OOZIE-2732 Remove login server example (rkanter via abhishekbafna)
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/2a1ba196 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/2a1ba196 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/2a1ba196 Branch: refs/heads/oya Commit: 2a1ba196bfc5ccf9151df7974f2e5e53edf8e71c Parents: d9a4d3f Author: abhisek bafna <aba...@hortonworks.com> Authored: Wed Jan 11 11:58:41 2017 +0530 Committer: abhisek bafna <aba...@hortonworks.com> Committed: Wed Jan 11 11:58:41 2017 +0530 ---------------------------------------------------------------------- distro/pom.xml | 18 -- .../site/twiki/ENG_Custom_Authentication.twiki | 158 -------------- login/README.txt | 118 ---------- login/pom.xml | 138 ------------ .../AltKerberosAuthenticationHandler.java | 138 ------------ .../ExampleAltAuthenticationHandler.java | 139 ------------ .../oozie/servlet/login/LDAPLoginServlet.java | 108 ---------- .../oozie/servlet/login/LoginServlet.java | 181 ---------------- .../src/main/resources/login-page-template.html | 36 ---- login/src/main/webapp/META-INF/context.xml | 19 -- login/src/main/webapp/WEB-INF/web.xml | 78 ------- .../TestExampleAltAuthenticationHandler.java | 141 ------------ .../servlet/login/TestLDAPLoginServlet.java | 167 --------------- .../oozie/servlet/login/TestLoginServlet.java | 213 ------------------- pom.xml | 9 - release-log.txt | 1 + src/main/assemblies/distro.xml | 10 - 17 files changed, 1 insertion(+), 1671 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/distro/pom.xml ---------------------------------------------------------------------- diff --git a/distro/pom.xml b/distro/pom.xml index 740aff0..1a40e21 100644 --- a/distro/pom.xml +++ b/distro/pom.xml @@ -87,22 +87,4 @@ </plugin> </plugins> </build> - - <profiles> - <profile> - <id>loginServerExample</id> - <activation> - <activeByDefault>false</activeByDefault> - </activation> - <dependencies> - <dependency> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-login</artifactId> - <version>${project.version}</version> - <scope>compile</scope> - <type>war</type> - </dependency> - </dependencies> - </profile> - </profiles> </project> http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/docs/src/site/twiki/ENG_Custom_Authentication.twiki ---------------------------------------------------------------------- diff --git a/docs/src/site/twiki/ENG_Custom_Authentication.twiki b/docs/src/site/twiki/ENG_Custom_Authentication.twiki index 6bac3a6..64334b6 100644 --- a/docs/src/site/twiki/ENG_Custom_Authentication.twiki +++ b/docs/src/site/twiki/ENG_Custom_Authentication.twiki @@ -19,7 +19,6 @@ The following authenticators are provided in hadoop-auth: * KerberosAuthenticationHandler : the authenticator handler implements the Kerberos SPNEGO authentication mechanism for HTTP. * PseudoAuthenticationHandler : the authenticator handler provides a pseudo authentication mechanism that accepts the user name specified as a query string parameter. - * AltKerberosAuthenticationHandler: the authenticator handler allows for Kerberos SPNEGO authentication for non-browsers and an alternate form of authentication for browsers. A subclass must implement the alternate authentication (see [[ENG_Custom_Authentication#LoginServerExample][Example Login Server]]) 3. =org.apache.hadoop.security.authentication.server.AuthenticationFilter:= A servlet filter enables protecting web application resources with different authentication mechanisms provided by AuthenticationHandler. To enable the filter, web application resources file (ex. web.xml) needs to include a filter class derived from =AuthenticationFilter=. @@ -141,163 +140,6 @@ protected AuthenticationToken getToken(HttpServletRequest request) throws IOExce } </verbatim> -#LoginServerExample ----++ Login Server Example - ----+++ Overview - -The Login Server Example is a web application that is an example of how to create a login server for Oozie. It provides two example -servlets: LoginServlet and LDAPLoginServlet. The LoginServlet example is very primitive and simply authenticates users whose -username and password match (e.g. user=foo and pass=foo). The LDAPLoginServlet example can be configured against an LDAP server to -authenticate users from that LDAP server. Once authenticated, both example servlets write the username to a cookie that Oozie -checks via the ExampleAltAuthenticationHandler (which uses that cookie for authentication for browsers but Kerberos otherwise). - -The LoginServlet and LDAPLoginServlet are run from a separate WAR file called oozie-login.war; its web.xml can be used to configure -which servlet is used as well as some additional properties. The ExampleAltAuthenticationHandler is run as part of the Oozie server -but is built as a separate jar: oozie-login.jar. - ----+++ ExampleAltAuthenticationHandler - -This is a subclass of the abstract AltKerberosAuthenticationHandler, which is an AuthenticationHandler that allows for a "mixed" -mode of authentication. When a non-browser is used, Kerberos will be used for authentication; when a browser is used, some other -authentication method will be used. In the case of ExampleAltAuthenticationHandler, the other authentication method is to look for -a cookie named =oozie.web.login.auth= and create an AuthenticationToken using the value of the cookie as the username. If the -cookie cannot be found, it will redirect the browser to a page where the user can (presumably) login to a server that can -authenticate the user and create the cookie. As this is obviously a very primitive method of authentication that is not secure, it -should NOT be used in production; it is only provided as an example of how the AltKerberosAuthenticationHandler can be used. - -To reiterate: %RED%ExampleAltAuthenticationHandler IS NOT SECURE -- DO NOT USE IT IN A PRODUCTION ENVIRONMENT%ENDCOLOR% - -To use the ExampleAltAuthenticationHandler, make at least the following two changes to your oozie-site.xml. All of the existing -Kerberos-related settings are still applicable (for when a non-browser is used) so make sure to configure them appropriately. -<verbatim> - <property> - <name>oozie.authentication.type</name> - <value>org.apache.oozie.authentication.ExampleAltAuthenticationHandler</value> - </property> - <property> - <name>oozie.service.HadoopAccessorService.kerberos.enabled</name> - <value>true</value> - </property> -</verbatim> -Note: The ExampleAltAuthenticationHandler is included in the oozie-login.jar file and not normally included with Oozie core. -Additionally, you can configure which user-agents AltKerberosAuthenticationHandler (and thus ExampleAltAuthenticationHandler) -consider to be non-browsers by setting the following property in oozie-site.xml to a comma separated list. When any of the values -in this property are contained in the user-agent of the request, Kerberos will be used; otherwise, the alternate authentication will -be used. -<verbatim> - <property> - <name>oozie.authentication.alt-kerberos.non-browser.user-agents</name> - <value>java,curl,wget,perl</value> - </property> -</verbatim> -The above values, which are the default, will cause a user-agent such as "java" (the user-agent used by Java programs) to use -Kerberos. Note that this would also match with user-agents such as "java6" and "I am not a JaVa program". - -When the ExampleAltAuthenticationHandler cannot find the =oozie.web.login.auth= cookie, it will redirect the user to another URL, -which can be configured by setting the following property in oozie-site.xml. Typically, this URL should take the user to a server -where they can login to acquire the cookie and then get redirected back to the Oozie web console (the Login Server Example does this -and will be explained in more detail later). -<verbatim> - <property> - <name>oozie.authentication.ExampleAltAuthenticationHandler.redirect.url</name> - <value>http://localhost:11000/oozie-login/?backurl={0}</value> - </property> -</verbatim> -The above value, which is the default, will cause the user to be redirected to the Login Server Example if its running in the same -tomcat as Oozie and on the default port. If ={0}= appears anywhere in this URL, it will be replaced by the URL of Oozie's web -console