branch-0.23.1/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.hadoop.hdfs.server.common;

 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

 import java.io.IOException;
 import java.net.InetSocketAddress;

 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
 import org.junit.Assert;
 import org.junit.Test;

 public class TestJspHelper {

   private Configuration conf = new HdfsConfiguration();

   public static class DummySecretManager extends
       AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {

     public DummySecretManager(long delegationKeyUpdateInterval,
         long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
         long delegationTokenRemoverScanInterval) {
       super(delegationKeyUpdateInterval, delegationTokenMaxLifetime,
           delegationTokenRenewInterval, delegationTokenRemoverScanInterval);
     }

     @Override
     public DelegationTokenIdentifier createIdentifier() {
       return null;
     }

     @Override
     public byte[] createPassword(DelegationTokenIdentifier dtId) {
       return new byte[1];
     }
   }

   @Test
   public void testGetUgi() throws IOException {
     conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
     HttpServletRequest request = mock(HttpServletRequest.class);
     ServletContext context = mock(ServletContext.class);
     String user = "TheDoctor";
     Text userText = new Text(user);
     DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText,
         userText, null);
     Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
         dtId, new DummySecretManager(0, 0, 0, 0));
     String tokenString = token.encodeToUrlString();
     when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
         tokenString);
     when(request.getRemoteUser()).thenReturn(user);

     //Test attribute in the url to be used as service in the token.
     when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(
         "1.1.1.1:1111");

     conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
     UserGroupInformation.setConfiguration(conf);

     verifyServiceInToken(context, request, "1.1.1.1:1111");

     //Test attribute name.node.address
     //Set the nnaddr url parameter to null.
     when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
     InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
     when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
         .thenReturn(addr);
     verifyServiceInToken(context, request, addr.getAddress().getHostAddress()
         + ":2222");

     //Test service already set in the token
     token.setService(new Text("3.3.3.3:3333"));
     tokenString = token.encodeToUrlString();
     //Set the name.node.address attribute in Servlet context to null
     when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
         .thenReturn(null);
     when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
         tokenString);
     verifyServiceInToken(context, request, "3.3.3.3:3333");
   }

   private void verifyServiceInToken(ServletContext context,
       HttpServletRequest request, String expected) throws IOException {
     UserGroupInformation ugi = JspHelper.getUGI(context, request, conf);
     Token<? extends TokenIdentifier> tokenInUgi = ugi.getTokens().iterator()
         .next();
     Assert.assertEquals(tokenInUgi.getService().toString(), expected);
   }


   @Test
   public void testDelegationTokenUrlParam() {
     conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
     UserGroupInformation.setConfiguration(conf);
     String tokenString = "xyzabc";
     String delegationTokenParam = JspHelper
         .getDelegationTokenUrlParam(tokenString);
     //Security is enabled
     Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc",
         delegationTokenParam);
     conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple");
     UserGroupInformation.setConfiguration(conf);
     delegationTokenParam = JspHelper
         .getDelegationTokenUrlParam(tokenString);
     //Empty string must be returned because security is disabled.
     Assert.assertEquals("", delegationTokenParam);
   }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.hadoop.hdfs.server.common;

	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.when;

	import java.io.IOException;
	import java.net.InetSocketAddress;

	import javax.servlet.ServletContext;
	import javax.servlet.http.HttpServletRequest;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.hdfs.DFSConfigKeys;
	import org.apache.hadoop.hdfs.HdfsConfiguration;
	import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
	import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
	import org.apache.hadoop.io.Text;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.apache.hadoop.security.token.Token;
	import org.apache.hadoop.security.token.TokenIdentifier;
	import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
	import org.junit.Assert;
	import org.junit.Test;

	public class TestJspHelper {

	private Configuration conf = new HdfsConfiguration();

	public static class DummySecretManager extends
	AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {

	public DummySecretManager(long delegationKeyUpdateInterval,
	long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
	long delegationTokenRemoverScanInterval) {
	super(delegationKeyUpdateInterval, delegationTokenMaxLifetime,
	delegationTokenRenewInterval, delegationTokenRemoverScanInterval);
	}

	@Override
	public DelegationTokenIdentifier createIdentifier() {
	return null;
	}

	@Override
	public byte[] createPassword(DelegationTokenIdentifier dtId) {
	return new byte[1];
	}
	}

	@Test
	public void testGetUgi() throws IOException {
	conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
	HttpServletRequest request = mock(HttpServletRequest.class);
	ServletContext context = mock(ServletContext.class);
	String user = "TheDoctor";
	Text userText = new Text(user);
	DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText,
	userText, null);
	Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
	dtId, new DummySecretManager(0, 0, 0, 0));
	String tokenString = token.encodeToUrlString();
	when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
	tokenString);
	when(request.getRemoteUser()).thenReturn(user);

	//Test attribute in the url to be used as service in the token.
	when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(
	"1.1.1.1:1111");

	conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
	UserGroupInformation.setConfiguration(conf);

	verifyServiceInToken(context, request, "1.1.1.1:1111");

	//Test attribute name.node.address
	//Set the nnaddr url parameter to null.
	when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
	InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
	when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
	.thenReturn(addr);
	verifyServiceInToken(context, request, addr.getAddress().getHostAddress()
	+ ":2222");

	//Test service already set in the token
	token.setService(new Text("3.3.3.3:3333"));
	tokenString = token.encodeToUrlString();
	//Set the name.node.address attribute in Servlet context to null
	when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
	.thenReturn(null);
	when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
	tokenString);
	verifyServiceInToken(context, request, "3.3.3.3:3333");
	}

	private void verifyServiceInToken(ServletContext context,
	HttpServletRequest request, String expected) throws IOException {
	UserGroupInformation ugi = JspHelper.getUGI(context, request, conf);
	Token<? extends TokenIdentifier> tokenInUgi = ugi.getTokens().iterator()
	.next();
	Assert.assertEquals(tokenInUgi.getService().toString(), expected);
	}


	@Test
	public void testDelegationTokenUrlParam() {
	conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
	UserGroupInformation.setConfiguration(conf);
	String tokenString = "xyzabc";
	String delegationTokenParam = JspHelper
	.getDelegationTokenUrlParam(tokenString);
	//Security is enabled
	Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc",
	delegationTokenParam);
	conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple");
	UserGroupInformation.setConfiguration(conf);
	delegationTokenParam = JspHelper
	.getDelegationTokenUrlParam(tokenString);
	//Empty string must be returned because security is disabled.
	Assert.assertEquals("", delegationTokenParam);
	}

	}