http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java index 1b01d73,0000000..a89ac82 mode 100644,000000..100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayMultiFuncTest.java @@@ -1,444 -1,0 +1,443 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import java.io.File; +import java.net.URL; +import java.nio.charset.Charset; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; +import java.util.UUID; + +import org.apache.commons.io.FileUtils; +import org.apache.commons.io.IOUtils; +import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.knox.gateway.services.topology.TopologyService; +import org.apache.hadoop.test.TestUtils; +import org.apache.hadoop.test.category.ReleaseTest; +import org.apache.hadoop.test.mock.MockServer; +import org.apache.http.HttpHost; +import org.apache.http.HttpStatus; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.AuthCache; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.impl.client.BasicAuthCache; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.log4j.Appender; +import org.hamcrest.MatcherAssert; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static com.jayway.restassured.RestAssured.given; +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.endsWith; +import static org.hamcrest.CoreMatchers.equalTo; - import static org.hamcrest.CoreMatchers.not; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; +import static org.xmlmatchers.XmlMatchers.hasXPath; +import static org.xmlmatchers.transform.XmlConverters.the; + +@Category(ReleaseTest.class) +public class GatewayMultiFuncTest { + + private static Logger LOG = LoggerFactory.getLogger( GatewayMultiFuncTest.class ); - private static Class DAT = GatewayMultiFuncTest.class; ++ private static Class<?> DAT = GatewayMultiFuncTest.class; + + private static Enumeration<Appender> appenders; + private static GatewayTestConfig config; + private static DefaultGatewayServices services; + private static GatewayServer gateway; + private static int gatewayPort; + private static String gatewayUrl; + private static TcpTransport ldapTransport; + private static Properties params; + private static TopologyService topos; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + //appenders = NoOpAppender.setUp(); + driver.setupLdap(0); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + gateway.stop(); + driver.cleanup(); + FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); + gatewayDir.mkdirs(); + + config = new GatewayTestConfig(); + config.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + URL svcsFileUrl = TestUtils.getResourceUrl( DAT, "services/readme.txt" ); + File svcsFile = new File( svcsFileUrl.getFile() ); + File svcsDir = svcsFile.getParentFile(); + config.setGatewayServicesDir( svcsDir.getAbsolutePath() ); + + URL appsFileUrl = TestUtils.getResourceUrl( DAT, "applications/readme.txt" ); + File appsFile = new File( appsFileUrl.getFile() ); + File appsDir = appsFile.getParentFile(); + config.setGatewayApplicationsDir( appsDir.getAbsolutePath() ); + + File topoDir = new File( config.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( config.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + startGatewayServer(); + } + + public static void startGatewayServer() throws Exception { + services = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + services.init( config, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + topos = services.getService(GatewayServices.TOPOLOGY_SERVICE); + + gateway = GatewayServer.startGateway( config, services ); + MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); + + gatewayPort = gateway.getAddresses()[0].getPort(); + gatewayUrl = "http://localhost:" + gatewayPort + "/" + config.getGatewayPath(); + + LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); + + params = new Properties(); + params.put( "LDAP_URL", driver.getLdapUrl() ); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testDefaultJsonMimeTypeHandlingKnox678() throws Exception { + LOG_ENTER(); + + MockServer mock = new MockServer( "REPEAT", true ); + + params = new Properties(); + params.put( "LDAP_URL", driver.getLdapUrl() ); + params.put( "MOCK_SERVER_PORT", mock.getPort() ); + + String topoStr = TestUtils.merge( DAT, "topologies/test-knox678-utf8-chars-topology.xml", params ); + File topoFile = new File( config.getGatewayTopologyDir(), "knox678.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + + topos.reloadTopologies(); + + String uname = "guest"; + String pword = uname + "-password"; + + mock.expect().method( "GET" ) + .respond().contentType( "application/json" ).contentLength( -1 ).content( "{\"msg\":\"H\u00eallo\"}", Charset.forName( "UTF-8" ) ); + String json = given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "application/json; charset=UTF-8" ) + .when().log().ifError().get( gatewayUrl + "/knox678/repeat" ).andReturn().asString(); + assertThat( json, is("{\"msg\":\"H\u00eallo\"}") ); + assertThat( mock.isEmpty(), is(true) ); + + mock.expect().method( "GET" ) + .respond().contentType( "application/octet-stream" ).contentLength( -1 ).content( "H\u00eallo".getBytes() ); + byte[] bytes = given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "application/octet-stream" ) + .when().log().ifError().get( gatewayUrl + "/knox678/repeat" ).andReturn().asByteArray(); + assertThat( bytes, is(equalTo("H\u00eallo".getBytes())) ); + assertThat( mock.isEmpty(), is(true) ); + + mock.stop(); + + LOG_EXIT(); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testPostWithContentTypeKnox681() throws Exception { + LOG_ENTER(); + + MockServer mock = new MockServer( "REPEAT", true ); + + params = new Properties(); + params.put( "MOCK_SERVER_PORT", mock.getPort() ); + params.put( "LDAP_URL", driver.getLdapUrl() ); + + String topoStr = TestUtils.merge( DAT, "topologies/test-knox678-utf8-chars-topology.xml", params ); + File topoFile = new File( config.getGatewayTopologyDir(), "knox681.