atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shweth...@apache.org
Subject incubator-atlas git commit: ATLAS-86 Jenkins build failing as of build #41 (shwethags)
Date Fri, 31 Jul 2015 03:53:04 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master 9d3037433 -> b93fe4a46


ATLAS-86 Jenkins build failing as of build #41 (shwethags)


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/b93fe4a4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/b93fe4a4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/b93fe4a4

Branch: refs/heads/master
Commit: b93fe4a466058597d3c49e1bedf51f13356d2aae
Parents: 9d30374
Author: Shwetha GS <sshivalingamurthy@hortonworks.com>
Authored: Fri Jul 31 09:22:55 2015 +0530
Committer: Shwetha GS <sshivalingamurthy@hortonworks.com>
Committed: Fri Jul 31 09:22:55 2015 +0530

----------------------------------------------------------------------
 addons/hive-bridge/pom.xml                      |  45 +---
 .../atlas/hive/hook/BaseSSLAndKerberosTest.java | 127 ----------
 .../hook/NegativeSSLAndKerberosHiveHookIT.java  | 163 ------------
 .../hive/hook/SSLAndKerberosHiveHookIT.java     | 249 -------------------
 .../apache/atlas/hive/hook/SSLHiveHookIT.java   | 214 ----------------
 client/pom.xml                                  |  24 --
 .../org/apache/atlas/ApplicationProperties.java |  64 +----
 .../atlas/security/SecureClientUtils.java       |   2 +-
 .../src/test/resources/application.properties   |   2 +-
 pom.xml                                         |  25 +-
 release-log.txt                                 |   1 +
 src/conf/application.properties                 |   4 +-
 webapp/pom.xml                                  |  19 +-
 .../atlas/web/service/SecureEmbeddedServer.java |  12 +-
 .../java/org/apache/atlas/web/TestUtils.java    |  49 ++++
 .../web/security/BaseSSLAndKerberosTest.java    | 112 +++++++++
 .../atlas/web/security/BaseSecurityTest.java    |  33 ++-
 .../web/security/NegativeSSLAndKerberosIT.java  | 127 ++++++++++
 .../atlas/web/security/SSLAndKerberosIT.java    | 163 ++++++++++++
 .../org/apache/atlas/web/security/SSLIT.java    | 137 ++++++++++
 20 files changed, 665 insertions(+), 907 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/pom.xml
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/pom.xml b/addons/hive-bridge/pom.xml
index 117d76c..66b5f74 100755
--- a/addons/hive-bridge/pom.xml
+++ b/addons/hive-bridge/pom.xml
@@ -38,11 +38,6 @@
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.apache.hadoop</groupId>
-            <artifactId>hadoop-minikdc</artifactId>
-        </dependency>
-
         <!-- Logging -->
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -95,21 +90,20 @@
 
         <dependency>
             <groupId>org.apache.atlas</groupId>
+            <artifactId>atlas-typesystem</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.atlas</groupId>
             <artifactId>atlas-client</artifactId>
-            <version>${version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.google.guava</groupId>
-                    <artifactId>guava</artifactId>
-                </exclusion>
-            </exclusions>
-            <scope>runtime</scope>
-            <type>test-jar</type>
         </dependency>
 
+        <!-- to bring up atlas server for integration tests -->
         <dependency>
             <groupId>org.apache.atlas</groupId>
-            <artifactId>atlas-typesystem</artifactId>
+            <artifactId>atlas-webapp</artifactId>
+            <type>war</type>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -128,20 +122,6 @@
         </dependency>
 
