atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suma...@apache.org
Subject incubator-atlas git commit: ATLAS-762 - Assertion in NegativeSSLAndKerberosTest.testUnsecuredClient needs to be hardened
Date Wed, 03 Aug 2016 19:10:24 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master bb7895502 -> a165234cd


ATLAS-762 - Assertion in NegativeSSLAndKerberosTest.testUnsecuredClient needs to be hardened


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/a165234c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/a165234c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/a165234c

Branch: refs/heads/master
Commit: a165234cd373a2fbbcea23ca2a4d6936c907519f
Parents: bb78955
Author: nixonrodrigues <nixon.rodrigues@freestoneinfotech.com>
Authored: Wed Aug 3 18:20:03 2016 +0530
Committer: Suma Shivaprasad <sumasai.shivaprasad@gmail.com>
Committed: Wed Aug 3 12:10:15 2016 -0700

----------------------------------------------------------------------
 .../main/java/org/apache/atlas/AtlasClient.java |  8 +-
 .../atlas/security/SecureClientUtils.java       | 35 +++++++++
 release-log.txt                                 |  1 +
 .../test/resources/atlas-application.properties |  4 +
 .../atlas/web/resources/BaseResourceIT.java     |  6 +-
 .../web/resources/EntityJerseyResourceIT.java   | 13 +++-
 .../web/security/BaseSSLAndKerberosTest.java    |  4 +-
 .../atlas/web/security/BaseSecurityTest.java    | 77 ++++++++++++++++++++
 .../security/NegativeSSLAndKerberosTest.java    | 17 +++--
 .../atlas/web/security/SSLAndKerberosTest.java  | 33 +++++++--
 .../org/apache/atlas/web/security/SSLTest.java  |  8 +-
 .../web/service/SecureEmbeddedServerTest.java   |  2 +-
 webapp/src/test/webapp/WEB-INF/web.xml          | 23 ++++++
 13 files changed, 201 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/client/src/main/java/org/apache/atlas/AtlasClient.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/AtlasClient.java b/client/src/main/java/org/apache/atlas/AtlasClient.java
index e284ab4..5ed79bc 100755
--- a/client/src/main/java/org/apache/atlas/AtlasClient.java
+++ b/client/src/main/java/org/apache/atlas/AtlasClient.java
@@ -237,8 +237,12 @@ public class AtlasClient {
 
         URLConnectionClientHandler handler = null;
 
-        if ((!AuthenticationUtil.isKerberosAuthenticationEnabled()) && basicAuthUser!=null
&& basicAuthPassword!=null) {
-            handler = new URLConnectionClientHandler();
+        if ((!AuthenticationUtil.isKerberosAuthenticationEnabled()) && basicAuthUser
!= null && basicAuthPassword != null) {
+            if (clientConfig.getBoolean(TLS_ENABLED, false)) {
+                handler = SecureClientUtils.getUrlConnectionClientHandler();
+            } else {
+                handler = new URLConnectionClientHandler();
+            }
         } else {
             handler =
                     SecureClientUtils.getClientConnectionHandler(config, clientConfig, doAsUser,
ugi);

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
index 0adb97a..e13d826 100644
--- a/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
+++ b/client/src/main/java/org/apache/atlas/security/SecureClientUtils.java
@@ -211,4 +211,39 @@ public class SecureClientUtils {
         }
     }
 