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + + topos.reloadTopologies(); + + mock + .expect() + .method( "PUT" ) + .pathInfo( "/repeat-context/" ) + .respond() + .status( HttpStatus.SC_CREATED ) + .content( "{\"name\":\"value\"}".getBytes() ) + .contentLength( -1 ) + .contentType( "application/json; charset=UTF-8" ) + .header( "Location", gatewayUrl + "/knox681/repeat" ); + + String uname = "guest"; + String pword = uname + "-password"; + + HttpHost targetHost = new HttpHost( "localhost", gatewayPort, "http" ); + CredentialsProvider credsProvider = new BasicCredentialsProvider(); + credsProvider.setCredentials( + new AuthScope( targetHost.getHostName(), targetHost.getPort() ), + new UsernamePasswordCredentials( uname, pword ) ); + + AuthCache authCache = new BasicAuthCache(); + BasicScheme basicAuth = new BasicScheme(); + authCache.put( targetHost, basicAuth ); + + HttpClientContext context = HttpClientContext.create(); + context.setCredentialsProvider( credsProvider ); + context.setAuthCache( authCache ); + + CloseableHttpClient client = HttpClients.createDefault(); + HttpPut request = new HttpPut( gatewayUrl + "/knox681/repeat" ); + request.addHeader( "X-XSRF-Header", "jksdhfkhdsf" ); + request.addHeader( "Content-Type", "application/json" ); + CloseableHttpResponse response = client.execute( request, context ); + assertThat( response.getStatusLine().getStatusCode(), is( HttpStatus.SC_CREATED ) ); + assertThat( response.getFirstHeader( "Location" ).getValue(), endsWith("/gateway/knox681/repeat" ) ); + assertThat( response.getFirstHeader( "Content-Type" ).getValue(), is("application/json; charset=UTF-8") ); + String body = new String( IOUtils.toByteArray( response.getEntity().getContent() ), Charset.forName( "UTF-8" ) ); + assertThat( body, is( "{\"name\":\"value\"}" ) ); + response.close(); + client.close(); + + mock + .expect() + .method( "PUT" ) + .pathInfo( "/repeat-context/" ) + .respond() + .status( HttpStatus.SC_CREATED ) + .content( "<test-xml/>".getBytes() ) + .contentType( "application/xml; charset=UTF-8" ) + .header( "Location", gatewayUrl + "/knox681/repeat" ); + + client = HttpClients.createDefault(); + request = new HttpPut( gatewayUrl + "/knox681/repeat" ); + request.addHeader( "X-XSRF-Header", "jksdhfkhdsf" ); + request.addHeader( "Content-Type", "application/xml" ); + response = client.execute( request, context ); + assertThat( response.getStatusLine().getStatusCode(), is( HttpStatus.SC_CREATED ) ); + assertThat( response.getFirstHeader( "Location" ).getValue(), endsWith("/gateway/knox681/repeat" ) ); + assertThat( response.getFirstHeader( "Content-Type" ).getValue(), is("application/xml; charset=UTF-8") ); + body = new String( IOUtils.toByteArray( response.getEntity().getContent() ), Charset.forName( "UTF-8" ) ); + assertThat( the(body), hasXPath( "/test-xml" ) ); + response.close(); + client.close(); + + mock.stop(); + + LOG_EXIT(); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testLdapSearchConfigEnhancementsKnox694() throws Exception { + LOG_ENTER(); + + String topoStr; + File topoFile; + + String adminUName = "uid=admin,ou=people,dc=hadoop,dc=apache,dc=org"; + String adminPWord = "admin-password"; + String uname = "people\\guest"; + String pword = "guest-password"; + String invalidPword = "invalid-guest-password"; + + params = new Properties(); + params.put( "LDAP_URL", driver.getLdapUrl() ); + params.put( "LDAP_SYSTEM_USERNAME", adminUName ); + params.put( "LDAP_SYSTEM_PASSWORD", adminPWord ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-user-dn-template.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-1.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().log().ifError().get( gatewayUrl + "/knox694-1/test-service-path/test-resource-path" ); + given() + //.log().all() + .auth().preemptive().basic( uname, invalidPword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-1/test-service-path/test-resource-path" ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-attribute.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-2.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().log().ifError().get( gatewayUrl + "/knox694-2/test-service-path/test-resource-path" ); + given() + //.log().all() + .auth().preemptive().basic( uname, invalidPword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-2/test-service-path/test-resource-path" ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-filter.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-3.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().log().ifError().get( gatewayUrl + "/knox694-3/test-service-path/test-resource-path" ); + given() + //.log().all() + .auth().preemptive().basic( uname, invalidPword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-3/test-service-path/test-resource-path" ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-object.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-4.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().log().ifError().get( gatewayUrl + "/knox694-4/test-service-path/test-resource-path" ); + given() + //.log().all() + .auth().preemptive().basic( uname, invalidPword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-4/test-service-path/test-resource-path" ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-onelevel-positive.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-5.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().log().ifError().get( gatewayUrl + "/knox694-5/test-service-path/test-resource-path" ); + given() + //.log().all() + .auth().preemptive().basic( uname, invalidPword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-5/test-service-path/test-resource-path" ); + + topoStr = TestUtils.merge( DAT, "topologies/test-knox694-principal-regex-search-scope-onelevel-negative.xml", params ); + topoFile = new File( config.getGatewayTopologyDir(), "knox694-6.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + topos.reloadTopologies(); + + given() + //.log().all() + .auth().preemptive().basic( uname, pword ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_UNAUTHORIZED ) + .when().get( gatewayUrl + "/knox694-6/test-service-path/test-resource-path" ); + + LOG_EXIT(); + } + +} + +