so that the Login Server Example can know where to send the user back while staying independent of Oozie. - ----+++ LoginServlet - -This is a web servlet that gets bundled in the oozie-login.war web application. It is a very primitive example of a login server -implementation that is compatible with the ExampleAltAuthenticationHandler. When users visit this servlet, they are shown a simple -login page that allows them to enter their username and password. It authenticates them if their username and password are the same -(e.g. user=foo and pass=foo), which is not secure and should not be used in production; it is only provided as an example. - -To reiterate: %RED%LoginServlet IS NOT SECURE -- DO NOT USE IT IN A PRODUCTION ENVIRONMENT%ENDCOLOR% - -Sending it a GET request returns the login page; the =backurl= parameter is required (so it knows where to redirect the user back to -once they are authenticated), but there is also an optional =username= parameter that will pre-populate the username field if given. - -Sending it a POST request will also return the login page, but only if an error occurs (e.g. invalid username or password). As with -the GET request, the =backurl= parameter is required, but now the =username= and =password= parameters are also required. If they -match, the LoginServlet will write the =oozie.web.login.auth= cookie containing the username and redirect the user to the =backurl=, -which is presumably the Oozie web console. - -The login page can be configured to look differently by changing the following parameter in the web.xml in the oozie-login.war file -(or in the login/src/main/webapp/WEB-INF/ directory before building it). The file needs to be located in the -login/src/main/resources/ directory and should contain ={0}= for where an error message can go, ={1}= for where the username -included with a GET request will go, and ={2}= for where the =backurl= goes. -<verbatim> - <init-param> - <param-name>login.page.template</param-name> - <param-value>login-page-template.html</param-value> - </init-param> -</verbatim> -The above value, which is the default, is a basic html page that has fields for the username and password and meets the previously -stated requirements. - -The =oozie.web.login.auth= cookie will expire 3 minutes after being given to the user. Once the user has been redirected back to -the Oozie web console and given the AuthenticationToken, the =oozie.web.login.auth= cookie is no longer used. If the -AuthenticationToken expires but the user still has a valid =oozie.web.login.auth= cookie, the ExampleAltAuthenticationHandler will -simply give out a new AuthenticationToken; the desired behavior is that the user is bounced back to the oozie-login.war server to -re-authenticate, hence the very short lifetime of the =oozie.web.login.auth= cookie. However, the expiration time of the cookie -is configurable by changing the following parameter in the web.xml in the oozie-login.war file (or in the -login/src/main/webapp/WEB-INF/ directory before building it). It is given in seconds. A positive value indicates that the cookie -will expire after that many seconds have passed; make sure this value is high enough to allow the user to be forwarded to the -backurl before the cookie expires. A negative value indicates that the cookie will be deleted when the browser exits. -<verbatim> - <init-param> - <param-name>login.auth.cookie.expire.time</param-name> - <param-value>180</param-value> - </init-param> -</verbatim> -The above value, which is the default, is the number of seconds in 3 minutes. - ----+++ LDAPLoginServlet - -This is a second web servlet that gets bundled in the oozie-login.war web application. It inherits from the LoginServlet, so the -previous configuration information (e.g. login.page.template) still applies to this servlet. The only difference between the -LDAPLoginServlet and the LoginServlet, is that the LDAPLoginServlet is configured against an LDAP server to provide the -authentication instead of simply checking that the username and password are equal. As before, this is not secure and should not be -used in production; it is only provided as an example. - -To reiterate: %RED%LDAPLoginServlet IS NOT SECURE -- DO NOT USE IT IN A PRODUCTION ENVIRONMENT%ENDCOLOR% - -The oozie-login.war web application is configured to use LoginServlet by default. To switch it to use the LDAPLoginServlet, you -have to change the following line in the web.xml from: -<verbatim> - <servlet-class>org.apache.oozie.servlet.login.LoginServlet</servlet-class> -</verbatim> -to: -<verbatim> - <servlet-class>org.apache.oozie.servlet.login.LDAPLoginServlet</servlet-class> -</verbatim> - -There are three additional parameters related to LDAP that you should configure in the web.xml: -<verbatim> - <init-param> - <param-name>ldap.provider.url</param-name> - <param-value>ldap://localhost:389</param-value> - </init-param> - <init-param> - <param-name>ldap.context.factory</param-name> - <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> - </init-param> - <init-param> - <param-name>ldap.security.authentication</param-name> - <param-value>simple</param-value> - </init-param> -</verbatim> -The ldap.provider.url is the LDAP provider URL to use, the ldap.context.factory is the LDAP context factory to use, and the -ldap.security.authentication is the LDAP security authentication type to use. - ----+++ Building and Deploying -The README.txt file in the =login= directory contains instructions on how to build and deploy the Login Server Example - - - [[index][::Go back to Oozie Documentation Index::]] </noautolink> http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/README.txt ---------------------------------------------------------------------- diff --git a/login/README.txt b/login/README.txt deleted file mode 100644 index 1469dda..0000000 --- a/login/README.txt +++ /dev/null @@ -1,118 +0,0 @@ - -Login Server Example -==================== - ---------------------------------- -What is the Login Server Example? ---------------------------------- -The Login Server Example is a web application that is an example of how to create a login server for Oozie. It provides two example -servlets: LoginServlet and LDAPLoginServlet. The LoginServlet example is very primitive and simply authenticates users whose -username and password match (e.g. user=foo and pass=foo). The LDAPLoginServlet example can be configured against an LDAP server to -authenticate users from that LDAP server. Onces authenticated, both example servlets write the username to a cookie that Oozie -checks via the ExampleAltAuthenticationHandler (which uses that cookie for authentication for browsers but Kerberos otherwise). - -The LoginServlet and LDAPLoginServlet are run from a separate WAR file called oozie-login.war; its web.xml can be used to configure -which servlet is used as well as some additional properties. The ExampleAltAuthenticationHandler is run as part of Oozie. - -More details on the Login Server Example and the three classes can be found on the "Creating Custom Authentication" page of the -Oozie Documentation. - -ExampleAltAuthenticationHandler, LoginServlet, and LDAPLoginServlet ARE NOT SECURE - -- THEY SHOULD NOT BE USED IN A PRODUCTION ENVIRONMENT - --------------------------------------------------------------------------------------- -How to build and launch the Login Server Example as part of entire oozie package build --------------------------------------------------------------------------------------- - -1. run mkdistro.sh on top-level directory ---------------------- -bin/mkdistro.sh -P loginServerExample ---------------------- -[NOTE] -The Login Server Example is not included in the build by default, hence the need to specify a maven profile (-P loginServerExample). -This maven profile causes two additional files to be built: oozie-login.war (contains the oozie login server example) and -oozie-login.jar (contains the AuthenticationHandler to use with the oozie login server example) - -2. move to output directory --------------------- -cd distro/target/oozie-<version>-distro/oozie-<version> --------------------- - -3-(a). copy the war file to oozie-server/webapps/ --------------------- -cp oozie-login.war ./oozie-server/webapps --------------------- -[NOTE] -Method (a) only gives you the login server; to also make the AuthenticationHandler available to the Oozie server, use method (b) - -or - -3-(b). create /libext and copy the war and jar files to it --------------------- -mkdir libext -cp oozie-login.war ./libext -cp oozie-login.jar ./libext --------------------- -[NOTE] -bin/oozie-setup.sh is implemented such that oozie-login.war is automatically picked up and deployed to oozie server - -4. start oozie server (using bin/oozie-setup.sh and bin/oozie-start.sh) and check through browser ---------------------- -http://localhost:11000/oozie-login ---------------------- -[NOTE] -Using default port number, which is 11000. Tomcat server may fail to start if another application already using the same port. -Please make sure the port is not being used. - - ---------------------------------------------------------------------------- -How to build and launch Login Server Example only (not whole package build) ---------------------------------------------------------------------------- -This is to launch the Login Server Example using a web server that you are already running (without using bundled tomcat). -This is suitable for when you want to host this application on the existing tomcat instance. You need to copy the war file into -the webapp directory of the existing tomcat. - -1. build the Login Server Example and create war file ---------------------- -// Assuming you are at the top level directory -mvn clean package -P loginServerExample -Dtest=TestExampleAltAuthenticationHandler,TestLoginServlet,TestLDAPLoginServlet ---------------------- -[NOTE] -This must be done from the top level directory because oozie-core is a dependency on the Login Server Example. To skip all tests, -replace the -Dtest=... with -DskipTests. - -2. copy war file to webapps directory of web server ---------------------- -cp login/target/oozie-login.war <webserver-installed-directory>/webapps/ ---------------------- - -3. start web server ---------------------- -<webserver-installed-directory>/bin/startup.sh ---------------------- -[NOTE] -name of start script might be different in your web-server, please change accordingly - -4. check through browser ---------------------- -http://localhost:8080/oozie-login ---------------------- -[NOTE] -port number might not be 8080 in your web-server setting (usually it's default in tomcat), please change accordingly - -5. stop web server ---------------------- -<webserver-installed-directory>/bin/shutdown.sh ---------------------- -[NOTE] name of shutdown script might be different in your web-server, please change accordingly - - -===================================================================== - -If you have any questions/issues, please send an email to: - -u...@oozie.apache.org - -Subscribe using the link: - -http://oozie.apache.org/mail-lists.html http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/pom.xml ---------------------------------------------------------------------- diff --git a/login/pom.xml b/login/pom.xml deleted file mode 100644 index bce1f08..0000000 --- a/login/pom.xml +++ /dev/null @@ -1,138 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-main</artifactId> - <version>4.4.0-SNAPSHOT</version> - </parent> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-login</artifactId> - <version>4.4.0-SNAPSHOT</version> - <description>Apache Oozie Login</description> - <name>Apache Oozie Login</name> - <packaging>war</packaging> - - <dependencies> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.mortbay.jetty</groupId> - <artifactId>jetty</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-core</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-core</artifactId> - <classifier>tests</classifier> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.hadoop</groupId> - <artifactId>hadoop-auth</artifactId> - <type>jar</type> - </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-all</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-hadoop</artifactId> - <scope>provided</scope> - </dependency> - <!-- ApacheDS needed for LDAP unit tests --> - <dependency> - <groupId>org.apache.directory.server</groupId> - <artifactId>apacheds-server-unit</artifactId> - <version>1.0.2</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.oozie</groupId> - <artifactId>oozie-hadoop-test</artifactId> - <scope>test</scope> - </dependency> - </dependencies> - - <build> - <finalName>oozie-login</finalName> - <plugins> - <!-- Make the oozie-login.jar too --> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <executions> - <execution> - <id>make-a-jar</id> - <phase>compile</phase> - <goals> - <goal>jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.rat</groupId> - <artifactId>apache-rat-plugin</artifactId> - <configuration> - <excludeSubProjects>false</excludeSubProjects> - <excludes> - <!-- excluding all as the root POM does the full check--> - <exclude>**</exclude> - </excludes> - </configuration> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-deploy-plugin</artifactId> - <configuration> - <skip>true</skip> - </configuration> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-assembly-plugin</artifactId> - <configuration> - <descriptors> - <descriptor>../src/main/assemblies/empty.xml</descriptor> - </descriptors> - </configuration> - </plugin> - </plugins> - </build> - -</project> - http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/java/org/apache/oozie/authentication/AltKerberosAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/login/src/main/java/org/apache/oozie/authentication/AltKerberosAuthenticationHandler.java b/login/src/main/java/org/apache/oozie/authentication/AltKerberosAuthenticationHandler.java deleted file mode 100644 index ae30635..0000000 --- a/login/src/main/java/org/apache/oozie/authentication/AltKerberosAuthenticationHandler.java +++ /dev/null @@ -1,138 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.authentication; - -import java.io.IOException; -import java.util.Properties; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.apache.hadoop.security.authentication.client.AuthenticationException; -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; - -// TODO: Delete this class when hadoop's AltKerberosAuthenticationHandler becomes available in a hadoop release -/** - * The {@link AltKerberosAuthenticationHandler} behaves exactly the same way as the KerberosAuthenticationHandler, except that it - * allows for an alternative form of authentication for browsers while still using Kerberos for Java access. This is an abstract - * class that should be subclassed to allow a developer to implement their own custom authentication for browser access. The - * alternateAuthenticate method will be called whenever a request comes from a browser. - * <p/> - */ -public abstract class AltKerberosAuthenticationHandler extends KerberosAuthenticationHandler { - - /** - * Constant that identifies the authentication mechanism. - */ - public static final String TYPE = "alt-kerberos"; - - /** - * Constant for the configuration property that indicates which user agents are not considered browsers (comma separated) - */ - public static final String NON_BROWSER_USER_AGENTS = TYPE + ".non-browser.user-agents"; - private static final String NON_BROWSER_USER_AGENTS_DEFAULT = "java,curl,wget,perl"; - - private String[] nonBrowserUserAgents; - - /** - * Returns the authentication type of the authentication handler, 'alt-kerberos'. - * <p/> - * - * @return the authentication type of the authentication handler, 'alt-kerberos'. - */ - @Override - public String getType() { - return TYPE; - } - - @Override - public void init(Properties config) throws ServletException { - super.init(config); - - nonBrowserUserAgents = config.getProperty(NON_BROWSER_USER_AGENTS, NON_BROWSER_USER_AGENTS_DEFAULT).split("\\W*,\\W*"); - for (int i = 0; i < nonBrowserUserAgents.length; i++) { - nonBrowserUserAgents[i] = nonBrowserUserAgents[i].toLowerCase(); - } - } - - /** - * It enforces the the Kerberos SPNEGO authentication sequence returning an {@link AuthenticationToken} only after the Kerberos - * SPNEGO sequence has completed successfully (in the case of Java access) and