Repository: knox Updated Branches: refs/heads/master 2fc2220f5 -> c59bfeb3a
KNOX-593 Moved SPNEGO code to httpclient Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c59bfeb3 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c59bfeb3 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c59bfeb3 Branch: refs/heads/master Commit: c59bfeb3a1467606568df6829c0edc6cdc801fb5 Parents: 2fc2220 Author: Sumit Gupta <[email protected]> Authored: Thu Sep 3 11:30:38 2015 -0400 Committer: Sumit Gupta <[email protected]> Committed: Thu Sep 3 11:30:38 2015 -0400 ---------------------------------------------------------------------- .../gateway/ha/provider/impl/URLManager.java | 2 +- .../ServiceDefinitionDeploymentContributor.java | 16 +- .../service/definition/CustomDispatch.java | 11 + .../definition/ServiceDefinitionTest.java | 4 +- .../resources/services/foo/1.0.0/service.xml | 2 +- .../gateway/hbase/HBaseCookieManager.java | 43 ---- .../hadoop/gateway/hbase/HBaseDispatch.java | 11 +- .../hadoop/gateway/hive/HiveDispatch.java | 39 ---- .../hdfs/dispatch/WebHdfsHaDispatchTest.java | 36 ---- .../gateway/dispatch/AppCookieManager.java | 205 ------------------- .../gateway/dispatch/DefaultDispatch.java | 63 +----- .../dispatch/DefaultHttpClientFactory.java | 132 ++++++++++++ .../gateway/dispatch/GatewayDispatchFilter.java | 92 +++------ .../gateway/dispatch/HadoopAuthCookieStore.java | 31 +++ .../gateway/dispatch/HttpClientFactory.java | 27 +++ .../gateway/dispatch/AppCookieManagerTest.java | 53 ----- 16 files changed, 246 insertions(+), 521 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/URLManager.java ---------------------------------------------------------------------- diff --git a/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/URLManager.java b/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/URLManager.java index f14eb25..fc40909 100644 --- a/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/URLManager.java +++ b/gateway-provider-ha/src/main/java/org/apache/hadoop/gateway/ha/provider/impl/URLManager.java @@ -64,7 +64,7 @@ public class URLManager { if (pushToBottom) { String failed = urls.poll(); urls.offer(failed); - LOG.markedFailedUrl(failed, top); + LOG.markedFailedUrl(failed, urls.peek()); } } } http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java index 8adbb43..8b1d17f 100644 --- a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java +++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ServiceDefinitionDeploymentContributor.java @@ -46,6 +46,8 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon private static final String DISPATCH_IMPL_PARAM = "dispatch-impl"; + private static final String HTTP_CLIENT_FACTORY_PARAM = "httpClientFactory"; + private static final String SERVICE_ROLE_PARAM = "serviceRole"; private static final String REPLAY_BUFFER_SIZE_PARAM = "replayBufferSize"; @@ -178,11 +180,12 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon if ( customDispatch != null ) { String haContributorName = customDispatch.getHaContributorName(); String haClassName = customDispatch.getHaClassName(); + String httpClientFactory = customDispatch.getHttpClientFactory(); if ( isHaEnabled) { if (haContributorName != null) { addDispatchFilter(context, service, resource, DISPATCH_ROLE, haContributorName); } else if (haClassName != null) { - addDispatchFilterForClass(context, service, resource, haClassName); + addDispatchFilterForClass(context, service, resource, haClassName, httpClientFactory); } else { addDefaultHaDispatchFilter(context, service, resource); } @@ -193,7 +196,7 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon } else { String className = customDispatch.getClassName(); if ( className != null ) { - addDispatchFilterForClass(context, service, resource, className); + addDispatchFilterForClass(context, service, resource, className, httpClientFactory); } else { //final fallback to the default dispatch addDispatchFilter(context, service, resource, DISPATCH_ROLE, "http-client"); @@ -208,13 +211,16 @@ public class ServiceDefinitionDeploymentContributor extends ServiceDeploymentCon } private void addDefaultHaDispatchFilter(DeploymentContext context, Service service, ResourceDescriptor resource) { - FilterDescriptor filter = addDispatchFilterForClass(context, service, resource, DEFAULT_HA_DISPATCH_CLASS); + FilterDescriptor filter = addDispatchFilterForClass(context, service, resource, DEFAULT_HA_DISPATCH_CLASS, null); filter.param().name(SERVICE_ROLE_PARAM).value(service.getRole()); } - private FilterDescriptor addDispatchFilterForClass(DeploymentContext context, Service service, ResourceDescriptor resource, String className) { + private FilterDescriptor addDispatchFilterForClass(DeploymentContext context, Service service, ResourceDescriptor resource, String dispatchClass, String