Repository: ambari Updated Branches: refs/heads/branch-feature-AMBARI-20859 8549682b5 -> b3f7d9e42
AMBARI-20760. After pam setup- Hive View user home test fails (Anita Jebaraj via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f167236c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f167236c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f167236c Branch: refs/heads/branch-feature-AMBARI-20859 Commit: f167236c24501a0d14afccfbc53a2c648cb21731 Parents: 8549682 Author: Anita Jebaraj <ajeb...@us.ibm.com> Authored: Mon May 1 16:33:59 2017 -0400 Committer: Robert Levas <rle...@hortonworks.com> Committed: Mon May 1 16:33:59 2017 -0400 ---------------------------------------------------------------------- .../AmbariPamAuthenticationProvider.java | 18 ++------ .../AmbariPamAuthenticationProviderTest.java | 45 +++++++++++++++++--- 2 files changed, 43 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f167236c/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java index ca7cd31..b3fb861 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java @@ -17,7 +17,6 @@ */ package org.apache.ambari.server.security.authorization; -import java.security.Principal; import java.util.Collection; import java.util.HashSet; import java.util.Set; @@ -40,7 +39,6 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; import com.google.inject.Inject; @@ -124,18 +122,10 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { users.getUserAuthorities(userName, UserType.PAM); final User user = users.getUser(userName, UserType.PAM); - - Principal principal = new Principal() { - @Override - public String getName() { - return user.getUserName(); - } - }; - - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, null, userAuthorities); - SecurityContextHolder.getContext().setAuthentication(token); - return token; - + + Authentication authToken = new AmbariUserAuthentication(passwd, user, userAuthorities); + authToken.setAuthenticated(true); + return authToken; } catch (PAMException ex) { LOG.error("Unable to sign in. Invalid username/password combination - " + ex.getMessage()); Throwable t = ex.getCause(); http://git-wip-us.apache.org/repos/asf/ambari/blob/f167236c/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java index 5b3acd0..b7272c5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java @@ -17,27 +17,31 @@ */ package org.apache.ambari.server.security.authorization; -import static junit.framework.Assert.assertEquals; import static org.easymock.EasyMock.createNiceMock; import static org.easymock.EasyMock.expect; import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import org.apache.ambari.server.H2DatabaseCleaner; import org.apache.ambari.server.audit.AuditLoggerModule; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.GuiceJpaInitializer; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; + import org.easymock.EasyMock; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.jvnet.libpam.PAM; import org.jvnet.libpam.UnixUser; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.crypto.password.PasswordEncoder; import com.google.inject.Guice; import com.google.inject.Inject; @@ -50,10 +54,16 @@ public class AmbariPamAuthenticationProviderTest { private static Injector injector; @Inject + PasswordEncoder passwordEncoder; + @Inject private AmbariPamAuthenticationProvider authenticationProvider; @Inject Configuration configuration; + private static final String TEST_USER_NAME = "userName"; + private static final String TEST_USER_PASS = "userPass"; + private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass"; + @Before public void setUp() { injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule()); @@ -70,7 +80,10 @@ public class AmbariPamAuthenticationProviderTest { @Test(expected = AuthenticationException.class) public void testBadCredential() throws Exception { - Authentication authentication = new UsernamePasswordAuthenticationToken("notFound", "wrong"); + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); + Authentication authentication = new AmbariUserAuthentication("wrong", user, userAuthorities); authenticationProvider.authenticate(authentication); } @@ -78,20 +91,40 @@ public class AmbariPamAuthenticationProviderTest { public void testAuthenticate() throws Exception { PAM pam = createNiceMock(PAM.class); UnixUser unixUser = createNiceMock(UnixUser.class); + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce(); expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce(); EasyMock.replay(unixUser); EasyMock.replay(pam); - Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password"); + Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); Authentication result = authenticationProvider.authenticateViaPam(pam,authentication); - assertEquals("allowedUser", result.getName()); + Assert.assertNotNull(result); + Assert.assertEquals(true, result.isAuthenticated()); + Assert.assertTrue(result instanceof AmbariUserAuthentication); } @Test public void testDisabled() throws Exception { + UserEntity userEntity = combineUserEntity(); + User user = new User(userEntity); + Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); configuration.setClientSecurityType(ClientSecurityType.LOCAL); - Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password"); + Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); Authentication auth = authenticationProvider.authenticate(authentication); Assert.assertTrue(auth == null); } + + private UserEntity combineUserEntity() { + PrincipalEntity principalEntity = new PrincipalEntity(); + UserEntity userEntity = new UserEntity(); + userEntity.setUserId(1); + userEntity.setUserName(UserName.fromString(TEST_USER_NAME)); + userEntity.setUserPassword(passwordEncoder.encode(TEST_USER_PASS)); + userEntity.setUserType(UserType.PAM); + userEntity.setPrincipal(principalEntity); + return userEntity; + } + }