Google Git
Sign in
apache / hbase-site / 8b92bda3fb92938b109d412201b37d8f2d841252 / . / testapidocs / src-html / org / apache / hadoop / hbase / rest / TestSecureRESTServer.html
blob: 07e5f3513454447c0ffd3811e4a34c4b06d22ae6 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>Source code</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="source: package: org.apache.hadoop.hbase.rest, class: TestSecureRESTServer">
<meta name="generator" content="javadoc/SourceToHTMLConverter">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body class="source-page">
<main role="main">
<div class="source-container">
<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
<span class="source-line-no">009</span><span id="line-9"> *</span>
<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="source-line-no">011</span><span id="line-11"> *</span>
<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
<span class="source-line-no">017</span><span id="line-17"> */</span>
<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.rest;</span>
<span class="source-line-no">019</span><span id="line-19"></span>
<span class="source-line-no">020</span><span id="line-20">import static org.apache.hadoop.hbase.rest.RESTServlet.HBASE_REST_SUPPORT_PROXYUSER;</span>
<span class="source-line-no">021</span><span id="line-21">import static org.junit.Assert.assertEquals;</span>
<span class="source-line-no">022</span><span id="line-22">import static org.junit.Assert.assertTrue;</span>
<span class="source-line-no">023</span><span id="line-23"></span>
<span class="source-line-no">024</span><span id="line-24">import com.fasterxml.jackson.databind.ObjectMapper;</span>
<span class="source-line-no">025</span><span id="line-25">import java.io.File;</span>
<span class="source-line-no">026</span><span id="line-26">import java.io.IOException;</span>
<span class="source-line-no">027</span><span id="line-27">import java.net.HttpURLConnection;</span>
<span class="source-line-no">028</span><span id="line-28">import java.net.URL;</span>
<span class="source-line-no">029</span><span id="line-29">import java.security.Principal;</span>
<span class="source-line-no">030</span><span id="line-30">import java.security.PrivilegedExceptionAction;</span>
<span class="source-line-no">031</span><span id="line-31">import org.apache.commons.io.FileUtils;</span>
<span class="source-line-no">032</span><span id="line-32">import org.apache.hadoop.conf.Configuration;</span>
<span class="source-line-no">033</span><span id="line-33">import org.apache.hadoop.hbase.HBaseClassTestRule;</span>
<span class="source-line-no">034</span><span id="line-34">import org.apache.hadoop.hbase.HBaseTestingUtil;</span>
<span class="source-line-no">035</span><span id="line-35">import org.apache.hadoop.hbase.SingleProcessHBaseCluster;</span>
<span class="source-line-no">036</span><span id="line-36">import org.apache.hadoop.hbase.StartTestingClusterOption;</span>
<span class="source-line-no">037</span><span id="line-37">import org.apache.hadoop.hbase.TableName;</span>
<span class="source-line-no">038</span><span id="line-38">import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;</span>
<span class="source-line-no">039</span><span id="line-39">import org.apache.hadoop.hbase.client.Connection;</span>
<span class="source-line-no">040</span><span id="line-40">import org.apache.hadoop.hbase.client.ConnectionFactory;</span>
<span class="source-line-no">041</span><span id="line-41">import org.apache.hadoop.hbase.client.Put;</span>
<span class="source-line-no">042</span><span id="line-42">import org.apache.hadoop.hbase.client.Table;</span>
<span class="source-line-no">043</span><span id="line-43">import org.apache.hadoop.hbase.client.TableDescriptor;</span>
<span class="source-line-no">044</span><span id="line-44">import org.apache.hadoop.hbase.client.TableDescriptorBuilder;</span>
<span class="source-line-no">045</span><span id="line-45">import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;</span>
<span class="source-line-no">046</span><span id="line-46">import org.apache.hadoop.hbase.http.ssl.KeyStoreTestUtil;</span>
<span class="source-line-no">047</span><span id="line-47">import org.apache.hadoop.hbase.rest.model.CellModel;</span>
<span class="source-line-no">048</span><span id="line-48">import org.apache.hadoop.hbase.rest.model.CellSetModel;</span>
<span class="source-line-no">049</span><span id="line-49">import org.apache.hadoop.hbase.rest.model.RowModel;</span>
<span class="source-line-no">050</span><span id="line-50">import org.apache.hadoop.hbase.security.HBaseKerberosUtils;</span>
<span class="source-line-no">051</span><span id="line-51">import org.apache.hadoop.hbase.security.access.AccessControlClient;</span>
<span class="source-line-no">052</span><span id="line-52">import org.apache.hadoop.hbase.security.access.AccessControlConstants;</span>
<span class="source-line-no">053</span><span id="line-53">import org.apache.hadoop.hbase.security.access.AccessController;</span>
<span class="source-line-no">054</span><span id="line-54">import org.apache.hadoop.hbase.security.access.Permission.Action;</span>
<span class="source-line-no">055</span><span id="line-55">import org.apache.hadoop.hbase.security.token.TokenProvider;</span>
<span class="source-line-no">056</span><span id="line-56">import org.apache.hadoop.hbase.testclassification.MediumTests;</span>
<span class="source-line-no">057</span><span id="line-57">import org.apache.hadoop.hbase.testclassification.MiscTests;</span>
<span class="source-line-no">058</span><span id="line-58">import org.apache.hadoop.hbase.util.Bytes;</span>
<span class="source-line-no">059</span><span id="line-59">import org.apache.hadoop.hbase.util.Pair;</span>
<span class="source-line-no">060</span><span id="line-60">import org.apache.hadoop.hdfs.DFSConfigKeys;</span>
<span class="source-line-no">061</span><span id="line-61">import org.apache.hadoop.http.HttpConfig;</span>
