falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From venkat...@apache.org
Subject [4/9] FALCON-464 Enforce Authorization for REST API. Contributed by Venkatesh Seetharam
Date Fri, 08 Aug 2014 17:43:43 GMT
http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
new file mode 100644
index 0000000..289e232
--- /dev/null
+++ b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java
@@ -0,0 +1,168 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.security;
+
+import org.apache.falcon.cluster.util.EntityBuilderTestUtil;
+import org.apache.falcon.entity.store.ConfigurationStore;
+import org.apache.falcon.entity.v0.EntityType;
+import org.apache.falcon.entity.v0.cluster.Cluster;
+import org.apache.falcon.util.StartupProperties;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.MockitoAnnotations;
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test for FalconAuthorizationFilter using mock objects.
+ */
+public class FalconAuthorizationFilterTest {
+
+    public static final String CLUSTER_ENTITY_NAME = "primary-cluster";
+    public static final String PROCESS_ENTITY_NAME = "sample-process";
+
+    @Mock
+    private HttpServletRequest mockRequest;
+
+    @Mock
+    private HttpServletResponse mockResponse;
+
+    @Mock
+    private FilterChain mockChain;
+
+    @Mock
+    private FilterConfig mockConfig;
+
+    @Mock
+    private UserGroupInformation mockUgi;
+
+    private ConfigurationStore configStore;
+    private Cluster clusterEntity;
+    private org.apache.falcon.entity.v0.process.Process processEntity;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+
+        CurrentUser.authenticate(EntityBuilderTestUtil.USER);
+        Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER);
+
+        configStore = ConfigurationStore.get();
+
+        addClusterEntity();
+        addProcessEntity();
+        Assert.assertNotNull(processEntity);
+    }
+
+    @DataProvider(name = "resourceWithNoEntity")
+    private Object[][] createOptions() {
+        return new Object[][] {
+            {"/admin/version"},
+            {"/entities/list/feed"},
+            {"/entities/list/process"},
+            {"/entities/list/cluster"},
+            {"/graphs/lineage/vertices/all"},
+            {"/graphs/lineage/vertices/_1"},
+            {"/graphs/lineage/vertices/properties/_1"},
+        };
+    }
+
+    @Test (dataProvider = "resourceWithNoEntity")
+    public void testDoFilter(String resource) throws Exception {
+        Filter filter = new FalconAuthorizationFilter();
+        synchronized (StartupProperties.get()) {
+            filter.init(mockConfig);
+        }
+
+        try {
+            boolean[] enabledFlags = {false, true};
+            for (boolean enabled : enabledFlags) {
+                StartupProperties.get().setProperty(
+                        "falcon.security.authorization.enabled", String.valueOf(enabled));
+
+                StringBuffer requestUrl = new StringBuffer("http://localhost" + resource);
+                Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
+                Mockito.when(mockRequest.getRequestURI()).thenReturn("/api" + resource);
+                Mockito.when(mockRequest.getPathInfo()).thenReturn(resource);
+
+                filter.doFilter(mockRequest, mockResponse, mockChain);
+            }
+        } finally {
+            filter.destroy();
+        }
+    }
+
+    @DataProvider(name = "resourceWithEntity")
+    private Object[][] createOptionsForResourceWithEntity() {
+        return new Object[][] {
+            {"/entities/status/process/"},
+            {"/entities/suspend/process/"},
+            {"/instance/running/process/"},
+        };
+    }
+
+    @Test (dataProvider = "resourceWithEntity")
+    public void testDoFilterForEntity(String resource) throws Exception {
+        Filter filter = new FalconAuthorizationFilter();
+        synchronized (StartupProperties.get()) {
+            filter.init(mockConfig);
+        }
+
+        try {
+            boolean[] enabledFlags = {false, true};
+            for (boolean enabled : enabledFlags) {
+                StartupProperties.get().setProperty(
+                        "falcon.security.authorization.enabled", String.valueOf(enabled));
+
+                String uri = resource + processEntity.getName();
+                StringBuffer requestUrl = new StringBuffer("http://localhost" + uri);
+                Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
+                Mockito.when(mockRequest.getRequestURI()).thenReturn("/api" + uri);
+                Mockito.when(mockRequest.getPathInfo()).thenReturn(uri);
+
+                filter.doFilter(mockRequest, mockResponse, mockChain);
+            }
+        } finally {
+            filter.destroy();
+        }
+    }
+
+    public void addClusterEntity() throws Exception {
+        clusterEntity = EntityBuilderTestUtil.buildCluster(CLUSTER_ENTITY_NAME);
+        configStore.publish(EntityType.CLUSTER, clusterEntity);
+    }
+
+    public void addProcessEntity() throws Exception {
+        processEntity = EntityBuilderTestUtil.buildProcess(PROCESS_ENTITY_NAME,
+                clusterEntity, "classified-as=Critical");
+        EntityBuilderTestUtil.addProcessWorkflow(processEntity);
+        EntityBuilderTestUtil.addProcessACL(processEntity);
+
+        configStore.publish(EntityType.PROCESS, processEntity);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/src/conf/startup.properties
----------------------------------------------------------------------
diff --git a/src/conf/startup.properties b/src/conf/startup.properties
index 038026d..526656f 100644
--- a/src/conf/startup.properties
+++ b/src/conf/startup.properties
@@ -144,8 +144,16 @@ prism.configstore.listeners=org.apache.falcon.entity.v0.EntityGraph,\
 
