You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/09/01 13:17:39 UTC
[41/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
deleted file mode 100644
index d67b811..0000000
--- a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.hadoop.groups.filter;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-/**
- * Messages for provider - HadoopGroupProvider
- *
- * @since 0.11
- */
-
-@Messages(logger="org.apache.hadoop.gateway")
-public interface HadoopGroupProviderMessages {
-
- @Message( level = MessageLevel.ERROR, text = "Error getting groups for principal {0}" )
- void errorGettingUserGroups(final String principal , @StackTrace( level = MessageLevel.DEBUG ) Exception e );
-
- @Message( level = MessageLevel.INFO, text = "No groups for principal {0} found" )
- void noGroupsFound(final String principal);
-
- @Message( level = MessageLevel.DEBUG, text = "Found groups for principal {0} : {1}" )
- void groupsFound(final String principal, final String groups );
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java
new file mode 100644
index 0000000..d04713d
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributor.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
+
+/**
+ * A provider deployment contributor for looking up authenticated user groups as
+ * seen by Hadoop implementation.
+ *
+ * @since 0.11.0
+ */
+
+public class HadoopGroupProviderDeploymentContributor
+ extends AbstractIdentityAsserterDeploymentContributor {
+
+ /**
+ * Name of our <b>identity-assertion</b> provider.
+ */
+ public static final String HADOOP_GROUP_PROVIDER = "HadoopGroupProvider";
+
+ /* create an instance */
+ public HadoopGroupProviderDeploymentContributor() {
+ super();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * ProviderDeploymentContributor#getName()
+ */
+ @Override
+ public String getName() {
+ return HADOOP_GROUP_PROVIDER;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.hadoop.gateway.identityasserter.common.filter.
+ * AbstractIdentityAsserterDeploymentContributor#getFilterClassname()
+ */
+ @Override
+ protected String getFilterClassname() {
+ return HadoopGroupProviderFilter.class.getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
new file mode 100644
index 0000000..7709f68
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilter.java
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
+import org.apache.hadoop.security.GroupMappingServiceProvider;
+import org.apache.hadoop.security.Groups;
+
+/**
+ * A filter that integrates the Hadoop {@link GroupMappingServiceProvider} for
+ * looking up group membership of the authenticated (asserted) identity.
+ *
+ * @since 0.11.0
+ */
+public class HadoopGroupProviderFilter extends CommonIdentityAssertionFilter {
+
+ /**
+ * Logging
+ */
+ public static HadoopGroupProviderMessages LOG = MessagesFactory
+ .get(HadoopGroupProviderMessages.class);
+
+ /**
+ * Configuration object needed by for hadoop classes
+ */
+ private Configuration hadoopConfig;
+
+ /**
+ * Hadoop Groups implementation.
+ */
+ private Groups hadoopGroups;
+
+ /* create an instance */
+ public HadoopGroupProviderFilter() {
+ super();
+ }
+
+ @Override
+ public void init(final FilterConfig filterConfig) throws ServletException {
+ super.init(filterConfig);
+
+ try {
+ hadoopConfig = new Configuration(false);
+
+ if (filterConfig.getInitParameterNames() != null) {
+
+ for (final Enumeration<String> keys = filterConfig
+ .getInitParameterNames(); keys.hasMoreElements();) {
+
+ final String key = keys.nextElement();
+ hadoopConfig.set(key, filterConfig.getInitParameter(key));
+
+ }
+
+ }
+ hadoopGroups = new Groups(hadoopConfig);
+
+ } catch (final Exception e) {
+ throw new ServletException(e);
+ }
+
+ }
+
+ /**
+ * Query the Hadoop implementation of {@link Groups} to retrieve groups for
+ * provided user.