<span class="source-line-no">062</span><span id="line-62">import org.apache.hadoop.minikdc.MiniKdc;</span>
<span class="source-line-no">063</span><span id="line-63">import org.apache.hadoop.security.UserGroupInformation;</span>
<span class="source-line-no">064</span><span id="line-64">import org.apache.hadoop.security.authentication.util.KerberosName;</span>
<span class="source-line-no">065</span><span id="line-65">import org.apache.http.HttpEntity;</span>
<span class="source-line-no">066</span><span id="line-66">import org.apache.http.HttpHost;</span>
<span class="source-line-no">067</span><span id="line-67">import org.apache.http.auth.AuthSchemeProvider;</span>
<span class="source-line-no">068</span><span id="line-68">import org.apache.http.auth.AuthScope;</span>
<span class="source-line-no">069</span><span id="line-69">import org.apache.http.auth.Credentials;</span>
<span class="source-line-no">070</span><span id="line-70">import org.apache.http.client.AuthCache;</span>
<span class="source-line-no">071</span><span id="line-71">import org.apache.http.client.CredentialsProvider;</span>
<span class="source-line-no">072</span><span id="line-72">import org.apache.http.client.config.AuthSchemes;</span>
<span class="source-line-no">073</span><span id="line-73">import org.apache.http.client.methods.CloseableHttpResponse;</span>
<span class="source-line-no">074</span><span id="line-74">import org.apache.http.client.methods.HttpGet;</span>
<span class="source-line-no">075</span><span id="line-75">import org.apache.http.client.methods.HttpPut;</span>
<span class="source-line-no">076</span><span id="line-76">import org.apache.http.client.protocol.HttpClientContext;</span>
<span class="source-line-no">077</span><span id="line-77">import org.apache.http.config.Registry;</span>
<span class="source-line-no">078</span><span id="line-78">import org.apache.http.config.RegistryBuilder;</span>
<span class="source-line-no">079</span><span id="line-79">import org.apache.http.conn.HttpClientConnectionManager;</span>
<span class="source-line-no">080</span><span id="line-80">import org.apache.http.entity.ContentType;</span>
<span class="source-line-no">081</span><span id="line-81">import org.apache.http.entity.StringEntity;</span>
<span class="source-line-no">082</span><span id="line-82">import org.apache.http.impl.auth.SPNegoSchemeFactory;</span>
<span class="source-line-no">083</span><span id="line-83">import org.apache.http.impl.client.BasicAuthCache;</span>
<span class="source-line-no">084</span><span id="line-84">import org.apache.http.impl.client.BasicCredentialsProvider;</span>
<span class="source-line-no">085</span><span id="line-85">import org.apache.http.impl.client.CloseableHttpClient;</span>
<span class="source-line-no">086</span><span id="line-86">import org.apache.http.impl.client.HttpClients;</span>
<span class="source-line-no">087</span><span id="line-87">import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;</span>
<span class="source-line-no">088</span><span id="line-88">import org.apache.http.util.EntityUtils;</span>
<span class="source-line-no">089</span><span id="line-89">import org.junit.AfterClass;</span>
<span class="source-line-no">090</span><span id="line-90">import org.junit.BeforeClass;</span>
<span class="source-line-no">091</span><span id="line-91">import org.junit.ClassRule;</span>
<span class="source-line-no">092</span><span id="line-92">import org.junit.Test;</span>
<span class="source-line-no">093</span><span id="line-93">import org.junit.experimental.categories.Category;</span>
<span class="source-line-no">094</span><span id="line-94">import org.slf4j.Logger;</span>
<span class="source-line-no">095</span><span id="line-95">import org.slf4j.LoggerFactory;</span>
<span class="source-line-no">096</span><span id="line-96"></span>
<span class="source-line-no">097</span><span id="line-97">import org.apache.hbase.thirdparty.com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;</span>
<span class="source-line-no">098</span><span id="line-98">import org.apache.hbase.thirdparty.javax.ws.rs.core.MediaType;</span>
<span class="source-line-no">099</span><span id="line-99"></span>
<span class="source-line-no">100</span><span id="line-100">/**</span>
<span class="source-line-no">101</span><span id="line-101"> * Test class for SPNEGO authentication on the HttpServer. Uses Kerby's MiniKDC and Apache</span>
<span class="source-line-no">102</span><span id="line-102"> * HttpComponents to verify that a simple Servlet is reachable via SPNEGO and unreachable w/o.</span>
<span class="source-line-no">103</span><span id="line-103"> */</span>
<span class="source-line-no">104</span><span id="line-104">@Category({ MiscTests.class, MediumTests.class })</span>
<span class="source-line-no">105</span><span id="line-105">public class TestSecureRESTServer {</span>
<span class="source-line-no">106</span><span id="line-106"></span>
<span class="source-line-no">107</span><span id="line-107"> @ClassRule</span>
<span class="source-line-no">108</span><span id="line-108"> public static final HBaseClassTestRule CLASS_RULE =</span>
<span class="source-line-no">109</span><span id="line-109"> HBaseClassTestRule.forClass(TestSecureRESTServer.class);</span>
<span class="source-line-no">110</span><span id="line-110"></span>
<span class="source-line-no">111</span><span id="line-111"> private static final Logger LOG = LoggerFactory.getLogger(TestSecureRESTServer.class);</span>
<span class="source-line-no">112</span><span id="line-112"> private static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();</span>
<span class="source-line-no">113</span><span id="line-113"> private static final HBaseRESTTestingUtility REST_TEST = new HBaseRESTTestingUtility();</span>
<span class="source-line-no">114</span><span id="line-114"> private static SingleProcessHBaseCluster CLUSTER;</span>
<span class="source-line-no">115</span><span id="line-115"></span>
