ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jonathanhur...@apache.org
Subject [1/2] ambari git commit: Revert "AMBARI-13342. Allow access to callers with valid Knox authorization cookie. (mpapirkovskyy)"
Date Mon, 09 Nov 2015 21:56:21 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 845704114 -> de5093a5c


http://git-wip-us.apache.org/repos/asf/ambari/blob/de5093a5/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java
deleted file mode 100644
index ae47694..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilterTest.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.authorization.jwt;
-
-import com.nimbusds.jose.JOSEException;
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jose.crypto.RSASSASigner;
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.SignedJWT;
-import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
-import org.apache.ambari.server.security.authorization.User;
-import org.apache.ambari.server.security.authorization.UserType;
-import org.apache.ambari.server.security.authorization.Users;
-import org.easymock.EasyMock;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.AuthenticationEntryPoint;
-
-import javax.servlet.FilterChain;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Collections;
-import java.util.Date;
-
-import static org.easymock.EasyMock.anyObject;
-import static org.easymock.EasyMock.createMockBuilder;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.eq;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-import static org.junit.Assert.*;
-
-public class JwtAuthenticationFilterTest {
-  private static RSAPublicKey publicKey;
-  private static RSAPrivateKey privateKey;
-  private static RSAPrivateKey invalidPrivateKey;
-
-
-  @BeforeClass
-  public static void generateKeyPair() throws NoSuchAlgorithmException {
-    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
-    keyPairGenerator.initialize(512);
-    KeyPair keyPair = keyPairGenerator.generateKeyPair();
-    publicKey = (RSAPublicKey) keyPair.getPublic();
-    privateKey = (RSAPrivateKey) keyPair.getPrivate();
-
-    keyPair = keyPairGenerator.generateKeyPair();
-    invalidPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
-  }
-
-  private JwtAuthenticationProperties createTestProperties() {
-    JwtAuthenticationProperties properties = new JwtAuthenticationProperties();
-    properties.setCookieName("non-default");
-    properties.setPublicKey(publicKey);
-    properties.setAudiences(Collections.singletonList("test-audience"));
-
-    return properties;
-  }
-
-  private SignedJWT getSignedToken() throws JOSEException {
-    RSASSASigner signer = new RSASSASigner(privateKey);
-
-    Calendar calendar = Calendar.getInstance();
-    calendar.setTimeInMillis(System.currentTimeMillis());
-
-    JWTClaimsSet claimsSet = new JWTClaimsSet();
-    claimsSet.setSubject("test-user");
-    claimsSet.setIssuer("unit-test");
-    claimsSet.setIssueTime(calendar.getTime());
-
-    calendar.add(Calendar.DATE, 1); //add one day
-    claimsSet.setExpirationTime(calendar.getTime());
-
-    claimsSet.setAudience("test-audience");
-
-    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
-    signedJWT.sign(signer);
-
-    return signedJWT;
-  }
-
-  private SignedJWT getInvalidToken() throws JOSEException {
-    RSASSASigner signer = new RSASSASigner(invalidPrivateKey);
-
-    Calendar calendar = Calendar.getInstance();
-    calendar.setTimeInMillis(System.currentTimeMillis());
-    calendar.add(Calendar.DATE, -2);
-
-    JWTClaimsSet claimsSet = new JWTClaimsSet();
-    claimsSet.setSubject("test-user");
-    claimsSet.setIssuer("unit-test");
-    claimsSet.setIssueTime(calendar.getTime());
-
-    calendar.add(Calendar.DATE, 1); //add one day
-    claimsSet.setExpirationTime(calendar.getTime());
-
-    claimsSet.setAudience("test-audience-invalid");
-
-    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
-    signedJWT.sign(signer);
-
-    return signedJWT;
-  }
-
-
-  @Test
-  public void testDoFilter() throws Exception {
-    Users users = createNiceMock(Users.class);
-    AuthenticationEntryPoint entryPoint = createNiceMock(AuthenticationEntryPoint.class);
-    HttpServletRequest request = createNiceMock(HttpServletRequest.class);
-    HttpServletResponse response = createNiceMock(HttpServletResponse.class);
-    FilterChain chain = createNiceMock(FilterChain.class);
-    AmbariGrantedAuthority authority = createNiceMock(AmbariGrantedAuthority.class);
-    User user = createNiceMock(User.class);
-
-    SignedJWT signedJWT = getSignedToken();
-
-    JwtAuthenticationProperties properties = createTestProperties();
-    JwtAuthenticationFilter filter = createMockBuilder(JwtAuthenticationFilter.class).