+    public static URLConnectionClientHandler getUrlConnectionClientHandler() {
+        return new URLConnectionClientHandler(new HttpURLConnectionFactory() {
+            @Override
+            public HttpURLConnection getHttpURLConnection(URL url)
+                    throws IOException {
+                HttpURLConnection connection = (HttpURLConnection) url.openConnection();
+
+                if (connection instanceof HttpsURLConnection) {
+                    LOG.debug("Attempting to configure HTTPS connection using client "
+                            + "configuration");
+                    final SSLFactory factory;
+                    final SSLSocketFactory sf;
+                    final HostnameVerifier hv;
+
+                    try {
+                        Configuration conf = new Configuration();
+                        conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
+                        UserGroupInformation.setConfiguration(conf);
+
+                        HttpsURLConnection c = (HttpsURLConnection) connection;
+                        factory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
+                        factory.init();
+                        sf = factory.createSSLSocketFactory();
+                        hv = factory.getHostnameVerifier();
+                        c.setSSLSocketFactory(sf);
+                        c.setHostnameVerifier(hv);
+                    } catch (Exception e) {
+                        LOG.info("Unable to configure HTTPS connection from "
+                                + "configuration.  Leveraging JDK properties.");
+                    }
+                }
+                return connection;
+            }
+        });
+    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index b7cff4c..6e73a7d 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -6,6 +6,7 @@ INCOMPATIBLE CHANGES:
 
 
 ALL CHANGES:
+ATLAS-762 Assertion in NegativeSSLAndKerberosTest.testUnsecuredClient needs to be hardened
(nixonrodrigues via sumasai)
 ATLAS-1071 Regression - UI - Details Button under Audits Tab is not working.(kevalbhatt18
via sumasai)
 ATLAS-965 Old lineage still exists after dropping tables and re-creating tables with same
name. (shwethags via sumasai)
 ATLAS-1048 TestMetadata.py test in distro project fails on Windows (jnhagelb via shwethags)

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/typesystem/src/test/resources/atlas-application.properties
----------------------------------------------------------------------
diff --git a/typesystem/src/test/resources/atlas-application.properties b/typesystem/src/test/resources/atlas-application.properties
index 4d7e9b5..a3b6c90 100644
--- a/typesystem/src/test/resources/atlas-application.properties
+++ b/typesystem/src/test/resources/atlas-application.properties
@@ -119,3 +119,7 @@ atlas.server.ha.enabled=false
 #########POLICY FILE PATH #########
 atlas.auth.policy.file=${sys:user.dir}/distro/src/conf/policy-store.txt
 
+atlas.authentication.method.file=true
+atlas.authentication.method.ldap.type=none
+atlas.authentication.method.file.filename=${sys:user.dir}/distro/src/conf/users-credentials.properties
+atlas.authentication.method.kerberos=false
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java b/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
index 6b54fcd..aa69556 100755
--- a/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
+++ b/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
@@ -77,19 +77,15 @@ public abstract class BaseResourceIT {
     @BeforeClass
     public void setUp() throws Exception {
 
-        DefaultClientConfig config = new DefaultClientConfig();
-        Client client = Client.create(config);
         Configuration configuration = ApplicationProperties.get();
         baseUrl = configuration.getString(ATLAS_REST_ADDRESS, "http://localhost:21000/");
-        client.resource(UriBuilder.fromUri(baseUrl).build());
-
-        service = client.resource(UriBuilder.fromUri(baseUrl).build());
 
         if (!AuthenticationUtil.isKerberosAuthenticationEnabled()) {
             serviceClient = new AtlasClient(new String[]{baseUrl}, new String[]{"admin",
"admin"});
         } else {
             serviceClient = new AtlasClient(baseUrl);
         }
+        service = serviceClient.getResource();
     }
 
     protected void createType(TypesDef typesDef) throws Exception {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/resources/EntityJerseyResourceIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/resources/EntityJerseyResourceIT.java
b/webapp/src/test/java/org/apache/atlas/web/resources/EntityJerseyResourceIT.java
index 9102c75..0b49148 100755
--- a/webapp/src/test/java/org/apache/atlas/web/resources/EntityJerseyResourceIT.java
+++ b/webapp/src/test/java/org/apache/atlas/web/resources/EntityJerseyResourceIT.java
@@ -1,4 +1,4 @@
-/**
+    /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -73,6 +73,7 @@ import java.util.UUID;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.fail;
+import org.apache.atlas.utils.AuthenticationUtil;
 
 
 /**
@@ -127,9 +128,13 @@ public class EntityJerseyResourceIT extends BaseResourceIT {
         entity.set("name", randomString());
         entity.set("description", randomString());
 