httpClientFactory) { FilterDescriptor filter = resource.addFilter().name(getName()).role(DISPATCH_ROLE).impl(GatewayDispatchFilter.class); - filter.param().name(DISPATCH_IMPL_PARAM).value(className); + filter.param().name(DISPATCH_IMPL_PARAM).value(dispatchClass); + if (httpClientFactory != null) { + filter.param().name(HTTP_CLIENT_FACTORY_PARAM).value(httpClientFactory); + } FilterParamDescriptor filterParam = filter.param().name(REPLAY_BUFFER_SIZE_PARAM).value(DEFAULT_REPLAY_BUFFER_SIZE); for ( Map.Entry<String, String> serviceParam : service.getParams().entrySet() ) { if ( REPLAY_BUFFER_SIZE_PARAM.equals(serviceParam.getKey()) ) { http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/CustomDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/CustomDispatch.java b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/CustomDispatch.java index 7270a2b..abde82d 100644 --- a/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/CustomDispatch.java +++ b/gateway-service-definitions/src/main/java/org/apache/hadoop/gateway/service/definition/CustomDispatch.java @@ -31,6 +31,8 @@ public class CustomDispatch { private String haClassName; + private String httpClientFactory; + @XmlAttribute(name = "contributor-name") public String getContributorName() { return contributorName; @@ -66,4 +68,13 @@ public class CustomDispatch { public void setHaClassName(String haContributorClassName) { this.haClassName = haContributorClassName; } + + @XmlAttribute(name = "http-client-factory") + public String getHttpClientFactory() { + return httpClientFactory; + } + + public void setHttpClientFactory(String httpClientFactory) { + this.httpClientFactory = httpClientFactory; + } } http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java index f4a92cb..c8ab790 100644 --- a/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java +++ b/gateway-service-definitions/src/test/java/org/apache/hadoop/gateway/service/definition/ServiceDefinitionTest.java @@ -24,7 +24,8 @@ import javax.xml.bind.Unmarshaller; import java.net.URL; import java.util.List; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; public class ServiceDefinitionTest { @@ -39,6 +40,7 @@ public class ServiceDefinitionTest { assertEquals("1.0.0", definition.getVersion()); assertEquals("custom-client", definition.getDispatch().getContributorName()); assertEquals("ha-client", definition.getDispatch().getHaContributorName()); + assertEquals("org.apache.hadoop.gateway.MockHttpClientFactory", definition.getDispatch().getHttpClientFactory()); List<Policy> policies = definition.getPolicies(); assertEquals(5, policies.size()); String[] policyOrder = new String[]{"webappsec", "authentication", "rewrite", "identity-assertion", "authorization"}; http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-definitions/src/test/resources/services/foo/1.0.0/service.xml ---------------------------------------------------------------------- diff --git a/gateway-service-definitions/src/test/resources/services/foo/1.0.0/service.xml b/gateway-service-definitions/src/test/resources/services/foo/1.0.0/service.xml index 21a10f1..f18a74b 100644 --- a/gateway-service-definitions/src/test/resources/services/foo/1.0.0/service.xml +++ b/gateway-service-definitions/src/test/resources/services/foo/1.0.0/service.xml @@ -35,5 +35,5 @@ <dispatch contributor-name="http-client" /> </route> </routes> - <dispatch contributor-name="custom-client" ha-contributor-name="ha-client"/> + <dispatch contributor-name="custom-client" ha-contributor-name="ha-client" http-client-factory="org.apache.hadoop.gateway.MockHttpClientFactory"/> </service> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseCookieManager.java ---------------------------------------------------------------------- diff --git a/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseCookieManager.java b/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseCookieManager.java deleted file mode 100644 index 8eea445..0000000 --- a/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseCookieManager.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.hbase; - -import org.apache.hadoop.gateway.dispatch.AppCookieManager; -import org.apache.http.HttpRequest; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpUriRequest; - -import java.net.URI; -import java.net.URISyntaxException; - -public class HBaseCookieManager extends AppCookieManager { - - protected HttpRequest createKerberosAuthenticationRequest( HttpUriRequest userRequest ) { - URI userUri = userRequest.getURI(); - try { - URI authUri = new URI( - userUri.getScheme(), null, userUri.getHost(), userUri.getPort(), - "/version", userUri.getQuery(), null ); - HttpRequest authRequest = new HttpGet( authUri ); - return authRequest; - } catch( URISyntaxException e ) { - throw new IllegalArgumentException( userUri.toString(), e ); - } - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseDispatch.java b/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseDispatch.java index b019aed..f909852 100644 --- a/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseDispatch.java +++ b/gateway-service-hbase/src/main/java/org/apache/hadoop/gateway/hbase/HBaseDispatch.java @@ -20,16 +20,11 @@ package org.apache.hadoop.gateway.hbase; import org.apache.hadoop.gateway.dispatch.DefaultDispatch; /** - * This specialized dispatch provides HBase specific features to the - * default HttpClientDispatch. + * This used to be a specialized dispatch providing HBase specific features to the + * default dispatch. Now it is just a marker class for backwards compatibility */ +@Deprecated public class HBaseDispatch extends DefaultDispatch { - @Override - public void init() { - super.init(); - setAppCookieManager(new HBaseCookieManager()); - } - } http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java index 56679fe..2504b9f 100644 --- a/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java +++ b/gateway-service-hive/src/main/java/org/apache/hadoop/gateway/hive/HiveDispatch.java @@ -19,23 +19,10 @@ package org.apache.hadoop.gateway.hive; import org.apache.hadoop.gateway.config.Configure; import org.apache.hadoop.gateway.dispatch.DefaultDispatch; -import org.apache.hadoop.gateway.security.PrimaryPrincipal; import org.apache.hadoop.gateway.security.SubjectUtils; -import org.apache.http.HttpResponse; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.Credentials; import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.params.AuthPolicy; import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.impl.auth.SPNegoSchemeFactory; -import org.apache.http.impl.client.DefaultHttpClient; - -import javax.security.auth.Subject; -import java.io.IOException; -import java.security.AccessController; -import java.security.Principal; /** * This specialized dispatch provides Hive specific features to the @@ -45,7 +32,6 @@ public class HiveDispatch extends DefaultDispatch { private static final String PASSWORD_PLACEHOLDER = "*"; private boolean basicAuthPreemptive = false; private boolean kerberos = false; - private static final EmptyJaasCredentials EMPTY_JAAS_CREDENTIALS = new EmptyJaasCredentials(); @Override public void init() { @@ -83,30 +69,5 @@ public class HiveDispatch extends DefaultDispatch { this.kerberos = kerberos; } - protected HttpResponse executeKerberosDispatch(HttpUriRequest outboundRequest, - HttpClient httpClient) throws IOException { - DefaultHttpClient client = new DefaultHttpClient(); - SPNegoSchemeFactory spNegoSF = new SPNegoSchemeFactory( - /* stripPort */true); - // spNegoSF.setSpengoGenerator(new BouncySpnegoTokenGenerator()); - client.getAuthSchemes().register(AuthPolicy.SPNEGO, spNegoSF); - client.getCredentialsProvider().setCredentials( - new AuthScope(/* host */null, /* port */-1, /* realm */null), - EMPTY_JAAS_CREDENTIALS); - return client.execute(outboundRequest); - } - - private static class EmptyJaasCredentials implements Credentials { - - public String getPassword() { - return null; - } - - public Principal getUserPrincipal() { - return null; - } - - } - } http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-service-webhdfs/src/test/java/org/apache/hadoop/gateway/hdfs/dispatch/WebHdfsHaDispatchTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-webhdfs/src/test/java/org/apache/hadoop/gateway/hdfs/dispatch/WebHdfsHaDispatchTest.java b/gateway-service-webhdfs/src/test/java/org/apache/hadoop/gateway/hdfs/dispatch/WebHdfsHaDispatchTest.java index 422218f..0ac6b57 100644 --- a/gateway-service-webhdfs/src/test/java/org/apache/hadoop/gateway/hdfs/dispatch/WebHdfsHaDispatchTest.java +++ b/gateway-service-webhdfs/src/test/java/org/apache/hadoop/gateway/hdfs/dispatch/WebHdfsHaDispatchTest.java @@ -17,13 +17,10 @@ */ package org.apache.hadoop.gateway.hdfs.dispatch; -import org.apache.hadoop.gateway.dispatch.AppCookieManager; import org.apache.hadoop.gateway.ha.provider.HaDescriptor; import org.apache.hadoop.gateway.ha.provider.HaProvider; import org.apache.hadoop.gateway.ha.provider.HaServletContextListener; -import org.apache.hadoop.gateway.ha.provider.impl.DefaultHaDescriptor; import org.apache.hadoop.gateway.ha.provider.impl.DefaultHaProvider; -import org.apache.hadoop.gateway.ha.provider.impl.DefaultHaServiceConfig; import org.apache.hadoop.gateway.ha.provider.impl.HaDescriptorFactory; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.methods.HttpUriRequest; @@ -36,7 +33,6 @@ import org.junit.Test; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; -import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -45,40 +41,8 @@ import java.net.URI; import java.util.ArrayList; import