         <dependency>
-            <groupId>org.apache.atlas</groupId>
-            <artifactId>atlas-webapp</artifactId>
-            <classifier>classes</classifier>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.atlas</groupId>
-            <artifactId>atlas-webapp</artifactId>
-            <type>test-jar</type>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
             <scope>test</scope>
@@ -329,13 +309,6 @@
                     <skip>false</skip>
                 </configuration>
             </plugin>
-
-            <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <inherited>true</inherited>
-                <extensions>true</extensions>
-            </plugin>
         </plugins>
     </build>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
deleted file mode 100644
index 11163c8..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/BaseSSLAndKerberosTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.web.security.BaseSecurityTest;
-import org.apache.atlas.web.service.SecureEmbeddedServer;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.io.FileUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.eclipse.jetty.server.Server;
-
-import java.io.File;
-import java.io.IOException;
-
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
-
-/**
- *
- */
-public class BaseSSLAndKerberosTest extends BaseSecurityTest {
-    public static final String TESTUSER = "testuser";
-    public static final String TESTPASS = "testpass";
-    protected static final String DGI_URL = "https://localhost:21443/";
-    protected Path jksPath;
-    protected String providerUrl;
-    protected File httpKeytabFile;
-    private File userKeytabFile;
-
-    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
-
-        public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
-        }
-
-        public Server getServer() {
-            return server;
-        }
-
-        @Override
-        public PropertiesConfiguration getConfiguration() {
-            return super.getConfiguration();
-        }
-    }
-
-    protected void setupCredentials() throws Exception {
-        Configuration conf = new Configuration(false);
-
-        File file = new File(jksPath.toUri().getPath());
-        file.delete();
-        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
-
-        CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
-
-        // create new aliases
-        try {
-
-            char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
-
-            char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
-
-            char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
-
-            char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
-
-            // write out so that it can be found in checks
-            provider.flush();
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw e;
-        }
-    }
-
-    public void setupKDCAndPrincipals() throws Exception {
-        // set up the KDC
-        File kdcWorkDir = startKDC();
-
-        userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
-        httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab");
-
-        // create a test user principal
-        kdc.createPrincipal(TESTUSER, TESTPASS);
-
-        StringBuilder jaas = new StringBuilder(1024);
-        jaas.append("TestUser {\n" +
-                "    com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" +
-                "};\n");
-        jaas.append(createJAASEntry("Client", "dgi", userKeytabFile));
-        jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile));
-
-        File jaasFile = new File(kdcWorkDir, "jaas.txt");
-        FileUtils.write(jaasFile, jaas.toString());
-        bindJVMtoJAASFile(jaasFile);
-    }
-
-    protected String getWarPath() {
-        return String.format("/../../webapp/target/atlas-webapp-%s",
-                System.getProperty("project.version"));
-    }
-
-    protected HiveConf getHiveConf() {
-        return HiveHookIT.createHiveConf(DGI_URL);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
deleted file mode 100755
index 891e06c..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/NegativeSSLAndKerberosHiveHookIT.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.net.URL;
-import java.nio.file.Files;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-
-/**
- * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a
- * kerberos user for the invocation.  Need a separate use case since the Jersey layer cached the URL connection handler,
- * which indirectly caches the kerberos delegation token.
- */
-public class NegativeSSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest {
-
-    private Driver driver;
-    private SessionState ss;
-    private TestSecureEmbeddedServer secureEmbeddedServer;
-    private String originalConf;
-
-    @BeforeClass
-    public void setUp() throws Exception {
-        //Set-up hive session
-        HiveConf conf = getHiveConf();
-        driver = new Driver(conf);
-        ss = new SessionState(conf, System.getProperty("user.name"));
-        ss = SessionState.start(ss);
-        SessionState.setCurrentSessionState(ss);
-
-        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
-        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
-        String persistDir = null;
-        URL resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/");
-        if (resource != null) {
-            persistDir = resource.toURI().getPath();
-        }
-        // delete prior ssl-client.xml file
-        resource = NegativeSSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
-        if (resource != null) {
-            File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
-            if (sslClientFile != null && sslClientFile.exists()) {
-                sslClientFile.delete();
-            }
-        }
-        setupKDCAndPrincipals();
-        setupCredentials();
-
-        // client will actually only leverage subset of these properties
-        final PropertiesConfiguration configuration = new PropertiesConfiguration();
-        configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
-        configuration.setProperty("atlas.http.authentication.type", "kerberos");
-        configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
-                SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
-        configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
-        String confLocation = System.getProperty("atlas.conf");
-        URL url;
-        if (confLocation == null) {
-            url = NegativeSSLAndKerberosHiveHookIT.class.getResource("/application.properties");
-        } else {
-            url = new File(confLocation, "application.properties").toURI().toURL();
-        }
-        configuration.load(url);
-
-        configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty("atlas.http.authentication.enabled", "true");
-        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
-        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
-        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
-                "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
-
-        configuration.save(new FileWriter(persistDir + File.separator + "application.properties"));
-
-        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
-            @Override
-            public PropertiesConfiguration getConfiguration() {
-                return configuration;
-            }
-        };
-        WebAppContext webapp = new WebAppContext();
-        webapp.setContextPath("/");
-        webapp.setWar(System.getProperty("user.dir") + getWarPath());
-        secureEmbeddedServer.getServer().setHandler(webapp);
-
-        // save original setting
-        originalConf = System.getProperty("atlas.conf");
-        System.setProperty("atlas.conf", persistDir);
-        secureEmbeddedServer.getServer().start();
-
-    }
-
-    @AfterClass
-    public void tearDown() throws Exception {
-        if (secureEmbeddedServer != null) {