-        String user = "testuser";
-        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
-        AtlasClient localClient = new AtlasClient(ugi, null, baseUrl);
+        String user = "admin";
+        AtlasClient localClient = null;
+        if (!AuthenticationUtil.isKerberosAuthenticationEnabled()) {
+            localClient = new AtlasClient(new String[]{baseUrl}, new String[]{"admin", "admin"});
+        } else {
+            localClient = new AtlasClient(baseUrl);
+        }
         String entityId = localClient.createEntity(entity).get(0);
 
         List<EntityAuditEvent> events = serviceClient.getEntityAuditEvents(entityId,
(short) 10);

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
index 3d1a63a..fdadc2e 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
@@ -40,7 +40,7 @@ public class BaseSSLAndKerberosTest extends BaseSecurityTest {
     protected Path jksPath;
     protected String providerUrl;
     protected File httpKeytabFile;
-    private File userKeytabFile;
+    protected File userKeytabFile;
 
     class TestSecureEmbeddedServer extends SecureEmbeddedServer {
 
@@ -98,7 +98,7 @@ public class BaseSSLAndKerberosTest extends BaseSecurityTest {
         File kdcWorkDir = startKDC();
 
         userKeytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
-        createKeytab(kdc, kdcWorkDir, "zookeeper", "dgi.keytab");
+        //createKeytab(kdc, kdcWorkDir, "zookeeper", "dgi.keytab");
         httpKeytabFile = createKeytab(kdc, kdcWorkDir, "HTTP", "spnego.service.keytab");
 
         // create a test user principal

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
index 54c570c..ff2cfc3 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSecurityTest.java
@@ -41,6 +41,13 @@ import static org.apache.atlas.security.SecurityProperties.CERT_STORES_CREDENTIA
 import static org.apache.atlas.security.SecurityProperties.KEYSTORE_FILE_KEY;
 import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
 import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
+import static org.apache.atlas.security.SecurityProperties.SSL_CLIENT_PROPERTIES;
+import static org.apache.atlas.security.SecurityProperties.CLIENT_AUTH_KEY;
+import static org.apache.atlas.security.SecurityProperties.SSL_CLIENT_PROPERTIES;
+import org.apache.commons.io.FileUtils;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.atlas.AtlasException;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
 
 /**
  *
@@ -153,9 +160,79 @@ public class BaseSecurityTest {
         configuredProperties.copy(configuration);
 
