http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java ---------------------------------------------------------------------- diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java index bd0b548..29f60b5 100755 --- a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java +++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java @@ -68,265 +68,265 @@ import com.mycila.xmltool.XMLTag; */ public class Knox242FuncTest { -// private static final long SHORT_TIMEOUT = 1000L; -// private static final long MEDIUM_TIMEOUT = 10 * SHORT_TIMEOUT; -// -// private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class; -// private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class ); -// -// public static Enumeration<Appender> appenders; -// public static GatewayConfig config; -// public static GatewayServer gateway; -// public static String gatewayUrl; -// public static String clusterUrl; -// public static SimpleLdapDirectoryServer ldap; -// public static TcpTransport ldapTransport; -// -// @BeforeClass -// public static void setupSuite() throws Exception { -// LOG_ENTER(); -// //appenders = NoOpAppender.setUp(); -// int port = setupLdap(); -// setupGateway(port); -// LOG_EXIT(); -// } -// -// @AfterClass -// public static void cleanupSuite() throws Exception { -// LOG_ENTER(); -// gateway.stop(); -// ldap.stop( true ); -// //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); -// //NoOpAppender.tearDown( appenders ); -// LOG_EXIT(); -// } -// -// public static int setupLdap() throws Exception { -// URL usersUrl = getResourceUrl( "users.ldif" ); -// int port = findFreePort(); -// ldapTransport = new TcpTransport( port ); -// ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); -// ldap.start(); -// LOG.info( "LDAP port = " + ldapTransport.getPort() ); -// return port; -// } -// -// public static void setupGateway(int ldapPort) throws IOException, Exception { -// -// File targetDir = new File( System.getProperty( "user.dir" ), "target" ); -// File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); -// gatewayDir.mkdirs(); -// -// GatewayTestConfig testConfig = new GatewayTestConfig(); -// config = testConfig; -// testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); -// -// File topoDir = new File( testConfig.getGatewayTopologyDir() ); -// topoDir.mkdirs(); -// -// File deployDir = new File( testConfig.getGatewayDeploymentDir() ); -// deployDir.mkdirs(); -// -// File descriptor = new File( topoDir, "testdg-cluster.xml" ); -// FileOutputStream stream = new FileOutputStream( descriptor ); -// createTopology(ldapPort).toStream( stream ); -// stream.close(); -// -// DefaultGatewayServices srvcs = new DefaultGatewayServices(); -// Map<String,String> options = new HashMap<String,String>(); -// options.put( "persist-master", "false" ); -// options.put( "master", "password" ); -// try { -// srvcs.init( testConfig, options ); -// } catch ( ServiceLifecycleException e ) { -// e.printStackTrace(); // I18N not required. -// } -// -// gateway = GatewayServer.startGateway( testConfig, srvcs ); -// MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); -// -// LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); -// -// gatewayUrl = "http://localhost:"; + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath(); -// clusterUrl = gatewayUrl + "/testdg-cluster"; -// -// GatewayServices services = GatewayServer.getGatewayServices(); -// AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE); -// aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password"); -// -// char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword"); -// //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1))); -// -// descriptor = new File( topoDir, "testdg-cluster.xml" ); -// stream = new FileOutputStream( descriptor ); -// createTopology(ldapPort).toStream( stream ); -// stream.close(); -// -// try { -// Thread.sleep(5000); -// } catch (Exception e) { -// -// } -// } -// -// private static XMLTag createTopology(int ldapPort) { -// XMLTag xml = XMLDoc.newDocument( true ) -// .addRoot( "topology" ) -// .addTag( "gateway" ) -// -// .addTag( "provider" ) -// .addTag( "role" ).addText( "authentication" ) -// .addTag( "name" ).addText( "ShiroProvider" ) -// .addTag( "enabled" ).addText( "true" ) -// .addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm" ) -// .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapGroupContextFactory" ) -// .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory" ) -// .addTag( "value" ).addText( "$ldapGroupContextFactory" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" ) -// .addTag( "value" ).addText( "simple" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" ) -// .addTag( "value" ).addText( "ldap://localhost:"; + ldapPort) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" ) -// .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) -// -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.searchBase" ) -// .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) -// -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" ) -// .addTag( "value" ).addText( "uid" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" ) -// .addTag( "value" ).addText( "person" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" ) -// .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" ) -// .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" ) -// -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" ) -// .addTag( "value" ).addText( "true" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" ) -// .addTag( "value" ).addText( "simple" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" ) -// .addTag( "value" ).addText( "groupofurls" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" ) -// .addTag( "value" ).addText( "memberurl" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" ) -// .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" ) -// .