[45/50] [abbrv] incubator-atlas git commit: securing the metadata client

venkatesh Wed, 13 May 2015 14:30:04 -0700

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
deleted file mode 100644
index 7e8472b..0000000
--- a/webapp/src/test/java/org/apache/hadoop/metadata/web/BaseSecurityTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.metadata.web;
-
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.hadoop.minikdc.MiniKdc;
-import org.apache.zookeeper.Environment;
-import org.mortbay.jetty.Server;
-import org.mortbay.jetty.webapp.WebAppContext;
-import org.testng.Assert;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.Writer;
-import java.nio.file.Files;
-import java.util.Locale;
-import java.util.Properties;
-
-/**
- *
- */
-public class BaseSecurityTest {
-    private static final String JAAS_ENTRY =
-            "%s { \n"
-                    + " %s required\n"
-                    // kerberos module
-                    + " keyTab=\"%s\"\n"
-                    + " debug=true\n"
-                    + " principal=\"%s\"\n"
-                    + " useKeyTab=true\n"
-                    + " useTicketCache=false\n"
-                    + " doNotPrompt=true\n"
-                    + " storeKey=true;\n"
-                    + "}; \n";
-    protected MiniKdc kdc;
-
-    protected String getWarPath() {
-        return String.format("/target/metadata-webapp-%s.war",
-                System.getProperty("release.version", 
"0.1-incubating-SNAPSHOT"));
-    }
-
-    protected void generateTestProperties(Properties props) throws 
ConfigurationException, IOException {
-        PropertiesConfiguration config = new 
PropertiesConfiguration(System.getProperty("user.dir") +
-                "/../src/conf/application.properties");
-        for (String propName : props.stringPropertyNames()) {
-            config.setProperty(propName, props.getProperty(propName));
-        }
-        File file = new File(System.getProperty("user.dir"), 
"application.properties");
-        file.deleteOnExit();
-        Writer fileWriter = new FileWriter(file);
-        config.save(fileWriter);
-    }
-
-    protected void startEmbeddedServer(Server server) throws Exception {
-        WebAppContext webapp = new WebAppContext();
-        webapp.setContextPath("/");
-        webapp.setWar(System.getProperty("user.dir") + getWarPath());
-        server.setHandler(webapp);
-
-        server.start();
-    }
-
-    protected File startKDC() throws Exception {
-        File target = Files.createTempDirectory("sectest").toFile();
-        File kdcWorkDir = new File(target, "kdc");
-        Properties kdcConf = MiniKdc.createConf();
-        kdcConf.setProperty(MiniKdc.DEBUG, "true");
-        kdc = new MiniKdc(kdcConf, kdcWorkDir);
-        kdc.start();
-
-        Assert.assertNotNull(kdc.getRealm());
-        return kdcWorkDir;
-    }
-
-    public String createJAASEntry(
-            String context,
-            String principal,
-            File keytab) {
-        String keytabpath = keytab.getAbsolutePath();
-        // fix up for windows; no-op on unix
-        keytabpath =  keytabpath.replace('\\', '/');
-        return String.format(
-                Locale.ENGLISH,
-                JAAS_ENTRY,
-                context,
-                getKerberosAuthModuleForJVM(),
-                keytabpath,
-                principal);
-    }
-
-    protected String getKerberosAuthModuleForJVM() {
-        if (System.getProperty("java.vendor").contains("IBM")) {
-            return "com.ibm.security.auth.module.Krb5LoginModule";
-        } else {
-            return "com.sun.security.auth.module.Krb5LoginModule";
-        }
-    }
-
-    protected void bindJVMtoJAASFile(File jaasFile) {
-        String path = jaasFile.getAbsolutePath();
-        System.setProperty(Environment.JAAS_CONF_KEY, path);
-    }
-
-    protected File createKeytab(MiniKdc kdc, File kdcWorkDir, String 
principal, String filename) throws Exception {
-        File keytab = new File(kdcWorkDir, filename);
-        kdc.createPrincipal(keytab,
-                principal,
-                principal + "/localhost",
-                principal + "/127.0.0.1");
-        return keytab;
-    }
-}


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
index 4296243..857a42a 100644
--- 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
+++ 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationKerberosFilterIT.java
@@ -19,7 +19,7 @@ package org.apache.hadoop.metadata.web.filters;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.hdfs.web.URLConnectionFactory;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
 import org.apache.hadoop.metadata.web.service.EmbeddedServer;
 import org.mortbay.jetty.Server;
 import org.testng.Assert;
@@ -59,6 +59,9 @@ public class MetadataAuthenticationKerberosFilterIT extends 
BaseSecurityTest {
 
     @Test
     public void testKerberosBasedLogin() throws Exception {
+        String originalConf = System.getProperty("metadata.conf");
+        System.setProperty("metadata.conf", System.getProperty("user.dir"));
+
         setupKDCAndPrincipals();
         TestEmbeddedServer server = null;
 
@@ -102,6 +105,12 @@ public class MetadataAuthenticationKerberosFilterIT 
extends BaseSecurityTest {
             server.getServer().stop();
             kdc.stop();
 
+            if (originalConf != null) {
+                System.setProperty("metadata.conf", originalConf);
+            } else {
+                System.clearProperty("metadata.conf");
+            }
+
         }
 
 

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
index 96523f5..f41ad0a 100644
--- 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
+++ 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationSimpleFilterIT.java
@@ -17,7 +17,7 @@
 package org.apache.hadoop.metadata.web.filters;
 
 import org.apache.commons.configuration.ConfigurationException;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
 import org.apache.hadoop.metadata.web.service.EmbeddedServer;
 import org.mortbay.jetty.Server;
 import org.testng.Assert;
@@ -45,6 +45,8 @@ public class MetadataAuthenticationSimpleFilterIT extends 
BaseSecurityTest {
 