 ######### Authorization Properties #########
 
+# Authorization Enabled flag: false (default)|true
 *.falcon.security.authorization.enabled=false
-#*.falcon.security.authorization.admin.users=seetharam
-#*.falcon.security.authorization.admin.groups=seetharam
+
+# Admin Users, comma separated users
+*.falcon.security.authorization.admin.users=falcon,ambari-qa,seetharam
+
+# Admin Group Membership, comma separated users
+*.falcon.security.authorization.admin.groups=falcon,testgroup,staff
+
+# Authorization Provider Implementation Fully Qualified Class Name
+*.falcon.security.authorization.provider=org.apache.falcon.security.DefaultAuthorizationProvider
 
 ######### Authorization Properties #########

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
----------------------------------------------------------------------
diff --git a/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
b/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
new file mode 100644
index 0000000..edcc728
--- /dev/null
+++ b/test-util/src/main/java/org/apache/falcon/cluster/util/EntityBuilderTestUtil.java
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.cluster.util;
+
+import org.apache.falcon.entity.v0.Frequency;
+import org.apache.falcon.entity.v0.cluster.Cluster;
+import org.apache.falcon.entity.v0.cluster.Interface;
+import org.apache.falcon.entity.v0.cluster.Interfaces;
+import org.apache.falcon.entity.v0.cluster.Interfacetype;
+import org.apache.falcon.entity.v0.feed.Feed;
+import org.apache.falcon.entity.v0.process.Clusters;
+import org.apache.falcon.entity.v0.process.EngineType;
+import org.apache.falcon.entity.v0.process.Input;
+import org.apache.falcon.entity.v0.process.Inputs;
+import org.apache.falcon.entity.v0.process.Output;
+import org.apache.falcon.entity.v0.process.Outputs;
+import org.apache.falcon.entity.v0.process.Process;
+import org.apache.falcon.entity.v0.process.Workflow;
+
+/**
+ * Utility class to build entity objects.
+ */
+public final class EntityBuilderTestUtil {
+
+    public static final String USER = System.getProperty("user.name");
+    public static final String COLO_NAME = "west-coast";
+    public static final String WORKFLOW_NAME = "imp-click-join-workflow";
+    public static final String WORKFLOW_VERSION = "1.0.9";
+
+    private EntityBuilderTestUtil() {
+    }
+
+    public static Cluster buildCluster(String name) {
+        return buildCluster(name, COLO_NAME, "classification=production");
+    }
+
+    public static Cluster buildCluster(String name, String colo, String tags) {
+        Cluster cluster = new Cluster();
+        cluster.setName(name);
+        cluster.setColo(colo);
+        cluster.setTags(tags);
+
+        Interfaces interfaces = new Interfaces();
+        cluster.setInterfaces(interfaces);
+
+        Interface storage = new Interface();
+        storage.setEndpoint("jail://global:00");
+        storage.setType(Interfacetype.WRITE);
+        cluster.getInterfaces().getInterfaces().add(storage);
+
+        org.apache.falcon.entity.v0.cluster.ACL clusterACL = new org.apache.falcon.entity.v0
+                .cluster.ACL();
+        clusterACL.setOwner(USER);
+        clusterACL.setGroup(USER);
+        clusterACL.setPermission("*");
+        cluster.setACL(clusterACL);
+
+        return cluster;
+    }
+
+    public static Feed buildFeed(String feedName, Cluster cluster, String tags, String groups)
{
+        Feed feed = new Feed();
+        feed.setName(feedName);
+        feed.setTags(tags);
+        feed.setGroups(groups);
+        feed.setFrequency(Frequency.fromString("hours(1)"));
+
+        org.apache.falcon.entity.v0.feed.Clusters
+                clusters = new org.apache.falcon.entity.v0.feed.Clusters();
+        feed.setClusters(clusters);
+        org.apache.falcon.entity.v0.feed.Cluster feedCluster =
+                new org.apache.falcon.entity.v0.feed.Cluster();
+        feedCluster.setName(cluster.getName());
+        clusters.getClusters().add(feedCluster);
+
+        org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
+        feedACL.setOwner(USER);
+        feedACL.setGroup(USER);
+        feedACL.setPermission("*");
+        feed.setACL(feedACL);
+
+        return feed;
+    }
+
+    public static org.apache.falcon.entity.v0.process.Process buildProcess(String processName,