+ */
+ public String[] mapGroupPrincipals(final String mappedPrincipalName,
+ final Subject subject) {
+ /* return the groups as seen by Hadoop */
+ String[] groups = null;
+ try {
+ final List<String> groupList = hadoopGroups
+ .getGroups(mappedPrincipalName);
+ LOG.groupsFound(mappedPrincipalName, groupList.toString());
+ groups = groupList.toArray(new String[0]);
+
+ } catch (final IOException e) {
+ if (e.toString().contains("No groups found for user")) {
+ /* no groups found move on */
+ LOG.noGroupsFound(mappedPrincipalName);
+ } else {
+ /* Log the error and return empty group */
+ LOG.errorGettingUserGroups(mappedPrincipalName, e);
+ }
+ groups = new String[0];
+ }
+ return groups;
+ }
+
+ public String mapUserPrincipal(final String principalName) {
+ /* return the passed principal */
+ return principalName;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
new file mode 100644
index 0000000..311b00a
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderMessages.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import org.apache.knox.gateway.i18n.messages.Message;
+import org.apache.knox.gateway.i18n.messages.MessageLevel;
+import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.i18n.messages.StackTrace;
+
+/**
+ * Messages for provider - HadoopGroupProvider
+ *
+ * @since 0.11
+ */
+
+@Messages(logger="org.apache.hadoop.gateway")
+public interface HadoopGroupProviderMessages {
+
+ @Message( level = MessageLevel.ERROR, text = "Error getting groups for principal {0}" )
+ void errorGettingUserGroups(final String principal , @StackTrace( level = MessageLevel.DEBUG ) Exception e );
+
+ @Message( level = MessageLevel.INFO, text = "No groups for principal {0} found" )
+ void noGroupsFound(final String principal);
+
+ @Message( level = MessageLevel.DEBUG, text = "Found groups for principal {0} : {1}" )
+ void groupsFound(final String principal, final String groups );
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 5445ddc..0000000
--- a/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.identityasserter.hadoop.groups.filter.HadoopGroupProviderDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..2191300
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.identityasserter.hadoop.groups.filter.HadoopGroupProviderDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
deleted file mode 100644
index b146b7c..0000000
--- a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.hadoop.groups.filter;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.fail;
-
-import java.util.Iterator;
-import java.util.ServiceLoader;
-
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
-import org.junit.Test;
-
-/**
- * Test for {@link HadoopGroupProviderDeploymentContributor}
- * @since 0.11
- */
-public class HadoopGroupProviderDeploymentContributorTest {
-
- @Test
- public void testServiceLoader() throws Exception {
-
- ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader
- .load(ProviderDeploymentContributor.class);
-
- Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
- assertThat("Service iterator empty.", iterator.hasNext());
- while (iterator.hasNext()) {
- Object object = iterator.next();
- if (object instanceof HadoopGroupProviderDeploymentContributor) {
- return;
- }
- }
- fail("Failed to find "
- + HadoopGroupProviderDeploymentContributor.class.getName()
- + " via service loader.");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
deleted file mode 100644
index c8305fa..0000000
--- a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.hadoop.groups.filter;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Vector;
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-import org.apache.hadoop.security.LdapGroupsMapping;
-import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;
-import org.easymock.EasyMock;
-import org.junit.Test;
-
-/**
- * Test for {@link HadoopGroupProviderFilter}
- *
- * @since 0.11.0
- */
-public class HadoopGroupProviderFilterTest {
-
- /**
- * System username
- */
- private static final String failUsername = "highly_unlikely_username_to_have";
-
- /**
- * System username
- */
- private static final String username = System.getProperty("user.name");
-
- /**
- * Configuration object needed by for hadoop classes
- */
-
- /**
- * Hadoop Groups implementation.
- */
-
- /* create an instance */
- public HadoopGroupProviderFilterTest() {
- super();
- }
-
- /**
- * Test that valid groups are retrieved for a legitimate user.
- *
- * @throws ServletException
- */
- @Test
- public void testGroups() throws ServletException {
-
- final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- ServletContext context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
-
- final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
-
- final Subject subject = new Subject();
- subject.getPrincipals().add(new PrimaryPrincipal(username));
-
- filter.init(config);
- final String principal = filter.mapUserPrincipal(
- ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
- .getName());
- final String[] groups = filter.mapGroupPrincipals(principal, subject);
-
- assertThat(principal, is(username));
- assertThat(
- "No groups assosciated with the user, most likely this is a failure, it is only OK when 'bash -c groups' command returns 0 groups. ",
- groups.length > 0);
-
- }
-
- /**
- * Test that no groups are retrieved for a dummy user.
