Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.provider;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotSame;
022import static org.junit.Assert.assertSame;
023import static org.junit.Assert.assertTrue;
024
025import java.io.IOException;
026import java.util.HashMap;
027import java.util.Map;
028import org.apache.hadoop.conf.Configuration;
029import org.apache.hadoop.hbase.HBaseClassTestRule;
030import org.apache.hadoop.hbase.HBaseConfiguration;
031import org.apache.hadoop.hbase.testclassification.SecurityTests;
032import org.apache.hadoop.hbase.testclassification.SmallTests;
033import org.apache.hadoop.security.UserGroupInformation;
034import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
035import org.apache.hadoop.security.token.SecretManager;
036import org.apache.hadoop.security.token.TokenIdentifier;
037import org.junit.Before;
038import org.junit.ClassRule;
039import org.junit.Test;
040import org.junit.experimental.categories.Category;
041
042@Category({ SmallTests.class, SecurityTests.class })
043public class TestSaslServerAuthenticationProviders {
044
045  @ClassRule
046  public static final HBaseClassTestRule CLASS_RULE =
047    HBaseClassTestRule.forClass(TestSaslServerAuthenticationProviders.class);
048
049  @Before
050  public void reset() {
051    // Clear out any potentially bogus state from the providers class
052    SaslServerAuthenticationProviders.reset();
053  }
054
055  @Test
056  public void testCannotAddTheSameProviderTwice() {
057    HashMap<Byte, SaslServerAuthenticationProvider> registeredProviders = new HashMap<>();
058    SimpleSaslServerAuthenticationProvider p1 = new SimpleSaslServerAuthenticationProvider();
059    SimpleSaslServerAuthenticationProvider p2 = new SimpleSaslServerAuthenticationProvider();
060
061    SaslServerAuthenticationProviders.addProviderIfNotExists(p1, registeredProviders);
062    assertEquals(1, registeredProviders.size());
063
064    try {
065      SaslServerAuthenticationProviders.addProviderIfNotExists(p2, registeredProviders);
066    } catch (RuntimeException e) {
067    }
068
069    assertSame("Expected the original provider to be present", p1,
070      registeredProviders.entrySet().iterator().next().getValue());
071  }
072
073  @Test
074  public void testInstanceIsCached() {
075    Configuration conf = HBaseConfiguration.create();
076    SaslServerAuthenticationProviders providers1 =
077      SaslServerAuthenticationProviders.getInstance(conf);
078    SaslServerAuthenticationProviders providers2 =
079      SaslServerAuthenticationProviders.getInstance(conf);
080    assertSame(providers1, providers2);
081
082    SaslServerAuthenticationProviders.reset();
083
084    SaslServerAuthenticationProviders providers3 =
085      SaslServerAuthenticationProviders.getInstance(conf);
086    assertNotSame(providers1, providers3);
087    assertEquals(providers1.getNumRegisteredProviders(), providers3.getNumRegisteredProviders());
088  }
089
090  @Test
091  public void instancesAreInitialized() {
092    Configuration conf = HBaseConfiguration.create();
093    conf.set(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
094      InitCheckingSaslServerAuthenticationProvider.class.getName());
095
096    SaslServerAuthenticationProviders providers =
097      SaslServerAuthenticationProviders.getInstance(conf);
098
099    SaslServerAuthenticationProvider provider =
100      providers.selectProvider(InitCheckingSaslServerAuthenticationProvider.ID);
101    assertEquals(InitCheckingSaslServerAuthenticationProvider.class, provider.getClass());
102
103    assertTrue("Provider was not inititalized",
104      ((InitCheckingSaslServerAuthenticationProvider) provider).isInitialized());
105  }
106
107  public static class InitCheckingSaslServerAuthenticationProvider
108    implements SaslServerAuthenticationProvider {
109    public static final byte ID = (byte) 88;
110    private boolean initialized = false;
111
112    public synchronized void init(Configuration conf) {
113      this.initialized = true;
114    }
115
116    public synchronized boolean isInitialized() {
117      return initialized;
118    }
119
120    @Override
121    public SaslAuthMethod getSaslAuthMethod() {
122      return new SaslAuthMethod("INIT_CHECKING", ID, "DIGEST-MD5", AuthenticationMethod.TOKEN);
123    }
124
125    @Override
126    public String getTokenKind() {
127      return "INIT_CHECKING_TOKEN";
128    }
129
130    @Override
131    public AttemptingUserProvidingSaslServer
132      createServer(SecretManager<TokenIdentifier> secretManager, Map<String, String> saslProps)
133        throws IOException {
134      throw new UnsupportedOperationException();
135    }
136
137    @Override
138    public boolean supportsProtocolAuthentication() {
139      return false;
140    }
141
142    @Override
143    public UserGroupInformation getAuthorizedUgi(String authzId,
144      SecretManager<TokenIdentifier> secretManager) throws IOException {
145      throw new UnsupportedOperationException();
146    }
147  }
148}