/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hdfsproxy;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
import java.util.ArrayList;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.cactus.FilterTestCase;
import org.apache.cactus.WebRequest;
import org.apache.cactus.WebResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.Path;
public class TestAuthorizationFilter extends FilterTestCase {
public static final Log LOG = LogFactory.getLog(TestAuthorizationFilter.class);
private class DummyFilterChain implements FilterChain {
public void doFilter(ServletRequest theRequest, ServletResponse theResponse)
throws IOException, ServletException {
PrintWriter writer = theResponse.getWriter();
writer.print("<p>some content</p>");
writer.close();
}
public void init(FilterConfig theConfig) {
}
public void destroy() {
}
}
private class ConfiguredAuthorizationFilter extends AuthorizationFilter {
private ConfiguredAuthorizationFilter(String nameNode) {
this.namenode = nameNode;
}
}
public void beginPathRestriction(WebRequest theRequest) {
theRequest.setURL("proxy-test:0", null, "/streamFile", null,
"filename=/nontestdir");
}
public void testPathRestriction() throws ServletException, IOException {
AuthorizationFilter filter = new
ConfiguredAuthorizationFilter("hdfs://apache.org");
request.setRemoteIPAddress("127.0.0.1");
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
System.getProperty("user.name"));
List<Path> paths = new ArrayList<Path>();
paths.add(new Path("/deny"));
paths.add(new Path("hdfs://test:100/deny"));
paths.add(new Path("hdfs://test/deny"));
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
paths);
FilterChain mockFilterChain = new DummyFilterChain();
filter.doFilter(request, response, mockFilterChain);
}
public void endPathRestriction(WebResponse theResponse) {
assertEquals(theResponse.getStatusCode(), 403);
assertTrue("Text missing 'User not authorized to access path' : : ["
+ theResponse.getText() + "]", theResponse.getText().indexOf(
"is not authorized to access path") > 0);
}
public void beginPathPermit(WebRequest theRequest) {
theRequest.setURL("proxy-test:0", null, "/streamFile", null,
"filename=/data/file");
}
public void testPathPermit() throws ServletException, IOException {
AuthorizationFilter filter = new
ConfiguredAuthorizationFilter("hdfs://apache.org");
request.setRemoteIPAddress("127.0.0.1");
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
System.getProperty("user.name"));
List<Path> paths = new ArrayList<Path>();
paths.add(new Path("/data"));
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
paths);
FilterChain mockFilterChain = new DummyFilterChain();
filter.doFilter(request, response, mockFilterChain);
}
public void endPathPermit(WebResponse theResponse) {
assertEquals(theResponse.getStatusCode(), 200);
}
public void beginPathPermitQualified(WebRequest theRequest) {
theRequest.setURL("proxy-test:0", null, "/streamFile", null,
"filename=/data/file");
}
public void testPathPermitQualified() throws ServletException, IOException {
AuthorizationFilter filter = new
ConfiguredAuthorizationFilter("hdfs://apache.org");
request.setRemoteIPAddress("127.0.0.1");
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
System.getProperty("user.name"));
List<Path> paths = new ArrayList<Path>();
paths.add(new Path("hdfs://apache.org/data"));
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
paths);
FilterChain mockFilterChain = new DummyFilterChain();
filter.doFilter(request, response, mockFilterChain);
}
public void endPathPermitQualified(WebResponse theResponse) {
assertEquals(theResponse.getStatusCode(), 200);
}
public void beginPathQualifiediReject(WebRequest theRequest) {
theRequest.setURL("proxy-test:0", null, "/streamFile", null,
"filename=/data/file");
}
public void testPathQualifiedReject() throws ServletException, IOException {
AuthorizationFilter filter = new
ConfiguredAuthorizationFilter("hdfs://apache.org:1111");
request.setRemoteIPAddress("127.0.0.1");
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
System.getProperty("user.name"));
List<Path> paths = new ArrayList<Path>();
paths.add(new Path("hdfs://apache.org:2222/data"));
request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
paths);
FilterChain mockFilterChain = new DummyFilterChain();
filter.doFilter(request, response, mockFilterChain);
}
public void endPathQualifiedReject(WebResponse theResponse) {
assertEquals(theResponse.getStatusCode(), 403);
}
}