only after the custom authentication implemented - * by the subclass in alternateAuthenticate has completed successfully (in the case of browser access). - * <p/> - * - * @param request the HTTP client request. - * @param response the HTTP client response. - * - * @return an authentication token if the request is authorized or null - * - * @throws IOException thrown if an IO error occurred - * @throws AuthenticationException thrown if an authentication error occurred - */ - @Override - public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) - throws IOException, AuthenticationException { - AuthenticationToken token; - if (isBrowser(request.getHeader("User-Agent"))) { - token = alternateAuthenticate(request, response); - } - else { - token = super.authenticate(request, response); - } - return token; - } - - /** - * This method parses the User-Agent String and returns whether or not it refers to a browser. If its not a browser, then - * Kerberos authentication will be used; if it is a browser, alternateAuthenticate from the subclass will be used. - * <p/> - * A User-Agent String is considered to be a browser if it does not contain any of the values from - * alt-kerberos.non-browser.user-agents; the default behavior is to consider everything a browser unless it contains one of: - * "java", "curl", "wget", or "perl". Subclasses can optionally override this method to use different behavior. - * - * @param userAgent The User-Agent String, or null if there isn't one - * @return true if the User-Agent String refers to a browser, false if not - */ - protected boolean isBrowser(String userAgent) { - if (userAgent == null) { - return false; - } - userAgent = userAgent.toLowerCase(); - boolean isBrowser = true; - for (String nonBrowserUserAgent : nonBrowserUserAgents) { - if (userAgent.contains(nonBrowserUserAgent)) { - isBrowser = false; - break; - } - } - return isBrowser; - } - - /** - * Subclasses should implement this method to provide the custom authentication to be used for browsers. - * - * @param request the HTTP client request. - * @param response the HTTP client response. - * @return an authentication token if the request is authorized, or null - * @throws IOException thrown if an IO error occurs - * @throws AuthenticationException thrown if an authentication error occurs - */ - public abstract AuthenticationToken alternateAuthenticate(HttpServletRequest request, HttpServletResponse response) - throws IOException, AuthenticationException; -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java b/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java deleted file mode 100644 index 1b9b9c2..0000000 --- a/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java +++ /dev/null @@ -1,139 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.authentication; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; -import java.net.URLEncoder; -import java.text.MessageFormat; -import java.util.Properties; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.authentication.client.AuthenticationException; -// TODO: Switch to subclassing hadoop's AltKerberosAuthenticationHandler when it becomes available in a hadoop release -//import org.apache.hadoop.security.authentication.server.AltKerberosAuthenticationHandler; -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.apache.oozie.service.Services; - -/** - * This class provides an implementation of the {@link AltKerberosAuthenticationHandler} as a simple example. It is meant to be - * used with the Login Server Example. The alternate authentication offered by this class is to check for a cookie named - * "oozie.web.login.auth" and use its value as the username. More information can be found in the README.txt for the Login Server - * Example. Note that this implementation is NOT SECURE and should not be used in production. - */ -public class ExampleAltAuthenticationHandler extends AltKerberosAuthenticationHandler { - - /** - * Constant for the configuration property that indicates the redirect URL to send unauthenticated users to the Login Server. - * It can include {0}, which will be replaced by the Oozie web console URL. - */ - private static final String REDIRECT_URL = "oozie.authentication.ExampleAltAuthenticationHandler.redirect.url"; - private static final String REDIRECT_URL_DEFAULT = "http://localhost:11000/oozie-login/?backurl={0}";; - - private String redirectURL; - - @Override - public void init(Properties config) throws ServletException { - super.init(config); - - Configuration conf = Services.get().getConf(); - redirectURL = conf.get(REDIRECT_URL, REDIRECT_URL_DEFAULT); - } - - /** - * Implementation of the custom authentication. It looks for the "oozie.web.login.auth" cookie and if it exists, returns an - * AuthenticationToken with the cookie's value as the username. Otherwise, it will redirect the user to the login server via - * the REDIRECT_URL. - * - * @param request the HTTP client request. - * @param response the HTTP client response. - * @return an authentication token if the request is authorized, or null - * @throws IOException thrown if an IO error occurs - * @throws AuthenticationException thrown if an authentication error occurs - */ - @Override - public AuthenticationToken alternateAuthenticate(HttpServletRequest request, HttpServletResponse response) - throws IOException, AuthenticationException { - AuthenticationToken token = null; - Cookie[] cookies = request.getCookies(); - Cookie authCookie = verifyAndExtractAltAuth(cookies); - String altAuthUserName = getAltAuthUserName(authCookie); - // Authenticated - if (altAuthUserName != null) { - token = new AuthenticationToken(altAuthUserName, altAuthUserName, getType()); - } - // Not Authenticated - else { - StringBuffer sb = request.getRequestURL(); - if (request.getQueryString() != null) { - sb.append("?").append(request.getQueryString()); - } - String url = MessageFormat.format(redirectURL, URLEncoder.encode(sb.toString(), "ISO-8859-1")); - url = response.encodeRedirectURL(url); - response.sendRedirect(url); - } - return token; - } - - /** - * Verifies and extracts the "oozie.web.login.auth" Cookie from the passed in cookies. Note that this implementation doesn't - * actually do any verification, but a subclass can override it to do so. - * - * @param cookies The cookies from a request. - * @return The "oozie.web.login.auth" cookie or null - */ - protected Cookie verifyAndExtractAltAuth(Cookie[] cookies) { - if (cookies == null) { - return null; - } - for (Cookie cookie : cookies) { - if (cookie.getName().equals("oozie.web.login.auth")) { - // Here the cookie should be verified for integrity/authenticity from the login service - return cookie; - } - } - return null; - } - - /** - * Returns the username from the "oozie.web.login.auth" cookie. - * - * @param authCookie The "oozie.web.login.auth" cookie - * @return The username from the cookie or null if the cookie is null - * @throws UnsupportedEncodingException thrown if there's a problem decoding the cookie value - * @throws AuthenticationException thrown if the cookie value is only two quotes "" - */ - protected String getAltAuthUserName(Cookie authCookie) throws UnsupportedEncodingException, AuthenticationException { - if (authCookie == null) { - return null; - } - String username = authCookie.getValue(); - if (username.startsWith("\"") && username.endsWith("\"")) { - if (username.length() == 2) { - throw new AuthenticationException("Unable to parse authentication cookie"); - } - username = username.substring(1, username.length() - 1); - } - return URLDecoder.decode(username, "UTF-8"); - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/java/org/apache/oozie/servlet/login/LDAPLoginServlet.java ---------------------------------------------------------------------- diff --git a/login/src/main/java/org/apache/oozie/servlet/login/LDAPLoginServlet.java b/login/src/main/java/org/apache/oozie/servlet/login/LDAPLoginServlet.java deleted file mode 100644 index 34354c7..0000000 --- a/login/src/main/java/org/apache/oozie/servlet/login/LDAPLoginServlet.java +++ /dev/null @@ -1,108 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.servlet.login; - -import java.util.Hashtable; -import javax.naming.Context; -import