Repository: ambari Updated Branches: refs/heads/trunk 1e6e73f30 -> f55b115af
AMBARI-21578. testBadCredential UT fails (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f55b115a Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f55b115a Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f55b115a Branch: refs/heads/trunk Commit: f55b115afe533faa7d41cff2c8b6c252ed6e498a Parents: 1e6e73f Author: Robert Levas <rle...@hortonworks.com> Authored: Thu Jul 27 06:57:15 2017 -0400 Committer: Robert Levas <rle...@hortonworks.com> Committed: Thu Jul 27 06:57:15 2017 -0400 ---------------------------------------------------------------------- ambari-server/pom.xml | 2 +- .../AmbariPamAuthenticationProvider.java | 5 +- .../AmbariPamAuthenticationProviderTest.java | 145 +++++++++++-------- 3 files changed, 87 insertions(+), 65 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f55b115a/ambari-server/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml index 70907da..3c966f2 100644 --- a/ambari-server/pom.xml +++ b/ambari-server/pom.xml @@ -1684,7 +1684,7 @@ <dependency> <groupId>net.java.dev.jna</groupId> <artifactId>jna</artifactId> - <version>4.3.0</version> + <version>4.2.2</version> </dependency> </dependencies> http://git-wip-us.apache.org/repos/asf/ambari/blob/f55b115a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java index 373552e..8678294 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java @@ -29,6 +29,7 @@ import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; +import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory; import org.jvnet.libpam.PAM; import org.jvnet.libpam.PAMException; import org.jvnet.libpam.UnixUser; @@ -54,6 +55,8 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { protected UserDAO userDAO; @Inject protected GroupDAO groupDAO; + @Inject + private PamAuthenticationFactory pamAuthenticationFactory; private static final Logger LOG = LoggerFactory.getLogger(AmbariPamAuthenticationProvider.class); @@ -85,7 +88,7 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { try{ //Set PAM configuration file (found under /etc/pam.d) String pamConfig = configuration.getPamConfigurationFile(); - pam = new PAM(pamConfig); + pam = pamAuthenticationFactory.createInstance(pamConfig); } catch(PAMException ex) { LOG.error("Unable to Initialize PAM." + ex.getMessage()); http://git-wip-us.apache.org/repos/asf/ambari/blob/f55b115a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java index 8faa6ce..9cfd148 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java @@ -17,91 +17,120 @@ */ package org.apache.ambari.server.security.authorization; -import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.anyObject; +import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.expectLastCall; -import java.util.Arrays; -import java.util.Collection; import java.util.Collections; -import java.util.HashSet; -import org.apache.ambari.server.H2DatabaseCleaner; -import org.apache.ambari.server.audit.AuditLoggerModule; +import javax.persistence.EntityManager; + import org.apache.ambari.server.configuration.Configuration; -import org.apache.ambari.server.orm.GuiceJpaInitializer; +import org.apache.ambari.server.hooks.HookContextFactory; +import org.apache.ambari.server.hooks.HookService; +import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.PrincipalEntity; -import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; -import org.easymock.EasyMock; -import org.junit.After; +import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory; +import org.apache.ambari.server.state.stack.OsFamily; +import org.easymock.EasyMockSupport; import org.junit.Before; import org.junit.Test; import org.jvnet.libpam.PAM; +import org.jvnet.libpam.PAMException; import org.jvnet.libpam.UnixUser; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.crypto.password.StandardPasswordEncoder; +import com.google.inject.AbstractModule; import com.google.inject.Guice; -import com.google.inject.Inject; import com.google.inject.Injector; import junit.framework.Assert; -public class AmbariPamAuthenticationProviderTest { - - private static Injector injector; - - @Inject - PasswordEncoder passwordEncoder; - @Inject - private AmbariPamAuthenticationProvider authenticationProvider; - @Inject - Configuration configuration; +public class AmbariPamAuthenticationProviderTest extends EasyMockSupport { private static final String TEST_USER_NAME = "userName"; private static final String TEST_USER_PASS = "userPass"; private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass"; + private Injector injector; + @Before - public void