http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java index 7df6b7a,0000000..96e64cf mode 100644,000000..100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java @@@ -1,203 -1,0 +1,180 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import com.mycila.xmltool.XMLDoc; +import com.mycila.xmltool.XMLTag; +import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.apache.knox.gateway.config.GatewayConfig; +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.hadoop.test.TestUtils; +import org.apache.http.HttpStatus; +import org.apache.log4j.Appender; +import org.hamcrest.MatcherAssert; - import org.hamcrest.Matchers; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; - import java.io.InputStream; - import java.net.URL; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import static com.jayway.restassured.RestAssured.given; +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; - import static org.junit.Assert.assertThat; + +public class GatewaySampleFuncTest { + - private static Class RESOURCE_BASE_CLASS = GatewaySampleFuncTest.class; + private static Logger LOG = LoggerFactory.getLogger( GatewaySampleFuncTest.class ); + + public static Enumeration<Appender> appenders; + public static GatewayConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + //appenders = NoOpAppender.setUp(); + driver.setupLdap(0); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + gateway.stop(); + driver.cleanup(); + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + File descriptor = new File( topoDir, "test-cluster.xml" ); + FileOutputStream stream = new FileOutputStream( descriptor ); + createTopology().toStream( stream ); + stream.close(); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + + gateway = GatewayServer.startGateway( testConfig, srvcs ); + MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); + + LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); + + gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath(); + clusterUrl = gatewayUrl + "/test-cluster"; + } + + private static XMLTag createTopology() { + XMLTag xml = XMLDoc.newDocument( true ) + .addRoot( "topology" ) + .addTag( "gateway" ) + .addTag( "provider" ) + .addTag( "role" ).addText( "authentication" ) + .addTag( "name" ).addText( "ShiroProvider" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm" ) + .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" ).gotoParent() + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" ) + .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ).gotoParent() + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" ) + .addTag( "value" ).addText( driver.getLdapUrl() ).gotoParent() + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" ) + .addTag( "value" ).addText( "simple" ).gotoParent() + .addTag( "param" ) + .addTag( "name" ).addText( "urls./**" ) + .addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent() + .addTag( "provider" ) + .addTag( "role" ).addText( "identity-assertion" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "name" ).addText( "Default" ).gotoParent() + .addTag( "provider" ) + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + - public static InputStream getResourceStream( String resource ) throws IOException { - return getResourceUrl( resource ).openStream(); - } - - public static URL getResourceUrl( String resource ) { - URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); - assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); - return url; - } - - public static String getResourceName( String resource ) { - return getResourceBaseName() + resource; - } - - public static String getResourceBaseName() { - return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; - } - + //@Test + public void waitForManualTesting() throws IOException { + System.in.read(); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testTestService() throws ClassNotFoundException { + LOG_ENTER(); + String username = "guest"; + String password = "guest-password"; + String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + given() + //.log().all() + .auth().preemptive().basic( username, password ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().get( serviceUrl ); + LOG_EXIT(); + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java index 69b5c1c,0000000..02bb3dd mode 100644,000000..100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java @@@ -1,304 -1,0 +1,304 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import java.io.File; +import java.nio.file.FileSystems; +import java.nio.file.Path; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Properties; +import java.util.ServiceLoader; +import java.util.UUID; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import javax.xml.transform.stream.StreamSource; + +import org.apache.commons.io.FileUtils; +import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.knox.gateway.services.topology.TopologyService; +import org.apache.hadoop.test.TestUtils; +import org.apache.hadoop.test.category.ReleaseTest; +import org.apache.hadoop.test.mock.MockServer; +import org.apache.http.HttpHost; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.AuthCache; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.impl.client.BasicAuthCache; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.log4j.Appender; +import org.hamcrest.MatcherAssert; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; +import static org.xmlmatchers.transform.XmlConverters.the; +import static org.xmlmatchers.xpath.HasXPath.hasXPath; + +@Category( ReleaseTest.class ) +public class GatewaySslFuncTest { + + private static Logger LOG = LoggerFactory.getLogger( GatewaySslFuncTest.class ); - private static Class DAT = GatewaySslFuncTest.class; ++ private static Class<?