-            secureEmbeddedServer.getServer().stop();
-        }
-
-        if (kdc != null) {
-            kdc.stop();
-        }
-
-        if (originalConf != null) {
-            System.setProperty("atlas.conf", originalConf);
-        }
-    }
-
-    private void runCommand(final String cmd) throws Exception {
-        ss.setCommandType(null);
-        driver.run(cmd);
-        Assert.assertNotNull(driver.getErrorMsg());
-        Assert.assertTrue(driver.getErrorMsg().contains("Mechanism level: Failed to find any Kerberos tgt"));
-    }
-
-    @Test
-    public void testUnsecuredCreateDatabase() throws Exception {
-        String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
-        runCommand("create database " + dbName);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
deleted file mode 100755
index 7471680..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLAndKerberosHiveHookIT.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
-import org.apache.atlas.hive.model.HiveDataTypes;
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.codehaus.jettison.json.JSONArray;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.net.URL;
-import java.nio.file.Files;
-import java.security.PrivilegedExceptionAction;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-
-public class SSLAndKerberosHiveHookIT extends BaseSSLAndKerberosTest {
-    public static final String TEST_USER_JAAS_SECTION = "TestUser";
-    public static final String TESTUSER = "testuser";
-    public static final String TESTPASS = "testpass";
-
-    private static final String DGI_URL = "https://localhost:21443/";
-    private Driver driver;
-    private AtlasClient dgiCLient;
-    private SessionState ss;
-    private TestSecureEmbeddedServer secureEmbeddedServer;
-    private Subject subject;
-    private String originalConf;
-
-    @BeforeClass
-    public void setUp() throws Exception {
-        //Set-up hive session
-        HiveConf conf = getHiveConf();
-        driver = new Driver(conf);
-        ss = new SessionState(conf, System.getProperty("user.name"));
-        ss = SessionState.start(ss);
-        SessionState.setCurrentSessionState(ss);
-
-        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
-        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
-        String persistDir = null;
-        URL resource = SSLAndKerberosHiveHookIT.class.getResource("/");
-        if (resource != null) {
-            persistDir = resource.toURI().getPath();
-        }
-        // delete prior ssl-client.xml file
-        resource = SSLAndKerberosHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
-        if (resource != null) {
-            File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
-            if (sslClientFile != null && sslClientFile.exists()) {
-                sslClientFile.delete();
-            }
-        }
-        setupKDCAndPrincipals();
-        setupCredentials();
-
-        // client will actually only leverage subset of these properties
-        final PropertiesConfiguration configuration = new PropertiesConfiguration();
-        configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
-        configuration.setProperty("atlas.http.authentication.type", "kerberos");
-        configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
-                SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
-        configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
-        String confLocation = System.getProperty("atlas.conf");
-        URL url;
-        if (confLocation == null) {
-            url = SSLAndKerberosHiveHookIT.class.getResource("/application.properties");
-        } else {
-            url = new File(confLocation, "application.properties").toURI().toURL();
-        }
-        configuration.load(url);
-        configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty("atlas.http.authentication.enabled", "true");
-        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
-        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
-        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
-                "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
-
-        configuration.save(new FileWriter(persistDir + File.separator + "application.properties"));
-
-        subject = loginTestUser();
-        UserGroupInformation.loginUserFromSubject(subject);
-        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
-            "testUser",
-            UserGroupInformation.getLoginUser());
-
-        dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
-            @Override
-            public AtlasClient run() throws Exception {
-                return new AtlasClient(DGI_URL) {
-                    @Override
-                    protected PropertiesConfiguration getClientProperties() throws AtlasException {
-                        return configuration;
-                    }
-                };
-            }
-        });
-
-        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
-            @Override
-            public PropertiesConfiguration getConfiguration() {
-                return configuration;
-            }
-        };
-        WebAppContext webapp = new WebAppContext();
-        webapp.setContextPath("/");
-        webapp.setWar(System.getProperty("user.dir") + getWarPath());
-        secureEmbeddedServer.getServer().setHandler(webapp);
-
-        // save original setting
-        originalConf = System.getProperty("atlas.conf");
-        System.setProperty("atlas.conf", persistDir);
-        secureEmbeddedServer.getServer().start();
-
-    }
-
-    @AfterClass
-    public void tearDown() throws Exception {
-        if (secureEmbeddedServer != null) {
-            secureEmbeddedServer.getServer().stop();
-        }
-
-        if (kdc != null) {
-            kdc.stop();
-        }
-
-        if (originalConf != null) {
-            System.setProperty("atlas.conf", originalConf);
-        }
-    }
-
-    protected Subject loginTestUser() throws LoginException, IOException {
-        LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() {
-
-            @Override
-            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-                for (int i = 0; i < callbacks.length; i++) {
-                    if (callbacks[i] instanceof PasswordCallback) {
-                        PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
-                        passwordCallback.setPassword(TESTPASS.toCharArray());
-                    }
-                    if (callbacks[i] instanceof NameCallback) {
-                        NameCallback nameCallback = (NameCallback) callbacks[i];
-                        nameCallback.setName(TESTUSER);
-                    }
-                }
-            }
-        });
-        // attempt authentication
-        lc.login();
-        return lc.getSubject();
-    }
-
-    private void runCommand(final String cmd) throws Exception {
-        ss.setCommandType(null);
-        UserGroupInformation.loginUserFromSubject(subject);
-        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
-            "testUser",
-            UserGroupInformation.getLoginUser());
-        proxyUser.doAs(new PrivilegedExceptionAction<Object>() {
-            @Override
-            public Object run() throws Exception {
-                driver.run(cmd);
-
-                return null;
-            }
-        });
-    }
-
-    @Test
-    public void testCreateDatabase() throws Exception {
-        String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
-        runCommand("create database " + dbName);
-
-        assertDatabaseIsRegistered(dbName);
-    }
-
-    private void assertDatabaseIsRegistered(String dbName) throws Exception {
-        assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName);
-    }
-
-    private void assertInstanceIsRegistered(final String typeName, final String colName, final String colValue)
-    throws Exception {
-        UserGroupInformation.loginUserFromSubject(subject);