javax.naming.directory.DirContext; -import javax.naming.directory.InitialDirContext; -import javax.servlet.ServletException; - -/** - * This class provides an LDAP example Login Servlet to be used with the ExampleAltAuthenticationHandler. It provides a login page - * to the user and checks that the username and password are are able to login to the configured LDAP server and writes the username - * to a cookie named "oozie.web.login.auth". Once authenticated, it will send the user to the "backurl". More information can be - * found in the README.txt for the Login Server Example. Note that this implementation is NOT SECURE and should not be used in - * production. - */ -public class LDAPLoginServlet extends LoginServlet { - - /** - * Constant for the configuration property that indicates LDAP provider url to use. Note that this is configured in the web.xml - * file. - */ - public static final String LDAP_PROVIDER_URL_KEY = "ldap.provider.url"; - private static final String LDAP_PROVIDER_URL_DEFAULT = "ldap://localhost:389";; - private String ldapProviderUrl; - - /** - * Constant for the configuration property that indicates LDAP context factory to use. Note that this is configured in the - * web.xml file. - */ - public static final String LDAP_CONTEXT_FACTORY_KEY = "ldap.context.factory"; - private static final String LDAP_CONTEXT_FACTORY_DEFAULT = "com.sun.jndi.ldap.LdapCtxFactory"; - private String ldapContextFactory; - - /** - * Constant for the configuration property that indicates LDAP security authentication type to use. Note that this is - * configured in the web.xml file. - */ - public static final String LDAP_SECURITY_AUTHENTICATION_KEY = "ldap.security.authentication"; - private static final String LDAP_SECURITY_AUTHENTICATION_DEFAULT = "simple"; - private String ldapSecurityAuthentication; - - @Override - public void init() throws ServletException { - super.init(); - - ldapProviderUrl = getInitParameter(LDAP_PROVIDER_URL_KEY); - if (ldapProviderUrl == null) { - ldapProviderUrl = LDAP_PROVIDER_URL_DEFAULT; - } - - ldapContextFactory = getInitParameter(LDAP_CONTEXT_FACTORY_KEY); - if (ldapContextFactory == null) { - ldapContextFactory = LDAP_CONTEXT_FACTORY_DEFAULT; - } - - ldapSecurityAuthentication = getInitParameter(LDAP_SECURITY_AUTHENTICATION_KEY); - if (ldapSecurityAuthentication == null) { - ldapSecurityAuthentication = LDAP_SECURITY_AUTHENTICATION_DEFAULT; - } - } - - /** - * This method is overridden from LoginServlet to verify the password by attempting to use the username and password to login to - * the configured LDAP server. - * - * @param username The username - * @param password The password - * @return true if verified, false if not - */ - @Override - protected boolean verifyPassword(String username, String password) { - boolean result = false; - try { - Hashtable<String, String> env = new Hashtable<String, String>(); - env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContextFactory); - env.put(Context.PROVIDER_URL, ldapProviderUrl); - env.put(Context.SECURITY_AUTHENTICATION, ldapSecurityAuthentication); - env.put(Context.SECURITY_PRINCIPAL, username); - env.put(Context.SECURITY_CREDENTIALS, password); - DirContext ctx = new InitialDirContext(env); - if (ctx != null) { - ctx.close(); - result = true; - } - } catch (Exception e) { - result = false; - } - return result; - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java ---------------------------------------------------------------------- diff --git a/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java b/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java deleted file mode 100644 index 627fa82..0000000 --- a/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java +++ /dev/null @@ -1,181 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.servlet.login; - -import java.io.*; -import java.net.URLEncoder; -import java.text.MessageFormat; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * This class provides a basic example Login Servlet to be used with the ExampleAltAuthenticationHandler. It provides a login page - * to the user and simply checks that the username and password are equal (e.g. user=foo pass=foo) and writes the username to a - * cookie named "oozie.web.login.auth". Once authenticated, it will send the user to the "backurl". More information can be found - * in the README.txt for the Login Server Example. Note that this implementation is NOT SECURE and should not be used in - * production. - */ -public class LoginServlet extends HttpServlet { - - /** - * Constant for the configuration property that indicates the login page html to use. The file needs to be located in the - * login/src/main/resources/ directory and should contain {0} for where an error message can go, {1} for where the username - * included with a GET request will go, and {2} for where the "backurl" goes. Note that this is configured in the web.xml file. - */ - public static final String LOGIN_PAGE_TEMPLATE_KEY = "login.page.template"; - private static final String LOGIN_PAGE_TEMPLATE_DEFAULT = "login-page-template.html"; - private String loginPageTemplate; - - /** - * Constant for the configuration property that indicates the expiration time (or max age) of the "oozie.web.login.auth" cookie. - * It is given in seconds. A positive value indicates that the cookie will expire after that many seconds have passed; make - * sure this value is high enough to allow the user to be forwarded to the backurl before the cookie expires. A negative value - * indicates that the cookie will be deleted when the browser exits. - */ - public static final String LOGIN_AUTH_COOKIE_EXPIRE_TIME = "login.auth.cookie.expire.time"; - private static final int LOGIN_AUTH_COOKIE_EXPIRE_TIME_DEFAULT = 180; // 3 minutes - private int loginAuthCookieExpireTime; - - private static final String USERNAME = "username"; - private static final String PASSWORD = "password"; - private static final String BACKURL = "backurl"; - - @Override - public void init() throws ServletException { - // Read in the login page html - String loginPageTemplateName = getInitParameter(LOGIN_PAGE_TEMPLATE_KEY); - if (loginPageTemplateName == null) { - loginPageTemplateName = LOGIN_PAGE_TEMPLATE_DEFAULT; - } - InputStream is = getClass().getClassLoader().getResourceAsStream(loginPageTemplateName); - if (is == null) { - throw new ServletException("Could not find resource [" + loginPageTemplateName + "]"); - } - try { - StringBuilder sb = new StringBuilder(); - BufferedReader br = new BufferedReader(new InputStreamReader(is)); - String line = br.readLine(); - while (line != null) { - sb.append(line).append("\n"); - line = br.readLine(); - } - br.close(); - loginPageTemplate = sb.toString(); - } catch (IOException ex) { - throw new ServletException("Could not read resource [" + loginPageTemplateName + "]"); - } - - // Read in the cookie expiration time - String cookieExpireTime = getInitParameter(LOGIN_AUTH_COOKIE_EXPIRE_TIME); - if (cookieExpireTime == null) { - loginAuthCookieExpireTime = LOGIN_AUTH_COOKIE_EXPIRE_TIME_DEFAULT; - } - else { - try { - loginAuthCookieExpireTime = Integer.parseInt(cookieExpireTime); - } - catch (NumberFormatException nfe) { - throw new ServletException(LOGIN_AUTH_COOKIE_EXPIRE_TIME + " must be a valid integer", nfe); - } - } - } - - protected void renderLoginPage(String message, String username, String backUrl, HttpServletResponse resp) - throws ServletException, IOException { - resp.setContentType("text/html"); - Writer writer = resp.getWriter(); - writer.write(MessageFormat.format(loginPageTemplate, message, username, backUrl)); - writer.close(); - } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - // Check for the optional username parameter - String username = req.getParameter(USERNAME); - if (username == null) { - username = ""; - } - // Check for the required backurl parameter - String backUrl = req.getParameter(BACKURL); - if (backUrl == null || backUrl.trim().isEmpty()) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "missing or invalid '" + BACKURL + "' parameter"); - } - else { - renderLoginPage("", username, backUrl, resp); - } - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - String backUrl = req.getParameter(BACKURL); - // Check