<span class="source-line-no">116</span><span id="line-116"> private static final String HOSTNAME = "localhost";</span>
<span class="source-line-no">117</span><span id="line-117"> private static final String CLIENT_PRINCIPAL = "client";</span>
<span class="source-line-no">118</span><span id="line-118"> private static final String WHEEL_PRINCIPAL = "wheel";</span>
<span class="source-line-no">119</span><span id="line-119"> // The principal for accepting SPNEGO authn'ed requests (*must* be HTTP/fqdn)</span>
<span class="source-line-no">120</span><span id="line-120"> private static final String SPNEGO_SERVICE_PRINCIPAL = "HTTP/" + HOSTNAME;</span>
<span class="source-line-no">121</span><span id="line-121"> // The principal we use to connect to HBase</span>
<span class="source-line-no">122</span><span id="line-122"> private static final String REST_SERVER_PRINCIPAL = "rest";</span>
<span class="source-line-no">123</span><span id="line-123"> private static final String SERVICE_PRINCIPAL = "hbase/" + HOSTNAME;</span>
<span class="source-line-no">124</span><span id="line-124"></span>
<span class="source-line-no">125</span><span id="line-125"> private static URL baseUrl;</span>
<span class="source-line-no">126</span><span id="line-126"> private static MiniKdc KDC;</span>
<span class="source-line-no">127</span><span id="line-127"> private static RESTServer server;</span>
<span class="source-line-no">128</span><span id="line-128"> private static File restServerKeytab;</span>
<span class="source-line-no">129</span><span id="line-129"> private static File clientKeytab;</span>
<span class="source-line-no">130</span><span id="line-130"> private static File wheelKeytab;</span>
<span class="source-line-no">131</span><span id="line-131"> private static File serviceKeytab;</span>
<span class="source-line-no">132</span><span id="line-132"></span>
<span class="source-line-no">133</span><span id="line-133"> @BeforeClass</span>
<span class="source-line-no">134</span><span id="line-134"> public static void setupServer() throws Exception {</span>
<span class="source-line-no">135</span><span id="line-135"> final File target = new File(System.getProperty("user.dir"), "target");</span>
<span class="source-line-no">136</span><span id="line-136"> assertTrue(target.exists());</span>
<span class="source-line-no">137</span><span id="line-137"></span>
<span class="source-line-no">138</span><span id="line-138"> /*</span>
<span class="source-line-no">139</span><span id="line-139"> * Keytabs</span>
<span class="source-line-no">140</span><span id="line-140"> */</span>
<span class="source-line-no">141</span><span id="line-141"> File keytabDir = new File(target, TestSecureRESTServer.class.getSimpleName() + "_keytabs");</span>
<span class="source-line-no">142</span><span id="line-142"> if (keytabDir.exists()) {</span>
<span class="source-line-no">143</span><span id="line-143"> FileUtils.deleteDirectory(keytabDir);</span>
<span class="source-line-no">144</span><span id="line-144"> }</span>
<span class="source-line-no">145</span><span id="line-145"> keytabDir.mkdirs();</span>
<span class="source-line-no">146</span><span id="line-146"> // Keytab for HBase services (RS, Master)</span>
<span class="source-line-no">147</span><span id="line-147"> serviceKeytab = new File(keytabDir, "hbase.service.keytab");</span>
<span class="source-line-no">148</span><span id="line-148"> // The keytab for the REST server</span>
<span class="source-line-no">149</span><span id="line-149"> restServerKeytab = new File(keytabDir, "spnego.keytab");</span>
<span class="source-line-no">150</span><span id="line-150"> // Keytab for the client</span>
<span class="source-line-no">151</span><span id="line-151"> clientKeytab = new File(keytabDir, CLIENT_PRINCIPAL + ".keytab");</span>
<span class="source-line-no">152</span><span id="line-152"> // Keytab for wheel</span>
<span class="source-line-no">153</span><span id="line-153"> wheelKeytab = new File(keytabDir, WHEEL_PRINCIPAL + ".keytab");</span>
<span class="source-line-no">154</span><span id="line-154"></span>
<span class="source-line-no">155</span><span id="line-155"> /*</span>
<span class="source-line-no">156</span><span id="line-156"> * Update UGI</span>
<span class="source-line-no">157</span><span id="line-157"> */</span>
<span class="source-line-no">158</span><span id="line-158"> Configuration conf = TEST_UTIL.getConfiguration();</span>
<span class="source-line-no">159</span><span id="line-159"></span>
<span class="source-line-no">160</span><span id="line-160"> /*</span>
<span class="source-line-no">161</span><span id="line-161"> * Start KDC</span>
<span class="source-line-no">162</span><span id="line-162"> */</span>
<span class="source-line-no">163</span><span id="line-163"> KDC = TEST_UTIL.setupMiniKdc(serviceKeytab);</span>
<span class="source-line-no">164</span><span id="line-164"> KDC.createPrincipal(clientKeytab, CLIENT_PRINCIPAL);</span>
<span class="source-line-no">165</span><span id="line-165"> KDC.createPrincipal(wheelKeytab, WHEEL_PRINCIPAL);</span>
<span class="source-line-no">166</span><span id="line-166"> KDC.createPrincipal(serviceKeytab, SERVICE_PRINCIPAL);</span>
<span class="source-line-no">167</span><span id="line-167"> // REST server's keytab contains keys for both principals REST uses</span>
<span class="source-line-no">168</span><span id="line-168"> KDC.createPrincipal(restServerKeytab, SPNEGO_SERVICE_PRINCIPAL, REST_SERVER_PRINCIPAL);</span>
<span class="source-line-no">169</span><span id="line-169"></span>
<span class="source-line-no">170</span><span id="line-170"> // Set configuration for HBase</span>
<span class="source-line-no">171</span><span id="line-171"> HBaseKerberosUtils.setPrincipalForTesting(SERVICE_PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">172</span><span id="line-172"> HBaseKerberosUtils.setKeytabFileForTesting(serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">173</span><span id="line-173"> // Why doesn't `setKeytabFileForTesting` do this?</span>