-        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
-            "testUser",
-            UserGroupInformation.getLoginUser());
-        proxyUser.doAs(new PrivilegedExceptionAction<Object>() {
-            @Override
-            public Object run() throws Exception {
-                JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue);
-                Assert.assertEquals(results.length(), 1);
-
-                return null;
-            }
-        });
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java b/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
deleted file mode 100755
index b114d5a..0000000
--- a/addons/hive-bridge/src/test/java/org/apache/atlas/hive/hook/SSLHiveHookIT.java
+++ /dev/null
@@ -1,214 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.hive.hook;
-
-import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
-import org.apache.atlas.hive.bridge.HiveMetaStoreBridge;
-import org.apache.atlas.hive.model.HiveDataTypes;
-import org.apache.atlas.security.SecurityProperties;
-import org.apache.atlas.web.service.SecureEmbeddedServer;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.lang.RandomStringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.ql.Driver;
-import org.apache.hadoop.hive.ql.session.SessionState;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
-import org.apache.hadoop.security.ssl.SSLFactory;
-import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
-import org.codehaus.jettison.json.JSONArray;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.net.URL;
-import java.nio.file.Files;
-
-import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
-import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
-import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
-
-public class SSLHiveHookIT {
-    private static final String DGI_URL = "https://localhost:21443/";
-    private Driver driver;
-    private AtlasClient dgiCLient;
-    private SessionState ss;
-    private Path jksPath;
-    private String providerUrl;
-    private TestSecureEmbeddedServer secureEmbeddedServer;
-
-    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
-
-        public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
-        }
-
-        public Server getServer() {
-            return server;
-        }
-
-        @Override
-        public PropertiesConfiguration getConfiguration() {
-            return super.getConfiguration();
-        }
-    }
-
-    @BeforeClass
-    public void setUp() throws Exception {
-        //Set-up hive session
-        HiveConf conf = getHiveConf();
-        driver = new Driver(conf);
-        ss = new SessionState(conf, System.getProperty("user.name"));
-        ss = SessionState.start(ss);
-        SessionState.setCurrentSessionState(ss);
-
-        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
-        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-
-        String persistDir = null;
-        URL resource = SSLHiveHookIT.class.getResource("/");
-        if (resource != null) {
-            persistDir = resource.toURI().getPath();
-        }
-        // delete prior ssl-client.xml file
-        resource = SSLHiveHookIT.class.getResource("/" + SecurityProperties.SSL_CLIENT_PROPERTIES);
-        if (resource != null) {
-            File sslClientFile = new File(persistDir, SecurityProperties.SSL_CLIENT_PROPERTIES);
-            if (sslClientFile != null && sslClientFile.exists()) {
-                sslClientFile.delete();
-            }
-        }
-        setupCredentials();
-
-        final PropertiesConfiguration configuration = new PropertiesConfiguration();
-        configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty(TRUSTSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(KEYSTORE_FILE_KEY, "../../webapp/target/atlas.keystore");
-        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
-        configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
-                SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
-
-        configuration.save(new FileWriter(persistDir + File.separator + "client.properties"));
-
-        dgiCLient = new AtlasClient(DGI_URL) {
-            @Override
-            protected PropertiesConfiguration getClientProperties() throws AtlasException {
-                return configuration;
-            }
-        };
-
-        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, "webapp/target/apache-atlas") {
-            @Override
-            public PropertiesConfiguration getConfiguration() {
-                return configuration;
-            }
-        };
-        WebAppContext webapp = new WebAppContext();
-        webapp.setContextPath("/");
-        webapp.setWar(System.getProperty("user.dir") + getWarPath());
-        secureEmbeddedServer.getServer().setHandler(webapp);
-
-        secureEmbeddedServer.getServer().start();
-
-    }
-
-    @AfterClass
-    public void tearDown() throws Exception {
-        if (secureEmbeddedServer != null) {
-            secureEmbeddedServer.getServer().stop();
-        }
-    }
-
-    protected void setupCredentials() throws Exception {
-        Configuration conf = new Configuration(false);
-
-        File file = new File(jksPath.toUri().getPath());
-        file.delete();
-        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
-
-        CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
-
-        // create new aliases
-        try {
-
-            char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
-
-            char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
-
-            char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
-
-            char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
-            provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
-
-            // write out so that it can be found in checks
-            provider.flush();
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw e;
-        }
-    }
-
-    protected String getWarPath() {
-        return String.format("/../../webapp/target/atlas-webapp-%s",
-                System.getProperty("project.version"));
-    }
-
-    private HiveConf getHiveConf() {
-        return HiveHookIT.createHiveConf(DGI_URL);
-    }
-
-    private void runCommand(String cmd) throws Exception {
-        ss.setCommandType(null);
-        driver.run(cmd);
-    }
-
-    @Test
-    public void testCreateDatabase() throws Exception {
-        String dbName = "db" + RandomStringUtils.randomAlphanumeric(5).toLowerCase();
-        runCommand("create database " + dbName);
-
-        assertDatabaseIsRegistered(dbName);
-    }
-
-    private void assertDatabaseIsRegistered(String dbName) throws Exception {
-        assertInstanceIsRegistered(HiveDataTypes.HIVE_DB.getName(), "name", dbName);
-    }
-
-    private void assertInstanceIsRegistered(String typeName, String colName, String colValue) throws Exception {
-        JSONArray results = dgiCLient.rawSearch(typeName, colName, colValue);
-        Assert.assertEquals(results.length(), 1);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/pom.xml
----------------------------------------------------------------------
diff --git a/client/pom.xml b/client/pom.xml
index be19a71..2f883cd 100755
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -77,28 +77,4 @@
             <artifactId>testng</artifactId>
         </dependency>
     </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-
-            <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <inherited>true</inherited>
-                <extensions>true</extensions>
-            </plugin>
-        </plugins>
-    </build>
-
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/ApplicationProperties.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/ApplicationProperties.java b/client/src/main/java/org/apache/atlas/ApplicationProperties.java
index ad87d8d..15cca47 100644
--- a/client/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/client/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -17,8 +17,10 @@
 