java.util.concurrent.atomic.AtomicInteger; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.MatcherAssert.assertThat; - public class WebHdfsHaDispatchTest { - private class InstrumentedWebHdfsHaHttpClientDispatch extends WebHdfsHaDispatch { - - public InstrumentedWebHdfsHaHttpClientDispatch() throws ServletException { - } - - public AppCookieManager getAppCookieManager() { - return appCookieManager; - } - - } - - @Test - public void testInitCallsSuperInit() throws Exception { - DefaultHaDescriptor haDescriptor = new DefaultHaDescriptor(); - haDescriptor.addServiceConfig( new DefaultHaServiceConfig( "test-role" ) ); - HaProvider haProvider = new DefaultHaProvider( haDescriptor ); - ServletContext context = EasyMock.createNiceMock(ServletContext.class); - EasyMock.expect(context.getAttribute(HaServletContextListener.PROVIDER_ATTRIBUTE_NAME)).andReturn(haProvider).anyTimes(); - FilterConfig config = EasyMock.createNiceMock( FilterConfig.class ); - EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes(); - EasyMock.expect(config.getInitParameter(EasyMock.anyObject(String.class))).andReturn(null).anyTimes(); - InstrumentedWebHdfsHaHttpClientDispatch dispatch = new InstrumentedWebHdfsHaHttpClientDispatch(); - EasyMock.replay(context,config); - - dispatch.init(); - - assertThat( dispatch.getAppCookieManager(), notNullValue() ); - } - @Test public void testConnectivityFailover() throws Exception { String serviceName = "WEBHDFS"; http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/AppCookieManager.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/AppCookieManager.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/AppCookieManager.java deleted file mode 100644 index cbbbcc5..0000000 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/AppCookieManager.java +++ /dev/null @@ -1,205 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.dispatch; - -import java.io.IOException; -import java.net.URI; -import java.security.Principal; - -import org.apache.hadoop.gateway.SpiGatewayMessages; -import org.apache.hadoop.gateway.audit.api.Action; -import org.apache.hadoop.gateway.audit.api.ActionOutcome; -import org.apache.hadoop.gateway.audit.api.AuditServiceFactory; -import org.apache.hadoop.gateway.audit.api.Auditor; -import org.apache.hadoop.gateway.audit.api.ResourceType; -import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants; -import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; -import org.apache.http.Header; -import org.apache.http.HeaderElement; -import org.apache.http.HttpEntity; -import org.apache.http.HttpHost; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.Credentials; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpOptions; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.params.AuthPolicy; -import org.apache.http.impl.auth.SPNegoSchemeFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.util.EntityUtils; - -/** - * Handles SPNego authentication as a client of hadoop service, caches - * hadoop.auth cookie returned by hadoop service on successful SPNego - * authentication. Refreshes hadoop.auth cookie on demand if the cookie has - * expired. - * - */ -public class AppCookieManager { - - static final String HADOOP_AUTH = "hadoop.auth"; - private static final String HADOOP_AUTH_EQ = "hadoop.auth="; - private static final String SET_COOKIE = "Set-Cookie"; - - private static SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class); - private static Auditor auditor = AuditServiceFactory.getAuditService().getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME, - AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME ); - private static final EmptyJaasCredentials EMPTY_JAAS_CREDENTIALS = new EmptyJaasCredentials(); - - String appCookie; - - /** - * Utility method to excerise AppCookieManager directly - * @param args element 0 of args should be a URL to hadoop service protected by SPengo - * @throws IOException in case of errors - */ - public static void main(String[] args) throws IOException { - HttpUriRequest outboundRequest = new HttpGet(args[0]); - new AppCookieManager().getAppCookie(outboundRequest, false); - } - - public AppCookieManager() { - } - - /** - * Fetches hadoop.auth cookie from hadoop service authenticating using SpNego - * - * @param outboundRequest - * out going request - * @param refresh - * flag indicating whether to refresh the cached cookie - * @return hadoop.auth cookie from hadoop service authenticating using SpNego - * @throws IOException - * in case of errors - */ - public String getAppCookie(HttpUriRequest outboundRequest, boolean refresh) - throws IOException { - - URI uri = outboundRequest.getURI(); - String scheme = uri.getScheme(); - String host = uri.getHost(); - int port = uri.getPort(); - if (!refresh) { - if (appCookie != null) { - return appCookie; - } - } - - DefaultHttpClient client = new