+                                                                           Cluster cluster,
+                                                                           String tags) throws
Exception {
+        org.apache.falcon.entity.v0.process.Process processEntity = new Process();
+        processEntity.setName(processName);
+        processEntity.setTags(tags);
+
+        org.apache.falcon.entity.v0.process.Cluster processCluster =
+                new org.apache.falcon.entity.v0.process.Cluster();
+        processCluster.setName(cluster.getName());
+        processEntity.setClusters(new Clusters());
+        processEntity.getClusters().getClusters().add(processCluster);
+
+        addProcessACL(processEntity);
+
+        return processEntity;
+    }
+
+    public static void addProcessWorkflow(Process process) {
+        addProcessWorkflow(process, WORKFLOW_NAME, WORKFLOW_VERSION);
+    }
+
+    public static void addProcessWorkflow(Process process, String workflowName, String version)
{
+        Workflow workflow = new Workflow();
+        workflow.setName(workflowName);
+        workflow.setVersion(version);
+        workflow.setEngine(EngineType.PIG);
+        workflow.setPath("/falcon/test/workflow");
+
+        process.setWorkflow(workflow);
+    }
+
+    public static void addProcessACL(Process processEntity) throws Exception {
+        addProcessACL(processEntity, USER, USER);
+    }
+
+    public static void addProcessACL(Process processEntity, String user,
+                                     String group) throws Exception {
+        org.apache.falcon.entity.v0.process.ACL processACL = new org.apache.falcon.entity.v0.process.ACL();
+        processACL.setOwner(user);
+        processACL.setGroup(group);
+        processACL.setPermission("*");
+        processEntity.setACL(processACL);
+    }
+
+    public static void addInput(Process process, Feed feed) {
+        if (process.getInputs() == null) {
+            process.setInputs(new Inputs());
+        }
+
+        Inputs inputs = process.getInputs();
+        Input input = new Input();
+        input.setFeed(feed.getName());
+        inputs.getInputs().add(input);
+    }
+
+    public static void addOutput(Process process, Feed feed) {
+        if (process.getOutputs() == null) {
+            process.setOutputs(new Outputs());
+        }
+
+        Outputs outputs = process.getOutputs();
+        Output output = new Output();
+        output.setFeed(feed.getName());
+        outputs.getOutputs().add(output);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/distributed/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/distributed/web.xml b/webapp/src/main/webapp/WEB-INF/distributed/web.xml
index a5e1161..7a4de55 100644
--- a/webapp/src/main/webapp/WEB-INF/distributed/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/distributed/web.xml
@@ -26,8 +26,13 @@
     <description>Apache Falcon Distributed Server</description>
 
     <filter>
-        <filter-name>auth</filter-name>
-        <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+        <filter-name>authentication</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
+    </filter>
+
+    <filter>
+        <filter-name>authorization</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
     </filter>
 
     <filter>
@@ -36,12 +41,17 @@
     </filter>
 
     <filter-mapping>
-        <filter-name>auth</filter-name>
+        <filter-name>authentication</filter-name>
+        <servlet-name>FalconRESTApi</servlet-name>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>authorization</filter-name>
         <servlet-name>FalconRESTApi</servlet-name>
     </filter-mapping>
 
     <filter-mapping>
-        <filter-name>auth</filter-name>
+        <filter-name>authentication</filter-name>
         <servlet-name>SecureApi</servlet-name>
     </filter-mapping>
 

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/embedded/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/embedded/web.xml b/webapp/src/main/webapp/WEB-INF/embedded/web.xml
index 9dc371f..7d0cb08 100644
--- a/webapp/src/main/webapp/WEB-INF/embedded/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/embedded/web.xml
@@ -26,12 +26,22 @@
     <description>Apache Falcon Embedded Server</description>
 
