Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.provider;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotSame;
022import static org.junit.Assert.assertSame;
023import static org.junit.Assert.assertTrue;
024
025import java.io.IOException;
026import java.util.HashMap;
027import java.util.Map;
028
029import org.apache.hadoop.conf.Configuration;
030import org.apache.hadoop.hbase.HBaseClassTestRule;
031import org.apache.hadoop.hbase.HBaseConfiguration;
032import org.apache.hadoop.hbase.testclassification.SecurityTests;
033import org.apache.hadoop.hbase.testclassification.SmallTests;
034import org.apache.hadoop.security.UserGroupInformation;
035import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
036import org.apache.hadoop.security.token.SecretManager;
037import org.apache.hadoop.security.token.TokenIdentifier;
038import org.junit.Before;
039import org.junit.ClassRule;
040import org.junit.Test;
041import org.junit.experimental.categories.Category;
042
043@Category({SmallTests.class, SecurityTests.class})
044public class TestSaslServerAuthenticationProviders {
045
046  @ClassRule
047  public static final HBaseClassTestRule CLASS_RULE =
048      HBaseClassTestRule.forClass(TestSaslServerAuthenticationProviders.class);
049
050  @Before
051  public void reset() {
052    // Clear out any potentially bogus state from the providers class
053    SaslServerAuthenticationProviders.reset();
054  }
055
056  @Test
057  public void testCannotAddTheSameProviderTwice() {
058    HashMap<Byte,SaslServerAuthenticationProvider> registeredProviders = new HashMap<>();
059    SimpleSaslServerAuthenticationProvider p1 = new SimpleSaslServerAuthenticationProvider();
060    SimpleSaslServerAuthenticationProvider p2 = new SimpleSaslServerAuthenticationProvider();
061
062    SaslServerAuthenticationProviders.addProviderIfNotExists(p1, registeredProviders);
063    assertEquals(1, registeredProviders.size());
064
065    try {
066      SaslServerAuthenticationProviders.addProviderIfNotExists(p2, registeredProviders);
067    } catch (RuntimeException e) {}
068
069    assertSame("Expected the original provider to be present", p1,
070        registeredProviders.entrySet().iterator().next().getValue());
071  }
072
073  @Test
074  public void testInstanceIsCached() {
075    Configuration conf = HBaseConfiguration.create();
076    SaslServerAuthenticationProviders providers1 =
077        SaslServerAuthenticationProviders.getInstance(conf);
078    SaslServerAuthenticationProviders providers2 =
079        SaslServerAuthenticationProviders.getInstance(conf);
080    assertSame(providers1, providers2);
081
082    SaslServerAuthenticationProviders.reset();
083
084    SaslServerAuthenticationProviders providers3 =
085        SaslServerAuthenticationProviders.getInstance(conf);
086    assertNotSame(providers1, providers3);
087    assertEquals(providers1.getNumRegisteredProviders(), providers3.getNumRegisteredProviders());
088  }
089
090  @Test
091  public void instancesAreInitialized() {
092    Configuration conf = HBaseConfiguration.create();
093    conf.set(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
094        InitCheckingSaslServerAuthenticationProvider.class.getName());
095
096    SaslServerAuthenticationProviders providers =
097        SaslServerAuthenticationProviders.getInstance(conf);
098
099    SaslServerAuthenticationProvider provider =
100        providers.selectProvider(InitCheckingSaslServerAuthenticationProvider.ID);
101    assertEquals(InitCheckingSaslServerAuthenticationProvider.class, provider.getClass());
102
103    assertTrue("Provider was not inititalized",
104        ((InitCheckingSaslServerAuthenticationProvider) provider).isInitialized());
105  }
106
107  public static class InitCheckingSaslServerAuthenticationProvider
108      implements SaslServerAuthenticationProvider {
109    public static final byte ID = (byte)88;
110    private boolean initialized = false;
111
112    public synchronized void init(Configuration conf) {
113      this.initialized = true;
114    }
115
116    public synchronized boolean isInitialized() {
117      return initialized;
118    }
119
120    @Override
121    public SaslAuthMethod getSaslAuthMethod() {
122      return new SaslAuthMethod("INIT_CHECKING", ID, "DIGEST-MD5", AuthenticationMethod.TOKEN);
123    }
124
125    @Override
126    public String getTokenKind() {
127      return "INIT_CHECKING_TOKEN";
128    }
129
130    @Override
131    public AttemptingUserProvidingSaslServer createServer(
132        SecretManager<TokenIdentifier> secretManager,
133        Map<String, String> saslProps) throws IOException {
134      throw new UnsupportedOperationException();
135    }
136
137    @Override
138    public boolean supportsProtocolAuthentication() {
139      return false;
140    }
141
142    @Override
143    public UserGroupInformation getAuthorizedUgi(
144        String authzId, SecretManager<TokenIdentifier> secretManager)
145        throws IOException {
146      throw new UnsupportedOperationException();
147    }
148  }
149}