     @Test
     public void testSimpleLogin() throws Exception {
+        String originalConf = System.getProperty("metadata.conf");
+        System.setProperty("metadata.conf", System.getProperty("user.dir"));
         generateSimpleLoginConfiguration();
 
         TestEmbeddedServer server = new TestEmbeddedServer(23001, 
"webapp/target/metadata-governance");
@@ -71,6 +73,11 @@ public class MetadataAuthenticationSimpleFilterIT extends 
BaseSecurityTest {
             Assert.assertEquals(connection.getResponseCode(), 200);
         } finally {
             server.getServer().stop();
+            if (originalConf != null) {
+                System.setProperty("metadata.conf", originalConf);
+            } else {
+                System.clearProperty("metadata.conf");
+            }
         }
 
 

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
index 4fb516f..be7171b 100644
--- 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
+++ 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/listeners/LoginProcessorIT.java
@@ -18,12 +18,10 @@ package org.apache.hadoop.metadata.web.listeners;
 
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
-import org.apache.hadoop.metadata.web.BaseSecurityTest;
+import org.apache.hadoop.metadata.security.BaseSecurityTest;
 import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.util.Shell;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
@@ -99,15 +97,6 @@ public class LoginProcessorIT extends BaseSecurityTest {
         Assert.assertNotNull(kdc.getRealm());
 
         File keytabFile = createKeytab(kdc, kdcWorkDir, "dgi", "dgi.keytab");
-        String dgiServerPrincipal = Shell.WINDOWS ? "dgi/127.0.0.1" : 
"dgi/localhost";
-
-        StringBuilder jaas = new StringBuilder(1024);
-        jaas.append(createJAASEntry("Client", "dgi", keytabFile));
-        jaas.append(createJAASEntry("Server", dgiServerPrincipal, keytabFile));
-
-        File jaasFile = new File(kdcWorkDir, "jaas.txt");
-        FileUtils.write(jaasFile, jaas.toString());
-        bindJVMtoJAASFile(jaasFile);
 
         return keytabFile;
     }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
index 63b48e9..3c5b229 100644
--- 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
+++ 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerIT.java
@@ -24,12 +24,14 @@ import org.testng.annotations.Test;
 import java.net.HttpURLConnection;
 import java.net.URL;
 
+import static org.apache.hadoop.metadata.security.SecurityProperties.*;
+
 public class SecureEmbeddedServerIT extends SecureEmbeddedServerITBase{
     @Test
     public void testServerConfiguredUsingCredentialProvider() throws Exception 
{
         // setup the configuration
         final PropertiesConfiguration configuration = new 
PropertiesConfiguration();
-        
configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH,
 providerUrl);
+        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, 
providerUrl);
         // setup the credential provider
         setupCredentials();
 

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/43868812/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
index 785939a..64358b8 100755
--- 
a/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
+++ 
b/webapp/src/test/java/org/apache/hadoop/metadata/web/service/SecureEmbeddedServerITBase.java
@@ -45,6 +45,8 @@ import java.net.URL;
 import java.nio.file.Files;
 import java.util.List;
 
+import static org.apache.hadoop.metadata.security.SecurityProperties.*;
+
 /**
  *
  */
@@ -69,7 +71,7 @@ public class SecureEmbeddedServerITBase {
                         return false;
                     }
                 });
-        System.setProperty("javax.net.ssl.trustStore", 
SecureEmbeddedServer.DEFAULT_KEYSTORE_FILE_LOCATION);
+        System.setProperty("javax.net.ssl.trustStore", 
DEFAULT_KEYSTORE_FILE_LOCATION);
         System.setProperty("javax.net.ssl.trustStorePassword", "keypass");
         System.setProperty("javax.net.ssl.trustStoreType", "JKS");
     }
@@ -122,7 +124,7 @@ public class SecureEmbeddedServerITBase {
     public void testMissingEntriesInCredentialProvider() throws Exception {
         // setup the configuration
         final PropertiesConfiguration configuration = new 
PropertiesConfiguration();
-        
configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH,
 providerUrl);
+        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, 
providerUrl);
 
         try {
             secureEmbeddedServer = new SecureEmbeddedServer(21443, 
"webapp/target/metadata-governance") {
@@ -147,7 +149,7 @@ public class SecureEmbeddedServerITBase {
     @Test
     public void runOtherSuitesAgainstSecureServer() throws Exception {
         final PropertiesConfiguration configuration = new 
PropertiesConfiguration();
-        
configuration.setProperty(SecureEmbeddedServer.CERT_STORES_CREDENTIAL_PROVIDER_PATH,
 providerUrl);
+        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, 
providerUrl);
         // setup the credential provider
         setupCredentials();
 
@@ -198,15 +200,15 @@ public class SecureEmbeddedServerITBase {
 
             char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
             provider.createCredentialEntry(
-                    SecureEmbeddedServer.KEYSTORE_PASSWORD_KEY, storepass);
+                    KEYSTORE_PASSWORD_KEY, storepass);
 
             char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
             provider.createCredentialEntry(
-                    SecureEmbeddedServer.TRUSTSTORE_PASSWORD_KEY, trustpass);
+                    TRUSTSTORE_PASSWORD_KEY, trustpass);
 
             char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
             provider.createCredentialEntry(
-                    SecureEmbeddedServer.SERVER_CERT_PASSWORD_KEY, certpass);
+                    SERVER_CERT_PASSWORD_KEY, certpass);
 
             // write out so that it can be found in checks
             provider.flush();

[45/50] [abbrv] incubator-atlas git commit: securing the metadata client

Reply via email to