     <filter>
-        <filter-name>auth</filter-name>
-        <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+        <filter-name>authentication</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
     </filter>
 
+    <filter>
+        <filter-name>authorization</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>authentication</filter-name>
+        <servlet-name>FalconRESTApi</servlet-name>
+    </filter-mapping>
+
     <filter-mapping>
-        <filter-name>auth</filter-name>
+        <filter-name>authorization</filter-name>
         <servlet-name>FalconRESTApi</servlet-name>
     </filter-mapping>
 

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml
index 971fcdd..08c30cb 100644
--- a/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -26,12 +26,22 @@
     <description>Apache Falcon Placeholder</description>
 
     <filter>
-        <filter-name>auth</filter-name>
-        <filter-class>org.apache.falcon.security.BasicAuthFilter</filter-class>
+        <filter-name>authentication</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthenticationFilter</filter-class>
     </filter>
 
+    <filter>
+        <filter-name>authorization</filter-name>
+        <filter-class>org.apache.falcon.security.FalconAuthorizationFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>authentication</filter-name>
+        <servlet-name>FalconRESTApi</servlet-name>
+    </filter-mapping>
+
     <filter-mapping>
-        <filter-name>auth</filter-name>
+        <filter-name>authorization</filter-name>
         <servlet-name>FalconRESTApi</servlet-name>
     </filter-mapping>
 