> DAT = GatewaySslFuncTest.class; + + private static Enumeration<Appender> appenders; + private static GatewayTestConfig config; + private static DefaultGatewayServices services; + private static GatewayServer gateway; + private static String gatewayScheme; + private static int gatewayPort; + private static String gatewayUrl; + private static Properties params; + private static TopologyService topos; + private static MockServer mockWebHdfs; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + //appenders = NoOpAppender.setUp(); + driver.setupLdap(0); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + gateway.stop(); + driver.cleanup(); + FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + @After + public void cleanupTest() throws Exception { + FileUtils.cleanDirectory( new File( config.getGatewayTopologyDir() ) ); + FileUtils.cleanDirectory( new File( config.getGatewayDeploymentDir() ) ); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); + gatewayDir.mkdirs(); + + config = new GatewayTestConfig(); + config.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( config.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( config.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + File securityDir = new File( config.getGatewaySecurityDir() ); + securityDir.mkdirs(); + + config.setSSLEnabled( true ); + + setupMockServers(); + startGatewayServer(); + } + + public static void setupMockServers() throws Exception { + mockWebHdfs = new MockServer( "WEBHDFS", true ); + } + + private static GatewayServices instantiateGatewayServices() { + ServiceLoader<GatewayServices> loader = ServiceLoader.load( GatewayServices.class ); + Iterator<GatewayServices> services = loader.iterator(); + if (services.hasNext()) { + return services.next(); + } + return null; + } + + public static void startGatewayServer() throws Exception { + instantiateGatewayServices(); + services = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + services.init( config, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + topos = services.getService(GatewayServices.TOPOLOGY_SERVICE); + + gateway = GatewayServer.startGateway( config, services ); + MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); + + gatewayScheme = config.isSSLEnabled() ? "https" : "http"; + gatewayPort = gateway.getAddresses()[0].getPort(); + gatewayUrl = gatewayScheme + "://localhost:" + gatewayPort + "/" + config.getGatewayPath(); + + LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); + + params = new Properties(); + params.put( "LDAP_URL", driver.getLdapUrl() ); + params.put( "WEBHDFS_URL", "http://localhost:" + mockWebHdfs.getPort() ); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testKnox674SslCipherSuiteConfig() throws Exception { + LOG_ENTER(); + + String topoStr = TestUtils.merge( DAT, "test-admin-topology.xml", params ); + File topoFile = new File( config.getGatewayTopologyDir(), "test-topology.xml" ); + FileUtils.writeStringToFile( topoFile, topoStr ); + + topos.reloadTopologies(); + + String username = "guest"; + String password = "guest-password"; + String serviceUrl = gatewayUrl + "/test-topology/api/v1/version"; + + HttpHost targetHost = new HttpHost( "localhost", gatewayPort, gatewayScheme ); + CredentialsProvider credsProvider = new BasicCredentialsProvider(); + credsProvider.setCredentials( + new AuthScope( targetHost.getHostName(), targetHost.getPort() ), + new UsernamePasswordCredentials( username, password ) ); + + AuthCache authCache = new BasicAuthCache(); + BasicScheme basicAuth = new BasicScheme(); + authCache.put( targetHost, basicAuth ); + + HttpClientContext context = HttpClientContext.create(); + context.setCredentialsProvider( credsProvider ); + context.setAuthCache( authCache ); + + CloseableHttpClient client = HttpClients.custom() + .setSSLSocketFactory( + new SSLConnectionSocketFactory( + createInsecureSslContext(), + new String[]{"TLSv1.2"}, + new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, + new TrustAllHosts() ) ) + .build(); + HttpGet request = new HttpGet( serviceUrl ); + CloseableHttpResponse response = client.execute( request, context ); + assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) ); + response.close(); + client.close(); + + gateway.stop(); + config.setExcludedSSLCiphers( Arrays.asList( new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } ) ); + config.setIncludedSSLCiphers( Arrays.asList( new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" } ) ); + + startGatewayServer(); + serviceUrl = gatewayUrl + "/test-topology/api/v1/version"; + + try { + client = HttpClients.custom() + .setSSLSocketFactory( + new SSLConnectionSocketFactory( + createInsecureSslContext(), + new String[]{ "TLSv1.2" }, + new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, + new TrustAllHosts() ) ).build(); + request = new HttpGet( serviceUrl ); + client.execute( request, context ); + fail( "Expected SSLHandshakeException" ); + } catch ( SSLHandshakeException e ) { + // Expected. + client.close(); + } + + client = HttpClients.custom() + .setSSLSocketFactory( + new SSLConnectionSocketFactory( + createInsecureSslContext(), + new String[]{ "TLSv1.2" }, + new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, + new TrustAllHosts() ) ).build(); + request = new HttpGet( serviceUrl ); + response = client.execute( request, context ); + assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) ); + response.close(); + client.close(); + + LOG_EXIT(); + } + + public static class TrustAllHosts implements HostnameVerifier { + @Override + public boolean verify( String host, SSLSession sslSession ) { + // Trust all hostnames. + return true; + } + } + + public static class TrustAllCerts implements X509TrustManager { + + public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException { + // Trust all certificates. + } + + public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException { + // Trust all certificates. + } + + public