for the required backurl parameter - if (backUrl == null || backUrl.trim().isEmpty()) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "missing or invalid '" + BACKURL + "' parameter"); - } else { - // Check for the requried username and password parameters - String username = req.getParameter(USERNAME); - String password = req.getParameter(PASSWORD); - if (username == null || username.trim().isEmpty()) { - renderLoginPage("<font color=\"red\">Error: Invalid Username or Password</font><br>", "", backUrl, resp); - } - else if (password == null || password.trim().isEmpty()) { - renderLoginPage("<font color=\"red\">Error: Invalid Username or Password</font><br>", username, backUrl, resp); - } - // Verify that the username and password are correct - else if (verifyPassword(username, password)) { - // If so, write the "oozie.web.login.auth" cookie and redirect back to the backurl - writeCookie(resp, username); - resp.sendRedirect(backUrl); - } else { - renderLoginPage("<font color=\"red\">Error: Invalid Username or Password</font><br>", username, backUrl, resp); - } - } - } - - /** - * Verify that the given username and password are correct. In this implementation, they are correct when they are equal, but - * a subclass can override this to provide a more complex/secure mechanism. - * - * @param username The username - * @param password The password - * @return true if verified, false if not - */ - protected boolean verifyPassword(String username, String password) { - return (username.equals(password)); - } - - /** - * Write the "oozie.web.login.auth" cookie containing the username. A subclass can override this to include more information - * into the cookie; though this will likely break compatibility with the ExampleAltAuthenticationHandler, so it would have to - * be extended as well. It is recommended that the cookie value be URL-encoded. - * - * @param resp The response - * @param username The username - * @throws UnsupportedEncodingException thrown when there is a problem encoding the username as the cookie value - */ - protected void writeCookie(HttpServletResponse resp, String username) throws UnsupportedEncodingException { - Cookie cookie = new Cookie("oozie.web.login.auth", URLEncoder.encode(username, "UTF-8")); - cookie.setPath("/"); - cookie.setMaxAge(loginAuthCookieExpireTime); - resp.addCookie(cookie); - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/resources/login-page-template.html ---------------------------------------------------------------------- diff --git a/login/src/main/resources/login-page-template.html b/login/src/main/resources/login-page-template.html deleted file mode 100644 index b6cf9ef..0000000 --- a/login/src/main/resources/login-page-template.html +++ /dev/null @@ -1,36 +0,0 @@ -<html> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<head> - <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> - <title>Oozie Web Console Login</title> -</head> -<body> -<img src="../oozie/oozie_50x.png" height="30"/> -<form name="input" action="/oozie-login/" method="POST"> - <fieldset> - <legend>Login to Oozie Web Console:</legend> - {0} - Username: <input type="text" size="30" name="username" value="{1}"><br> - Password: <input type="password" size="30" name="password"><br> - <input type="hidden" name="backurl" value="{2}"> - <input type="submit" value="Login"> - </fieldset> -</form> -</body> -</html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/webapp/META-INF/context.xml ---------------------------------------------------------------------- diff --git a/login/src/main/webapp/META-INF/context.xml b/login/src/main/webapp/META-INF/context.xml deleted file mode 100644 index 671c5e5..0000000 --- a/login/src/main/webapp/META-INF/context.xml +++ /dev/null @@ -1,19 +0,0 @@ -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<Context path="/oozie-login"> -</Context> http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/login/src/main/webapp/WEB-INF/web.xml b/login/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 4a18987..0000000 --- a/login/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,78 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> - -<web-app> - <display-name>Oozie Login</display-name> - - <servlet> - <servlet-name>login</servlet-name> - <display-name>Oozie Login</display-name> - <!-- Replace the following with "org.apache.oozie.servlet.login.LDAPLoginServlet" to use LDAP --> - <servlet-class>org.apache.oozie.servlet.login.LoginServlet</servlet-class> - <load-on-startup>1</load-on-startup> - - <!-- Uncomment to change the default values - <init-param> - <param-name>login.page.template</param-name> - <param-value>login-page-template.html</param-value> - <description> - Set the login page template used for both LoginServlet and LDAPLoginServlet. The file needs to be located in the - login/src/main/resources/ directory and should contain {0} for where error message go, {1} for where the username - included with a GET request goes, and {2} for where the "backurl" goes (redirects the user back to the oozie web - console). - </description> - </init-param> - <init-param> - <param-name>login.auth.cookie.expire.time</param-name> - <param-value>180</param-value> - <description> - Constant for the configuration property that indicates the expiration time (or max age) of the - "oozie.web.login.auth" cookie. It is given in seconds. A positive value indicates that the cookie will expire - after that many seconds have passed; make sure this value is high enough to allow the user to be forwarded to the - backurl before the cookie expires. A negative value indicates that the cookie will be deleted when the browser - exits. - </description> - </init-param> - --> - <!-- - <init-param> - <param-name>ldap.provider.url</param-name> - <param-value>ldap://localhost:389</param-value> - <description>The LDAP provider URL for the LDAPLoginServlet</description> - </init-param> - <init-param> - <param-name>ldap.context.factory</param-name> - <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> - <description>The LDAP context factory for the LDAPLoginServlet</description> - </init-param> - <init-param> - <param-name>ldap.security.authentication</param-name> - <param-value>simple</param-value> - <description>The security authentication type for the LDAPLoginServlet</description> - </init-param> - --> - </servlet> - - <servlet-mapping> - <servlet-name>login</servlet-name> - <url-pattern>/</url-pattern> - </servlet-mapping> - -</web-app> http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java b/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java deleted file mode 100644 index aa2c998..0000000 --- a/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java +++ /dev/null @@ -1,141 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.authentication; - -import java.net.URLEncoder; -import java.text.MessageFormat; -import java.util.Properties; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.apache.hadoop.security.authentication.client.AuthenticationException; -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.apache.oozie.service.Services; -import org.apache.oozie.test.XTestCase; -import org.mockito.Mockito; - -public class TestExampleAltAuthenticationHandler extends XTestCase { - - private ExampleAltAuthenticationHandler handler; - private final String redirectUrl = "http://foo:11000/oozie-login/?backurl={0}";; - - @Override - protected void setUp() throws Exception { - super.setUp(); - - new Services().init(); - Services.get().getConf().set("oozie.authentication.ExampleAltAuthenticationHandler.redirect.url", redirectUrl); - handler = new ExampleAltAuthenticationHandler(); - Properties props = new Properties(); - props.setProperty(ExampleAltAuthenticationHandler.PRINCIPAL, getOoziePrincipal()); - props.setProperty(ExampleAltAuthenticationHandler.KEYTAB, getKeytabFile()); - try { - handler.init(props); - } catch (Exception ex) { - handler = null; - throw ex; - } - } - - @Override - protected void tearDown() throws Exception { - if (handler != null) { - handler.destroy(); - handler = null; - } - Services.get().destroy(); - super.tearDown(); - } - - public void testRedirect() throws Exception { - String oozieBaseUrl = Services.get().getConf().get("oozie.base.url"); - String resolvedRedirectUrl = MessageFormat.format(redirectUrl, URLEncoder.encode(oozieBaseUrl, "ISO-8859-1")); - - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - - // A User-Agent without "java", "curl", "wget", or "perl" (default) in it is considered to be a browser - Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); - // Pretend the request URL is from oozie.base.url - Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(oozieBaseUrl)); - - // The HttpServletResponse needs to return the encoded redirect url - Mockito.when(response.encodeRedirectURL(resolvedRedirectUrl)).thenReturn(resolvedRedirectUrl); - - handler.authenticate(request, response); - Mockito.verify(response).sendRedirect(resolvedRedirectUrl); - } - - public void testAuthenticateCookie() throws Exception { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - - // A User-Agent without "java" in it is considered to be a browser - Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); - - // We need the request to return the auth cookie - Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"), - new Cookie("oozie.web.login.auth", "someUser")}; - Mockito.when(request.getCookies()).thenReturn(cookies); - - AuthenticationToken token = handler.authenticate(request, response); - assertEquals("someUser", token.getUserName()); - assertEquals("someUser", token.getName()); - assertEquals("alt-kerberos", token.getType()); - } - - // Some browsers or server implementations will quote cookie values, so test that behavior by repeating testAuthenticateCookie() - // but with "\"someUser\"" instead of "someUser" - public void testAuthenticateCookieQuoted() throws Exception { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - - // A User-Agent without "java" in it is considered to be a browser - Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); - - // We need the request to return the auth cookie - Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"), - new Cookie("oozie.web.login.auth", "\"someUser\"")}; - Mockito.when(request.getCookies()).thenReturn(cookies); - - AuthenticationToken token = handler.authenticate(request, response); - assertEquals("someUser", token.getUserName()); - assertEquals("someUser", token.getName()); - assertEquals("alt-kerberos", token.getType()); - } - - public void testAuthenticateCookieQuotedInvalid() throws Exception { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - - // A User-Agent without "java" in it is considered to be a browser - Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); - - // We need the request to return the auth cookie - Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"), - new Cookie("oozie.web.login.auth", "\"\"")}; - Mockito.when(request.getCookies()).thenReturn(cookies); - - try { - handler.authenticate(request, response); - } catch(AuthenticationException ae) { - assertEquals("Unable to parse authentication cookie", ae.getMessage()); - } - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java ---------------------------------------------------------------------- diff --git a/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java b/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java deleted file mode 100644 index 784041d..0000000 --- a/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java +++ /dev/null @@ -1,167 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.servlet.login; - -import java.io.File; -import java.net.HttpURLConnection; -import java.net.URL; -import java.text.MessageFormat; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.BasicAttribute; -import javax.naming.directory.BasicAttributes; -import javax.servlet.http.HttpServletResponse; -import org.apache.directory.server.core.configuration.MutablePartitionConfiguration; -import org.apache.directory.server.unit.AbstractServerTest; - -// LDAP stuff based on https://cwiki.apache.org/DIRxSRVx10/using-apacheds-for-unit-tests.html -// The default admin user for Apache DS is "uid=admin,ou=system" and password is "secret" -public class TestLDAPLoginServlet extends AbstractServerTest { - - // We need to subclass the AbstractServerTest to get the LDAP stuff, so we'll have to do a wrapper to inherit the - // TestLoginServlet tests instead of subclassing it - TestLoginServlet tls = new TestLoginServlet() { - @Override - protected Class getServletClass() { - // Make the TestLoginServlet use LDAPLoginServlet instead of LoginServlet - return LDAPLoginServlet.class; - } - - @Override - protected Map<String, String> getInitParameters() { - // Configure for LDAP tests - HashMap<String, String> initParams = new HashMap<String, String>(); - initParams.put("ldap.provider.url", "o=test"); - initParams.put("ldap.context.factory", "org.apache.directory.server.jndi.ServerContextFactory"); - return initParams; - } - }; - - @Override - public void setUp() throws Exception { - // Add partition 'test' - MutablePartitionConfiguration pcfg = new MutablePartitionConfiguration(); - pcfg.setName("test"); - pcfg.setSuffix("o=test"); - - // Create some indices - Set<String> indexedAttrs = new HashSet<String>(); - indexedAttrs.add("objectClass"); - indexedAttrs.add("o"); - pcfg.setIndexedAttributes(indexedAttrs); - - // Create a first entry associated to the partition - Attributes attrs = new BasicAttributes(true); - - // First, the objectClass attribute - Attribute attr = new BasicAttribute("objectClass"); - attr.add("top"); - attr.add("organization"); - attrs.put(attr); - - // The the 'Organization' attribute - attr = new BasicAttribute("o"); - attr.add("test"); - attrs.put(attr); - - // Associate this entry to the partition - pcfg.setContextEntry(attrs); - - // As we can create more than one partition, we must store - // each created partition in a Set before initialization - Set<MutablePartitionConfiguration> pcfgs = new HashSet<MutablePartitionConfiguration>(); - pcfgs.add(pcfg); - - configuration.setContextPartitionConfigurations(pcfgs); - - // Create a working directory - File workingDirectory = new File("server-work"); - configuration.setWorkingDirectory(workingDirectory); - - // Now, let's call the super class which is responsible for the - // partitions creation - super.setUp(); - - // setUp the TestLoginServlet - tls.setUp(); - } - - public void testGetMissingBackurl() throws Exception { - tls.testGetMissingBackurl(); - } - - public void testGetSuccess() throws Exception { - tls.testGetSuccess(); - } - - public void testPostMissingBackurl() throws Exception { - tls.testPostMissingBackurl(); - } - - public void testPostMissingUsernamePassword() throws Exception { - tls.testPostMissingUsernamePassword(); - } - - public void testPostInvalidUsernamePassword() throws Exception { - // Valid username, invalid password - URL url = new URL(tls.container.getServletURL("/") - + "?backurl=http://foo:11000/oozie&username=uid=admin,ou=system&password=bar";); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - String html = tls.getHTML(conn); - assertEquals(MessageFormat.format(TestLoginServlet.loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", - "uid=admin,ou=system", "http://foo:11000/oozie";), html); - - // InValid username, valid password - url = new URL(tls.container.getServletURL("/") - + "?backurl=http://foo:11000/oozie&username=foo&password=secret";); - conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - html = tls.getHTML(conn); - assertEquals(MessageFormat.format(TestLoginServlet.loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", "foo", "http://foo:11000/oozie";), html); - } - - public void testPostSuccess() throws Exception { - // Now that its actually going to work successfully, the backurl needs to go somewhere real; about:blank provides a - // convinient location that doesn't require internet access or another servlet running locally - URL url = new URL(tls.container.getServletURL("/") + "?backurl=about:blank&username=uid=admin,ou=system&password=secret"); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode()); - String cookies = tls.getCookies(conn); - String username = tls.getUsernameFromCookies(cookies); - assertEquals("uid=admin,ou=system", username); - } - - @Override - public void tearDown() throws Exception { - // tear down the TestLoginServlet - tls.tearDown(); - - super.tearDown(); - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java ---------------------------------------------------------------------- diff --git a/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java b/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java deleted file mode 100644 index e3fc70b..0000000 --- a/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java +++ /dev/null @@ -1,213 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.oozie.servlet.login; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.UnsupportedEncodingException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.net.URLDecoder; -import java.text.MessageFormat; -import java.util.List; -import java.util.Map; -import javax.servlet.http.HttpServletResponse; -import junit.framework.TestCase; -import org.apache.oozie.test.EmbeddedServletContainer; - -public class TestLoginServlet extends TestCase { - - protected EmbeddedServletContainer container; - protected static String loginPageTemplate; - - static { - try { - StringBuilder sb = new StringBuilder(); - InputStream is = new FileInputStream(new File("src/main/resources/login-page-template.html")); - BufferedReader br = new BufferedReader(new InputStreamReader(is)); - String line = br.readLine(); - while (line != null) { - sb.append(line).append("\n"); - line = br.readLine(); - } - br.close(); - loginPageTemplate = sb.toString(); - } catch (IOException ex) { - ex.printStackTrace(); - fail("Unable to read login-page-template.html"); - } - } - - protected Class getServletClass() { - return LoginServlet.class; - } - - protected Map<String, String> getInitParameters() { - return null; - } - - @Override - protected void setUp() throws Exception { - super.setUp(); - container = new EmbeddedServletContainer("oozie-login"); - container.addServletEndpoint("/", getServletClass(), getInitParameters()); - container.start(); - } - - @Override - protected void tearDown() throws Exception { - if (container != null) { - container.stop(); - } - super.tearDown(); - } - - public void testGetMissingBackurl() throws Exception { - URL url = new URL(container.getServletURL("/")); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("GET"); - assertEquals(HttpServletResponse.SC_BAD_REQUEST, conn.getResponseCode()); - assertEquals("missing or invalid 'backurl' parameter", conn.getResponseMessage()); - } - - public void testGetSuccess() throws Exception { - URL url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie";); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("GET"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - String html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, "", "", "http://foo:11000/oozie";), html); - - // With optional username parameter - url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie&username=foo";); - conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("GET"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, "", "foo", "http://foo:11000/oozie";), html); - } - - public void testPostMissingBackurl() throws Exception { - // Missing all - URL url = new URL(container.getServletURL("/")); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_BAD_REQUEST, conn.getResponseCode()); - assertEquals("missing or invalid 'backurl' parameter", conn.getResponseMessage()); - - // Missing only backurl - url = new URL(container.getServletURL("/") + "?username=foo&password=bar"); - conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_BAD_REQUEST, conn.getResponseCode()); - assertEquals("missing or invalid 'backurl' parameter", conn.getResponseMessage()); - } - - public void testPostMissingUsernamePassword() throws Exception { - // Missing password - URL url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie&username=foo";); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - String html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", "foo", "http://foo:11000/oozie";), html); - - // Missing username - url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie&password=bar";); - conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", "", "http://foo:11000/oozie";), html); - - // Missing both - url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie";); - conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", "", "http://foo:11000/oozie";), html); - } - - public void testPostInvalidUsernamePassword() throws Exception { - URL url = new URL(container.getServletURL("/") + "?backurl=http://foo:11000/oozie&username=foo&password=bar";); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); - String html = getHTML(conn); - assertEquals(MessageFormat.format(loginPageTemplate, - "<font color=\"red\">Error: Invalid Username or Password</font><br>", "foo", "http://foo:11000/oozie";), html); - } - - public void testPostSuccess() throws Exception { - // Now that its actually going to work successfully, the backurl needs to go somewhere real; about:blank provides a - // convinient location that doesn't require internet access or another servlet running locally - URL url = new URL(container.getServletURL("/") + "?backurl=about:blank&username=foo&password=foo"); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("POST"); - assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode()); - String cookies = getCookies(conn); - String username = getUsernameFromCookies(cookies); - assertEquals("foo", username); - } - - protected String getHTML(HttpURLConnection conn) throws Exception { - BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream())); - String line; - StringBuilder htmlBuilder = new StringBuilder(); - while ((line = br.readLine()) != null) { - htmlBuilder.append(line); - htmlBuilder.append("\n"); - } - br.close(); - return htmlBuilder.toString(); - } - - protected String getCookies(HttpURLConnection conn) throws Exception { - Map<String, List<String>> headers = conn.getHeaderFields(); - for (String key : headers.keySet()) { - if (key != null && key.equals("Set-Cookie")) { - List<String> cookies = headers.get(key); - return cookies.get(0); - } - } - return null; - } - - protected String getUsernameFromCookies(String cookies) throws UnsupportedEncodingException { - String[] cookiesSplit = cookies.split(";"); - for (String split : cookiesSplit) { - if (split.startsWith("oozie.web.login.auth=")) { - String value = split.substring("oozie.web.login.auth=".length()); - if (value.startsWith("\"") && value.endsWith("\"")) { - value = value.substring(1, value.length() - 1); - } - return URLDecoder.decode(value, "UTF-8"); - } - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 0cb5c78..15f4195 100644 --- a/pom.xml +++ b/pom.xml @@ -1983,15 +1983,6 @@ </properties> </profile> <profile> - <id>loginServerExample</id> - <activation> - <activeByDefault>false</activeByDefault> - </activation> - <modules> - <module>login</module> - </modules> - </profile> - <profile> <id>spark-1</id> <activation> <activeByDefault>true</activeByDefault> http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 21cc717..346a5ef 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.4.0 release (trunk - unreleased) +OOZIE-2732 Remove login server example (rkanter via abhishekbafna) OOZIE-2756 Extend HTTPS configuration settings for embedded Jetty (asasvari via abhishekbafna) OOZIE-2727 OozieDBCLI creates temporary directories and do not delete them (gezapeti via rkanter) OOZIE-2728 Typo in Error E0405 (gezapeti via rkanter) http://git-wip-us.apache.org/repos/asf/oozie/blob/2a1ba196/src/main/assemblies/distro.xml ---------------------------------------------------------------------- diff --git a/src/main/assemblies/distro.xml b/src/main/assemblies/distro.xml index 6e3db57..fa733cc 100644 --- a/src/main/assemblies/distro.xml +++ b/src/main/assemblies/distro.xml @@ -76,16 +76,6 @@ <include>*</include> </includes> </fileSet> - <!-- Oozie Login Server Example war and jar --> - <fileSet> - <directory>${basedir}/../login/target</directory> - <outputDirectory>/</outputDirectory> - <includes> - <include>oozie-login.war</include> - <include>oozie-login.jar</include> - </includes> - <fileMode>0555</fileMode> - </fileSet> <!-- Oozie Server - embedded jetty --> <fileSet> <directory>${basedir}/../server/target/</directory>
