throws URISyntaxException {
+ Hadoop instance = new Hadoop(ClientContext.with(url));
+ instance.setHeaders(headers);
+ return instance;
+ }
+
public static Hadoop login( String url, String username, String password ) throws URISyntaxException {
return new Hadoop(ClientContext.with(username, password, url));
}
http://git-wip-us.apache.org/repos/asf/knox/blob/54281ba5/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
index 088bd6c..468b6b7 100644
--- a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/KnoxSh.java
@@ -17,14 +17,20 @@
*/
package org.apache.hadoop.gateway.shell;
+import java.io.BufferedReader;
import java.io.File;
+import java.io.FileInputStream;
import java.io.FileOutputStream;
+import java.io.FileReader;
import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
import java.util.Arrays;
+import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
@@ -171,13 +177,12 @@ public class KnoxSh {
Hadoop session = Hadoop.login(gateway, username, pass);
- String text = Token.get( session ).now().toString();
+ String text = Token.get( session ).now().getString();
Map<String, String> json = JsonUtils.getMapFromJsonString(text);
//println "Access Token: " + json.access_token
System.out.println("knoxinit successful!");
- System.out.println("Token Type: " + json.get("token_type"));
- System.out.println("Expires On: " + new Date(json.get("expires_in")));
+ displayTokenDetails(json);
File tokenfile = new File(System.getProperty("user.home"), ".knoxtokencache");
FileOutputStream fos = new FileOutputStream(tokenfile);
@@ -209,6 +214,8 @@ public class KnoxSh {
@Override
public void execute() throws Exception {
+ File tokenfile = new File(System.getProperty("user.home"), ".knoxtokencache");
+ tokenfile.delete();
}
@Override
@@ -225,6 +232,14 @@ public class KnoxSh {
@Override
public void execute() throws Exception {
+ String tokenfile = readFile(
+ System.getProperty("user.home") +
+ File.separator + ".knoxtokencache");
+
+ if (tokenfile != null) {
+ Map<String, String> json = JsonUtils.getMapFromJsonString(tokenfile);
+ displayTokenDetails(json);
+ }
}
@Override
@@ -234,6 +249,38 @@ public class KnoxSh {
}
+ private void displayTokenDetails(Map<String, String> json) {
+ System.out.println("Token Type: " + json.get("token_type"));
+
+ DateFormat formatter = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss");
+
+ long milliSeconds= Long.parseLong(json.get("expires_in"));
+
+ Calendar calendar = Calendar.getInstance();
+ calendar.setTimeInMillis(milliSeconds);
+ System.out.println("Expires On: " + formatter.format(calendar.getTime()));
+ }
+
+ private String readFile(String file) throws IOException {
+ BufferedReader reader = new BufferedReader(new FileReader (file));
+ String line = null;
+ String content = null;
+ StringBuilder stringBuilder = new StringBuilder();
+ String ls = System.getProperty("line.separator");
+
+ try {
+ while((line = reader.readLine()) != null) {
+ stringBuilder.append(line);
+ stringBuilder.append(ls);
+ }
+
+ content = stringBuilder.toString();
+ } finally {
+ reader.close();
+ }
+ return content;
+}
+
/**
* @param args
* @throws Exception
[3/7] knox git commit: checkpoint
Posted by lm...@apache.org.
checkpoint
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/b8a2b11e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/b8a2b11e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/b8a2b11e
Branch: refs/heads/master
Commit: b8a2b11e717dee7ad79257753b42b06e080ab2cf
Parents: b5bf07d
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sun Jan 29 10:09:14 2017 -0500
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sun Jan 29 10:09:14 2017 -0500
----------------------------------------------------------------------
gateway-shell/pom.xml | 3 ++-
pom.xml | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/b8a2b11e/gateway-shell/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-shell/pom.xml b/gateway-shell/pom.xml
index f17cfd8..a91ade1 100644
--- a/gateway-shell/pom.xml
+++ b/gateway-shell/pom.xml
@@ -67,7 +67,8 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
- </dependency>
+ <version>4.4.6</version>
+ </dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
http://git-wip-us.apache.org/repos/asf/knox/blob/b8a2b11e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index ed49cd8..d6a8e41 100644
--- a/pom.xml
+++ b/pom.xml
@@ -787,13 +787,13 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.5.1</version>
+ <version>4.5.2</version>
</dependency>
- <dependency>
+ <!-- dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.6</version>
- </dependency>
+ </dependency-->
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>