X509Certificate[] getAcceptedIssuers() { + return null; + } + + } + + public static SSLContext createInsecureSslContext() throws NoSuchAlgorithmException, KeyManagementException { + SSLContext sslContext = SSLContext.getInstance( "SSL" ); + sslContext.init( null, new TrustManager[]{ new TrustAllCerts() }, new SecureRandom() ); + return sslContext; + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java index ecbb09c,0000000..30c6ec8 mode 100755,000000..100755 --- a/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java @@@ -1,307 -1,0 +1,284 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import static com.jayway.restassured.RestAssured.given; +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; - import static org.junit.Assert.assertThat; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.InetSocketAddress; +import java.net.URL; +import java.nio.file.FileSystems; +import java.nio.file.Path; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + - import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.apache.knox.gateway.config.GatewayConfig; - import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.knox.gateway.services.security.AliasService; +import org.apache.hadoop.test.TestUtils; +import org.apache.http.HttpStatus; +import org.apache.log4j.Appender; +import org.hamcrest.MatcherAssert; - import org.hamcrest.Matchers; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.mycila.xmltool.XMLDoc; +import com.mycila.xmltool.XMLTag; + +/** + * Functional test to verify : KNOX-242 LDAP Enhancements + * Please see + * https://issues.apache.org/jira/browse/KNOX-242 + * + */ +public class Knox242FuncTest { + - private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class; + private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class ); + + public static Enumeration<Appender> appenders; + public static GatewayConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + public static String serviceUrl; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + //appenders = NoOpAppender.setUp(); + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users-dynamic.ldif"); + driver.setupLdap( 0 , path.toFile() ); + setupGateway(); + TestUtils.awaitNon404HttpStatus( new URL( serviceUrl ), 10000, 100 ); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + gateway.stop(); + driver.cleanup(); + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupGateway() throws IOException, Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + + gateway = GatewayServer.startGateway( testConfig, srvcs ); + MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() ); + + LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() ); + + gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath(); + clusterUrl = gatewayUrl + "/testdg-cluster"; + serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + + GatewayServices services = GatewayServer.getGatewayServices(); + AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE); + aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password"); + + char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword"); + //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1))); + + File descriptor = new File( topoDir, "testdg-cluster.xml" ); + FileOutputStream stream = new FileOutputStream( descriptor ); + createTopology().toStream( stream ); + stream.close(); + } + + private static XMLTag createTopology() { + XMLTag xml = XMLDoc.newDocument( true ) + .addRoot( "topology" ) + .addTag( "gateway" ) + + .addTag( "provider" ) + .addTag( "role" ).addText( "authentication" ) + .addTag( "name" ).addText( "ShiroProvider" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm" ) + .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapGroupContextFactory" ) + .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory" ) + .addTag( "value" ).addText( "$ldapGroupContextFactory" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" ) + .addTag( "value" ).addText( "simple" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" ) + .addTag( "value" ).addText( driver.getLdapUrl()) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" ) + .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.searchBase" ) + .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" ) + .addTag( "value" ).addText( "uid" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" ) + .addTag( "value" ).addText( "person" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" ) + .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" ) + .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" ) + + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" ) + .addTag( "value" ).addText( "true" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" ) + .addTag( "value" ).addText( "simple" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" ) + .addTag( "value" ).addText( "groupofurls" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" ) + .addTag( "value" ).addText( "memberurl" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" ) + .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" ) + .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" ) + .addTag( "value" ).addText( "testdg-cluster" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" ) + .