- *
- * @throws ServletException
- */
- @Test
- public void testUnknownUser() throws ServletException {
-
- final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- ServletContext context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
-
- final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
-
- final Subject subject = new Subject();
- subject.getPrincipals().add(new PrimaryPrincipal(failUsername));
-
- filter.init(config);
- final String principal = filter.mapUserPrincipal(
- ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
- .getName());
- final String[] groups = filter.mapGroupPrincipals(principal, subject);
-
- assertThat(principal, is(failUsername));
- assertThat(
- "Somehow groups were found for this user, how is it possible ! check 'bash -c groups' command ",
- groups.length == 0);
-
- }
-
- /**
- * Test for a bad config (nonexistent). This test proves, we are not falling
- * back on {@link ShellBasedUnixGroupsMapping} because we explicitly use
- * {@link LdapGroupsMapping} and in case of bad config we get empty groups
- * (Hadoop way).
- *
- * @throws ServletException
- */
- @SuppressWarnings({ "unchecked", "rawtypes" })
- @Test
- public void badConfigTest() throws ServletException {
-
- final List<String> keysList = Arrays.asList("hadoop.security.group.mapping",
- "hadoop.security.group.mapping.ldap.bind.user",
- "hadoop.security.group.mapping.ldap.bind.password",
- "hadoop.security.group.mapping.ldap.url",
- "hadoop.security.group.mapping.ldap.search.filter.group",
- "hadoop.security.group.mapping.ldap.search.attr.member",
- "hadoop.security.group.mapping.ldap.search.filter.user");
-
- final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- ServletContext context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
-
- EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping"))
- .andReturn("org.apache.hadoop.security.LdapGroupsMapping").anyTimes();
- EasyMock
- .expect(config
- .getInitParameter("hadoop.security.group.mapping.ldap.bind.user"))
- .andReturn("uid=dummy,ou=people,dc=hadoop,dc=apache,dc=org").anyTimes();
- EasyMock
- .expect(config.getInitParameter(
- "hadoop.security.group.mapping.ldap.bind.password"))
- .andReturn("unbind-me-please").anyTimes();
- EasyMock
- .expect(
- config.getInitParameter("hadoop.security.group.mapping.ldap.url"))
- .andReturn("ldap://nomansland:33389").anyTimes();
- EasyMock
- .expect(config.getInitParameter(
- "hadoop.security.group.mapping.ldap.search.filter.group"))
- .andReturn("(objectclass=groupOfNames)").anyTimes();
- EasyMock
- .expect(config.getInitParameter(
- "hadoop.security.group.mapping.ldap.search.attr.member"))
- .andReturn("member").anyTimes();
- EasyMock
- .expect(config.getInitParameter(
- "hadoop.security.group.mapping.ldap.search.filter.user"))
- .andReturn(
- "(&(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))")
- .anyTimes();
- EasyMock.expect(config.getInitParameterNames())
- .andReturn(new Vector(keysList).elements()).anyTimes();
-
- EasyMock.replay( config );
- EasyMock.replay( context );
-
- final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
-
- final Subject subject = new Subject();
- subject.getPrincipals().add(new PrimaryPrincipal(username));
-
- filter.init(config);
- final String principal = filter.mapUserPrincipal(
- ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
- .getName());
- final String[] groups = filter.mapGroupPrincipals(principal, subject);
-
- assertThat(principal, is(username));
-
- /*
- * Unfortunately, Hadoop does not let us know what went wrong all we get is
- * empty groups
- */
- assertThat(groups.length, is(0));
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
deleted file mode 100644
index fee2438..0000000
--- a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/hadoop/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.hadoop.groups.filter;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-
-import java.util.List;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.Groups;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- * Test Hadoop {@link Groups} class. Basically to make sure that the
- * interface we depend on does not change.