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" ) -// .addTag( "value" ).addText( "testdg-cluster" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" ) -// .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" ) -// // .addTag( "value" ).addText( "guest-password" ) -// .gotoParent().addTag( "param" ) -// .addTag( "name" ).addText( "urls./**" ) -// .addTag( "value" ).addText( "authcBasic" ) -// -// .gotoParent().gotoParent().addTag( "provider" ) -// .addTag( "role" ).addText( "authorization" ) -// .addTag( "name" ).addText( "AclsAuthz" ) -// .addTag( "enabled" ).addText( "true" ) -// .addTag( "param" ) -// .addTag( "name" ).addText( "test-service-role.acl" ) -// .addTag( "value" ).addText( "*;directors;*" ) -// -// .gotoParent().gotoParent().addTag( "provider" ) -// .addTag( "role" ).addText( "identity-assertion" ) -// .addTag( "enabled" ).addText( "true" ) -// .addTag( "name" ).addText( "Default" ).gotoParent() -// -// .gotoRoot() -// .addTag( "service" ) -// .addTag( "role" ).addText( "test-service-role" ) -// .gotoRoot(); -// // System.out.println( "GATEWAY=" + xml.toString() ); -// return xml; -// } -// -// private static int findFreePort() throws IOException { -// ServerSocket socket = new ServerSocket(0); -// int port = socket.getLocalPort(); -// socket.close(); -// return port; -// } -// -// public static InputStream getResourceStream( String resource ) throws IOException { -// return getResourceUrl( resource ).openStream(); -// } -// -// public static URL getResourceUrl( String resource ) { -// URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); -// assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); -// return url; -// } -// -// public static String getResourceName( String resource ) { -// return getResourceBaseName() + resource; -// } -// -// public static String getResourceBaseName() { -// return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; -// } -// -// @Ignore -// // @Test -// public void waitForManualTesting() throws IOException { -// System.in.read(); -// } -// -// @Test( timeout = MEDIUM_TIMEOUT ) -// public void testGroupMember() throws ClassNotFoundException, Exception { -// LOG_ENTER(); -// String username = "joe"; -// String password = "joe-password"; -// String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; -// given() -// //.log().all() -// .auth().preemptive().basic( username, password ) -// .expect() -// //.log().all() -// .statusCode( HttpStatus.SC_OK ) -// .contentType( "text/plain" ) -// .body( is( "test-service-response" ) ) -// .when().get( serviceUrl ); -// LOG_EXIT(); -// } -// -// @Test( timeout = MEDIUM_TIMEOUT ) -// public void testNonGroupMember() throws ClassNotFoundException { -// LOG_ENTER(); -// String username = "guest"; -// String password = "guest-password"; -// String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; -// given() -// //.log().all() -// .auth().preemptive().basic( username, password ) -// .expect() -// //.log().all() -// .statusCode( HttpStatus.SC_FORBIDDEN ) -// .when().get( serviceUrl ); -// LOG_EXIT(); -// } + private static final long SHORT_TIMEOUT = 1000L; + private static final long MEDIUM_TIMEOUT = 10 * SHORT_TIMEOUT; + + private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class; + private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class ); + + public static Enumeration<Appender> appenders; + public static GatewayConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + public static SimpleLdapDirectoryServer ldap; + public static TcpTransport ldapTransport; + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + //appenders = NoOpAppender.setUp(); + int port = setupLdap(); + setupGateway(port); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + gateway.stop(); + ldap.stop( true ); + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static int setupLdap() throws Exception { + URL usersUrl = getResourceUrl( "users.ldif" ); + int port = findFreePort(); + ldapTransport = new TcpTransport( port ); + ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); + ldap.start(); + LOG.info( "LDAP port = " + ldapTransport.getPort() ); + return port; + } + + public static void setupGateway(int ldapPort) throws IOException, Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + File descriptor = new File( topoDir, "testdg-cluster.xml" ); + FileOutputStream stream = new FileOutputStream( descriptor ); + createTopology(ldapPort).toStream( stream ); + stream.close(); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<String,String>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + + gateway = GatewayServer.startGateway( testConfig, srvcs ); + MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); + + LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); + + gatewayUrl = "http://localhost:"; + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath(); + clusterUrl = gatewayUrl + "/testdg-cluster"; + + GatewayServices services = GatewayServer.getGatewayServices(); + AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE); + aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password"); + + char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword"); + //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1))); + + descriptor = new File( topoDir, "testdg-cluster.xml" ); + stream = new FileOutputStream( descriptor ); + createTopology(ldapPort).toStream( stream ); + stream.close(); + + try { + Thread.sleep(5000); + } catch (Exception e) { + + } + } + + private static XMLTag createTopology(int ldapPort) { + XMLTag xml = XMLDoc.newDocument( true ) + .addRoot( "topology" ) + .addTag( "gateway" ) + + .addTag( "provider" ) + .addTag( "role" ).addText( "authentication" ) + .addTag( "name" ).addText( "ShiroProvider" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm" ) + .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapGroupContextFactory" ) + .