 package org.apache.atlas;
 
+import org.apache.commons.configuration.AbstractConfiguration;
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.ConfigurationUtils;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -59,66 +61,26 @@ public class ApplicationProperties extends PropertiesConfiguration {
                     : new File(confLocation, fileName).toURI().toURL();
             LOG.info("Loading {} from {}", fileName, url);
 
-            ApplicationProperties configuration = new ApplicationProperties(url);
+            Configuration configuration = new ApplicationProperties(url).interpolatedConfiguration();
+            logConfiguration(configuration);
+            return configuration;
+        } catch (Exception e) {
+            throw new AtlasException("Failed to load application properties", e);
+        }
+    }
+
+    private static void logConfiguration(Configuration configuration) {
+        if (LOG.isDebugEnabled()) {
             Iterator<String> keys = configuration.getKeys();
             LOG.debug("Configuration loaded:");
-            while(keys.hasNext()) {
+            while (keys.hasNext()) {
                 String key = keys.next();
                 LOG.debug("{} = {}", key, configuration.getProperty(key));
             }
-            return configuration;
-        } catch (Exception e) {
-            throw new AtlasException("Failed to load application properties", e);
         }
     }
 
     public static final Configuration getSubsetConfiguration(Configuration inConf, String prefix) {
         return inConf.subset(prefix);
     }
-
-    @Override
-    public Object getProperty(String key) {
-        Object value = super.getProperty(key);
-        if (value instanceof String) {
-            value = substituteVars((String) value);
-        }
-        return value;
-    }
-
-    private static final Pattern VAR_PATTERN = Pattern.compile("\\$\\{[^\\}\\$\u0020]+\\}");
-
-    private static final int MAX_SUBST = 20;
-
-    private String substituteVars(String expr) {
-        if (expr == null) {
-            return null;
-        }
-        Matcher match = VAR_PATTERN.matcher("");
-        String eval = expr;
-
-        for(int s = 0; s < MAX_SUBST; s++) {
-            match.reset(eval);
-            if (!match.find()) {
-                return eval;
-            }
-            String var = match.group();
-            var = var.substring(2, var.length() - 1); // remove ${ .. }
-            String val = null;
-            try {
-                val = System.getProperty(var);
-            } catch(SecurityException se) {
-                LOG.warn("Unexpected SecurityException in Configuration", se);
-            }
-            if (val == null) {
-                val = getString(var);
-            }
-            if (val == null) {
-                return eval; // return literal ${var}: var is unbound
-            }
-
-            // substitute
-            eval = eval.substring(0, match.start()) + val + eval.substring(match.end());
-        }
-        throw new IllegalStateException("Variable substitution depth too large: " + MAX_SUBST + " " + expr);
-    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
index b70c5ce..d3b474a 100644
--- a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
+++ b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
@@ -64,7 +64,7 @@ public class SecureClientUtils {
             final UserGroupInformation ugi) {
         config.getProperties().put(URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, true);
         Configuration conf = new Configuration();
-        conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, "ssl-client.xml"));
+        conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
         UserGroupInformation.setConfiguration(conf);
         final ConnectionConfigurator connConfigurator = newConnConfigurator(conf);
         String authType = "simple";

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/client/src/test/resources/application.properties
----------------------------------------------------------------------
diff --git a/client/src/test/resources/application.properties b/client/src/test/resources/application.properties
index 9672d1e..dbd6002 100644
--- a/client/src/test/resources/application.properties
+++ b/client/src/test/resources/application.properties
@@ -17,7 +17,7 @@
 #
 
 #system property
-atlas.data=/var/data/${user.name}/atlas
+atlas.data=/var/data/${sys:user.name}/atlas
 
 #re-use existing property
 atlas.graph.data=${atlas.data}/graph

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c201b4c..602e70f 100755
--- a/pom.xml
+++ b/pom.xml
@@ -353,6 +353,8 @@
 
         <!-- skips checkstyle and find bugs -->
         <skipCheck>false</skipCheck>
+        <skipTests>false</skipTests>
+        <projectBaseDir>${project.basedir}</projectBaseDir>
         <titan.storage.backend>berkeleyje</titan.storage.backend>
         <titan.index.backend>elasticsearch</titan.index.backend>
     </properties>
@@ -909,23 +911,15 @@
 
             <dependency>
                 <groupId>org.apache.atlas</groupId>
-                <artifactId>atlas-webapp</artifactId>
-                <version>${project.version}</version>
-                <classifier>classes</classifier>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.atlas</groupId>
                 <artifactId>atlas-client</artifactId>
                 <version>${project.version}</version>
             </dependency>
 
             <dependency>
                 <groupId>org.apache.atlas</groupId>
-                <artifactId>atlas-client</artifactId>
+                <artifactId>atlas-webapp</artifactId>
                 <version>${project.version}</version>
-                <type>test-jar</type>
-                <scope>test</scope>
+                <type>war</type>
             </dependency>
 
             <!--Scala dependencies-->
@@ -1303,6 +1297,14 @@
             </plugin>
 
             <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <version>2.5.4</version>
+                <inherited>true</inherited>
+                <extensions>true</extensions>
+            </plugin>
+
+            <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <inherited>false</inherited>
                 <configuration>
@@ -1349,6 +1351,9 @@
                 <artifactId>maven-failsafe-plugin</artifactId>
                 <version>2.18.1</version>
                 <configuration>
+                    <systemPropertyVariables>
+                        <projectBaseDir>${projectBaseDir}</projectBaseDir>
+                    </systemPropertyVariables>
                     <redirectTestOutputToFile>true</redirectTestOutputToFile>
                     <argLine>-Djava.awt.headless=true -Dproject.version=${project.version}
                         -Dhadoop.tmp.dir=${project.build.directory}/tmp-hadoop-${user.name}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 7a7329c..93c1288 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -8,6 +8,7 @@ ATLAS-54 Rename configs in hive hook (shwethags)
 ATLAS-3 Mixed Index creation fails with Date types (suma.shivaprasad via shwethags)
 
 ALL CHANGES:
+ATLAS-86 Jenkins build failing as of build #41 (shwethags)
 ATLAS-80 Support for variables in application properties (shwethags)
 ATLAS-37 atlas repository, webapp, hive-bridge tests fails with Hbase and Solr as Titan storage backend (suma.shivaprasad via shwethags)
 ATLAS-56 atlas_config.py should give an informative error if jar or java binaries can't be found (dossett@gmail.com via shwethags)

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/src/conf/application.properties
----------------------------------------------------------------------
diff --git a/src/conf/application.properties b/src/conf/application.properties
index 51f2529..5487749 100755
--- a/src/conf/application.properties
+++ b/src/conf/application.properties
@@ -19,7 +19,7 @@
 #########  Graph Database Configs  #########
 # Graph Storage
 atlas.graph.storage.backend=berkeleyje
-atlas.graph.storage.directory=${atlas.home}/data/berkley
+atlas.graph.storage.directory=${sys:atlas.home}/data/berkley
 