<span class="source-line-no">174</span><span id="line-174"> conf.set("hbase.master.keytab.file", serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">175</span><span id="line-175"> conf.set("hbase.unsafe.regionserver.hostname", "localhost");</span>
<span class="source-line-no">176</span><span id="line-176"> conf.set("hbase.master.hostname", "localhost");</span>
<span class="source-line-no">177</span><span id="line-177"> HBaseKerberosUtils.setSecuredConfiguration(conf, SERVICE_PRINCIPAL + "@" + KDC.getRealm(),</span>
<span class="source-line-no">178</span><span id="line-178"> SPNEGO_SERVICE_PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">179</span><span id="line-179"> setHdfsSecuredConfiguration(conf);</span>
<span class="source-line-no">180</span><span id="line-180"> conf.setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, TokenProvider.class.getName(),</span>
<span class="source-line-no">181</span><span id="line-181"> AccessController.class.getName());</span>
<span class="source-line-no">182</span><span id="line-182"> conf.setStrings(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName());</span>
<span class="source-line-no">183</span><span id="line-183"> conf.setStrings(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY,</span>
<span class="source-line-no">184</span><span id="line-184"> AccessController.class.getName());</span>
<span class="source-line-no">185</span><span id="line-185"> // Enable EXEC permission checking</span>
<span class="source-line-no">186</span><span id="line-186"> conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);</span>
<span class="source-line-no">187</span><span id="line-187"> conf.set("hbase.superuser", "hbase");</span>
<span class="source-line-no">188</span><span id="line-188"> conf.set("hadoop.proxyuser.rest.hosts", "*");</span>
<span class="source-line-no">189</span><span id="line-189"> conf.set("hadoop.proxyuser.rest.users", "*");</span>
<span class="source-line-no">190</span><span id="line-190"> conf.set("hadoop.proxyuser.wheel.hosts", "*");</span>
<span class="source-line-no">191</span><span id="line-191"> conf.set("hadoop.proxyuser.wheel.users", "*");</span>
<span class="source-line-no">192</span><span id="line-192"> UserGroupInformation.setConfiguration(conf);</span>
<span class="source-line-no">193</span><span id="line-193"></span>
<span class="source-line-no">194</span><span id="line-194"> updateKerberosConfiguration(conf, REST_SERVER_PRINCIPAL, SPNEGO_SERVICE_PRINCIPAL,</span>
<span class="source-line-no">195</span><span id="line-195"> restServerKeytab);</span>
<span class="source-line-no">196</span><span id="line-196"></span>
<span class="source-line-no">197</span><span id="line-197"> // Start HDFS</span>
<span class="source-line-no">198</span><span id="line-198"> TEST_UTIL.startMiniCluster(StartTestingClusterOption.builder().numMasters(1).numRegionServers(1)</span>
<span class="source-line-no">199</span><span id="line-199"> .numZkServers(1).build());</span>
<span class="source-line-no">200</span><span id="line-200"></span>
<span class="source-line-no">201</span><span id="line-201"> // Start REST</span>
<span class="source-line-no">202</span><span id="line-202"> UserGroupInformation restUser = UserGroupInformation</span>
<span class="source-line-no">203</span><span id="line-203"> .loginUserFromKeytabAndReturnUGI(REST_SERVER_PRINCIPAL, restServerKeytab.getAbsolutePath());</span>
<span class="source-line-no">204</span><span id="line-204"> restUser.doAs(new PrivilegedExceptionAction&lt;Void&gt;() {</span>
<span class="source-line-no">205</span><span id="line-205"> @Override</span>
<span class="source-line-no">206</span><span id="line-206"> public Void run() throws Exception {</span>
<span class="source-line-no">207</span><span id="line-207"> REST_TEST.startServletContainer(conf);</span>
<span class="source-line-no">208</span><span id="line-208"> return null;</span>
<span class="source-line-no">209</span><span id="line-209"> }</span>
<span class="source-line-no">210</span><span id="line-210"> });</span>
<span class="source-line-no">211</span><span id="line-211"> baseUrl = new URL("http://localhost:" + REST_TEST.getServletPort());</span>
<span class="source-line-no">212</span><span id="line-212"></span>
<span class="source-line-no">213</span><span id="line-213"> LOG.info("HTTP server started: " + baseUrl);</span>
<span class="source-line-no">214</span><span id="line-214"> TEST_UTIL.waitTableAvailable(TableName.valueOf("hbase:acl"));</span>
<span class="source-line-no">215</span><span id="line-215"></span>
<span class="source-line-no">216</span><span id="line-216"> // Let the REST server create, read, and write globally</span>
<span class="source-line-no">217</span><span id="line-217"> UserGroupInformation superuser = UserGroupInformation</span>
<span class="source-line-no">218</span><span id="line-218"> .loginUserFromKeytabAndReturnUGI(SERVICE_PRINCIPAL, serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">219</span><span id="line-219"> superuser.doAs(new PrivilegedExceptionAction&lt;Void&gt;() {</span>
<span class="source-line-no">220</span><span id="line-220"> @Override</span>
<span class="source-line-no">221</span><span id="line-221"> public Void run() throws Exception {</span>
<span class="source-line-no">222</span><span id="line-222"> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {</span>
<span class="source-line-no">223</span><span id="line-223"> AccessControlClient.grant(conn, REST_SERVER_PRINCIPAL, Action.CREATE, Action.READ,</span>
<span class="source-line-no">224</span><span id="line-224"> Action.WRITE);</span>
<span class="source-line-no">225</span><span id="line-225"> } catch (Throwable t) {</span>
<span class="source-line-no">226</span><span id="line-226"> if (t instanceof Exception) {</span>
<span class="source-line-no">227</span><span id="line-227"> throw (Exception) t;</span>