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" ) + // .addTag( "value" ).addText( "guest-password" ) + .gotoParent().addTag( "param" ) + .addTag( "name" ).addText( "urls./**" ) + .addTag( "value" ).addText( "authcBasic" ) + + .gotoParent().gotoParent().addTag( "provider" ) + .addTag( "role" ).addText( "authorization" ) + .addTag( "name" ).addText( "AclsAuthz" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "param" ) + .addTag( "name" ).addText( "test-service-role.acl" ) + .addTag( "value" ).addText( "*;directors;*" ) + + .gotoParent().gotoParent().addTag( "provider" ) + .addTag( "role" ).addText( "identity-assertion" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "name" ).addText( "Default" ).gotoParent() + + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + - public static InputStream getResourceStream( String resource ) throws IOException { - return getResourceUrl( resource ).openStream(); - } - - public static URL getResourceUrl( String resource ) { - URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); - assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); - return url; - } - - public static String getResourceName( String resource ) { - return getResourceBaseName() + resource; - } - - public static String getResourceBaseName() { - return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; - } - + @Ignore + // @Test + public void waitForManualTesting() throws IOException { + System.in.read(); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testGroupMember() throws ClassNotFoundException, Exception { + LOG_ENTER(); + String username = "joe"; + String password = "joe-password"; + String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + given() + //.log().all() + .auth().preemptive().basic( username, password ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_OK ) + .contentType( "text/plain" ) + .body( is( "test-service-response" ) ) + .when().get( serviceUrl ); + LOG_EXIT(); + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testNonGroupMember() throws ClassNotFoundException { + LOG_ENTER(); + String username = "guest"; + String password = "guest-password"; + String serviceUrl = clusterUrl + "/test-service-path/test-service-resource"; + given() + //.log().all() + .auth().preemptive().basic( username, password ) + .expect() + //.log().all() + .statusCode( HttpStatus.SC_FORBIDDEN ) + .when().get( serviceUrl ); + LOG_EXIT(); + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java index cdd5c8e,0000000..fc2f601 mode 100644,000000..100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java @@@ -1,323 -1,0 +1,294 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import com.mycila.xmltool.XMLDoc; +import com.mycila.xmltool.XMLTag; - import org.apache.directory.server.protocol.shared.transport.TcpTransport; - import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.knox.gateway.util.KnoxCLI; +import org.apache.hadoop.test.TestUtils; +import org.apache.hadoop.test.log.NoOpAppender; +import org.apache.log4j.Appender; - import org.hamcrest.Matchers; +import org.junit.BeforeClass; +import org.junit.AfterClass; +import org.junit.Test; - import org.slf4j.Logger; - import org.slf4j.LoggerFactory; + +import java.io.PrintStream; - import java.io.InputStream; +import java.io.File; +import java.io.FileOutputStream; - import java.io.IOException; +import java.io.ByteArrayOutputStream; - import java.net.URL; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.containsString; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThat; + +public class KnoxCliLdapFuncTestNegative { + - private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; - private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); - + public static Enumeration<Appender> appenders; + public static GatewayTestConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); + private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); + private static final String uuid = UUID.randomUUID().toString(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + System.setOut(new PrintStream(outContent)); + System.setErr(new PrintStream(errContent)); + driver.setupLdap(0); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + driver.cleanup(); + + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + createTopology(topoDir, "test-cluster.xml", true); + createTopology(topoDir, "bad-cluster.xml", false); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + } + + private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { + File descriptor = new File(topoDir, name); + + if(descriptor.exists()){ + descriptor.delete(); + descriptor = new File(topoDir, name); + } + + FileOutputStream stream = new FileOutputStream( descriptor, false ); + if(goodTopology){ + createTopology().toStream( stream ); + } else { + createBadTopology().toStream( stream ); + } + stream.close(); + + } + - public static InputStream getResourceStream( String resource ) throws IOException { - return getResourceUrl( resource ).openStream(); - } - - public static URL getResourceUrl( String resource ) { - URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); - assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); - return url; - } - - public static String getResourceName( String resource ) { - return getResourceBaseName() + resource; - } - - public static String getResourceBaseName() { - return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; - } - + private static XMLTag createBadTopology(){ + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway") + .addTag( "provider" ) + .addTag("role").addText("authentication") + .addTag( "name" ).addText( "ShiroProvider" ) + .addTag( "enabled" ).addText( "true" ) + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText(driver.getLdapUrl()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag( "name" ).addText("urls./**") + .addTag("value").addText("authcBasic").gotoParent().gotoParent() + .addTag("provider") + .addTag( "role" ).addText("identity-assertion") + .addTag("enabled").addText("true") + .addTag("name").addText("Default").gotoParent() + .addTag("provider") + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "KNOX" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + private static XMLTag createTopology() { + + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway" ) + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag("param") + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapGroupContextFactory") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.searchBase") + .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.groupObjectClass") + .addTag("value").addText("groupOfNames").