- *
- * @since 0.11.0
- */
-public class HadoopGroupsTest {
-
- /**
- * Use the default group mapping
- */
- public static final String GROUP_MAPPING = "org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback";
-
- /**
- * Username
- */
- private String username;
-
- /**
- * Configuration object needed by for hadoop classes
- */
- private Configuration hadoopConfig;
-
- /**
- * Hadoop Groups implementation.
- */
- private Groups hadoopGroups;
-
- /* create instance */
- public HadoopGroupsTest() {
- super();
- }
-
- @Before
- public void init() {
- username = System.getProperty("user.name");
-
- hadoopConfig = new Configuration(false);
-
- hadoopConfig.set("hadoop.security.group.mapping", GROUP_MAPPING);
-
- hadoopGroups = new Groups(hadoopConfig);
-
- }
-
- /**
- * Test Groups on the machine running the unit test.
- */
- @Test
- public void testLocalGroups() throws Exception {
-
- final List<String> groupList = hadoopGroups.getGroups(username);
-
- assertThat("No groups found for user " + username, !groupList.isEmpty());
-
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
new file mode 100644
index 0000000..ce86f02
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderDeploymentContributorTest.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributor;
+import org.junit.Test;
+
+/**
+ * Test for {@link HadoopGroupProviderDeploymentContributor}
+ * @since 0.11
+ */
+public class HadoopGroupProviderDeploymentContributorTest {
+
+ @Test
+ public void testServiceLoader() throws Exception {
+
+ ServiceLoader<ProviderDeploymentContributor> loader = ServiceLoader
+ .load(ProviderDeploymentContributor.class);
+
+ Iterator<ProviderDeploymentContributor> iterator = loader.iterator();
+ assertThat("Service iterator empty.", iterator.hasNext());
+ while (iterator.hasNext()) {
+ Object object = iterator.next();
+ if (object instanceof HadoopGroupProviderDeploymentContributor) {
+ return;
+ }
+ }
+ fail("Failed to find "
+ + HadoopGroupProviderDeploymentContributor.class.getName()
+ + " via service loader.");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
new file mode 100644
index 0000000..d5f5501
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupProviderFilterTest.java
@@ -0,0 +1,218 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Vector;
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
+import org.apache.knox.gateway.security.PrimaryPrincipal;
+import org.apache.hadoop.security.LdapGroupsMapping;
+import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;
+import org.easymock.EasyMock;
+import org.junit.Test;
+
+/**
+ * Test for {@link HadoopGroupProviderFilter}
+ *
+ * @since 0.11.0
+ */
+public class HadoopGroupProviderFilterTest {
+
+ /**
+ * System username
+ */
+ private static final String failUsername = "highly_unlikely_username_to_have";
+
+ /**
+ * System username
+ */
+ private static final String username = System.getProperty("user.name");
+
+ /**
+ * Configuration object needed by for hadoop classes
+ */
+
+ /**
+ * Hadoop Groups implementation.
+ */
+
+ /* create an instance */
+ public HadoopGroupProviderFilterTest() {
+ super();
+ }
+
+ /**
+ * Test that valid groups are retrieved for a legitimate user.
+ *
+ * @throws ServletException
+ */
+ @Test
+ public void testGroups() throws ServletException {
+
+ final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
+ EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+ ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+ EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+ EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+ EasyMock.replay( config );
+ EasyMock.replay( context );
+
+ final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
+
+ final Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal(username));
+
+ filter.init(config);
+ final String principal = filter.mapUserPrincipal(
+ ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
+ .getName());
+ final String[] groups = filter.mapGroupPrincipals(principal, subject);
+
+ assertThat(principal, is(username));
+ assertThat(
+ "No groups assosciated with the user, most likely this is a failure, it is only OK when 'bash -c groups' command returns 0 groups. ",
+ groups.length > 0);
+
+ }
+
+ /**
+ * Test that no groups are retrieved for a dummy user.