 #Hbase as stoarge backend
 #hbase
@@ -40,7 +40,7 @@ atlas.graph.storage.directory=${atlas.home}/data/berkley
 
 # Graph Search Index
 atlas.graph.index.search.backend=elasticsearch
-atlas.graph.index.search.directory=${atlas.home}/data/es
+atlas.graph.index.search.directory=${sys:atlas.home}/data/es
 atlas.graph.index.search.elasticsearch.client-only=false
 atlas.graph.index.search.elasticsearch.local-mode=true
 atlas.graph.index.search.elasticsearch.create.sleep=2000

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/pom.xml
----------------------------------------------------------------------
diff --git a/webapp/pom.xml b/webapp/pom.xml
index 86e1ebf..d558d74 100755
--- a/webapp/pom.xml
+++ b/webapp/pom.xml
@@ -34,6 +34,7 @@
     <packaging>war</packaging>
 
     <properties>
+        <projectBaseDir>${project.basedir}/..</projectBaseDir>
         <debug.jetty.daemon>true</debug.jetty.daemon>
     </properties>
 
@@ -51,7 +52,6 @@
         <dependency>
             <groupId>org.apache.atlas</groupId>
             <artifactId>atlas-client</artifactId>
-            <type>test-jar</type>
         </dependency>
 
         <dependency>
@@ -252,17 +252,6 @@
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
                 <configuration>
                     <attachClasses>true</attachClasses>
@@ -395,12 +384,6 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <inherited>true</inherited>
-                <extensions>true</extensions>
-            </plugin>
-            <plugin>
                 <groupId>net.alchim31.maven</groupId>
                 <artifactId>scala-maven-plugin</artifactId>
             </plugin>

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index ca71293..1b2192c 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -18,6 +18,8 @@
 
 package org.apache.atlas.web.service;
 
+import org.apache.atlas.ApplicationProperties;
+import org.apache.atlas.AtlasException;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.hadoop.conf.Configuration;
@@ -58,7 +60,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
     }
 
     protected Connector getConnector(int port) throws IOException {
-        PropertiesConfiguration config = getConfiguration();
+        org.apache.commons.configuration.Configuration config = getConfiguration();
 
         SslContextFactory sslContextFactory = new SslContextFactory();
         sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY,
@@ -102,7 +104,7 @@ public class SecureEmbeddedServer extends EmbeddedServer {
      * @return the password.
      * @throws IOException
      */
-    private String getPassword(PropertiesConfiguration config, String key) throws IOException {
+    private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
 
         String password;
 
@@ -131,10 +133,10 @@ public class SecureEmbeddedServer extends EmbeddedServer {
      * Returns the application configuration.
      * @return
      */
-    protected PropertiesConfiguration getConfiguration() {
+    protected org.apache.commons.configuration.Configuration getConfiguration() {
         try {
-            return new PropertiesConfiguration("application.properties");
-        } catch (ConfigurationException e) {
+            return ApplicationProperties.get();
+        } catch (AtlasException e) {
             throw new RuntimeException("Unable to load configuration: application.properties");
         }
     }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/TestUtils.java b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
new file mode 100644
index 0000000..ede041e
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/TestUtils.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web;
+
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.RandomStringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileWriter;
+
+public class TestUtils {
+    private static final Logger LOG = LoggerFactory.getLogger(TestUtils.class);
+
+    public static String random(){
+        return RandomStringUtils.randomAlphanumeric(10);
+    }
+
+    public static void writeConfiguration(PropertiesConfiguration configuration, String fileName) throws Exception {
+        LOG.debug("Storing configuration in file {}", fileName);
+        File file = new File(fileName);
+        File parentFile = file.getParentFile();
+        if (!parentFile.exists() && !parentFile.mkdirs()) {
+            throw new Exception("Failed to create dir " + parentFile.getAbsolutePath());
+        }
+        file.createNewFile();
+        configuration.save(new FileWriter(file));
+    }
+
+    public static String getTempDirectory() {
+        return System.getProperty("projectBaseDir") + "/webapp/target/" + random();
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
new file mode 100644
index 0000000..b5366ff
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.security.SecurityProperties;
+import org.apache.atlas.web.service.SecureEmbeddedServer;
+import org.apache.commons.io.FileUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.eclipse.jetty.server.Server;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ *
+ */
+public class BaseSSLAndKerberosTest extends BaseSecurityTest {
+    public static final String TESTUSER = "testuser";
+    public static final String TESTPASS = "testpass";
+    protected static final String DGI_URL = "https://localhost:21443/";
+    protected Path jksPath;
+    protected String providerUrl;
+    protected File httpKeytabFile;
+    private File userKeytabFile;
+
+    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
+
+        public TestSecureEmbeddedServer(int port, String path) throws IOException {
+            super(port, path);
+        }
+
+        public Server getServer() {
+            return server;
+        }
+
+        @Override
+        public org.apache.commons.configuration.Configuration getConfiguration() {
+            return super.getConfiguration();
+        }
+    }
+
+    protected void setupCredentials() throws Exception {
+        Configuration conf = new Configuration(false);
+
+        File file = new File(jksPath.toUri().getPath());
+        file.delete();
+        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
+
+        CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
+
+        // create new aliases
+        try {
+
+            char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);
+
+            char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);
+
+            char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
+
+            char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);
+
+            // write out so that it can be found in checks
+            provider.flush();
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw e;
+        }
+    }
+
+    public void setupKDCAndPrincipals() throws Exception {
+        // set up the KDC
+        File kdcWorkDir = startKDC();
+
+        userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
+        httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab");
+
+        // create a test user principal
+        kdc.createPrincipal(TESTUSER, TESTPASS);
+
+        StringBuilder jaas = new StringBuilder(1024);
+        jaas.append("TestUser {\n" +
+                "    com.sun.security.auth.module.Krb5LoginModule required\nuseTicketCache=true;\n" +
+                "};\n");
+        jaas.append(createJAASEntry("Client", "dgi", userKeytabFile));
+        jaas.append(createJAASEntry("Server", "HTTP", httpKeytabFile));
+
+        File jaasFile = new File(kdcWorkDir, "jaas.txt");
+        FileUtils.write(jaasFile, jaas.toString());
+        bindJVMtoJAASFile(jaasFile);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
index 67f3901..614638c 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
@@ -18,7 +18,10 @@ package org.apache.atlas.web.security;
 