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapRealm.memberAttribute") + .addTag("value").addText("member").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText(driver.getLdapUrl()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.cachingEnabled") + .addTag("value").addText("false").gotoParent() + .addTag("param") + .addTag("name").addText("com.sun.jndi.ldap.connect.pool") + .addTag("value").addText("false").gotoParent() + .addTag("param") + .addTag("name" ).addText("urls./**") + .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() + .addTag("provider" ) + .addTag("role").addText( "identity-assertion" ) + .addTag( "enabled").addText( "true" ) + .addTag("name").addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testBadTopology() throws Exception { + LOG_ENTER(); + + // Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology + outContent.reset(); + String username = "tom"; + String password = "tom-password"; + KnoxCLI cli = new KnoxCLI(); + cli.setConf(config); + + String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + cli.run( args1 ); + + assertThat(outContent.toString(), containsString("LDAP authentication successful")); + assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); + assertThat(outContent.toString(), containsString("Warn: ")); + assertFalse(outContent.toString().contains("analyst")); + + + outContent.reset(); + username = "bad-name"; + password = "bad-password"; + cli = new KnoxCLI(); + cli.setConf( config ); + + String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + Enumeration<Appender> before = NoOpAppender.setUp(); + try { + cli.run( args2 ); + } finally { + NoOpAppender.tearDown( before ); + } + + assertThat(outContent.toString(), containsString("LDAP authentication failed")); + assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS")); + + outContent.reset(); + username = "sam"; + password = "sam-password"; + cli = new KnoxCLI(); + cli.setConf( config ); + + String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster", + "--u", username, "--p", password, "--g" }; + cli.run( args3 ); + + assertThat(outContent.toString(), containsString("LDAP authentication successful")); + assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup")); + assertThat(outContent.toString(), containsString("Warn:")); + assertFalse(outContent.toString().contains("analyst")); + assertFalse(outContent.toString().contains("scientist")); + + LOG_EXIT(); + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/50f46e9e/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java ---------------------------------------------------------------------- diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java index 1783a7f,0000000..f612a4e mode 100644,000000..100644 --- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java +++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java @@@ -1,327 -1,0 +1,300 @@@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway; + +import com.mycila.xmltool.XMLDoc; +import com.mycila.xmltool.XMLTag; +import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer; +import org.apache.knox.gateway.services.DefaultGatewayServices; +import org.apache.knox.gateway.services.ServiceLifecycleException; +import org.apache.knox.gateway.util.KnoxCLI; +import org.apache.hadoop.test.TestUtils; +import org.apache.hadoop.test.log.NoOpAppender; +import org.apache.log4j.Appender; - import org.hamcrest.Matchers; +import org.junit.BeforeClass; +import org.junit.AfterClass; +import org.junit.Test; - import org.slf4j.Logger; - import org.slf4j.LoggerFactory; + +import java.io.PrintStream; - import java.io.InputStream; +import java.io.File; +import java.io.FileOutputStream; - import java.io.IOException; +import java.io.ByteArrayOutputStream; - import java.net.URL; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import static org.apache.hadoop.test.TestUtils.LOG_ENTER; +import static org.apache.hadoop.test.TestUtils.LOG_EXIT; +import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.not; +import static org.junit.Assert.assertThat; + +public class KnoxCliLdapFuncTestPositive { + - private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class; - private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class ); - + public static Enumeration<Appender> appenders; + public static GatewayTestConfig config; + public static GatewayServer gateway; + public static String gatewayUrl; + public static String clusterUrl; + private static GatewayTestDriver driver = new GatewayTestDriver(); + + private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); + private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream(); + private static final String uuid = UUID.randomUUID().toString(); + + @BeforeClass + public static void setupSuite() throws Exception { + LOG_ENTER(); + System.setOut(new PrintStream(outContent)); + System.setErr(new PrintStream(errContent)); + driver.setupLdap(0); + setupGateway(); + LOG_EXIT(); + } + + @AfterClass + public static void cleanupSuite() throws Exception { + LOG_ENTER(); + driver.cleanup(); + + //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) ); + //NoOpAppender.tearDown( appenders ); + LOG_EXIT(); + } + + public static void setupGateway() throws Exception { + + File targetDir = new File( System.getProperty( "user.dir" ), "target" ); + File gatewayDir = new File( targetDir, "gateway-home-" + uuid ); + gatewayDir.mkdirs(); + + GatewayTestConfig testConfig = new GatewayTestConfig(); + config = testConfig; + testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() ); + + File topoDir = new File( testConfig.getGatewayTopologyDir() ); + topoDir.mkdirs(); + + File deployDir = new File( testConfig.getGatewayDeploymentDir() ); + deployDir.mkdirs(); + + createTopology(topoDir, "test-cluster.xml", true); + createTopology(topoDir, "bad-cluster.xml", false); + + DefaultGatewayServices srvcs = new DefaultGatewayServices(); + Map<String,String> options = new