<span class="source-line-no">228</span><span id="line-228"> } else {</span>
<span class="source-line-no">229</span><span id="line-229"> throw new Exception(t);</span>
<span class="source-line-no">230</span><span id="line-230"> }</span>
<span class="source-line-no">231</span><span id="line-231"> }</span>
<span class="source-line-no">232</span><span id="line-232"> return null;</span>
<span class="source-line-no">233</span><span id="line-233"> }</span>
<span class="source-line-no">234</span><span id="line-234"> });</span>
<span class="source-line-no">235</span><span id="line-235"> instertData();</span>
<span class="source-line-no">236</span><span id="line-236"> }</span>
<span class="source-line-no">237</span><span id="line-237"></span>
<span class="source-line-no">238</span><span id="line-238"> @AfterClass</span>
<span class="source-line-no">239</span><span id="line-239"> public static void stopServer() throws Exception {</span>
<span class="source-line-no">240</span><span id="line-240"> try {</span>
<span class="source-line-no">241</span><span id="line-241"> if (null != server) {</span>
<span class="source-line-no">242</span><span id="line-242"> server.stop();</span>
<span class="source-line-no">243</span><span id="line-243"> }</span>
<span class="source-line-no">244</span><span id="line-244"> } catch (Exception e) {</span>
<span class="source-line-no">245</span><span id="line-245"> LOG.info("Failed to stop info server", e);</span>
<span class="source-line-no">246</span><span id="line-246"> }</span>
<span class="source-line-no">247</span><span id="line-247"> try {</span>
<span class="source-line-no">248</span><span id="line-248"> if (CLUSTER != null) {</span>
<span class="source-line-no">249</span><span id="line-249"> CLUSTER.shutdown();</span>
<span class="source-line-no">250</span><span id="line-250"> }</span>
<span class="source-line-no">251</span><span id="line-251"> } catch (Exception e) {</span>
<span class="source-line-no">252</span><span id="line-252"> LOG.info("Failed to stop HBase cluster", e);</span>
<span class="source-line-no">253</span><span id="line-253"> }</span>
<span class="source-line-no">254</span><span id="line-254"> try {</span>
<span class="source-line-no">255</span><span id="line-255"> if (null != KDC) {</span>
<span class="source-line-no">256</span><span id="line-256"> KDC.stop();</span>
<span class="source-line-no">257</span><span id="line-257"> }</span>
<span class="source-line-no">258</span><span id="line-258"> } catch (Exception e) {</span>
<span class="source-line-no">259</span><span id="line-259"> LOG.info("Failed to stop mini KDC", e);</span>
<span class="source-line-no">260</span><span id="line-260"> }</span>
<span class="source-line-no">261</span><span id="line-261"> }</span>
<span class="source-line-no">262</span><span id="line-262"></span>
<span class="source-line-no">263</span><span id="line-263"> private static void setHdfsSecuredConfiguration(Configuration conf) throws Exception {</span>
<span class="source-line-no">264</span><span id="line-264"> // Set principal+keytab configuration for HDFS</span>
<span class="source-line-no">265</span><span id="line-265"> conf.set(DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY,</span>
<span class="source-line-no">266</span><span id="line-266"> SERVICE_PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">267</span><span id="line-267"> conf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">268</span><span id="line-268"> conf.set(DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY,</span>
<span class="source-line-no">269</span><span id="line-269"> SERVICE_PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">270</span><span id="line-270"> conf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">271</span><span id="line-271"> conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY,</span>
<span class="source-line-no">272</span><span id="line-272"> SPNEGO_SERVICE_PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">273</span><span id="line-273"> // Enable token access for HDFS blocks</span>
<span class="source-line-no">274</span><span id="line-274"> conf.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);</span>
<span class="source-line-no">275</span><span id="line-275"> // Only use HTTPS (required because we aren't using "secure" ports)</span>
<span class="source-line-no">276</span><span id="line-276"> conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());</span>
<span class="source-line-no">277</span><span id="line-277"> // Bind on localhost for spnego to have a chance at working</span>
<span class="source-line-no">278</span><span id="line-278"> conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");</span>
<span class="source-line-no">279</span><span id="line-279"> conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");</span>
<span class="source-line-no">280</span><span id="line-280"></span>
<span class="source-line-no">281</span><span id="line-281"> // Generate SSL certs</span>
<span class="source-line-no">282</span><span id="line-282"> File keystoresDir = new File(TEST_UTIL.getDataTestDir("keystore").toUri().getPath());</span>
<span class="source-line-no">283</span><span id="line-283"> keystoresDir.mkdirs();</span>
<span class="source-line-no">284</span><span id="line-284"> String sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSecureRESTServer.class);</span>
<span class="source-line-no">285</span><span id="line-285"> KeyStoreTestUtil.setupSSLConfig(keystoresDir.getAbsolutePath(), sslConfDir, conf, false);</span>
<span class="source-line-no">286</span><span id="line-286"></span>
<span class="source-line-no">287</span><span id="line-287"> // Magic flag to tell hdfs to not fail on using ports above 1024</span>
<span class="source-line-no">288</span><span id="line-288"> conf.setBoolean("ignore.secure.ports.for.testing", true);</span>