DefaultHttpClient(); - SPNegoSchemeFactory spNegoSF = new SPNegoSchemeFactory( - /* stripPort */true); - // spNegoSF.setSpengoGenerator(new BouncySpnegoTokenGenerator()); - client.getAuthSchemes().register(AuthPolicy.SPNEGO, spNegoSF); - client.getCredentialsProvider().setCredentials( - new AuthScope(/* host */null, /* port */-1, /* realm */null), - EMPTY_JAAS_CREDENTIALS); - - clearAppCookie(); - String hadoopAuthCookie = null; - HttpResponse httpResponse = null; - try { - HttpHost httpHost = new HttpHost(host, port, scheme); - HttpRequest httpRequest = createKerberosAuthenticationRequest( outboundRequest ); - httpResponse = client.execute(httpHost, httpRequest); - Header[] headers = httpResponse.getHeaders(SET_COOKIE); - hadoopAuthCookie = getHadoopAuthCookieValue(headers); - EntityUtils.consume( httpResponse.getEntity() ); - if (hadoopAuthCookie == null) { - LOG.failedSPNegoAuthn(uri.toString()); - auditor.audit( Action.AUTHENTICATION, uri.toString(), ResourceType.URI, ActionOutcome.FAILURE ); - throw new IOException( - "SPNego authn failed, can not get hadoop.auth cookie"); - } - } finally { - if (httpResponse != null) { - HttpEntity entity = httpResponse.getEntity(); - if (entity != null) { - entity.getContent().close(); - } - } - - } - LOG.successfulSPNegoAuthn(uri.toString()); - auditor.audit( Action.AUTHENTICATION, uri.toString(), ResourceType.URI, ActionOutcome.SUCCESS); - hadoopAuthCookie = HADOOP_AUTH_EQ + quote(hadoopAuthCookie); - setAppCookie(hadoopAuthCookie); - return appCookie; - } - - protected HttpRequest createKerberosAuthenticationRequest( HttpUriRequest userRequest ) { - HttpRequest authRequest = new HttpOptions( userRequest.getURI().getPath() ); - return authRequest; - } - - /** - * Returns the cached app cookie - * - * @return the cached app cookie, can be null - */ - public String getCachedAppCookie() { - return appCookie; - } - - private void setAppCookie(String appCookie) { - this.appCookie = appCookie; - } - - private void clearAppCookie() { - appCookie = null; - } - - static String quote(String s) { - return s == null ? s : "\"" + s + "\""; - } - - static String getHadoopAuthCookieValue(Header[] headers) { - if (headers == null) { - return null; - } - for (Header header : headers) { - HeaderElement[] elements = header.getElements(); - for (HeaderElement element : elements) { - String cookieName = element.getName(); - if (cookieName.equals(HADOOP_AUTH)) { - if (element.getValue() != null) { - String trimmedVal = element.getValue().trim(); - if (!trimmedVal.isEmpty()) { - return trimmedVal; - } - } - } - } - } - return null; - } - - private static class EmptyJaasCredentials implements Credentials { - - public String getPassword() { - return null; - } - - public Principal getUserPrincipal() { - return null; - } - - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultDispatch.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultDispatch.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultDispatch.java index 4bcd21c..26001bf 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultDispatch.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultDispatch.java @@ -33,8 +33,6 @@ import org.apache.hadoop.gateway.i18n.resources.ResourcesFactory; import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; -import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpOptions; @@ -43,8 +41,6 @@ import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.entity.ContentType; import org.apache.http.entity.InputStreamEntity; -import org.apache.http.message.BasicHeader; -import org.apache.http.util.EntityUtils; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -61,29 +57,20 @@ import java.util.Set; */ public class DefaultDispatch extends AbstractGatewayDispatch { - // private static final String CT_APP_WWW_FORM_URL_ENCODED = "application/x-www-form-urlencoded"; - // private static final String CT_APP_XML = "application/xml"; - protected static final String Q_DELEGATION_EQ = "?delegation="; - protected static final String AMP_DELEGATION_EQ = "&delegation="; - protected static final String COOKIE = "Cookie"; protected static final String SET_COOKIE = "Set-Cookie"; protected static final String WWW_AUTHENTICATE = "WWW-Authenticate"; - protected static final String NEGOTIATE = "Negotiate"; protected static SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class); protected static SpiGatewayResources RES = ResourcesFactory.get(SpiGatewayResources.class); protected static Auditor auditor = AuditServiceFactory.getAuditService().getAuditor(AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME); - protected AppCookieManager appCookieManager; - private int replayBufferSize = 0; private Set<String> outboundResponseExcludeHeaders; @Override public void init() { - setAppCookieManager(new