Author: rkanter
Date: Tue Feb 5 21:20:13 2013
New Revision: 1442751
URL: http://svn.apache.org/viewvc?rev=1442751&view=rev
Log:
OOZIE-1113 The cookies used in the AltKerberosAuthenticationHandler examples
aren't read properly if quoted (rkanter)
Modified:
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
oozie/branches/branch-3.3/release-log.txt
oozie/branches/branch-3.3/release-log.txt.orig
Modified:
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
---
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
(original)
+++
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
Tue Feb 5 21:20:13 2013
@@ -18,6 +18,8 @@
package org.apache.oozie.authentication;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Properties;
@@ -117,11 +119,20 @@ public class ExampleAltAuthenticationHan
*
* @param authCookie The "oozie.web.login.auth" cookie
* @return The username from the cookie or null if the cookie is null
+ * @throws UnsupportedEncodingException thrown if there's a problem
decoding the cookie value
+ * @throws AuthenticationException thrown if the cookie value is only two
quotes ""
*/
- protected String getAltAuthUserName(Cookie authCookie) {
+ protected String getAltAuthUserName(Cookie authCookie) throws
UnsupportedEncodingException, AuthenticationException {
if (authCookie == null) {
return null;
}
- return authCookie.getValue();
+ String username = authCookie.getValue();
+ if (username.startsWith("\"") && username.endsWith("\"")) {
+ if (username.length() == 2) {
+ throw new AuthenticationException("Unable to parse
authentication cookie");
+ }
+ username = username.substring(1, username.length() - 1);
+ }
+ return URLDecoder.decode(username, "UTF-8");
}
}
Modified:
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
---
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
(original)
+++
oozie/branches/branch-3.3/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
Tue Feb 5 21:20:13 2013
@@ -18,6 +18,7 @@
package org.apache.oozie.servlet.login;
import java.io.*;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
@@ -140,13 +141,14 @@ public class LoginServlet extends HttpSe
/**
* Write the "oozie.web.login.auth" cookie containing the username. A
subclass can override this to include more information
* into the cookie; though this will likely break compatibility with the
ExampleAltAuthenticationHandler, so it would have to
- * be extended as well.
+ * be extended as well. It is recommended that the cookie value be
URL-encoded.
*
* @param resp The response
* @param username The username
+ * @throws UnsupportedEncodingException thrown when there is a problem
encoding the username as the cookie value
*/
- protected void writeCookie(HttpServletResponse resp, String username) {
- Cookie cookie = new Cookie("oozie.web.login.auth", username);
+ protected void writeCookie(HttpServletResponse resp, String username)
throws UnsupportedEncodingException {
+ Cookie cookie = new Cookie("oozie.web.login.auth",
URLEncoder.encode(username, "UTF-8"));
cookie.setPath("/");
resp.addCookie(cookie);
}
Modified:
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
---
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
(original)
+++
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
Tue Feb 5 21:20:13 2013
@@ -23,6 +23,7 @@ import java.util.Properties;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import
org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.oozie.service.Services;
import org.apache.oozie.test.XTestCase;
@@ -97,4 +98,43 @@ public class TestExampleAltAuthenticatio
assertEquals("someUser", token.getName());
assertEquals("alt-kerberos", token.getType());
}
+
+ // Some browsers or server implementations will quote cookie values, so
test that behavior by repeating testAuthenticateCookie()
+ // but with "\"someUser\"" instead of "someUser"
+ public void testAuthenticateCookieQuoted() throws Exception {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ // A User-Agent without "java" in it is considered to be a browser
+ Mockito.when(request.getHeader("User-Agent")).thenReturn("Some
Browser");
+
+ // We need the request to return the auth cookie
+ Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"),
+ new Cookie("oozie.web.login.auth",
"\"someUser\"")};
+ Mockito.when(request.getCookies()).thenReturn(cookies);
+
+ AuthenticationToken token = handler.authenticate(request, response);