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.RandomStringUtils;
 import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.hadoop.security.ssl.SSLFactory;
+import org.apache.hadoop.security.ssl.SSLHostnameVerifier;
 import org.apache.zookeeper.Environment;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.webapp.WebAppContext;
@@ -32,6 +35,11 @@ import java.nio.file.Files;
 import java.util.Locale;
 import java.util.Properties;
 
+import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIAL_PROVIDER_PATH;
+import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
+
 /**
  *
  */
@@ -42,11 +50,6 @@ public class BaseSecurityTest {
             + " useTicketCache=false\n" + " doNotPrompt=true\n" + " storeKey=true;\n" + "}; \n";
     protected MiniKdc kdc;
 
-    protected String getWarPath() {
-        return String.format("/target/atlas-webapp-%s.war",
-                System.getProperty("release.version"));
-    }
-
     protected void generateTestProperties(Properties props) throws ConfigurationException, IOException {
         PropertiesConfiguration config =
                 new PropertiesConfiguration(System.getProperty("user.dir") + "/../src/conf/application.properties");
@@ -62,7 +65,7 @@ public class BaseSecurityTest {
     protected void startEmbeddedServer(Server server) throws Exception {
         WebAppContext webapp = new WebAppContext();
         webapp.setContextPath("/");
-        webapp.setWar(System.getProperty("user.dir") + getWarPath());
+        webapp.setWar(getWarPath());
         server.setHandler(webapp);
 
