| /** |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with this |
| * work for additional information regarding copyright ownership. The ASF |
| * licenses this file to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| * License for the specific language governing permissions and limitations under |
| * the License. |
| */ |
| package org.apache.hadoop.hdfs.qjournal.server; |
| |
| import org.apache.hadoop.conf.Configuration; |
| import org.apache.hadoop.hdfs.DFSConfigKeys; |
| import org.apache.hadoop.hdfs.HdfsConfiguration; |
| import org.apache.hadoop.hdfs.web.resources.UserParam; |
| import org.apache.hadoop.security.UserGroupInformation; |
| import org.junit.BeforeClass; |
| import org.junit.Test; |
| |
| import javax.servlet.ServletConfig; |
| import javax.servlet.ServletException; |
| import javax.servlet.http.HttpServletRequest; |
| import java.io.IOException; |
| |
| import static org.assertj.core.api.Assertions.assertThat; |
| import static org.mockito.Mockito.mock; |
| import static org.mockito.Mockito.when; |
| |
| public class TestGetJournalEditServlet { |
| |
| private final static Configuration CONF = new HdfsConfiguration(); |
| |
| private final static GetJournalEditServlet SERVLET = new GetJournalEditServlet(); |
| |
| @BeforeClass |
| public static void setUp() throws ServletException { |
| // Configure Hadoop |
| CONF.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/"); |
| CONF.set(DFSConfigKeys.HADOOP_SECURITY_AUTH_TO_LOCAL, |
| "RULE:[2:$1/$2@$0]([nsdj]n/.*@REALM\\.TLD)s/.*/hdfs/\nDEFAULT"); |
| CONF.set(DFSConfigKeys.DFS_NAMESERVICES, "ns"); |
| CONF.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, "nn/_HOST@REALM.TLD"); |
| |
| // Configure Kerberos UGI |
| UserGroupInformation.setConfiguration(CONF); |
| UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser( |
| "jn/somehost@REALM.TLD")); |
| |
| // Initialize the servlet |
| ServletConfig config = mock(ServletConfig.class); |
| SERVLET.init(config); |
| } |
| |
| /** |
| * Unauthenticated user should be rejected. |
| * |
| * @throws IOException for unexpected validation failures |
| */ |
| @Test |
| public void testWithoutUser() throws IOException { |
| // Test: Make a request without specifying a user |
| HttpServletRequest request = mock(HttpServletRequest.class); |
| boolean isValid = SERVLET.isValidRequestor(request, CONF); |
| |
| // Verify: The request is invalid |
| assertThat(isValid).isFalse(); |
| } |
| |
| /** |
| * Namenode requests should be authorized, since it will match the configured namenode. |
| * |
| * @throws IOException for unexpected validation failures |
| */ |
| @Test |
| public void testRequestNameNode() throws IOException, ServletException { |
| // Test: Make a request from a namenode |
| HttpServletRequest request = mock(HttpServletRequest.class); |
| when(request.getParameter(UserParam.NAME)).thenReturn("nn/localhost@REALM.TLD"); |
| boolean isValid = SERVLET.isValidRequestor(request, CONF); |
| |
| assertThat(isValid).isTrue(); |
| } |
| |
| /** |
| * There is a fallback using the short name, which is used by journalnodes. |
| * |
| * @throws IOException for unexpected validation failures |
| */ |
| @Test |
| public void testRequestShortName() throws IOException { |
| // Test: Make a request from a namenode |
| HttpServletRequest request = mock(HttpServletRequest.class); |
| when(request.getParameter(UserParam.NAME)).thenReturn("jn/localhost@REALM.TLD"); |
| boolean isValid = SERVLET.isValidRequestor(request, CONF); |
| |
| assertThat(isValid).isTrue(); |
| } |
| |
| } |