+ *
+ * @throws ServletException
+ */
+ @Test
+ public void testUnknownUser() throws ServletException {
+
+ final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
+ EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+ ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+ EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+ EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+ EasyMock.replay( config );
+ EasyMock.replay( context );
+
+ final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
+
+ final Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal(failUsername));
+
+ filter.init(config);
+ final String principal = filter.mapUserPrincipal(
+ ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
+ .getName());
+ final String[] groups = filter.mapGroupPrincipals(principal, subject);
+
+ assertThat(principal, is(failUsername));
+ assertThat(
+ "Somehow groups were found for this user, how is it possible ! check 'bash -c groups' command ",
+ groups.length == 0);
+
+ }
+
+ /**
+ * Test for a bad config (nonexistent). This test proves, we are not falling
+ * back on {@link ShellBasedUnixGroupsMapping} because we explicitly use
+ * {@link LdapGroupsMapping} and in case of bad config we get empty groups
+ * (Hadoop way).
+ *
+ * @throws ServletException
+ */
+ @SuppressWarnings({ "unchecked", "rawtypes" })
+ @Test
+ public void badConfigTest() throws ServletException {
+
+ final List<String> keysList = Arrays.asList("hadoop.security.group.mapping",
+ "hadoop.security.group.mapping.ldap.bind.user",
+ "hadoop.security.group.mapping.ldap.bind.password",
+ "hadoop.security.group.mapping.ldap.url",
+ "hadoop.security.group.mapping.ldap.search.filter.group",
+ "hadoop.security.group.mapping.ldap.search.attr.member",
+ "hadoop.security.group.mapping.ldap.search.filter.user");
+
+ final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
+ EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+ ServletContext context = EasyMock.createNiceMock(ServletContext.class);
+ EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
+ EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
+
+ EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping"))
+ .andReturn("org.apache.hadoop.security.LdapGroupsMapping").anyTimes();
+ EasyMock
+ .expect(config
+ .getInitParameter("hadoop.security.group.mapping.ldap.bind.user"))
+ .andReturn("uid=dummy,ou=people,dc=hadoop,dc=apache,dc=org").anyTimes();
+ EasyMock
+ .expect(config.getInitParameter(
+ "hadoop.security.group.mapping.ldap.bind.password"))
+ .andReturn("unbind-me-please").anyTimes();
+ EasyMock
+ .expect(
+ config.getInitParameter("hadoop.security.group.mapping.ldap.url"))
+ .andReturn("ldap://nomansland:33389").anyTimes();
+ EasyMock
+ .expect(config.getInitParameter(
+ "hadoop.security.group.mapping.ldap.search.filter.group"))
+ .andReturn("(objectclass=groupOfNames)").anyTimes();
+ EasyMock
+ .expect(config.getInitParameter(
+ "hadoop.security.group.mapping.ldap.search.attr.member"))
+ .andReturn("member").anyTimes();
+ EasyMock
+ .expect(config.getInitParameter(
+ "hadoop.security.group.mapping.ldap.search.filter.user"))
+ .andReturn(
+ "(&(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))")
+ .anyTimes();
+ EasyMock.expect(config.getInitParameterNames())
+ .andReturn(new Vector(keysList).elements()).anyTimes();
+
+ EasyMock.replay( config );
+ EasyMock.replay( context );
+
+ final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
+
+ final Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal(username));
+
+ filter.init(config);
+ final String principal = filter.mapUserPrincipal(
+ ((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0])
+ .getName());
+ final String[] groups = filter.mapGroupPrincipals(principal, subject);
+
+ assertThat(principal, is(username));
+
+ /*
+ * Unfortunately, Hadoop does not let us know what went wrong all we get is
+ * empty groups
+ */
+ assertThat(groups.length, is(0));
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
new file mode 100644
index 0000000..fa5e48c
--- /dev/null
+++ b/gateway-provider-identity-assertion-hadoop-groups/src/test/java/org/apache/knox/gateway/identityasserter/hadoop/groups/filter/HadoopGroupsTest.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.hadoop.groups.filter;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+
+import java.util.List;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.Groups;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Test Hadoop {@link Groups} class. Basically to make sure that the
+ * interface we depend on does not change.