AppCookieManager()); - outboundResponseExcludeHeaders = new HashSet<String>(); + outboundResponseExcludeHeaders = new HashSet<>(); outboundResponseExcludeHeaders.add(SET_COOKIE); outboundResponseExcludeHeaders.add(WWW_AUTHENTICATE); } @@ -93,10 +80,6 @@ public class DefaultDispatch extends AbstractGatewayDispatch { } - public void setAppCookieManager(AppCookieManager appCookieManager) { - this.appCookieManager = appCookieManager; - } - protected void executeRequest( HttpUriRequest outboundRequest, HttpServletRequest inboundRequest, @@ -112,19 +95,12 @@ public class DefaultDispatch extends AbstractGatewayDispatch { try { auditor.audit( Action.DISPATCH, outboundRequest.getURI().toString(), ResourceType.URI, ActionOutcome.UNAVAILABLE, RES.requestMethod( outboundRequest.getMethod() ) ); - String query = outboundRequest.getURI().getQuery(); if( !"true".equals( System.getProperty( GatewayConfig.HADOOP_KERBEROS_SECURED ) ) ) { // Hadoop cluster not Kerberos enabled addCredentialsToRequest( outboundRequest ); - inboundResponse = client.execute( outboundRequest ); - } else if( query.contains( Q_DELEGATION_EQ ) || - // query string carries delegation token - query.contains( AMP_DELEGATION_EQ ) ) { - inboundResponse = client.execute( outboundRequest ); - } else { - // Kerberos secured, no delegation token in query string - inboundResponse = executeKerberosDispatch( outboundRequest, client ); } + inboundResponse = client.execute( outboundRequest ); + int statusCode = inboundResponse.getStatusLine().getStatusCode(); if( statusCode != 201 ) { LOG.dispatchResponseStatusCode( statusCode ); @@ -205,39 +181,6 @@ public class DefaultDispatch extends AbstractGatewayDispatch { protected void addCredentialsToRequest(HttpUriRequest outboundRequest) { } - protected HttpResponse executeKerberosDispatch(HttpUriRequest outboundRequest, - HttpClient client) throws IOException { - HttpResponse inboundResponse; - outboundRequest.removeHeaders(COOKIE); - String appCookie = appCookieManager.getCachedAppCookie(); - if (appCookie != null) { - outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie)); - } - inboundResponse = client.execute(outboundRequest); - // if inBoundResponse has status 401 and header WWW-Authenticate: Negoitate - // refresh hadoop.auth.cookie and attempt one more time - int statusCode = inboundResponse.getStatusLine().getStatusCode(); - if (statusCode == HttpStatus.SC_UNAUTHORIZED) { - Header[] wwwAuthHeaders = inboundResponse.getHeaders(WWW_AUTHENTICATE); - if (wwwAuthHeaders != null && wwwAuthHeaders.length != 0 && - wwwAuthHeaders[0].getValue().trim().startsWith(NEGOTIATE)) { - //need to consume the previous inbound response first - EntityUtils.consume(inboundResponse.getEntity()); - - appCookie = appCookieManager.getAppCookie(outboundRequest, true); - outboundRequest.removeHeaders(COOKIE); - outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie)); - inboundResponse = client.execute(outboundRequest); - } else { - // no supported authentication type found - // we would let the original response propagate - } - } else { - // not a 401 Unauthorized status code - // we would let the original response propagate - } - return inboundResponse; - } protected HttpEntity createRequestEntity(HttpServletRequest request) throws IOException { http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultHttpClientFactory.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultHttpClientFactory.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultHttpClientFactory.java new file mode 100644 index 0000000..bc4b5ef --- /dev/null +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/DefaultHttpClientFactory.java @@ -0,0 +1,132 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.dispatch; + +import org.apache.hadoop.gateway.config.GatewayConfig; +import org.apache.http.HttpRequest; +import org.apache.http.HttpResponse; +import org.apache.http.ProtocolException; +import org.apache.http.auth.AuthSchemeProvider; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.Credentials; +import org.apache.http.client.CookieStore; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.HttpClient; +import org.apache.http.client.HttpRequestRetryHandler; +import org.apache.http.client.RedirectStrategy; +import org.apache.http.client.config.AuthSchemes; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.config.Registry; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.cookie.Cookie; +import org.apache.http.impl.auth.SPNegoSchemeFactory; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.protocol.HttpContext; + +import javax.servlet.FilterConfig; +import java.io.IOException; +import java.security.Principal; +import java.util.Collections; +import java.util.Date; +import java.util.List; + +public class DefaultHttpClientFactory implements HttpClientFactory { + + @Override + public HttpClient createHttpClient(FilterConfig filterConfig) { + HttpClientBuilder builder = HttpClients.custom(); + + if ("true".equals( System.getProperty( GatewayConfig.HADOOP_KERBEROS_SECURED ))) { + CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials()); + + Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create() + .