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory" ) + .addTag( "value" ).addText( "$ldapGroupContextFactory" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" ) + .addTag( "value" ).addText( "simple" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" ) + .addTag( "value" ).addText( "ldap://localhost:"; + ldapPort) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" ) + .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.searchBase" ) + .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" ) + .addTag( "value" ).addText( "uid" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" ) + .addTag( "value" ).addText( "person" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" ) + .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" ) + .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" ) + .addTag( "value" ).addText( "true" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" ) + .addTag( "value" ).addText( "simple" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" ) + .addTag( "value" ).addText( "groupofurls" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" ) + .addTag( "value" ).addText( "memberurl" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" ) + .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" ) + .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" ) + .addTag( "value" ).addText( "testdg-cluster" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" ) + .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" ) + // .addTag( "value" ).addText( "guest-password" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "urls./**" ) + .addTag( "value" ).addText( "authcBasic" ) + + .gotoParent().gotoParent().addTag( "provider" ) + .addTag( "role" ).addText( "authorization" ) + .addTag( "name" ).addText( "AclsAuthz" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "param" ) + .addTag( "name" ).addText( "test-service-role.acl" ) + .addTag( "value" ).addText( "*;directors;*" ) + + .gotoParent().gotoParent().addTag( "provider" ) + .addTag( "role" ).addText( "identity-assertion" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "name" ).addText( "Default" ).gotoParent() + + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + private static int findFreePort() throws IOException { + ServerSocket socket = new ServerSocket(0); + int port = socket.getLocalPort(); + socket.close(); + return port; + } + + public static InputStream getResourceStream( String resource ) throws IOException { + return getResourceUrl( resource ).openStream(); + } + + public static URL getResourceUrl( String resource ) { + URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); + assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); + return url; + } + + public static String getResourceName( String resource ) { + return getResourceBaseName() + resource; + } + + public static String getResourceBaseName() { + return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; + } + + @Ignore + // @Test + public void waitForManualTesting() throws IOException { + System.in.read(); + } + + @Test( timeout = MEDIUM_TIMEOUT ) + public void testGroupMember() throws ClassNotFoundException, Exception { + LOG_ENTER(); + String username = "joe"; + String password = "joe-password"; + String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + given() + //.log().all() + .auth().preemptive().basic( username, password ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().get( serviceUrl ); + LOG_EXIT(); + } + + @Test( timeout = MEDIUM_TIMEOUT ) + public void testNonGroupMember() throws ClassNotFoundException { + LOG_ENTER(); + String username = "guest"; + String password = "guest-password"; + String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + given() + //.log().all() + .auth().preemptive().basic( username, password ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_FORBIDDEN ) + .when().get( serviceUrl ); + LOG_EXIT(); + } }
http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java ---------------------------------------------------------------------- diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java index 10ab41d..a79e613 100644 --- a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java +++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java @@ -53,284 +53,284 @@ import static org.junit.Assert.assertThat; public class KnoxCliLdapFuncTestNegative { -// private static final long SHORT_TIMEOUT = 1000L; -// -// private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; -// private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); -// -// public static Enumeration<Appender> appenders; -// public static GatewayTestConfig config; -// public static GatewayServer gateway; -// public static String gatewayUrl; -// public static String clusterUrl; -// public static SimpleLdapDirectoryServer ldap; -// public static TcpTransport ldapTransport; -// -// private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); -// private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); -// private static final String uuid = UUID.randomUUID().toString(); -// -// @BeforeClass -// public static void setupSuite() throws Exception { -// LOG_ENTER(); -// System.setOut(new PrintStream(outContent)); -// System.setErr(new PrintStream(errContent)); -// setupLdap(); -// setupGateway(); -// LOG_EXIT(); -// } -// -// @AfterClass -// public static void cleanupSuite() throws Exception { -// LOG_ENTER(); -// ldap.stop( true ); -// -// //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); -// //NoOpAppender.tearDown( appenders ); -// LOG_EXIT(); -// } -// -// public static void setupLdap( ) throws Exception { -// URL usersUrl = getResourceUrl( "users.ldif" ); -// int port = findFreePort(); -// ldapTransport = new TcpTransport( port ); -// ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); -// ldap.start(); -// LOG.info( "LDAP port = " + ldapTransport.getPort() ); -// } -// -// public static void setupGateway() throws Exception { -// -// File targetDir = new