         String persistDir = TestUtils.getTempDirectory();
+        configuredProperties.setProperty("atlas.authentication.method.file", "true");
+        configuredProperties.setProperty("atlas.authentication.method.file.filename", persistDir
+                + "/users-credentials");
+        configuredProperties.setProperty("atlas.auth.policy.file",persistDir
+                + "/policy-store.txt" );
         TestUtils.writeConfiguration(configuredProperties, persistDir + File.separator +
                 ApplicationProperties.APPLICATION_PROPERTIES);
+        setupUserCredential(persistDir);
+        setUpPolicyStore(persistDir);
         ApplicationProperties.forceReload();
         return persistDir;
     }
+
+    public static void setupUserCredential(String tmpDir) throws Exception {
+
+        StringBuilder credentialFileStr = new StringBuilder(1024);
+        credentialFileStr.append("admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918\n");
+        credentialFileStr.append("michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb\n");
+        credentialFileStr.append("paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c\n");
+        credentialFileStr.append("testuser=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c\n");
+        File credentialFile = new File(tmpDir, "users-credentials");
+        FileUtils.write(credentialFile, credentialFileStr.toString());
+    }
+
+    public static void setUpPolicyStore(String tmpDir) throws Exception {
+        StringBuilder policyStr = new StringBuilder(1024);
+        policyStr.append("adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*\n");
+        policyStr.append("dataStewardPolicy;;testuser:rwud;;DATA_STEWARD:rwu;;type:*,entity:*,taxonomy:*,term:*\n");
+
+        File policyFile = new File(tmpDir, "policy-store.txt");
+        FileUtils.write(policyFile, policyStr.toString());
+    }
+
+    public static void persistSSLClientConfiguration(org.apache.commons.configuration.Configuration
clientConfig)
+            throws AtlasException, IOException {
+        //trust settings
+        Configuration configuration = new Configuration(false);
+        File sslClientFile = getSSLClientFile();
+        if (!sslClientFile.exists()) {
+            configuration.set("ssl.client.truststore.type", "jks");
+            configuration.set("ssl.client.truststore.location", clientConfig.getString(TRUSTSTORE_FILE_KEY));
+            if (clientConfig.getBoolean(CLIENT_AUTH_KEY, false)) {
+                // need to get client key properties
+                configuration.set("ssl.client.keystore.location", clientConfig.getString(KEYSTORE_FILE_KEY));
+                configuration.set("ssl.client.keystore.type", "jks");
+            }
+            // add the configured credential provider
+            configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
+                    clientConfig.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH));
+            String hostnameVerifier = clientConfig.getString(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY);
+            if (hostnameVerifier != null) {
+                configuration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, hostnameVerifier);
+            }
+
+            configuration.writeXml(new FileWriter(sslClientFile));
+        }
+    }
+
+    private static File getSSLClientFile() throws AtlasException {
+        File sslDir;
+        try {
+            String persistDir = null;
+            URL resource = BaseSecurityTest.class.getResource("/");
+            if (resource != null) {
+                persistDir = resource.toURI().getPath();
+            }
+            assert persistDir != null;
+            sslDir = new File(persistDir);
+
+            // LOG.info("ssl-client.xml will be created in {}", sslDir);
+        } catch (Exception e) {
+            throw new AtlasException("Failed to find client configuration directory", e);
+        }
+        return new File(sslDir, SSL_CLIENT_PROPERTIES);
+    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
index 4d7794a..4ad01cf 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
@@ -61,6 +61,8 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
         // client will actually only leverage subset of these properties
         final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
 
+        persistSSLClientConfiguration((org.apache.commons.configuration.Configuration) configuration);
+
         TestUtils.writeConfiguration(configuration, persistDir + File.separator +
             ApplicationProperties.APPLICATION_PROPERTIES);
 
@@ -74,11 +76,15 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest
{
         configuration.load(url);
 
         configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty("atlas.http.authentication.enabled", "true");
-        configuration.setProperty("atlas.http.authentication.type", "kerberos");
-        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@"
+ kdc.getRealm());
-        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
-        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+        configuration.setProperty("atlas.authentication.method.kerberos", "true");
+        configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm());
+
+        configuration.setProperty("atlas.authentication.method.file", "false");
+        configuration.setProperty("atlas.authentication.method.kerberos", "true");
+        configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@"
+ kdc.getRealm());
+        configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
                 "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
 
         TestUtils.writeConfiguration(configuration, persistDir + File.separator +
@@ -127,6 +133,7 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest
{
             Assert.fail("Should have failed with GSSException");
         } catch(Exception e) {
             e.printStackTrace();
+            Assert.assertTrue(e.getMessage().contains("Mechanism level: Failed to find any
Kerberos tgt"));
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
index b550f70..b21fbd0 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
@@ -70,6 +70,8 @@ public class SSLAndKerberosTest extends BaseSSLAndKerberosTest {
         // client will actually only leverage subset of these properties
         final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
 
+        persistSSLClientConfiguration((org.apache.commons.configuration.Configuration) configuration);
+
         TestUtils.writeConfiguration(configuration, persistDir + File.separator +
             ApplicationProperties.APPLICATION_PROPERTIES);
 