<span class="source-line-no">289</span><span id="line-289"> }</span>
<span class="source-line-no">290</span><span id="line-290"></span>
<span class="source-line-no">291</span><span id="line-291"> private static void updateKerberosConfiguration(Configuration conf, String serverPrincipal,</span>
<span class="source-line-no">292</span><span id="line-292"> String spnegoPrincipal, File serverKeytab) {</span>
<span class="source-line-no">293</span><span id="line-293"> KerberosName.setRules("DEFAULT");</span>
<span class="source-line-no">294</span><span id="line-294"></span>
<span class="source-line-no">295</span><span id="line-295"> // Enable Kerberos (pre-req)</span>
<span class="source-line-no">296</span><span id="line-296"> conf.set("hbase.security.authentication", "kerberos");</span>
<span class="source-line-no">297</span><span id="line-297"> conf.set(RESTServer.REST_AUTHENTICATION_TYPE, "kerberos");</span>
<span class="source-line-no">298</span><span id="line-298"> // User to talk to HBase as</span>
<span class="source-line-no">299</span><span id="line-299"> conf.set(RESTServer.REST_KERBEROS_PRINCIPAL, serverPrincipal);</span>
<span class="source-line-no">300</span><span id="line-300"> // User to accept SPNEGO-auth'd http calls as</span>
<span class="source-line-no">301</span><span id="line-301"> conf.set("hbase.rest.authentication.kerberos.principal", spnegoPrincipal);</span>
<span class="source-line-no">302</span><span id="line-302"> // Keytab for both principals above</span>
<span class="source-line-no">303</span><span id="line-303"> conf.set(RESTServer.REST_KEYTAB_FILE, serverKeytab.getAbsolutePath());</span>
<span class="source-line-no">304</span><span id="line-304"> conf.set("hbase.rest.authentication.kerberos.keytab", serverKeytab.getAbsolutePath());</span>
<span class="source-line-no">305</span><span id="line-305"> conf.set(HBASE_REST_SUPPORT_PROXYUSER, "true");</span>
<span class="source-line-no">306</span><span id="line-306"> }</span>
<span class="source-line-no">307</span><span id="line-307"></span>
<span class="source-line-no">308</span><span id="line-308"> private static void instertData() throws IOException, InterruptedException {</span>
<span class="source-line-no">309</span><span id="line-309"> // Create a table, write a row to it, grant read perms to the client</span>
<span class="source-line-no">310</span><span id="line-310"> UserGroupInformation superuser = UserGroupInformation</span>
<span class="source-line-no">311</span><span id="line-311"> .loginUserFromKeytabAndReturnUGI(SERVICE_PRINCIPAL, serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">312</span><span id="line-312"> final TableName table = TableName.valueOf("publicTable");</span>
<span class="source-line-no">313</span><span id="line-313"> superuser.doAs(new PrivilegedExceptionAction&lt;Void&gt;() {</span>
<span class="source-line-no">314</span><span id="line-314"> @Override</span>
<span class="source-line-no">315</span><span id="line-315"> public Void run() throws Exception {</span>
<span class="source-line-no">316</span><span id="line-316"> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {</span>
<span class="source-line-no">317</span><span id="line-317"> TableDescriptor desc = TableDescriptorBuilder.newBuilder(table)</span>
<span class="source-line-no">318</span><span id="line-318"> .setColumnFamily(ColumnFamilyDescriptorBuilder.of("f1")).build();</span>
<span class="source-line-no">319</span><span id="line-319"> conn.getAdmin().createTable(desc);</span>
<span class="source-line-no">320</span><span id="line-320"> try (Table t = conn.getTable(table)) {</span>
<span class="source-line-no">321</span><span id="line-321"> Put p = new Put(Bytes.toBytes("a"));</span>
<span class="source-line-no">322</span><span id="line-322"> p.addColumn(Bytes.toBytes("f1"), new byte[0], Bytes.toBytes("1"));</span>
<span class="source-line-no">323</span><span id="line-323"> t.put(p);</span>
<span class="source-line-no">324</span><span id="line-324"> }</span>
<span class="source-line-no">325</span><span id="line-325"> AccessControlClient.grant(conn, CLIENT_PRINCIPAL, Action.READ);</span>
<span class="source-line-no">326</span><span id="line-326"> } catch (Throwable e) {</span>
<span class="source-line-no">327</span><span id="line-327"> if (e instanceof Exception) {</span>
<span class="source-line-no">328</span><span id="line-328"> throw (Exception) e;</span>
<span class="source-line-no">329</span><span id="line-329"> } else {</span>
<span class="source-line-no">330</span><span id="line-330"> throw new Exception(e);</span>
<span class="source-line-no">331</span><span id="line-331"> }</span>
<span class="source-line-no">332</span><span id="line-332"> }</span>
<span class="source-line-no">333</span><span id="line-333"> return null;</span>
<span class="source-line-no">334</span><span id="line-334"> }</span>
<span class="source-line-no">335</span><span id="line-335"> });</span>
<span class="source-line-no">336</span><span id="line-336"> }</span>
<span class="source-line-no">337</span><span id="line-337"></span>
<span class="source-line-no">338</span><span id="line-338"> public void testProxy(String extraArgs, String PRINCIPAL, File keytab, int responseCode)</span>
<span class="source-line-no">339</span><span id="line-339"> throws Exception {</span>
<span class="source-line-no">340</span><span id="line-340"> UserGroupInformation superuser = UserGroupInformation</span>
<span class="source-line-no">341</span><span id="line-341"> .loginUserFromKeytabAndReturnUGI(SERVICE_PRINCIPAL, serviceKeytab.getAbsolutePath());</span>
<span class="source-line-no">342</span><span id="line-342"> final TableName table = TableName.valueOf("publicTable");</span>
<span class="source-line-no">343</span><span id="line-343"></span>
<span class="source-line-no">344</span><span id="line-344"> // Read that row as the client</span>
<span class="source-line-no">345</span><span id="line-345"> Pair&lt;CloseableHttpClient, HttpClientContext&gt; pair = getClient();</span>