+ *
+ * @since 0.11.0
+ */
+public class HadoopGroupsTest {
+
+ /**
+ * Use the default group mapping
+ */
+ public static final String GROUP_MAPPING = "org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback";
+
+ /**
+ * Username
+ */
+ private String username;
+
+ /**
+ * Configuration object needed by for hadoop classes
+ */
+ private Configuration hadoopConfig;
+
+ /**
+ * Hadoop Groups implementation.
+ */
+ private Groups hadoopGroups;
+
+ /* create instance */
+ public HadoopGroupsTest() {
+ super();
+ }
+
+ @Before
+ public void init() {
+ username = System.getProperty("user.name");
+
+ hadoopConfig = new Configuration(false);
+
+ hadoopConfig.set("hadoop.security.group.mapping", GROUP_MAPPING);
+
+ hadoopGroups = new Groups(hadoopConfig);
+
+ }
+
+ /**
+ * Test Groups on the machine running the unit test.
+ */
+ @Test
+ public void testLocalGroups() throws Exception {
+
+ final List<String> groupList = hadoopGroups.getGroups(username);
+
+ assertThat("No groups found for user " + username, !groupList.isEmpty());
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
deleted file mode 100644
index c4ada6b..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/IdentityAsserterMessages.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-@Messages(logger="org.apache.hadoop.gateway")
-public interface IdentityAsserterMessages {
-
- @Message( level = MessageLevel.WARN, text = "Skipping unencodable parameter {0}={1}, {2}: {3}" )
- void skippingUnencodableParameter( String name, String value, String encoding, @StackTrace( level = MessageLevel.DEBUG ) Exception e );
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
deleted file mode 100644
index bd4343e..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.filter;
-
-/**
- * This class renames the Pseudo identity asserter to Default
- * while still providing backward compatibility.
- */
-public class DefaultIdentityAsserterDeploymentContributor extends
- IdentityAsserterDeploymentContributor {
-
- @Override
- public String getName() {
- return "Default";
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
deleted file mode 100644
index b261138..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.filter;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-
-import java.util.List;
-
-public class IdentityAsserterDeploymentContributor extends AbstractIdentityAsserterDeploymentContributor {
-
- private static final String FILTER_CLASSNAME = IdentityAsserterFilter.class.getName();
- private static final String PRINCIPAL_MAPPING_PARAM_NAME = "principal.mapping";
- private static final String GROUP_PRINCIPAL_MAPPING_PARAM_NAME = "group.principal.mapping";
-
- @Override
- public String getName() {
- return "Pseudo";
- }
-
- @Override
- public void contributeProvider( DeploymentContext context, Provider provider ) {
- super.contributeProvider(context, provider);
- String mappings = provider.getParams().get(PRINCIPAL_MAPPING_PARAM_NAME);
- String groupMappings = provider.getParams().get(GROUP_PRINCIPAL_MAPPING_PARAM_NAME);
-
- context.getWebAppDescriptor().createContextParam().paramName(PRINCIPAL_MAPPING_PARAM_NAME).paramValue(mappings);
- context.getWebAppDescriptor().createContextParam().paramName(GROUP_PRINCIPAL_MAPPING_PARAM_NAME).paramValue(groupMappings);
- }
-
- /* (non-Javadoc)
- * @see org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor#getFilterClassname()
- */
- @Override
- protected String getFilterClassname() {
- return FILTER_CLASSNAME;
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
deleted file mode 100644
index 8f82481..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/hadoop/gateway/identityasserter/filter/IdentityAsserterFilter.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.filter;
-
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
-
-public class IdentityAsserterFilter extends CommonIdentityAssertionFilter {
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- super.init(filterConfig);
- }
-
- @Override
- public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
- return mapGroupPrincipalsBase(mappedPrincipalName, subject);
- }
-
- @Override
- public String mapUserPrincipal(String principalName) {
- return mapUserPrincipalBase(principalName);
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/IdentityAsserterMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/IdentityAsserterMessages.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/IdentityAsserterMessages.java
new file mode 100644
index 0000000..e614c25
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/IdentityAsserterMessages.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway;
+
+import org.apache.knox.gateway.i18n.messages.Message;
+import org.apache.knox.gateway.i18n.messages.MessageLevel;
+import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.i18n.messages.StackTrace;
+
+@Messages(logger="org.apache.hadoop.gateway")
+public interface IdentityAsserterMessages {
+
+ @Message( level = MessageLevel.WARN, text = "Skipping unencodable parameter {0}={1}, {2}: {3}" )
+ void skippingUnencodableParameter( String name, String value, String encoding, @StackTrace( level = MessageLevel.DEBUG ) Exception e );
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..44299a4
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/DefaultIdentityAsserterDeploymentContributor.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.filter;
+
+/**
+ * This class renames the Pseudo identity asserter to Default
+ * while still providing backward compatibility.