HashMap<>(); + options.put( "persist-master", "false" ); + options.put( "master", "password" ); + try { + srvcs.init( testConfig, options ); + } catch ( ServiceLifecycleException e ) { + e.printStackTrace(); // I18N not required. + } + } + + private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception { + File descriptor = new File(topoDir, name); + + if(descriptor.exists()){ + descriptor.delete(); + descriptor = new File(topoDir, name); + } + + FileOutputStream stream = new FileOutputStream( descriptor, false ); + if(goodTopology){ + createTopology().toStream( stream ); + } else { + createBadTopology().toStream( stream ); + } + stream.close(); + + } + - public static InputStream getResourceStream( String resource ) throws IOException { - return getResourceUrl( resource ).openStream(); - } - - public static URL getResourceUrl( String resource ) { - URL url = ClassLoader.getSystemResource( getResourceName( resource ) ); - assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() ); - return url; - } - - public static String getResourceName( String resource ) { - return getResourceBaseName() + resource; - } - - public static String getResourceBaseName() { - return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/"; - } - + private static XMLTag createBadTopology(){ + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag( "gateway" ) + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText(driver.getLdapUrl()).gotoParent() + .addTag( "param" ) + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag( "name").addText( "urls./**") + .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent() + .addTag( "provider" ) + .addTag( "role" ).addText( "identity-assertion" ) + .addTag( "enabled" ).addText( "true" ) + .addTag( "name" ).addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service") + .addTag("role").addText( "KNOX" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + private static XMLTag createTopology() { + + XMLTag xml = XMLDoc.newDocument(true) + .addRoot("topology") + .addTag("gateway") + .addTag("provider") + .addTag("role").addText("authentication") + .addTag("name").addText("ShiroProvider") + .addTag("enabled").addText("true") + .addTag("param") + .addTag("name").addText("main.ldapRealm") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapGroupContextFactory") + .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.searchBase") + .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.groupObjectClass") + .addTag("value").addText("groupOfNames").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param" ) + .addTag("name").addText("main.ldapRealm.memberAttribute") + .addTag("value").addText("member").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.authorizationEnabled") + .addTag("value").addText("true").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername") + .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword") + .addTag( "value" ).addText("guest-password").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.userDnTemplate") + .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.url") + .addTag("value").addText(driver.getLdapUrl()).gotoParent() + .addTag("param") + .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism") + .addTag("value").addText("simple").gotoParent() + .addTag("param") + .addTag("name" ).addText("urls./**") + .addTag("value" ).addText("authcBasic").gotoParent().gotoParent() + .addTag("provider" ) + .addTag("role").addText( "identity-assertion" ) + .addTag( "enabled").addText( "true" ) + .addTag("name").addText( "Default" ).gotoParent() + .gotoRoot() + .addTag( "service" ) + .addTag( "role" ).addText( "test-service-role" ) + .gotoRoot(); + // System.out.println( "GATEWAY=" + xml.toString() ); + return xml; + } + + @Test( timeout = TestUtils.MEDIUM_TIMEOUT ) + public void testLDAPAuth() throws Exception { + LOG_ENTER(); + +// Test 1: Make sure authenication is successful and return groups + outContent.reset(); + String username = "sam"; + String password = "sam-password"; + String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password, + "--g"}; + KnoxCLI cli = new KnoxCLI(); + cli.setConf(config); + cli.run(args); + assertThat(outContent.toString(), containsString("success")); + assertThat(outContent.toString(), containsString("analyst")); + assertThat(outContent.toString(), containsString("scientist")); + +// Test 2: Give an invalid name and password combinatinon. + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "bad-name"; + password = "bad-password"; + String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password}; + Enumeration<Appender> before = NoOpAppender.setUp(); + try { + cli.run( args2 ); + } finally { + NoOpAppender.tearDown( before ); + } + assertThat(outContent.toString(), containsString("LDAP authentication failed")); + +// Test 3: Authenticate a user who belongs to no groups, but specify groups with --g + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", + "--u", username, "--p", password, "--g" }; + cli.run(args3); + assertThat(outContent.toString(), containsString("LDAP authentication success")); + assertThat(outContent.toString(), containsString("does not belong to any groups")); + + // Test 4: Pass a non-existent topology + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne", + "--u", username, "--p", password }; + cli.run(args4); + assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist")); + + + // Test 5: Authenticate a user who belongs to no groups, but specify groups with --g + outContent.reset(); + cli = new KnoxCLI(); + cli.setConf(config); + username = "guest"; + password = "guest-password"; + String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", + "--u", username, "--p", password }; + cli.run( args5 ); + assertThat(outContent.toString(), containsString("LDAP authentication success")); + assertThat(outContent.toString(), not(containsString("does not belong to any groups"))); + + LOG_EXIT(); + } + + +}