<span class="source-line-no">346</span><span id="line-346"> CloseableHttpClient client = pair.getFirst();</span>
<span class="source-line-no">347</span><span id="line-347"> HttpClientContext context = pair.getSecond();</span>
<span class="source-line-no">348</span><span id="line-348"></span>
<span class="source-line-no">349</span><span id="line-349"> HttpGet get = new HttpGet(new URL("http://localhost:" + REST_TEST.getServletPort()).toURI()</span>
<span class="source-line-no">350</span><span id="line-350"> + "/" + table + "/a" + extraArgs);</span>
<span class="source-line-no">351</span><span id="line-351"> get.addHeader("Accept", "application/json");</span>
<span class="source-line-no">352</span><span id="line-352"> UserGroupInformation user =</span>
<span class="source-line-no">353</span><span id="line-353"> UserGroupInformation.loginUserFromKeytabAndReturnUGI(PRINCIPAL, keytab.getAbsolutePath());</span>
<span class="source-line-no">354</span><span id="line-354"> String jsonResponse = user.doAs(new PrivilegedExceptionAction&lt;String&gt;() {</span>
<span class="source-line-no">355</span><span id="line-355"> @Override</span>
<span class="source-line-no">356</span><span id="line-356"> public String run() throws Exception {</span>
<span class="source-line-no">357</span><span id="line-357"> try (CloseableHttpResponse response = client.execute(get, context)) {</span>
<span class="source-line-no">358</span><span id="line-358"> final int statusCode = response.getStatusLine().getStatusCode();</span>
<span class="source-line-no">359</span><span id="line-359"> assertEquals(response.getStatusLine().toString(), responseCode, statusCode);</span>
<span class="source-line-no">360</span><span id="line-360"> HttpEntity entity = response.getEntity();</span>
<span class="source-line-no">361</span><span id="line-361"> return EntityUtils.toString(entity);</span>
<span class="source-line-no">362</span><span id="line-362"> }</span>
<span class="source-line-no">363</span><span id="line-363"> }</span>
<span class="source-line-no">364</span><span id="line-364"> });</span>
<span class="source-line-no">365</span><span id="line-365"> if (responseCode == HttpURLConnection.HTTP_OK) {</span>
<span class="source-line-no">366</span><span id="line-366"> ObjectMapper mapper = new JacksonJaxbJsonProvider().locateMapper(CellSetModel.class,</span>
<span class="source-line-no">367</span><span id="line-367"> MediaType.APPLICATION_JSON_TYPE);</span>
<span class="source-line-no">368</span><span id="line-368"> CellSetModel model = mapper.readValue(jsonResponse, CellSetModel.class);</span>
<span class="source-line-no">369</span><span id="line-369"> assertEquals(1, model.getRows().size());</span>
<span class="source-line-no">370</span><span id="line-370"> RowModel row = model.getRows().get(0);</span>
<span class="source-line-no">371</span><span id="line-371"> assertEquals("a", Bytes.toString(row.getKey()));</span>
<span class="source-line-no">372</span><span id="line-372"> assertEquals(1, row.getCells().size());</span>
<span class="source-line-no">373</span><span id="line-373"> CellModel cell = row.getCells().get(0);</span>
<span class="source-line-no">374</span><span id="line-374"> assertEquals("1", Bytes.toString(cell.getValue()));</span>
<span class="source-line-no">375</span><span id="line-375"> }</span>
<span class="source-line-no">376</span><span id="line-376"> }</span>
<span class="source-line-no">377</span><span id="line-377"></span>
<span class="source-line-no">378</span><span id="line-378"> @Test</span>
<span class="source-line-no">379</span><span id="line-379"> public void testPositiveAuthorization() throws Exception {</span>
<span class="source-line-no">380</span><span id="line-380"> testProxy("", CLIENT_PRINCIPAL, clientKeytab, HttpURLConnection.HTTP_OK);</span>
<span class="source-line-no">381</span><span id="line-381"> }</span>
<span class="source-line-no">382</span><span id="line-382"></span>
<span class="source-line-no">383</span><span id="line-383"> @Test</span>
<span class="source-line-no">384</span><span id="line-384"> public void testDoAs() throws Exception {</span>
<span class="source-line-no">385</span><span id="line-385"> testProxy("?doAs=" + CLIENT_PRINCIPAL, WHEEL_PRINCIPAL, wheelKeytab, HttpURLConnection.HTTP_OK);</span>
<span class="source-line-no">386</span><span id="line-386"> }</span>
<span class="source-line-no">387</span><span id="line-387"></span>
<span class="source-line-no">388</span><span id="line-388"> @Test</span>
<span class="source-line-no">389</span><span id="line-389"> public void testDoas() throws Exception {</span>
<span class="source-line-no">390</span><span id="line-390"> testProxy("?doas=" + CLIENT_PRINCIPAL, WHEEL_PRINCIPAL, wheelKeytab, HttpURLConnection.HTTP_OK);</span>
<span class="source-line-no">391</span><span id="line-391"> }</span>
<span class="source-line-no">392</span><span id="line-392"></span>
<span class="source-line-no">393</span><span id="line-393"> @Test</span>
<span class="source-line-no">394</span><span id="line-394"> public void testWithoutDoAs() throws Exception {</span>
<span class="source-line-no">395</span><span id="line-395"> testProxy("", WHEEL_PRINCIPAL, wheelKeytab, HttpURLConnection.HTTP_FORBIDDEN);</span>
<span class="source-line-no">396</span><span id="line-396"> }</span>
<span class="source-line-no">397</span><span id="line-397"></span>
<span class="source-line-no">398</span><span id="line-398"> @Test</span>
<span class="source-line-no">399</span><span id="line-399"> public void testNegativeAuthorization() throws Exception {</span>
<span class="source-line-no">400</span><span id="line-400"> Pair&lt;CloseableHttpClient, HttpClientContext&gt; pair = getClient();</span>
<span class="source-line-no">401</span><span id="line-401"> CloseableHttpClient client = pair.getFirst();</span>