         server.start();
@@ -105,4 +108,22 @@ public class BaseSecurityTest {
         kdc.createPrincipal(keytab, principal, principal + "/localhost", principal + "/127.0.0.1");
         return keytab;
     }
+
+    protected String getWarPath() {
+        return System.getProperty("projectBaseDir") + String.format("/webapp/target/atlas-webapp-%s",
+                System.getProperty("project.version"));
+    }
+
+    protected PropertiesConfiguration getSSLConfiguration(String providerUrl) {
+        String projectBaseDirectory = System.getProperty("projectBaseDir");
+        final PropertiesConfiguration configuration = new PropertiesConfiguration();
+        configuration.setProperty(TLS_ENABLED, true);
+        configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
+        configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
+        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
+        configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
+                SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
+        return  configuration;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
new file mode 100755
index 0000000..0b95b7a
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosIT.java
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.file.Files;
+
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+
+/**
+ * Perform all the necessary setup steps for client and server comm over SSL/Kerberos, but then don't estalish a
+ * kerberos user for the invocation.  Need a separate use case since the Jersey layer cached the URL connection handler,
+ * which indirectly caches the kerberos delegation token.
+ */
+public class NegativeSSLAndKerberosIT extends BaseSSLAndKerberosTest {
+
+    private TestSecureEmbeddedServer secureEmbeddedServer;
+    private String originalConf;
+    private AtlasClient dgiClient;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+        String persistDir = TestUtils.getTempDirectory();
+
+        setupKDCAndPrincipals();
+        setupCredentials();
+
+        // client will actually only leverage subset of these properties
+        final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+        configuration.setProperty("atlas.http.authentication.type", "kerberos");
+
+        TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+        String confLocation = System.getProperty("atlas.conf");
+        URL url;
+        if (confLocation == null) {
+            url = NegativeSSLAndKerberosIT.class.getResource("/application.properties");
+        } else {
+            url = new File(confLocation, "application.properties").toURI().toURL();
+        }
+        configuration.load(url);
+
+        configuration.setProperty(TLS_ENABLED, true);
+        configuration.setProperty("atlas.http.authentication.enabled", "true");
+        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
+        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+                "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
+
+        TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties");
+
+        dgiClient = new AtlasClient(DGI_URL) {
+            @Override
+            protected PropertiesConfiguration getClientProperties() throws AtlasException {
+                return configuration;
+            }
+        };
+
+        // save original setting
+        originalConf = System.getProperty("atlas.conf");
+        System.setProperty("atlas.conf", persistDir);
+        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+            @Override
+            public PropertiesConfiguration getConfiguration() {
+                return configuration;
+            }
+        };
+        secureEmbeddedServer.getServer().start();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        if (secureEmbeddedServer != null) {
+            secureEmbeddedServer.getServer().stop();
+        }
+
+        if (kdc != null) {
+            kdc.stop();
+        }
+
+        if (originalConf != null) {
+            System.setProperty("atlas.conf", originalConf);
+        }
+    }
+
+    @Test
+    public void testUnsecuredClient() throws Exception {
+        try {
+            dgiClient.listTypes();
+            Assert.fail("Should have failed with GSSException");
+        } catch(Exception e) {
+            e.printStackTrace();
+            Assert.assertTrue(e.getMessage().contains("Mechanism level: Failed to find any Kerberos tgt"));
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
new file mode 100755
index 0000000..f00ac64
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosIT.java
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.security.PrivilegedExceptionAction;
+
+import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
+
+public class SSLAndKerberosIT extends BaseSSLAndKerberosTest {
+    public static final String TEST_USER_JAAS_SECTION = "TestUser";
+    public static final String TESTUSER = "testuser";
+    public static final String TESTPASS = "testpass";
+
+    private static final String DGI_URL = "https://localhost:21443/";
+    private AtlasClient dgiCLient;
+    private TestSecureEmbeddedServer secureEmbeddedServer;
+    private Subject subject;
+    private String originalConf;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+        String persistDir = TestUtils.getTempDirectory();
+
+        setupKDCAndPrincipals();
+        setupCredentials();
+
+        // client will actually only leverage subset of these properties
+        final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+        configuration.setProperty("atlas.http.authentication.type", "kerberos");
+        TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+        String confLocation = System.getProperty("atlas.conf");
+        URL url;
+        if (confLocation == null) {
+            url = SSLAndKerberosIT.class.getResource("/application.properties");
+        } else {
+            url = new File(confLocation, "application.properties").toURI().toURL();
+        }
+        configuration.load(url);
+        configuration.setProperty(TLS_ENABLED, true);
+        configuration.setProperty("atlas.http.authentication.enabled", "true");
+        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
+        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+                "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
+
+        TestUtils.writeConfiguration(configuration, persistDir + File.separator + "application.properties");
+
+        subject = loginTestUser();
+        UserGroupInformation.loginUserFromSubject(subject);
+        UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
+            "testUser",
+            UserGroupInformation.getLoginUser());
+
+        dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
+            @Override
+            public AtlasClient run() throws Exception {
+                return new AtlasClient(DGI_URL) {
+                    @Override
+                    protected PropertiesConfiguration getClientProperties() throws AtlasException {
+                        return configuration;
+                    }
+                };
+            }
+        });
+
+        // save original setting
+        originalConf = System.getProperty("atlas.conf");
+        System.setProperty("atlas.conf", persistDir);
+        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+            @Override
+            public PropertiesConfiguration getConfiguration() {
+                return configuration;
+            }
+        };
+        secureEmbeddedServer.getServer().start();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        if (secureEmbeddedServer != null) {
+            secureEmbeddedServer.getServer().stop();
+        }
+
+        if (kdc != null) {
+            kdc.stop();
+        }
+
+        if (originalConf != null) {
+            System.setProperty("atlas.conf", originalConf);
+        }
+    }
+
+    protected Subject loginTestUser() throws LoginException, IOException {
+        LoginContext lc = new LoginContext(TEST_USER_JAAS_SECTION, new CallbackHandler() {
+
+            @Override
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+                for (int i = 0; i < callbacks.length; i++) {
+                    if (callbacks[i] instanceof PasswordCallback) {
+                        PasswordCallback passwordCallback = (PasswordCallback) callbacks[i];
+                        passwordCallback.setPassword(TESTPASS.toCharArray());
+                    }
+                    if (callbacks[i] instanceof NameCallback) {
+                        NameCallback nameCallback = (NameCallback) callbacks[i];
+                        nameCallback.setName(TESTUSER);
+                    }
+                }
+            }
+        });
+        // attempt authentication
+        lc.login();
+        return lc.getSubject();
+    }
+
+    @Test
+    public void testService() throws Exception {
+        dgiCLient.listTypes();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/b93fe4a4/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
new file mode 100755
index 0000000..3e23185
--- /dev/null
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLIT.java
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.security;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.web.TestUtils;
+import org.apache.atlas.web.service.SecureEmbeddedServer;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.eclipse.jetty.server.Server;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+
+import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
+import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
+
+public class SSLIT extends BaseSSLAndKerberosTest {
+    private AtlasClient dgiCLient;
+    private Path jksPath;
+    private String providerUrl;
+    private TestSecureEmbeddedServer secureEmbeddedServer;
+
+    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
+
+        public TestSecureEmbeddedServer(int port, String path) throws IOException {
+            super(port, path);
+        }
+
+        public Server getServer() {
+            return server;
+        }
+
+        @Override
+        public org.apache.commons.configuration.Configuration getConfiguration() {
+            return super.getConfiguration();
+        }
+    }
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
+        providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
+
+        String persistDir = TestUtils.getTempDirectory();
+
+        setupCredentials();
+
+        final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
+        TestUtils.writeConfiguration(configuration, persistDir + File.separator + "client.properties");
+
+        dgiCLient = new AtlasClient(DGI_URL) {
+            @Override
+            protected PropertiesConfiguration getClientProperties() throws AtlasException {
+                return configuration;
+            }
+        };
+
+        secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
+            @Override
+            public PropertiesConfiguration getConfiguration() {
+                return configuration;
+            }
+        };
+        secureEmbeddedServer.getServer().start();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        if (secureEmbeddedServer != null) {
+            secureEmbeddedServer.getServer().stop();
+        }
+    }
+
+    protected void setupCredentials() throws Exception {
+        Configuration conf = new Configuration(false);
+
+        File file = new File(jksPath.toUri().getPath());
+        file.delete();
+        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
+
+        CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
+
+        // create new aliases
+        try {
+
+            char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
+
+            char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
+
+            char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
+
+            char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
+            provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
+
+            // write out so that it can be found in checks
+            provider.flush();
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw e;
+        }
+    }
+
+    @Test
+    public void testService() throws Exception {
+        dgiCLient.listTypes();
+   }
+}


Mime
View raw message