File( System.getProperty( "user.dir" ), "target" ); -// File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); -// gatewayDir.mkdirs(); -// -// GatewayTestConfig testConfig = new GatewayTestConfig(); -// config = testConfig; -// testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); -// -// File topoDir = new File( testConfig.getGatewayTopologyDir() ); -// topoDir.mkdirs(); -// -// File deployDir = new File( testConfig.getGatewayDeploymentDir() ); -// deployDir.mkdirs(); -// -// createTopology(topoDir, "test-cluster.xml", true); -// createTopology(topoDir, "bad-cluster.xml", false); -// -// DefaultGatewayServices srvcs = new DefaultGatewayServices(); -// Map<String,String> options = new HashMap<String,String>(); -// options.put( "persist-master", "false" ); -// options.put( "master", "password" ); -// try { -// srvcs.init( testConfig, options ); -// } catch ( ServiceLifecycleException e ) { -// e.printStackTrace(); // I18N not required. -// } -// } -// -// private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { -// File descriptor = new File(topoDir, name); -// -// if(descriptor.exists()){ -// descriptor.delete(); -// descriptor = new File(topoDir, name); -// } -// -// FileOutputStream stream = new FileOutputStream( descriptor, false ); -// if(goodTopology){ -// createTopology().toStream( stream ); -// } else { -// createBadTopology().toStream( stream ); -// } -// stream.close(); -// -// } -// -// private static int findFreePort() throws IOException { -// ServerSocket socket = new ServerSocket(0); -// int port = socket.getLocalPort(); -// socket.close(); -// return port; -// } -// -// public static InputStream getResourceStream( String resource ) throws IOException { -// return getResourceUrl( resource ).openStream(); -// } -// -// public static URL getResourceUrl( String resource ) { -// URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); -// assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); -// return url; -// } -// -// public static String getResourceName( String resource ) { -// return getResourceBaseName() + resource; -// } -// -// public static String getResourceBaseName() { -// return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; -// } -// -// private static XMLTag createBadTopology(){ -// XMLTag xml = XMLDoc.newDocument(true) -// .addRoot("topology") -// .addTag("gateway") -// .addTag( "provider" ) -// .addTag("role").addText("authentication") -// .addTag( "name" ).addText( "ShiroProvider" ) -// .addTag( "enabled" ).addText( "true" ) -// .addTag("param") -// .addTag( "name" ).addText("main.ldapRealm") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() -// .addTag("param") -// .addTag( "name" ).addText("main.ldapRealm.userDnTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag( "name" ).addText("main.ldapRealm.contextFactory.url") -// .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") -// .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") -// .addTag( "value" ).addText("guest-password").gotoParent() -// .addTag("param") -// .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism") -// .addTag("value").addText("simple").gotoParent() -// .addTag("param") -// .addTag( "name" ).addText("urls./**") -// .addTag("value").addText("authcBasic").gotoParent().gotoParent() -// .addTag("provider") -// .addTag( "role" ).addText("identity-assertion") -// .addTag("enabled").addText("true") -// .addTag("name").addText("Default").gotoParent() -// .addTag("provider") -// .gotoRoot() -// .addTag( "service" ) -// .addTag( "role" ).addText( "KNOX" ) -// .gotoRoot(); -// // System.out.println( "GATEWAY=" + xml.toString() ); -// return xml; -// } -// -// private static XMLTag createTopology() { -// -// XMLTag xml = XMLDoc.newDocument(true) -// .addRoot("topology") -// .addTag("gateway" ) -// .addTag("provider") -// .addTag("role").addText("authentication") -// .addTag("name").addText("ShiroProvider") -// .addTag("enabled").addText("true") -// .addTag("param") -// .addTag("name").addText("main.ldapRealm") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() -// .addTag("param" ) -// .addTag("name").addText("main.ldapGroupContextFactory") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.searchBase") -// .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.groupObjectClass") -// .addTag("value").addText("groupOfNames").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param" ) -// .addTag("name").addText("main.ldapRealm.memberAttribute") -// .addTag("value").addText("member").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.authorizationEnabled") -// .addTag("value").addText("true").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") -// .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") -// .addTag( "value" ).addText("guest-password").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.userDnTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.url") -// .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") -// .addTag("value").addText("simple").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.cachingEnabled") -// .addTag("value").addText("false").gotoParent() -// .addTag("param") -// .addTag("name").addText("com.sun.jndi.ldap.connect.pool") -// .addTag("value").addText("false").gotoParent() -// .addTag("param") -// .addTag("name" ).addText("urls./**") -// .