+ */
+public class DefaultIdentityAsserterDeploymentContributor extends
+ IdentityAsserterDeploymentContributor {
+
+ @Override
+ public String getName() {
+ return "Default";
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
new file mode 100644
index 0000000..49993b4
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterDeploymentContributor.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.filter;
+
+import org.apache.knox.gateway.deploy.DeploymentContext;
+import org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAsserterDeploymentContributor;
+import org.apache.knox.gateway.topology.Provider;
+
+public class IdentityAsserterDeploymentContributor extends AbstractIdentityAsserterDeploymentContributor {
+
+ private static final String FILTER_CLASSNAME = IdentityAsserterFilter.class.getName();
+ private static final String PRINCIPAL_MAPPING_PARAM_NAME = "principal.mapping";
+ private static final String GROUP_PRINCIPAL_MAPPING_PARAM_NAME = "group.principal.mapping";
+
+ @Override
+ public String getName() {
+ return "Pseudo";
+ }
+
+ @Override
+ public void contributeProvider( DeploymentContext context, Provider provider ) {
+ super.contributeProvider(context, provider);
+ String mappings = provider.getParams().get(PRINCIPAL_MAPPING_PARAM_NAME);
+ String groupMappings = provider.getParams().get(GROUP_PRINCIPAL_MAPPING_PARAM_NAME);
+
+ context.getWebAppDescriptor().createContextParam().paramName(PRINCIPAL_MAPPING_PARAM_NAME).paramValue(mappings);
+ context.getWebAppDescriptor().createContextParam().paramName(GROUP_PRINCIPAL_MAPPING_PARAM_NAME).paramValue(groupMappings);
+ }
+
+ /* (non-Javadoc)
+ * @see AbstractIdentityAsserterDeploymentContributor#getFilterClassname()
+ */
+ @Override
+ protected String getFilterClassname() {
+ return FILTER_CLASSNAME;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterFilter.java b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterFilter.java
new file mode 100644
index 0000000..18cec8f
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/java/org/apache/knox/gateway/identityasserter/filter/IdentityAsserterFilter.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.identityasserter.filter;
+
+
+import javax.security.auth.Subject;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter;
+
+public class IdentityAsserterFilter extends CommonIdentityAssertionFilter {
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ super.init(filterConfig);
+ }
+
+ @Override
+ public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
+ return mapGroupPrincipalsBase(mappedPrincipalName, subject);
+ }
+
+ @Override
+ public String mapUserPrincipal(String principalName) {
+ return mapUserPrincipalBase(principalName);
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index d5b3601..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,20 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.identityasserter.filter.IdentityAsserterDeploymentContributor
-org.apache.hadoop.gateway.identityasserter.filter.DefaultIdentityAsserterDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..e825a77
--- /dev/null
+++ b/gateway-provider-identity-assertion-pseudo/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,20 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.identityasserter.filter.IdentityAsserterDeploymentContributor
+org.apache.knox.gateway.identityasserter.filter.DefaultIdentityAsserterDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java b/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
deleted file mode 100644
index 9795a99..0000000
--- a/gateway-provider-identity-assertion-pseudo/src/test/java/org/apache/hadoop/gateway/identityasserter/filter/DefaultIdentityAssertionFilterTest.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.identityasserter.filter;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-
-import org.apache.hadoop.gateway.security.GroupPrincipal;
-import org.apache.hadoop.gateway.security.PrimaryPrincipal;
-import org.easymock.EasyMock;
-import org.junit.Test;
-
-/**
- *
- */
-public class DefaultIdentityAssertionFilterTest {
-
- @Test
- public void testInitParameters() throws Exception {
- FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- ServletContext context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
-
- IdentityAsserterFilter filter = new IdentityAsserterFilter();
- Subject subject = new Subject();
-
- subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
- subject.getPrincipals().add(new GroupPrincipal("users"));