+ assertEquals("someUser", token.getUserName());
+ assertEquals("someUser", token.getName());
+ assertEquals("alt-kerberos", token.getType());
+ }
+
+ public void testAuthenticateCookieQuotedInvalid() throws Exception {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ // A User-Agent without "java" in it is considered to be a browser
+ Mockito.when(request.getHeader("User-Agent")).thenReturn("Some
Browser");
+
+ // We need the request to return the auth cookie
+ Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"),
+ new Cookie("oozie.web.login.auth", "\"\"")};
+ Mockito.when(request.getCookies()).thenReturn(cookies);
+
+ try {
+ handler.authenticate(request, response);
+ } catch(AuthenticationException ae) {
+ assertEquals("Unable to parse authentication cookie",
ae.getMessage());
+ }
+ }
}
Modified:
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
---
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
(original)
+++
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
Tue Feb 5 21:20:13 2013
@@ -152,7 +152,8 @@ public class TestLDAPLoginServlet extend
conn.setRequestMethod("POST");
assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode());
String cookies = tls.getCookies(conn);
-
assertTrue(cookies.contains("oozie.web.login.auth=uid=admin,ou=system"));
+ String username = tls.getUsernameFromCookies(cookies);
+ assertEquals("uid=admin,ou=system", username);
}
@Override
Modified:
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
---
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
(original)
+++
oozie/branches/branch-3.3/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
Tue Feb 5 21:20:13 2013
@@ -23,8 +23,10 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.net.URLDecoder;
import java.text.MessageFormat;
import java.util.List;
import java.util.Map;
@@ -167,7 +169,8 @@ public class TestLoginServlet extends Te
conn.setRequestMethod("POST");
assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode());
String cookies = getCookies(conn);
- assertTrue(cookies.contains("oozie.web.login.auth=foo"));
+ String username = getUsernameFromCookies(cookies);
+ assertEquals("foo", username);
}
protected String getHTML(HttpURLConnection conn) throws Exception {
@@ -192,4 +195,18 @@ public class TestLoginServlet extends Te
}
return null;
}
+
+ protected String getUsernameFromCookies(String cookies) throws
UnsupportedEncodingException {
+ String[] cookiesSplit = cookies.split(";");
+ for (String split : cookiesSplit) {
+ if (split.startsWith("oozie.web.login.auth=")) {
+ String value =
split.substring("oozie.web.login.auth=".length());
+ if (value.startsWith("\"") && value.endsWith("\"")) {
+ value = value.substring(1, value.length() - 1);
+ }
+ return URLDecoder.decode(value, "UTF-8");
+ }
+ }
+ return null;
+ }
}
Modified: oozie/branches/branch-3.3/release-log.txt
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/release-log.txt?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
--- oozie/branches/branch-3.3/release-log.txt (original)
+++ oozie/branches/branch-3.3/release-log.txt Tue Feb 5 21:20:13 2013
@@ -1,5 +1,6 @@
-- Oozie 3.3.2 (unreleased)
+OOZIE-1113 The cookies used in the AltKerberosAuthenticationHandler examples
aren't read properly if quoted (rkanter)
OOZIE-1103 Create example using AltKerberosAuthenticationHandler (rkanter)
OOZIE-1206 Add license headers to TestCoordActionNotificationXCommand.java and
TestNotificationXCommand.java in branch-3.3 (rkanter)
OOZIE-1179 coord action in WAITING when no definition of dataset in coord job
xml (mona)
Modified: oozie/branches/branch-3.3/release-log.txt.orig
URL:
http://svn.apache.org/viewvc/oozie/branches/branch-3.3/release-log.txt.orig?rev=1442751&r1=1442750&r2=1442751&view=diff
==============================================================================
--- oozie/branches/branch-3.3/release-log.txt.orig (original)
+++ oozie/branches/branch-3.3/release-log.txt.orig Tue Feb 5 21:20:13 2013
@@ -1,5 +1,6 @@
-- Oozie 3.3.2 (unreleased)
+OOZIE-1103 Create example using AltKerberosAuthenticationHandler (rkanter)
OOZIE-1206 Add license headers to TestCoordActionNotificationXCommand.java and
TestNotificationXCommand.java in branch-3.3 (rkanter)
OOZIE-1179 coord action in WAITING when no definition of dataset in coord job
xml (mona)
OOZIE-1194 test-patch shouldn't run the testHive profile because it not longer
exists (rkanter)