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)) + .build(); + + builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry) + .setDefaultCookieStore(new HadoopAuthCookieStore()) + .setDefaultCredentialsProvider(credentialsProvider); + } else { + builder = builder.setDefaultCookieStore(new NoCookieStore()); + } + + return builder + .setRedirectStrategy(new NeverRedirectStrategy()) + .setRetryHandler(new NeverRetryHandler()) + .build(); + } + + private class NoCookieStore implements CookieStore { + @Override + public void addCookie(Cookie cookie) { + //no op + } + + @Override + public List<Cookie> getCookies() { + return Collections.EMPTY_LIST; + } + + @Override + public boolean clearExpired(Date date) { + return true; + } + + @Override + public void clear() { + //no op + } + } + + private class NeverRedirectStrategy implements RedirectStrategy { + @Override + public boolean isRedirected( HttpRequest request, HttpResponse response, HttpContext context ) + throws ProtocolException { + return false; + } + + @Override + public HttpUriRequest getRedirect( HttpRequest request, HttpResponse response, HttpContext context ) + throws ProtocolException { + return null; + } + } + + private class NeverRetryHandler implements HttpRequestRetryHandler { + @Override + public boolean retryRequest( IOException exception, int executionCount, HttpContext context ) { + return false; + } + } + + private static class UseJaasCredentials implements Credentials { + + public String getPassword() { + return null; + } + + public Principal getUserPrincipal() { + return null; + } + + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/GatewayDispatchFilter.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/GatewayDispatchFilter.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/GatewayDispatchFilter.java index ff65c07..86601db 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/GatewayDispatchFilter.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/GatewayDispatchFilter.java @@ -20,17 +20,8 @@ package org.apache.hadoop.gateway.dispatch; import org.apache.hadoop.gateway.SpiGatewayMessages; import org.apache.hadoop.gateway.filter.AbstractGatewayFilter; import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.ProtocolException; -import org.apache.http.client.CookieStore; -import org.apache.http.client.HttpRequestRetryHandler; -import org.apache.http.client.RedirectStrategy; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.cookie.Cookie; +import org.apache.http.client.HttpClient; import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.protocol.HttpContext; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -41,9 +32,7 @@ import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.Collections; -import java.util.Date; import java.util.HashMap; -import java.util.List; import java.util.Map; import static org.apache.hadoop.gateway.config.ConfigurationInjectorBuilder.configuration; @@ -56,10 +45,10 @@ public class GatewayDispatchFilter extends AbstractGatewayFilter { private Dispatch dispatch; - private CloseableHttpClient httpClient; + private HttpClient httpClient; private static Map<String, Adapter> createMethodAdapters() { - Map<String, Adapter> map = new HashMap<String, Adapter>(); + Map<String, Adapter> map = new HashMap<>(); map.put("GET", new GetAdapter()); map.put("POST", new PostAdapter()); map.put("PUT", new PutAdapter()); @@ -73,15 +62,17 @@ public class GatewayDispatchFilter extends AbstractGatewayFilter { super.init(filterConfig); if (dispatch == null) { String dispatchImpl = filterConfig.getInitParameter("dispatch-impl"); - dispatch = newDispatch(dispatchImpl); + dispatch = newInstanceFromName(dispatchImpl); } configuration().target(dispatch).source(filterConfig).inject(); - httpClient = HttpClients.custom() - .setDefaultCookieStore(new NoCookieStore()) - .setRedirectStrategy(new NeverRedirectStrategy()) - .setRetryHandler(new NeverRetryHandler()) - .build(); - //[sumit] this can perhaps be stashed in the servlet context to increase sharing of the client + HttpClientFactory httpClientFactory; + String httpClientFactoryClass = filterConfig.getInitParameter("httpClientFactory"); + if (httpClientFactoryClass != null) { + httpClientFactory = newInstanceFromName(httpClientFactoryClass); + } else { + httpClientFactory = new DefaultHttpClientFactory(); + } + httpClient = httpClientFactory.createHttpClient(filterConfig); dispatch.setHttpClient(httpClient); dispatch.init(); } @@ -90,7 +81,9 @@ public class