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() -// .addTag("provider" ) -// .addTag("role").addText( "identity-assertion" ) -// .addTag( "enabled").addText( "true" ) -// .addTag("name").addText( "Default" ).gotoParent() -// .gotoRoot() -// .addTag( "service" ) -// .addTag( "role" ).addText( "test-service-role" ) -// .gotoRoot(); -// // System.out.println( "GATEWAY=" + xml.toString() ); -// return xml; -// } -// -// @Test( timeout = SHORT_TIMEOUT ) -// public void testBadTopology() throws Exception { -// LOG_ENTER(); -// -// // Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology -// outContent.reset(); -// String username = "tom"; -// String password = "tom-password"; -// KnoxCLI cli = new KnoxCLI(); -// cli.setConf(config); -// -// String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", -// "--u", username, "--p", password, "--g" }; -// cli.run( args1 ); -// -// assertThat(outContent.toString(), containsString("LDAP authentication successful")); -// assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); -// assertThat(outContent.toString(), containsString("Warn: ")); -// assertFalse(outContent.toString().contains("analyst")); -// -// -// outContent.reset(); -// username = "bad-name"; -// password = "bad-password"; -// cli = new KnoxCLI(); -// cli.setConf( config ); -// -// String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", -// "--u", username, "--p", password, "--g" }; -// cli.run( args2 ); -// -// assertThat(outContent.toString(), containsString("LDAP authentication failed")); -// assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS")); -// -// outContent.reset(); -// username = "sam"; -// password = "sam-password"; -// cli = new KnoxCLI(); -// cli.setConf( config ); -// -// String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", -// "--u", username, "--p", password, "--g" }; -// cli.run( args3 ); -// -// assertThat(outContent.toString(), containsString("LDAP authentication successful")); -// assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); -// assertThat(outContent.toString(), containsString("Warn:")); -// assertFalse(outContent.toString().contains("analyst")); -// assertFalse(outContent.toString().contains("scientist")); -// -// LOG_EXIT(); -// } + private static final long SHORT_TIMEOUT = 1000L; + + private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; + private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); + + public static Enumeration<Appender> appenders; + public static GatewayTestConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + public static SimpleLdapDirectoryServer ldap; + public static TcpTransport ldapTransport; + + private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); + private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); + private static final String uuid = UUID.randomUUID().toString(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + System.setOut(new PrintStream(outContent)); + System.setErr(new PrintStream(errContent)); + setupLdap(); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + ldap.stop( true ); + + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupLdap( ) throws Exception { + URL usersUrl = getResourceUrl( "users.ldif" ); + int port = findFreePort(); + ldapTransport = new TcpTransport( port ); + ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); + ldap.start(); + LOG.info( "LDAP port = " + ldapTransport.getPort() ); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + createTopology(topoDir, "test-cluster.xml", true); + createTopology(topoDir, "bad-cluster.xml", false); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<String,String>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + } + + private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { + File descriptor = new File(topoDir, name); + + if(descriptor.exists()){ + descriptor.delete(); + descriptor = new File(topoDir, name); + } + + FileOutputStream stream = new FileOutputStream( descriptor, false ); + if(goodTopology){ + createTopology().toStream( stream ); + } else { + createBadTopology().toStream( stream ); + } + stream.close(); + + } + + private static int findFreePort() throws IOException { + ServerSocket socket = new ServerSocket(0); + int port = socket.getLocalPort(); + socket.close(); + return port; + } + + public static InputStream getResourceStream( String resource ) throws IOException { + return getResourceUrl( resource ).openStream(); + } + + public static URL getResourceUrl( String resource ) { + URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); + assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); + return url; + } + + public static String getResourceName( String resource ) { + return getResourceBaseName() + resource; + } + + public static String getResourceBaseName() { + return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; + } + + private static XMLTag createBadTopology(){ + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway") + .addTag( "provider" ) + .addTag("role").addText("authentication") + .addTag( "name" ).addText( "ShiroProvider" ) + .addTag( "enabled" ).addText( "true" ) + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag( "name" ).addText("urls./**") + .addTag("value").addText("authcBasic").gotoParent().gotoParent() + .addTag("provider") + .addTag( "role" ).addText("identity-assertion") + .addTag("enabled").addText("true") + .addTag("name").addText("Default").gotoParent() + .addTag("provider") + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "KNOX" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + private static XMLTag createTopology() { + + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway" ) + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag("param") + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapGroupContextFactory") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.searchBase") + .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.groupObjectClass") + .addTag("value").addText("groupOfNames").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapRealm.memberAttribute") + .addTag("value").addText("member").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.cachingEnabled") + .addTag("value").addText("false").gotoParent() + .addTag("param") + .addTag("name").addText("com.sun.jndi.ldap.connect.pool") + .addTag("value").addText("false").gotoParent() + .addTag("param") + .addTag("name" ).addText("urls./**") + .