- subject.getPrincipals().add(new GroupPrincipal("admin"));
-
- filter.init(config);
- String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- String[] groups = filter.mapGroupPrincipals(username, subject);
- assertEquals("lmccay", username);
- assertNull(groups); // means for the caller to use the existing subject groups
-
- config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
- EasyMock.expect(config.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
- context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.replay( config );
- filter.init(config);
- username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- String[] mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
- assertEquals("hdfs", username);
- assertTrue("mrgroup not found in groups: " + mappedGroups, groupFoundIn("mrgroup", mappedGroups));
- assertTrue("mrducks not found in groups: " + mappedGroups, groupFoundIn("mrducks", mappedGroups));
- assertFalse("group1 WAS found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
-
- subject = new Subject();
-
- subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
- subject.getPrincipals().add(new GroupPrincipal("users"));
- subject.getPrincipals().add(new GroupPrincipal("admin"));
-
- config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
- EasyMock.expect(config.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
- context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.replay( config );
- filter.init(config);
- username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
- assertEquals("hdfs", username);
- assertTrue("group1 not found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
- }
-
- /**
- * @param string
- * @return
- */
- private boolean groupFoundIn(String expected, String[] mappedGroups) {
- if (mappedGroups == null) return false;
- for(int i = 0; i < mappedGroups.length; i++) {
- if (mappedGroups[i].equals(expected)) {
- return true;
- }
- }
- return false;
- }
-
- @Test
- public void testContextParameters() throws Exception {
- // for backward compatibility of old deployment contributor's method
- // of adding init params to the servlet context instead of to the filter.
- // There is the possibility that previously deployed topologies will have
- // init params in web.xml at the context level instead of the filter level.
- FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- ServletContext context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
-
- IdentityAsserterFilter filter = new IdentityAsserterFilter();
- Subject subject = new Subject();
-
- subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
- subject.getPrincipals().add(new GroupPrincipal("users"));
- subject.getPrincipals().add(new GroupPrincipal("admin"));
-
- filter.init(config);
- String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- String[] groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
-// String[] groups = filter.mapGroupPrincipals(username, subject);
- assertEquals("lmccay", username);
- assertNull(groups); // means for the caller to use the existing subject groups
-
- config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
- EasyMock.expect(context.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
- filter.init(config);
- username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
- assertEquals("hdfs", username);
- assertTrue("mrgroup not found in groups: " + groups, groupFoundIn("mrgroup", groups));
- assertTrue("mrducks not found in groups: " + groups, groupFoundIn("mrducks", groups));
- assertFalse("group1 WAS found in groups: " + groups, groupFoundIn("group1", groups));
-
- subject = new Subject();
-
- subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
- subject.getPrincipals().add(new GroupPrincipal("users"));
- subject.getPrincipals().add(new GroupPrincipal("admin"));
-
- config = EasyMock.createNiceMock( FilterConfig.class );
- EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
- context = EasyMock.createNiceMock(ServletContext.class);
- EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
- EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "lmccay,kminder=hdfs;newuser=mapred" ).anyTimes();
- EasyMock.expect(context.getInitParameter("group.principal.mapping") ).andReturn( "kminder=group1;lmccay=mrgroup,mrducks" ).anyTimes();
- EasyMock.replay( config );
- EasyMock.replay( context );
- filter.init(config);
- username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
- assertEquals("hdfs", username);
- }
-
-}