<span class="source-line-no">402</span><span id="line-402"> HttpClientContext context = pair.getSecond();</span>
<span class="source-line-no">403</span><span id="line-403"></span>
<span class="source-line-no">404</span><span id="line-404"> StringEntity entity = new StringEntity(</span>
<span class="source-line-no">405</span><span id="line-405"> "{\"name\":\"test\", \"ColumnSchema\":[{\"name\":\"f\"}]}", ContentType.APPLICATION_JSON);</span>
<span class="source-line-no">406</span><span id="line-406"> HttpPut put = new HttpPut("http://localhost:" + REST_TEST.getServletPort() + "/test/schema");</span>
<span class="source-line-no">407</span><span id="line-407"> put.setEntity(entity);</span>
<span class="source-line-no">408</span><span id="line-408"></span>
<span class="source-line-no">409</span><span id="line-409"> UserGroupInformation unprivileged = UserGroupInformation</span>
<span class="source-line-no">410</span><span id="line-410"> .loginUserFromKeytabAndReturnUGI(CLIENT_PRINCIPAL, clientKeytab.getAbsolutePath());</span>
<span class="source-line-no">411</span><span id="line-411"> unprivileged.doAs(new PrivilegedExceptionAction&lt;Void&gt;() {</span>
<span class="source-line-no">412</span><span id="line-412"> @Override</span>
<span class="source-line-no">413</span><span id="line-413"> public Void run() throws Exception {</span>
<span class="source-line-no">414</span><span id="line-414"> try (CloseableHttpResponse response = client.execute(put, context)) {</span>
<span class="source-line-no">415</span><span id="line-415"> final int statusCode = response.getStatusLine().getStatusCode();</span>
<span class="source-line-no">416</span><span id="line-416"> HttpEntity entity = response.getEntity();</span>
<span class="source-line-no">417</span><span id="line-417"> assertEquals("Got response: " + EntityUtils.toString(entity),</span>
<span class="source-line-no">418</span><span id="line-418"> HttpURLConnection.HTTP_FORBIDDEN, statusCode);</span>
<span class="source-line-no">419</span><span id="line-419"> }</span>
<span class="source-line-no">420</span><span id="line-420"> return null;</span>
<span class="source-line-no">421</span><span id="line-421"> }</span>
<span class="source-line-no">422</span><span id="line-422"> });</span>
<span class="source-line-no">423</span><span id="line-423"> }</span>
<span class="source-line-no">424</span><span id="line-424"></span>
<span class="source-line-no">425</span><span id="line-425"> private Pair&lt;CloseableHttpClient, HttpClientContext&gt; getClient() {</span>
<span class="source-line-no">426</span><span id="line-426"> HttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();</span>
<span class="source-line-no">427</span><span id="line-427"> HttpHost host = new HttpHost("localhost", REST_TEST.getServletPort());</span>
<span class="source-line-no">428</span><span id="line-428"> Registry&lt;AuthSchemeProvider&gt; authRegistry = RegistryBuilder.&lt;AuthSchemeProvider&gt; create()</span>
<span class="source-line-no">429</span><span id="line-429"> .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();</span>
<span class="source-line-no">430</span><span id="line-430"> CredentialsProvider credentialsProvider = new BasicCredentialsProvider();</span>
<span class="source-line-no">431</span><span id="line-431"> credentialsProvider.setCredentials(AuthScope.ANY, EmptyCredentials.INSTANCE);</span>
<span class="source-line-no">432</span><span id="line-432"> AuthCache authCache = new BasicAuthCache();</span>
<span class="source-line-no">433</span><span id="line-433"></span>
<span class="source-line-no">434</span><span id="line-434"> CloseableHttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry)</span>
<span class="source-line-no">435</span><span id="line-435"> .setConnectionManager(pool).build();</span>
<span class="source-line-no">436</span><span id="line-436"></span>
<span class="source-line-no">437</span><span id="line-437"> HttpClientContext context = HttpClientContext.create();</span>
<span class="source-line-no">438</span><span id="line-438"> context.setTargetHost(host);</span>
<span class="source-line-no">439</span><span id="line-439"> context.setCredentialsProvider(credentialsProvider);</span>
<span class="source-line-no">440</span><span id="line-440"> context.setAuthSchemeRegistry(authRegistry);</span>
<span class="source-line-no">441</span><span id="line-441"> context.setAuthCache(authCache);</span>
<span class="source-line-no">442</span><span id="line-442"></span>
<span class="source-line-no">443</span><span id="line-443"> return new Pair&lt;&gt;(client, context);</span>
<span class="source-line-no">444</span><span id="line-444"> }</span>
<span class="source-line-no">445</span><span id="line-445"></span>
<span class="source-line-no">446</span><span id="line-446"> private static class EmptyCredentials implements Credentials {</span>
<span class="source-line-no">447</span><span id="line-447"> public static final EmptyCredentials INSTANCE = new EmptyCredentials();</span>
<span class="source-line-no">448</span><span id="line-448"></span>
<span class="source-line-no">449</span><span id="line-449"> @Override</span>
<span class="source-line-no">450</span><span id="line-450"> public String getPassword() {</span>
<span class="source-line-no">451</span><span id="line-451"> return null;</span>
<span class="source-line-no">452</span><span id="line-452"> }</span>
<span class="source-line-no">453</span><span id="line-453"></span>
<span class="source-line-no">454</span><span id="line-454"> @Override</span>
<span class="source-line-no">455</span><span id="line-455"> public Principal getUserPrincipal() {</span>
<span class="source-line-no">456</span><span id="line-456"> return null;</span>
<span class="source-line-no">457</span><span id="line-457"> }</span>
<span class="source-line-no">458</span><span id="line-458"> }</span>
<span class="source-line-no">459</span><span id="line-459">}</span>
</pre>
</div>
</main>
</body>
</html>