DRILL-6283: WebServer stores SPNEGO client principal without taking any conversion rule
closes #1180 Project: http://git-wip-us.apache.org/repos/asf/drill/repo Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/36aa7579 Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/36aa7579 Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/36aa7579 Branch: refs/heads/master Commit: 36aa757911b3953b1edc864e585015e06b1d5dfd Parents: a8c4644 Author: Sorabh Hamirwasia <[email protected]> Authored: Wed Mar 21 15:53:25 2018 -0700 Committer: Vitalii Diravka <[email protected]> Committed: Mon Mar 26 13:02:57 2018 +0300 ---------------------------------------------------------------------- .../org/apache/drill/exec/ExecConstants.java | 5 ++ .../drill/exec/server/BootStrapContext.java | 17 ++---- .../rest/auth/DrillSpnegoLoginService.java | 16 ++++-- .../exec/server/rest/auth/SpnegoConfig.java | 14 +++++ .../drill/exec/rpc/data/TestBitBitKerberos.java | 28 ++++----- .../rpc/user/security/TestUserBitKerberos.java | 4 +- .../security/TestUserBitKerberosEncryption.java | 60 ++++++++++---------- .../rest/spnego/TestSpnegoAuthentication.java | 20 +++---- 8 files changed, 93 insertions(+), 71 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java b/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java index 0565254..34aec1b 100644 --- a/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java +++ b/exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java @@ -176,6 +176,11 @@ public final class ExecConstants { public static final String USE_LOGIN_PRINCIPAL = "drill.exec.security.bit.auth.use_login_principal"; public static final String USER_ENCRYPTION_SASL_ENABLED = "drill.exec.security.user.encryption.sasl.enabled"; public static final String USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE = "drill.exec.security.user.encryption.sasl.max_wrapped_size"; + private static final String SERVICE_LOGIN_PREFIX = "drill.exec.security.auth"; + public static final String SERVICE_PRINCIPAL = SERVICE_LOGIN_PREFIX + ".principal"; + public static final String SERVICE_KEYTAB_LOCATION = SERVICE_LOGIN_PREFIX + ".keytab"; + public static final String KERBEROS_NAME_MAPPING = SERVICE_LOGIN_PREFIX + ".auth_to_local"; + public static final String USER_SSL_ENABLED = "drill.exec.security.user.encryption.ssl.enabled"; public static final String BIT_ENCRYPTION_SASL_ENABLED = "drill.exec.security.bit.encryption.sasl.enabled"; http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/main/java/org/apache/drill/exec/server/BootStrapContext.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/server/BootStrapContext.java b/exec/java-exec/src/main/java/org/apache/drill/exec/server/BootStrapContext.java index 5a0e14d..466dc14 100644 --- a/exec/java-exec/src/main/java/org/apache/drill/exec/server/BootStrapContext.java +++ b/exec/java-exec/src/main/java/org/apache/drill/exec/server/BootStrapContext.java @@ -60,11 +60,6 @@ public class BootStrapContext implements AutoCloseable { private static final String customHostName = System.getenv("DRILL_HOST_NAME"); private static final String processUserName = System.getProperty("user.name"); - private static final String SERVICE_LOGIN_PREFIX = "drill.exec.security.auth"; - public static final String SERVICE_PRINCIPAL = SERVICE_LOGIN_PREFIX + ".principal"; - public static final String SERVICE_KEYTAB_LOCATION = SERVICE_LOGIN_PREFIX + ".keytab"; - public static final String KERBEROS_NAME_MAPPING = SERVICE_LOGIN_PREFIX + ".auth_to_local"; - private final DrillConfig config; private final CaseInsensitiveMap<OptionDefinition> definitions; private final AuthenticatorProvider authProvider; @@ -121,32 +116,32 @@ public class BootStrapContext implements AutoCloseable { private void login(final DrillConfig config) throws DrillbitStartupException { try { - if (config.hasPath(SERVICE_PRINCIPAL)) { + if (config.hasPath(ExecConstants.SERVICE_PRINCIPAL)) { // providing a service principal => Kerberos mechanism final Configuration loginConf = new Configuration(); loginConf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, UserGroupInformation.AuthenticationMethod.KERBEROS.toString()); // set optional user name mapping - if (config.hasPath(KERBEROS_NAME_MAPPING)) { + if (config.hasPath(ExecConstants.KERBEROS_NAME_MAPPING)) { loginConf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTH_TO_LOCAL, - config.getString(KERBEROS_NAME_MAPPING)); + config.getString(ExecConstants.KERBEROS_NAME_MAPPING)); } UserGroupInformation.setConfiguration(loginConf); // service principal canonicalization - final String principal = config.getString(SERVICE_PRINCIPAL); + final String principal = config.getString(ExecConstants.SERVICE_PRINCIPAL); final String parts[] = KerberosUtil.splitPrincipalIntoParts(principal); if (parts.length != 3) { throw new DrillbitStartupException( String.format("Invalid %s, Drill service principal must be of format: primary/instance@REALM", - SERVICE_PRINCIPAL)); + ExecConstants.SERVICE_PRINCIPAL)); } parts[1] = KerberosUtil.canonicalizeInstanceName(parts[1], hostName); final String canonicalizedPrincipal = KerberosUtil.getPrincipalFromParts(parts[0], parts[1], parts[2]); - final String keytab = config.getString(SERVICE_KEYTAB_LOCATION); + final String keytab = config.getString(ExecConstants.SERVICE_KEYTAB_LOCATION); // login to KDC (AS) // Note that this call must happen before any call to UserGroupInformation#getLoginUser, http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillSpnegoLoginService.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillSpnegoLoginService.java b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillSpnegoLoginService.java index e7fbc16..470d3e8 100644 --- a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillSpnegoLoginService.java +++ b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillSpnegoLoginService.java @@ -25,6 +25,7 @@ import org.apache.drill.exec.ExecConstants; import org.apache.drill.exec.server.DrillbitContext; import org.apache.drill.exec.server.options.SystemOptionManager; import org.apache.drill.exec.util.ImpersonationUtil; +import org.apache.hadoop.security.HadoopKerberosName; import org.apache.hadoop.security.UserGroupInformation; import org.eclipse.jetty.security.DefaultIdentityService; import org.eclipse.jetty.security.SpnegoLoginService; @@ -38,6 +39,7 @@ import org.ietf.jgss.GSSName; import org.ietf.jgss.Oid; import javax.security.auth.Subject; +import java.io.IOException; import java.lang.reflect.Field; import java.security.Principal; import java.security.PrivilegedExceptionAction; @@ -121,15 +123,19 @@ public class DrillSpnegoLoginService extends SpnegoLoginService { } if (gContext.isEstablished()) { - String clientName = gContext.getSrcName().toString(); - String role = clientName.substring(clientName.indexOf(64) + 1); + final String clientName = gContext.getSrcName().toString(); + final String realm = clientName.substring(clientName.indexOf(64) + 1); + // Get the client user short name + final String userShortName = new HadoopKerberosName(clientName).getShortName(); + + logger.debug("Client Name: {}, realm: {} and shortName: {}", clientName, realm, userShortName); final SystemOptionManager sysOptions = drillContext.getOptionManager(); - final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(role, + final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(userShortName, ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions)); - final Principal user = new DrillUserPrincipal(clientName, isAdmin); + final Principal user = new DrillUserPrincipal(userShortName, isAdmin); final Subject subject = new Subject(); subject.getPrincipals().add(user); @@ -142,6 +148,8 @@ public class DrillSpnegoLoginService extends SpnegoLoginService { } } catch (GSSException gsse) { logger.warn("Caught GSSException trying to authenticate the client", gsse); + } catch (IOException ex) { + logger.warn("Caught IOException trying to get shortName of client user", ex); } return null; } http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java index a64d7de..d8d61ea 100644 --- a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java +++ b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/SpnegoConfig.java @@ -34,6 +34,9 @@ public class SpnegoConfig { private final String keytab; + // Optional parameter + private final String clientNameMapping; + public SpnegoConfig(DrillConfig config) { keytab = config.hasPath(ExecConstants.HTTP_SPNEGO_KEYTAB) ? @@ -43,6 +46,11 @@ public class SpnegoConfig { principal = config.hasPath(ExecConstants.HTTP_SPNEGO_PRINCIPAL) ? config.getString(ExecConstants.HTTP_SPNEGO_PRINCIPAL) : null; + + // set optional user name mapping + clientNameMapping = config.hasPath(ExecConstants.KERBEROS_NAME_MAPPING) ? + config.getString(ExecConstants.KERBEROS_NAME_MAPPING) : + null; } //Reads the SPNEGO principal from the config file @@ -96,12 +104,18 @@ public class SpnegoConfig { newConfig.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, UserGroupInformation.AuthenticationMethod.KERBEROS.toString()); + if (clientNameMapping != null) { + newConfig.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTH_TO_LOCAL, clientNameMapping); + } + UserGroupInformation.setConfiguration(newConfig); ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab); // Reset the original configuration for static UGI UserGroupInformation.setConfiguration(new Configuration()); } else { + // Let's not overwrite the rules here since it might be possible that CUSTOM security is configured for + // JDBC/ODBC with default rules. If Kerberos was enabled then the correct rules must already be set ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab); } } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java index b4b54c6..838b47b 100644 --- a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java +++ b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/data/TestBitBitKerberos.java @@ -107,9 +107,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef("kerberos")) .withValue(ExecConstants.USE_LOGIN_PRINCIPAL, ConfigValueFactory.fromAnyRef(true)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))); // Ignore the compile time warning caused by the code below. @@ -198,9 +198,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef("kerberos")) .withValue(ExecConstants.USE_LOGIN_PRINCIPAL, ConfigValueFactory.fromAnyRef(true)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))); final ScanResult result = ClassPathScanner.fromPrescan(newConfig); @@ -256,9 +256,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USE_LOGIN_PRINCIPAL, ConfigValueFactory.fromAnyRef(true)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))); final ScanResult result = ClassPathScanner.fromPrescan(newConfig); @@ -315,9 +315,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(100000)) .withValue(ExecConstants.USE_LOGIN_PRINCIPAL, ConfigValueFactory.fromAnyRef(true)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))); final ScanResult result = ClassPathScanner.fromPrescan(newConfig); @@ -371,9 +371,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USE_LOGIN_PRINCIPAL, ConfigValueFactory.fromAnyRef(true)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString()))); updateTestCluster(1, newConfig); @@ -405,9 +405,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -448,9 +448,9 @@ public class TestBitBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java index 55f959c..a2a6eaf 100644 --- a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java +++ b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.java @@ -66,9 +66,9 @@ public class TestUserBitKerberos extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos")))); http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.java b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.java index 640eb40..9c743ad 100644 --- a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.java +++ b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.java @@ -70,9 +70,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -117,9 +117,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -166,9 +166,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -212,9 +212,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -255,9 +255,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -294,9 +294,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -337,9 +337,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -394,9 +394,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -450,9 +450,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -500,9 +500,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -531,9 +531,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain"))) @@ -567,9 +567,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) @@ -603,9 +603,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos")))); @@ -631,9 +631,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos")))); @@ -664,9 +664,9 @@ public class TestUserBitKerberosEncryption extends BaseTestQuery { ConfigValueFactory.fromAnyRef(true)) .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)) - .withValue(BootStrapContext.SERVICE_PRINCIPAL, + .withValue(ExecConstants.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)) - .withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, + .withValue(ExecConstants.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())) .withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))) http://git-wip-us.apache.org/repos/asf/drill/blob/36aa7579/exec/java-exec/src/test/java/org/apache/drill/exec/server/rest/spnego/TestSpnegoAuthentication.java ---------------------------------------------------------------------- diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/server/rest/spnego/TestSpnegoAuthentication.java b/exec/java-exec/src/test/java/org/apache/drill/exec/server/rest/spnego/TestSpnegoAuthentication.java index 14253e2..65ea561 100644 --- a/exec/java-exec/src/test/java/org/apache/drill/exec/server/rest/spnego/TestSpnegoAuthentication.java +++ b/exec/java-exec/src/test/java/org/apache/drill/exec/server/rest/spnego/TestSpnegoAuthentication.java @@ -253,7 +253,7 @@ public class TestSpnegoAuthentication { // Create client subject using it's principal and keytab final Subject clientSubject = JaasKrbUtil.loginUsingKeytab(spnegoHelper.CLIENT_PRINCIPAL, - spnegoHelper.clientKeytab.getAbsoluteFile()); + spnegoHelper.clientKeytab.getAbsoluteFile()); // Generate a SPNEGO token for the peer SERVER_PRINCIPAL from this CLIENT_PRINCIPAL final String token = Subject.doAs(clientSubject, new PrivilegedExceptionAction<String>() { @@ -284,19 +284,19 @@ public class TestSpnegoAuthentication { // Create a DrillbitContext with service principal and keytab for DrillSpnegoLoginService final DrillConfig newConfig = new DrillConfig(DrillConfig.create() - .withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, - ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))) - .withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, - ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)) - .withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, - ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString()))); + .withValue(ExecConstants.HTTP_AUTHENTICATION_MECHANISMS, + ConfigValueFactory.fromIterable(Lists.newArrayList("spnego"))) + .withValue(ExecConstants.HTTP_SPNEGO_PRINCIPAL, + ConfigValueFactory.fromAnyRef(spnegoHelper.SERVER_PRINCIPAL)) + .withValue(ExecConstants.HTTP_SPNEGO_KEYTAB, + ConfigValueFactory.fromAnyRef(spnegoHelper.serverKeytab.toString()))); final SystemOptionManager optionManager = Mockito.mock(SystemOptionManager.class); Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USERS_VALIDATOR)) - .thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS); + .thenReturn(ExecConstants.ADMIN_USERS_VALIDATOR.DEFAULT_ADMIN_USERS); Mockito.when(optionManager.getOption(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR)) - .thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS); + .thenReturn(ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.DEFAULT_ADMIN_USER_GROUPS); final DrillbitContext drillbitContext = Mockito.mock(DrillbitContext.class); Mockito.when(drillbitContext.getConfig()).thenReturn(newConfig); @@ -309,7 +309,7 @@ public class TestSpnegoAuthentication { // Validate the UserIdentity of authenticated client assertTrue(user != null); - assertTrue(user.getUserPrincipal().getName().equals(spnegoHelper.CLIENT_PRINCIPAL)); + assertTrue(user.getUserPrincipal().getName().equals(spnegoHelper.CLIENT_SHORT_NAME)); assertTrue(user.isUserInRole("authenticated", null)); }