@@ -82,22 +84,39 @@ public class SSLAndKerberosTest extends BaseSSLAndKerberosTest {
         }
         configuration.load(url);
         configuration.setProperty(TLS_ENABLED, true);
-        configuration.setProperty("atlas.http.authentication.enabled", "true");
-        configuration.setProperty("atlas.http.authentication.type", "kerberos");
-        configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@"
+ kdc.getRealm());
-        configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
-        configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
+        configuration.setProperty("atlas.authentication.method.kerberos", "true");
+        configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm());
+
+        configuration.setProperty("atlas.authentication.method.file", "false");
+        configuration.setProperty("atlas.authentication.method.kerberos", "true");
+        configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@"
+ kdc.getRealm());
+        configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
+        configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
                 "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
 
+        configuration.setProperty("atlas.authentication.method.file", "true");
+        configuration.setProperty("atlas.authentication.method.file.filename", persistDir
+                + "/users-credentials");
+        configuration.setProperty("atlas.auth.policy.file",persistDir
+                + "/policy-store.txt" );
+
         TestUtils.writeConfiguration(configuration, persistDir + File.separator +
           "atlas-application.properties");
 
+        setupUserCredential(persistDir);
+        setUpPolicyStore(persistDir);
+
         subject = loginTestUser();
         UserGroupInformation.loginUserFromSubject(subject);
         UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
             "testUser",
             UserGroupInformation.getLoginUser());
 
+        // save original setting
+        originalConf = System.getProperty("atlas.conf");
+        System.setProperty("atlas.conf", persistDir);
+
         dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
             @Override
             public AtlasClient run() throws Exception {
@@ -110,9 +129,7 @@ public class SSLAndKerberosTest extends BaseSSLAndKerberosTest {
             }
         });
 
-        // save original setting
-        originalConf = System.getProperty("atlas.conf");
-        System.setProperty("atlas.conf", persistDir);
+
         secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
             @Override
             public PropertiesConfiguration getConfiguration() {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
index 8afcc26..0d78285 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
@@ -74,16 +74,18 @@ public class SSLTest extends BaseSSLAndKerberosTest {
         setupCredentials();
         final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
         String persistDir = writeConfiguration(configuration);
+        persistSSLClientConfiguration((org.apache.commons.configuration.Configuration) configuration);
 
-        atlasClient = new AtlasClient(DGI_URL) {
+        originalConf = System.getProperty("atlas.conf");
+        System.setProperty("atlas.conf", persistDir);
+
+        atlasClient = new AtlasClient(new String[]{DGI_URL},new String[]{"admin","admin"})
{
             @Override
             protected PropertiesConfiguration getClientProperties() {
                 return configuration;
             }
         };
 
-        originalConf = System.getProperty("atlas.conf");
-        System.setProperty("atlas.conf", persistDir);
         secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
             @Override
             public PropertiesConfiguration getConfiguration() {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
index c356be6..dc3b936 100644
--- a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
@@ -67,7 +67,7 @@ public class SecureEmbeddedServerTest extends SecureEmbeddedServerTestBase
{
             };
             secureEmbeddedServer.server.start();
 
-            URL url = new URL("https://localhost:21443/api/atlas/admin/version");
+            URL url = new URL("https://localhost:21443/api/atlas/admin/status");
             HttpURLConnection connection = (HttpURLConnection) url.openConnection();
             connection.setRequestMethod("GET");
             connection.connect();

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/a165234c/webapp/src/test/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/test/webapp/WEB-INF/web.xml b/webapp/src/test/webapp/WEB-INF/web.xml
index 0562643..05d7ebb 100755
--- a/webapp/src/test/webapp/WEB-INF/web.xml
+++ b/webapp/src/test/webapp/WEB-INF/web.xml
@@ -38,6 +38,16 @@
      -->
 
     <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter>
         <filter-name>guiceFilter</filter-name>
         <filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
     </filter>
@@ -50,4 +60,17 @@
     <listener>
         <listener-class>org.apache.atlas.web.listeners.TestGuiceServletConfig</listener-class>
     </listener>
+
+    <listener>
+        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+    </listener>
+
+    <listener>
+        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
+    </listener>
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
 </web-app>


Mime
View raw message