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() + .addTag("provider" ) + .addTag("role").addText( "identity-assertion" ) + .addTag( "enabled").addText( "true" ) + .addTag("name").addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + @Test( timeout = SHORT_TIMEOUT ) + public void testBadTopology() throws Exception { + LOG_ENTER(); + + // Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology + outContent.reset(); + String username = "tom"; + String password = "tom-password"; + KnoxCLI cli = new KnoxCLI(); + cli.setConf(config); + + String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + cli.run( args1 ); + + assertThat(outContent.toString(), containsString("LDAP authentication successful")); + assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); + assertThat(outContent.toString(), containsString("Warn: ")); + assertFalse(outContent.toString().contains("analyst")); + + + outContent.reset(); + username = "bad-name"; + password = "bad-password"; + cli = new KnoxCLI(); + cli.setConf( config ); + + String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + cli.run( args2 ); + + assertThat(outContent.toString(), containsString("LDAP authentication failed")); + assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS")); + + outContent.reset(); + username = "sam"; + password = "sam-password"; + cli = new KnoxCLI(); + cli.setConf( config ); + + String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + cli.run( args3 ); + + assertThat(outContent.toString(), containsString("LDAP authentication successful")); + assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); + assertThat(outContent.toString(), containsString("Warn:")); + assertFalse(outContent.toString().contains("analyst")); + assertFalse(outContent.toString().contains("scientist")); + + LOG_EXIT(); + } } http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java ---------------------------------------------------------------------- diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java index 54da5f5..fb08531 100644 --- a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java +++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java @@ -53,288 +53,288 @@ import static org.junit.Assert.assertThat; public class KnoxCliLdapFuncTestPositive { -// private static final long SHORT_TIMEOUT = 1000L; -// -// private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; -// private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); -// -// public static Enumeration<Appender> appenders; -// public static GatewayTestConfig config; -// public static GatewayServer gateway; -// public static String gatewayUrl; -// public static String clusterUrl; -// public static SimpleLdapDirectoryServer ldap; -// public static TcpTransport ldapTransport; -// -// private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); -// private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); -// private static final String uuid = UUID.randomUUID().toString(); -// -// @BeforeClass -// public static void setupSuite() throws Exception { -// LOG_ENTER(); -// System.setOut(new PrintStream(outContent)); -// System.setErr(new PrintStream(errContent)); -// setupLdap(); -// setupGateway(); -// LOG_EXIT(); -// } -// -// @AfterClass -// public static void cleanupSuite() throws Exception { -// LOG_ENTER(); -// ldap.stop( true ); -// -// //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); -// //NoOpAppender.tearDown( appenders ); -// LOG_EXIT(); -// } -// -// public static void setupLdap( ) throws Exception { -// URL usersUrl = getResourceUrl( "users.ldif" ); -// int port = findFreePort(); -// ldapTransport = new TcpTransport( port ); -// ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); -// ldap.start(); -// LOG.info( "LDAP port = " + ldapTransport.getPort() ); -// } -// -// public static void setupGateway() throws Exception { -// -// File targetDir = new File( System.getProperty( "user.dir" ), "target" ); -// File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); -// gatewayDir.mkdirs(); -// -// GatewayTestConfig testConfig = new GatewayTestConfig(); -// config = testConfig; -// testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); -// -// File topoDir = new File( testConfig.getGatewayTopologyDir() ); -// topoDir.mkdirs(); -// -// File deployDir = new File( testConfig.getGatewayDeploymentDir() ); -// deployDir.mkdirs(); -// -// createTopology(topoDir, "test-cluster.xml", true); -// createTopology(topoDir, "bad-cluster.xml", false); -// -// DefaultGatewayServices srvcs = new DefaultGatewayServices(); -// Map<String,String> options = new HashMap<String,String>(); -// options.put( "persist-master", "false" ); -// options.put( "master", "password" ); -// try { -// srvcs.init( testConfig, options ); -// } catch ( ServiceLifecycleException e ) { -// e.printStackTrace(); // I18N not required. -// } -// } -// -// private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { -// File descriptor = new File(topoDir, name); -// -// if(descriptor.exists()){ -// descriptor.delete(); -// descriptor = new File(topoDir, name); -// } -// -// FileOutputStream stream = new FileOutputStream( descriptor, false ); -// if(goodTopology){ -// createTopology().toStream( stream ); -// } else { -// createBadTopology().toStream( stream ); -// } -// stream.close(); -// -// } -// -// private static int findFreePort() throws IOException { -// ServerSocket socket = new ServerSocket(0); -// int port = socket.getLocalPort(); -// socket.close(); -// return port; -// } -// -// public static InputStream getResourceStream( String resource ) throws IOException { -// return getResourceUrl( resource ).openStream(); -// } -// -// public static URL getResourceUrl( String resource ) { -// URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); -// assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); -// return url; -// } -// -// public static String getResourceName( String resource ) { -// return getResourceBaseName() + resource; -// } -// -// public static String getResourceBaseName() { -// return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; -// } -// -// private static XMLTag createBadTopology(){ -// XMLTag xml = XMLDoc.newDocument(true) -// .addRoot("topology") -// .addTag( "gateway" ) -// .addTag("provider") -// .addTag("role").addText("authentication") -// .addTag("name").addText("ShiroProvider") -// .addTag("enabled").addText("true") -// .addTag( "param" ) -// .addTag("name").addText("main.ldapRealm") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() -// .addTag( "param" ) -// .addTag("name").addText("main.ldapRealm.userDnTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag( "param" ) -// .addTag("name").addText("main.ldapRealm.contextFactory.url") -// .