-      addMockedMethod("getJWTFromCookie").
-      withConstructor(properties, entryPoint, users).createNiceMock();
-
-    expect(filter.getJWTFromCookie(anyObject(HttpServletRequest.class))).andReturn(signedJWT.serialize());
-    expect(users.getUser(eq("test-user"), eq(UserType.JWT))).andReturn(null).once();
-    expect(users.getUser(eq("test-user"), eq(UserType.JWT))).andReturn(user).anyTimes();
-
-    users.createUser(eq("test-user"), anyObject(String.class), eq(UserType.JWT), eq(true),
eq(false));
-    expectLastCall();
-
-    expect(users.getUserAuthorities(eq("test-user"), eq(UserType.JWT))).andReturn(Collections.singletonList(authority));
-
-    expect(user.getUserName()).andReturn("test-user");
-    expect(user.getUserType()).andReturn(UserType.JWT);
-
-    replay(users, request, response, chain, filter, entryPoint, user, authority);
-
-    filter.doFilter(request, response, chain);
-
-    verify(users, request, response, chain, filter, entryPoint, user, authority);
-
-    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
-    assertEquals(true, authentication.isAuthenticated());
-
-  }
-
-  @Test
-  public void testGetJWTFromCookie() throws Exception {
-    HttpServletRequest request = createNiceMock(HttpServletRequest.class);
-    Cookie cookie = createNiceMock(Cookie.class);
-
-    expect(cookie.getName()).andReturn("non-default");
-    expect(cookie.getValue()).andReturn("stubtokenstring");
-
-    expect(request.getCookies()).andReturn(new Cookie[]{cookie});
-
-    JwtAuthenticationProperties properties = createTestProperties();
-    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(properties, null, null);
-
-    replay(request, cookie);
-
-    String jwtFromCookie = filter.getJWTFromCookie(request);
-
-    verify(request, cookie);
-
-    assertEquals("stubtokenstring", jwtFromCookie);
-  }
-
-  @Test
-  public void testValidateSignature() throws Exception {
-    JwtAuthenticationProperties properties = createTestProperties();
-    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(properties, null, null);
-
-    boolean isValid = filter.validateSignature(getSignedToken());
-
-    assertEquals(true, isValid);
-
-    isValid = filter.validateSignature(getInvalidToken());
-
-    assertEquals(false, isValid);
-
-  }
-
-  @Test
-  public void testValidateAudiences() throws Exception {
-    JwtAuthenticationProperties properties = createTestProperties();
-    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(properties, null, null);
-
-    boolean isValid = filter.validateAudiences(getSignedToken());
-
-    assertEquals(true, isValid);
-
-    isValid = filter.validateAudiences(getInvalidToken());
-
-    assertEquals(false, isValid);
-  }
-
-  @Test
-  public void testValidateExpiration() throws Exception {
-    JwtAuthenticationProperties properties = createTestProperties();
-    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(properties, null, null);
-
-    boolean isValid = filter.validateExpiration(getSignedToken());
-
-    assertEquals(true, isValid);
-
-    isValid = filter.validateExpiration(getInvalidToken());
-
-    assertEquals(false, isValid);
-
-  }
-}
\ No newline at end of file


Mime
View raw message