GatewayDispatchFilter extends AbstractGatewayFilter { public void destroy() { dispatch.destroy(); try { - httpClient.close(); + if (httpClient instanceof CloseableHttpClient) { + ((CloseableHttpClient) httpClient).close(); + } } catch ( IOException e ) { LOG.errorClosingHttpClient(e); } @@ -170,59 +163,20 @@ public class GatewayDispatchFilter extends AbstractGatewayFilter { } } - private Dispatch newDispatch(String dispatchImpl) throws ServletException { + private <T> T newInstanceFromName(String dispatchImpl) throws ServletException { try { - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - if ( loader == null ) { - loader = this.getClass().getClassLoader(); - } - Class<Dispatch> clazz = (Class) loader.loadClass(dispatchImpl); + Class<T> clazz = loadClass(dispatchImpl); return clazz.newInstance(); } catch ( Exception e ) { throw new ServletException(e); } } - private class NoCookieStore implements CookieStore { - @Override - public void addCookie(Cookie cookie) { - //no op - } - - @Override - public List<Cookie> getCookies() { - return Collections.EMPTY_LIST; - } - - @Override - public boolean clearExpired(Date date) { - return true; - } - - @Override - public void clear() { - //no op - } - } - - private class NeverRedirectStrategy implements RedirectStrategy { - @Override - public boolean isRedirected( HttpRequest request, HttpResponse response, HttpContext context ) - throws ProtocolException { - return false; - } - - @Override - public HttpUriRequest getRedirect( HttpRequest request, HttpResponse response, HttpContext context ) - throws ProtocolException { - return null; - } - } - - private class NeverRetryHandler implements HttpRequestRetryHandler { - @Override - public boolean retryRequest( IOException exception, int executionCount, HttpContext context ) { - return false; - } + private <T> Class<T> loadClass(String className) throws ClassNotFoundException { + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + if ( loader == null ) { + loader = this.getClass().getClassLoader(); + } + return (Class<T>) loader.loadClass(className); } } http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HadoopAuthCookieStore.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HadoopAuthCookieStore.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HadoopAuthCookieStore.java new file mode 100644 index 0000000..17406a3 --- /dev/null +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HadoopAuthCookieStore.java @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.dispatch; + +import org.apache.http.cookie.Cookie; +import org.apache.http.impl.client.BasicCookieStore; + +public class HadoopAuthCookieStore extends BasicCookieStore { + + @Override + public void addCookie(Cookie cookie) { + if (cookie.getName().equals("hadoop.auth")) { + super.addCookie(cookie); + } + } +} http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientFactory.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientFactory.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientFactory.java new file mode 100644 index 0000000..ab4dbb9 --- /dev/null +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientFactory.java @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.gateway.dispatch; + +import org.apache.http.client.HttpClient; + +import javax.servlet.FilterConfig; + +public interface HttpClientFactory { + + public HttpClient createHttpClient( FilterConfig filterConfig ); +} http://git-wip-us.apache.org/repos/asf/knox/blob/c59bfeb3/gateway-spi/src/test/java/org/apache/hadoop/gateway/dispatch/AppCookieManagerTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/hadoop/gateway/dispatch/AppCookieManagerTest.java b/gateway-spi/src/test/java/org/apache/hadoop/gateway/dispatch/AppCookieManagerTest.java deleted file mode 100644 index 94ef797..0000000 --- a/gateway-spi/src/test/java/org/apache/hadoop/gateway/dispatch/AppCookieManagerTest.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.dispatch; - - -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; - -import org.apache.http.Header; -import org.apache.http.message.BasicHeader; -import org.junit.Test; - -public class AppCookieManagerTest { - - @Test - public void getCachedAppCookie() { - assertNull(new AppCookieManager().getCachedAppCookie()); - } - - @Test - public void getHadoopAuthCookieValueWithNullHeaders() { - assertNull(AppCookieManager.getHadoopAuthCookieValue(null)); - } - - @Test - public void getHadoopAuthCookieValueWitEmptylHeaders() { - assertNull(AppCookieManager.getHadoopAuthCookieValue(new Header[0])); - } - - @Test - public void getHadoopAuthCookieValueWithValidlHeaders() { - Header[] headers = new Header[1]; - headers[0] = new BasicHeader("Set-Cookie", AppCookieManager.HADOOP_AUTH + "=dummyvalue"); - assertNotNull(AppCookieManager.getHadoopAuthCookieValue(headers)); - } - -} -
