Repository: ambari Updated Branches: refs/heads/trunk f55b115af -> c516b3107
Revert "AMBARI-21578. testBadCredential UT fails (rlevas)" This reverts commit f55b115afe533faa7d41cff2c8b6c252ed6e498a. Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9d605cd1 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9d605cd1 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9d605cd1 Branch: refs/heads/trunk Commit: 9d605cd1845d528894c02d3d276002179780348f Parents: f55b115 Author: Robert Levas <rle...@hortonworks.com> Authored: Thu Jul 27 07:00:30 2017 -0400 Committer: Robert Levas <rle...@hortonworks.com> Committed: Thu Jul 27 07:00:30 2017 -0400 ---------------------------------------------------------------------- ambari-server/pom.xml | 2 +- .../AmbariPamAuthenticationProvider.java | 5 +- .../AmbariPamAuthenticationProviderTest.java | 145 ++++++++----------- 3 files changed, 65 insertions(+), 87 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9d605cd1/ambari-server/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml index 3c966f2..70907da 100644 --- a/ambari-server/pom.xml +++ b/ambari-server/pom.xml @@ -1684,7 +1684,7 @@ <dependency> <groupId>net.java.dev.jna</groupId> <artifactId>jna</artifactId> - <version>4.2.2</version> + <version>4.3.0</version> </dependency> </dependencies> http://git-wip-us.apache.org/repos/asf/ambari/blob/9d605cd1/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java index 8678294..373552e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java @@ -29,7 +29,6 @@ import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; -import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory; import org.jvnet.libpam.PAM; import org.jvnet.libpam.PAMException; import org.jvnet.libpam.UnixUser; @@ -55,8 +54,6 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { protected UserDAO userDAO; @Inject protected GroupDAO groupDAO; - @Inject - private PamAuthenticationFactory pamAuthenticationFactory; private static final Logger LOG = LoggerFactory.getLogger(AmbariPamAuthenticationProvider.class); @@ -88,7 +85,7 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { try{ //Set PAM configuration file (found under /etc/pam.d) String pamConfig = configuration.getPamConfigurationFile(); - pam = pamAuthenticationFactory.createInstance(pamConfig); + pam = new PAM(pamConfig); } catch(PAMException ex) { LOG.error("Unable to Initialize PAM." + ex.getMessage()); http://git-wip-us.apache.org/repos/asf/ambari/blob/9d605cd1/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java index 9cfd148..8faa6ce 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java @@ -17,120 +17,91 @@ */ package org.apache.ambari.server.security.authorization; -import static org.easymock.EasyMock.anyObject; -import static org.easymock.EasyMock.eq; +import static org.easymock.EasyMock.createNiceMock; import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.expectLastCall; +import java.util.Arrays; +import java.util.Collection; import java.util.Collections; +import java.util.HashSet; -import javax.persistence.EntityManager; - +import org.apache.ambari.server.H2DatabaseCleaner; +import org.apache.ambari.server.audit.AuditLoggerModule; import org.apache.ambari.server.configuration.Configuration; -import org.apache.ambari.server.hooks.HookContextFactory; -import org.apache.ambari.server.hooks.HookService; -import org.apache.ambari.server.orm.DBAccessor; +import org.apache.ambari.server.orm.GuiceJpaInitializer; import org.apache.ambari.server.orm.dao.UserDAO; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; -import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory; -import org.apache.ambari.server.state.stack.OsFamily; -import org.easymock.EasyMockSupport; +import org.easymock.EasyMock; +import org.junit.After; import org.junit.Before; import org.junit.Test; import org.jvnet.libpam.PAM; -import org.jvnet.libpam.PAMException; import org.jvnet.libpam.UnixUser; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.crypto.password.StandardPasswordEncoder; -import com.google.inject.AbstractModule; import com.google.inject.Guice; +import com.google.inject.Inject; import com.google.inject.Injector; import junit.framework.Assert; -public class AmbariPamAuthenticationProviderTest extends EasyMockSupport { +public class AmbariPamAuthenticationProviderTest { + + private static Injector injector; + + @Inject + PasswordEncoder passwordEncoder; + @Inject + private AmbariPamAuthenticationProvider authenticationProvider; + @Inject + Configuration configuration; private static final String TEST_USER_NAME = "userName"; private static final String TEST_USER_PASS = "userPass"; private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass"; - private Injector injector; - @Before - public void setup() { - injector = Guice.createInjector(new AbstractModule() { - - @Override - protected void configure() { - bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); - bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); - bind(HookContextFactory.class).toInstance(createNiceMock(HookContextFactory.class)); - bind(HookService.class).toInstance(createNiceMock(HookService.class)); - bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); - bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class)); - bind(PamAuthenticationFactory.class).toInstance(createMock(PamAuthenticationFactory.class)); - bind(PasswordEncoder.class).toInstance(new StandardPasswordEncoder()); - } - }); - - Configuration configuration = injector.getInstance(Configuration.class); + public void setUp() { + injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule()); + injector.injectMembers(this); + injector.getInstance(GuiceJpaInitializer.class); configuration.setClientSecurityType(ClientSecurityType.PAM); configuration.setProperty(Configuration.PAM_CONFIGURATION_FILE, "ambari-pam"); } + @After + public void tearDown() throws Exception { + H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector); + } + @Test(expected = AuthenticationException.class) public void testBadCredential() throws Exception { - - PAM pam = createMock(PAM.class); - expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_INCORRECT_PASS))) - .andThrow(new PAMException()) - .once(); - pam.dispose(); - expectLastCall().once(); - - PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class); - expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once(); - - replayAll(); - - Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_INCORRECT_PASS); - - AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); + Authentication authentication = new AmbariUserAuthentication("wrong", user, userAuthorities); authenticationProvider.authenticate(authentication); - - verifyAll(); } @Test public void testAuthenticate() throws Exception { - + PAM pam = createNiceMock(PAM.class); UnixUser unixUser = createNiceMock(UnixUser.class); - expect(unixUser.getGroups()).andReturn(Collections.singleton("group")).atLeastOnce(); - - PAM pam = createMock(PAM.class); - expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_PASS))) - .andReturn(unixUser) - .once(); - pam.dispose(); - expectLastCall().once(); - - PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class); - expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once(); - - replayAll(); - - Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS); - - AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); - - Authentication result = authenticationProvider.authenticate(authentication); - - verifyAll(); - + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + UserDAO userDAO = createNiceMock(UserDAO.class); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); + expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce(); + expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce(); + EasyMock.replay(unixUser); + EasyMock.replay(pam); + Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); + Authentication result = authenticationProvider.authenticateViaPam(pam,authentication); + expect(userDAO.findUserByName("userName")).andReturn(null).once(); Assert.assertNotNull(result); Assert.assertEquals(true, result.isAuthenticated()); Assert.assertTrue(result instanceof AmbariUserAuthentication); @@ -138,14 +109,24 @@ public class AmbariPamAuthenticationProviderTest extends EasyMockSupport { @Test public void testDisabled() throws Exception { - - Configuration configuration = injector.getInstance(Configuration.class); + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); configuration.setClientSecurityType(ClientSecurityType.LOCAL); - - Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS); - - AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class); + Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); Authentication auth = authenticationProvider.authenticate(authentication); Assert.assertTrue(auth == null); } + + private UserEntity combineUserEntity() { + PrincipalEntity principalEntity = new PrincipalEntity(); + UserEntity userEntity = new UserEntity(); + userEntity.setUserId(1); + userEntity.setUserName(UserName.fromString(TEST_USER_NAME)); + userEntity.setUserPassword(passwordEncoder.encode(TEST_USER_PASS)); + userEntity.setUserType(UserType.PAM); + userEntity.setPrincipal(principalEntity); + return userEntity; + } + }