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() -// .addTag( "param" ) -// .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") -// .addTag("value").addText("simple").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.authorizationEnabled") -// .addTag("value").addText("true").gotoParent() -// .addTag("param") -// .addTag( "name").addText( "urls./**") -// .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent() -// .addTag( "provider" ) -// .addTag( "role" ).addText( "identity-assertion" ) -// .addTag( "enabled" ).addText( "true" ) -// .addTag( "name" ).addText( "Default" ).gotoParent() -// .gotoRoot() -// .addTag( "service") -// .addTag("role").addText( "KNOX" ) -// .gotoRoot(); -// // System.out.println( "GATEWAY=" + xml.toString() ); -// return xml; -// } -// -// private static XMLTag createTopology() { -// -// XMLTag xml = XMLDoc.newDocument(true) -// .addRoot("topology") -// .addTag("gateway") -// .addTag("provider") -// .addTag("role").addText("authentication") -// .addTag("name").addText("ShiroProvider") -// .addTag("enabled").addText("true") -// .addTag("param") -// .addTag("name").addText("main.ldapRealm") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() -// .addTag("param" ) -// .addTag("name").addText("main.ldapGroupContextFactory") -// .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.searchBase") -// .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.groupObjectClass") -// .addTag("value").addText("groupOfNames").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param" ) -// .addTag("name").addText("main.ldapRealm.memberAttribute") -// .addTag("value").addText("member").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.authorizationEnabled") -// .addTag("value").addText("true").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") -// .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") -// .addTag( "value" ).addText("guest-password").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.userDnTemplate") -// .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.url") -// .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() -// .addTag("param") -// .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") -// .addTag("value").addText("simple").gotoParent() -// .addTag("param") -// .addTag("name" ).addText("urls./**") -// .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() -// .addTag("provider" ) -// .addTag("role").addText( "identity-assertion" ) -// .addTag( "enabled").addText( "true" ) -// .addTag("name").addText( "Default" ).gotoParent() -// .gotoRoot() -// .addTag( "service" ) -// .addTag( "role" ).addText( "test-service-role" ) -// .gotoRoot(); -// // System.out.println( "GATEWAY=" + xml.toString() ); -// return xml; -// } -// -// @Test( timeout = SHORT_TIMEOUT ) -// public void testLDAPAuth() throws Exception { -// LOG_ENTER(); -// -//// Test 1: Make sure authenication is successful and return groups -// outContent.reset(); -// String username = "sam"; -// String password = "sam-password"; -// String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password, -// "--g"}; -// KnoxCLI cli = new KnoxCLI(); -// cli.setConf(config); -// cli.run(args); -// assertThat(outContent.toString(), containsString("success")); -// assertThat(outContent.toString(), containsString("analyst")); -// assertThat(outContent.toString(), containsString("scientist")); -// -//// Test 2: Give an invalid name and password combinatinon. -// outContent.reset(); -// cli = new KnoxCLI(); -// cli.setConf(config); -// username = "bad-name"; -// password = "bad-password"; -// String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password}; -// cli.run(args2); -// assertThat(outContent.toString(), containsString("LDAP authentication failed")); -// -//// Test 3: Authenticate a user who belongs to no groups, but specify groups with --g -// outContent.reset(); -// cli = new KnoxCLI(); -// cli.setConf(config); -// username = "guest"; -// password = "guest-password"; -// String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", -// "--u", username, "--p", password, "--g" }; -// cli.run(args3); -// assertThat(outContent.toString(), containsString("LDAP authentication success")); -// assertThat(outContent.toString(), containsString("does not belong to any groups")); -// -// // Test 4: Pass a non-existent topology -// outContent.reset(); -// cli = new KnoxCLI(); -// cli.setConf(config); -// username = "guest"; -// password = "guest-password"; -// String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne", -// "--u", username, "--p", password }; -// cli.run(args4); -// assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist")); -// -// -// // Test 5: Authenticate a user who belongs to no groups, but specify groups with --g -// outContent.reset(); -// cli = new KnoxCLI(); -// cli.setConf(config); -// username = "guest"; -// password = "guest-password"; -// String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", -// "--u", username, "--p", password }; -// cli.run( args5 ); -// assertThat(outContent.toString(), containsString("LDAP authentication success")); -// assertThat(outContent.toString(), not(containsString("does not belong to any groups"))); -// -// LOG_EXIT(); -// } + private static final long SHORT_TIMEOUT = 1000L; + + private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; + private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); + + public