setUp() { - injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule()); - injector.injectMembers(this); - injector.getInstance(GuiceJpaInitializer.class); + public void setup() { + injector = Guice.createInjector(new AbstractModule() { + + @Override + protected void configure() { + bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); + bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); + bind(HookContextFactory.class).toInstance(createNiceMock(HookContextFactory.class)); + bind(HookService.class).toInstance(createNiceMock(HookService.class)); + bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); + bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class)); + bind(PamAuthenticationFactory.class).toInstance(createMock(PamAuthenticationFactory.class)); + bind(PasswordEncoder.class).toInstance(new StandardPasswordEncoder()); + } + }); + + Configuration configuration = injector.getInstance(Configuration.class); configuration.setClientSecurityType(ClientSecurityType.PAM); configuration.setProperty(Configuration.PAM_CONFIGURATION_FILE, "ambari-pam"); } - @After - public void tearDown() throws Exception { - H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector); - } - @Test(expected = AuthenticationException.class) public void testBadCredential() throws Exception { - UserEntity userEntity = combineUserEntity(); - User user = new User(userEntity); - Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); - Authentication authentication = new AmbariUserAuthentication("wrong", user, userAuthorities); + + PAM pam = createMock(PAM.class); + expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_INCORRECT_PASS))) + .andThrow(new PAMException()) + .once(); + pam.dispose(); + expectLastCall().once(); + + PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class); + expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once(); + + replayAll(); + + Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_INCORRECT_PASS); + + AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); authenticationProvider.authenticate(authentication); + + verifyAll(); } @Test public void testAuthenticate() throws Exception { - PAM pam = createNiceMock(PAM.class); + UnixUser unixUser = createNiceMock(UnixUser.class); - UserEntity userEntity = combineUserEntity(); - User user = new User(userEntity); - UserDAO userDAO = createNiceMock(UserDAO.class); - Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); - expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce(); - expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce(); - EasyMock.replay(unixUser); - EasyMock.replay(pam); - Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); - Authentication result = authenticationProvider.authenticateViaPam(pam,authentication); - expect(userDAO.findUserByName("userName")).andReturn(null).once(); + expect(unixUser.getGroups()).andReturn(Collections.singleton("group")).atLeastOnce(); + + PAM pam = createMock(PAM.class); + expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_PASS))) + .andReturn(unixUser) + .once(); + pam.dispose(); + expectLastCall().once(); + + PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class); + expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once(); + + replayAll(); + + Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS); + + AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); + + Authentication result = authenticationProvider.authenticate(authentication); + + verifyAll(); + Assert.assertNotNull(result); Assert.assertEquals(true, result.isAuthenticated()); Assert.assertTrue(result instanceof AmbariUserAuthentication); @@ -109,24 +138,14 @@ public class AmbariPamAuthenticationProviderTest { @Test public void testDisabled() throws Exception { - UserEntity userEntity = combineUserEntity(); - User user = new User(userEntity); - Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); + + Configuration configuration = injector.getInstance(Configuration.class); configuration.setClientSecurityType(ClientSecurityType.LOCAL); - Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); + + Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS); + + AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); Authentication auth = authenticationProvider.authenticate(authentication); Assert.assertTrue(auth == null); } - - private UserEntity combineUserEntity() { - PrincipalEntity principalEntity = new PrincipalEntity(); - UserEntity userEntity = new UserEntity(); - userEntity.setUserId(1); - userEntity.setUserName(UserName.fromString(TEST_USER_NAME)); - userEntity.setUserPassword(passwordEncoder.encode(TEST_USER_PASS)); - userEntity.setUserType(UserType.PAM); - userEntity.setPrincipal(principalEntity); - return userEntity; - } - }