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/adca0057/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java b/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
deleted file mode 100644
index 62e889a..0000000
--- a/webapp/src/test/java/org/apache/falcon/security/BasicAuthFilterTest.java
+++ /dev/null
@@ -1,214 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.falcon.security;
-
-import org.apache.falcon.util.StartupProperties;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
-import org.mockito.Mock;
-import org.mockito.Mockito;
-import org.mockito.MockitoAnnotations;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.Test;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
-
-
-/**
- * Test for BasicAuthFilter using mock objects.
- */
-public class BasicAuthFilterTest {
-
-    @Mock
-    private HttpServletRequest mockRequest;
-
-    @Mock
-    private HttpServletResponse mockResponse;
-
-    @Mock
-    private FilterChain mockChain;
-
-    @Mock
-    private FilterConfig mockConfig;
-
-    @Mock
-    private UserGroupInformation mockUgi;
-
-    @BeforeClass
-    public void init() {
-        MockitoAnnotations.initMocks(this);
-    }
-
-    @BeforeMethod
-    private void initAuthType() {
-        ConcurrentHashMap<String, String> conf = new ConcurrentHashMap<String, String>();
-        conf.put("type", "simple");
-        conf.put("config.prefix.type", "");
-        conf.put("anonymous.allowed", "true");
-        Mockito.when(mockConfig.getInitParameterNames()).thenReturn(conf.keys());
-
-        for (Map.Entry<String, String> entry : conf.entrySet()) {
-            Mockito.when(mockConfig.getInitParameter(entry.getKey())).thenReturn(entry.getValue());
-        }
-
-        Mockito.when(mockRequest.getMethod()).thenReturn("OPTIONS");
-
-        StringBuffer requestUrl = new StringBuffer("http://localhost");
-        Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl);
-    }
-
-    @Test
-    public void testDoFilter() throws Exception {
-        Filter filter = new BasicAuthFilter();
-        synchronized (StartupProperties.get()) {
-            filter.init(mockConfig);
-        }
-
-        CurrentUser.authenticate("nouser");
-        Assert.assertEquals(CurrentUser.getUser(), "nouser");
-
-        CurrentUser.authenticate("guest");
-        Mockito.when(mockRequest.getQueryString()).thenReturn("user.name=guest");
-        filter.doFilter(mockRequest, mockResponse, mockChain);
-        Assert.assertEquals(CurrentUser.getUser(), "guest");
-
-        CurrentUser.authenticate("nouser");
-        Assert.assertEquals(CurrentUser.getUser(), "nouser");
-        CurrentUser.authenticate("testuser");
-        Mockito.when(mockRequest.getRemoteUser()).thenReturn("testuser");
-        filter.doFilter(mockRequest, mockResponse, mockChain);
-        Assert.assertEquals(CurrentUser.getUser(), "testuser");
-    }
-
-    @Test
-    public void testAnonymous() throws Exception {
-        Filter filter = new BasicAuthFilter();
-
-        synchronized (StartupProperties.get()) {
-            filter.init(mockConfig);
-        }
-
-        CurrentUser.authenticate("nouser");
-        Assert.assertEquals(CurrentUser.getUser(), "nouser");
-
-        CurrentUser.authenticate("testuser");
-        Mockito.when(mockRequest.getRemoteUser()).thenReturn("testuser");
-        filter.doFilter(mockRequest, mockResponse, mockChain);
-        Assert.assertEquals(CurrentUser.getUser(), "testuser");
-    }
-
-    @Test
-    public void testEmptyUser() throws Exception {
-        Filter filter = new BasicAuthFilter();
-
-        synchronized (StartupProperties.get()) {
-            filter.init(mockConfig);
-        }
-
-        final String userName = System.getProperty("user.name");
-        try {
-            System.setProperty("user.name", "");
-
-            Mockito.when(mockRequest.getMethod()).thenReturn("POST");
-            Mockito.when(mockRequest.getQueryString()).thenReturn("");
-            Mockito.when(mockRequest.getRemoteUser()).thenReturn(null);
-
-            HttpServletResponse errorResponse = Mockito.mock(HttpServletResponse.class);
-            filter.doFilter(mockRequest, errorResponse, mockChain);
-        } finally {
-            System.setProperty("user.name", userName);
-        }
-    }
-
-    @Test
-    public void testDoFilterForClientBackwardsCompatibility() throws Exception {
-        Filter filter = new BasicAuthFilter();
-
-        final String userName = System.getProperty("user.name");
-        final String httpAuthType =
-                StartupProperties.get().getProperty("falcon.http.authentication.type", "simple");
-        try {
-            System.setProperty("user.name", "");
-            StartupProperties.get().setProperty("falcon.http.authentication.type",
-                    "org.apache.falcon.security.RemoteUserInHeaderBasedAuthenticationHandler");
-
-            synchronized (StartupProperties.get()) {
-                filter.init(mockConfig);
-            }
-
-            Mockito.when(mockRequest.getMethod()).thenReturn("POST");
-            Mockito.when(mockRequest.getQueryString()).thenReturn("");
-            Mockito.when(mockRequest.getRemoteUser()).thenReturn(null);
-            Mockito.when(mockRequest.getHeader("Remote-User")).thenReturn("remote-user");
-
-            filter.doFilter(mockRequest, mockResponse, mockChain);
-
-            Assert.assertEquals(CurrentUser.getUser(), "remote-user");
-
-        } finally {
-            System.setProperty("user.name", userName);
-            StartupProperties.get().setProperty("falcon.http.authentication.type", httpAuthType);
-        }
-    }
-
-    @Test
-    public void testGetKerberosPrincipalWithSubstitutedHostSecure() throws Exception {
-        String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL);
-
-        String expectedPrincipal = "falcon/" + SecurityUtil.getLocalHostName() + "@Example.com";
-        try {
-            Configuration conf = new Configuration(false);
-            conf.set("hadoop.security.authentication", "kerberos");
-            UserGroupInformation.setConfiguration(conf);
-            Assert.assertTrue(UserGroupInformation.isSecurityEnabled());
-
-            StartupProperties.get().setProperty(
-                    BasicAuthFilter.KERBEROS_PRINCIPAL, "falcon/_HOST@Example.com");
-            BasicAuthFilter filter = new BasicAuthFilter();
-            Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX,
null);
-            Assert.assertEquals(
-                    properties.get(KerberosAuthenticationHandler.PRINCIPAL), expectedPrincipal);
-        } finally {
-            StartupProperties.get().setProperty(BasicAuthFilter.KERBEROS_PRINCIPAL, principal);
-        }
-    }
-
-    @Test
-    public void testGetKerberosPrincipalWithSubstitutedHostNonSecure() throws Exception {
-        String principal = StartupProperties.get().getProperty(BasicAuthFilter.KERBEROS_PRINCIPAL);
-        Configuration conf = new Configuration(false);
-        conf.set("hadoop.security.authentication", "simple");
-        UserGroupInformation.setConfiguration(conf);
-        Assert.assertFalse(UserGroupInformation.isSecurityEnabled());
-
-        BasicAuthFilter filter = new BasicAuthFilter();
-        Properties properties = filter.getConfiguration(BasicAuthFilter.FALCON_PREFIX, null);
-        Assert.assertEquals(properties.get(KerberosAuthenticationHandler.PRINCIPAL), principal);
-    }
-}


Mime
View raw message