static Enumeration<Appender> appenders; + public static GatewayTestConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + public static SimpleLdapDirectoryServer ldap; + public static TcpTransport ldapTransport; + + private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); + private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); + private static final String uuid = UUID.randomUUID().toString(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + System.setOut(new PrintStream(outContent)); + System.setErr(new PrintStream(errContent)); + setupLdap(); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + ldap.stop( true ); + + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupLdap( ) throws Exception { + URL usersUrl = getResourceUrl( "users.ldif" ); + int port = findFreePort(); + ldapTransport = new TcpTransport( port ); + ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport ); + ldap.start(); + LOG.info( "LDAP port = " + ldapTransport.getPort() ); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + createTopology(topoDir, "test-cluster.xml", true); + createTopology(topoDir, "bad-cluster.xml", false); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<String,String>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + } + + private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { + File descriptor = new File(topoDir, name); + + if(descriptor.exists()){ + descriptor.delete(); + descriptor = new File(topoDir, name); + } + + FileOutputStream stream = new FileOutputStream( descriptor, false ); + if(goodTopology){ + createTopology().toStream( stream ); + } else { + createBadTopology().toStream( stream ); + } + stream.close(); + + } + + private static int findFreePort() throws IOException { + ServerSocket socket = new ServerSocket(0); + int port = socket.getLocalPort(); + socket.close(); + return port; + } + + public static InputStream getResourceStream( String resource ) throws IOException { + return getResourceUrl( resource ).openStream(); + } + + public static URL getResourceUrl( String resource ) { + URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); + assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); + return url; + } + + public static String getResourceName( String resource ) { + return getResourceBaseName() + resource; + } + + public static String getResourceBaseName() { + return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; + } + + private static XMLTag createBadTopology(){ + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag( "gateway" ) + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag( "name").addText( "urls./**") + .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent() + .addTag( "provider" ) + .addTag( "role" ).addText( "identity-assertion" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "name" ).addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service") + .addTag("role").addText( "KNOX" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + private static XMLTag createTopology() { + + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway") + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag("param") + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapGroupContextFactory") + .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.searchBase") + .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.groupObjectClass") + .addTag("value").addText("groupOfNames").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapRealm.memberAttribute") + .addTag("value").addText("member").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText("ldap://localhost:"; + ldapTransport.getPort()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name" ).addText("urls./**") + .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() + .addTag("provider" ) + .addTag("role").addText( "identity-assertion" ) + .addTag( "enabled").addText( "true" ) + .addTag("name").addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + @Test( timeout = SHORT_TIMEOUT ) + public void testLDAPAuth() throws Exception { + LOG_ENTER(); + +// Test 1: Make sure authenication is successful and return groups + outContent.reset(); + String username = "sam"; + String password = "sam-password"; + String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password, + "--g"}; + KnoxCLI cli = new KnoxCLI(); + cli.setConf(config); + cli.run(args); + assertThat(outContent.toString(), containsString("success")); + assertThat(outContent.toString(), containsString("analyst")); + assertThat(outContent.toString(), containsString("scientist")); + +// Test 2: Give an invalid name and password combinatinon. + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "bad-name"; + password = "bad-password"; + String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password}; + cli.run(args2); + assertThat(outContent.toString(), containsString("LDAP authentication failed")); + +// Test 3: Authenticate a user who belongs to no groups, but specify groups with --g + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", + "--u", username, "--p", password, "--g" }; + cli.run(args3); + assertThat(outContent.toString(), containsString("LDAP authentication success")); + assertThat(outContent.toString(), containsString("does not belong to any groups")); + + // Test 4: Pass a non-existent topology + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne", + "--u", username, "--p", password }; + cli.run(args4); + assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist")); + + + // Test 5: Authenticate a user who belongs to no groups, but specify groups with --g + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", + "--u", username, "--p", password }; + cli.run( args5 ); + assertThat(outContent.toString(), containsString("LDAP authentication success")); + assertThat(outContent.toString(), not(containsString("does not belong to any groups"))); + + LOG_EXIT(); + } }
