FAQ
Repository: hive
Updated Branches:
   refs/heads/master 664c5d561 -> 1afa8e7e1


HIVE-11866: Add framework to enable testing using LDAPServer using LDAP protocol (Naveen Gangam, via Chaoyu Tang, reviewed by Xuefu Zhang)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/1afa8e7e
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/1afa8e7e
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/1afa8e7e

Branch: refs/heads/master
Commit: 1afa8e7e1d0a39891445c3c2c03f44b3c26c8390
Parents: 664c5d5
Author: ctang <ctang@cloudera.com>
Authored: Thu Feb 11 13:36:40 2016 -0500
Committer: ctang <ctang@cloudera.com>
Committed: Thu Feb 11 13:36:40 2016 -0500

----------------------------------------------------------------------
  pom.xml | 2 +
  service/pom.xml | 22 +-
  .../auth/LdapAuthenticationProviderImpl.java | 32 +-
  .../auth/TestLdapAtnProviderWithMiniDS.java | 311 +++++++++++++++++++
  4 files changed, 352 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/1afa8e7e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2bda92f..15e3522 100644
--- a/pom.xml
+++ b/pom.xml
@@ -107,6 +107,8 @@
      <activemq.version>5.5.0</activemq.version>
      <ant.version>1.9.1</ant.version>
      <antlr.version>3.4</antlr.version>
+ <apache-directory-server.version>1.5.6</apache-directory-server.version>
+ <apache-directory-clientapi.version>0.1</apache-directory-clientapi.version>
      <avro.version>1.7.7</avro.version>
      <bonecp.version>0.8.0.RELEASE</bonecp.version>
      <calcite.version>1.6.0</calcite.version>

http://git-wip-us.apache.org/repos/asf/hive/blob/1afa8e7e/service/pom.xml
----------------------------------------------------------------------
diff --git a/service/pom.xml b/service/pom.xml
index e3f61d0..41a4ef1 100644
--- a/service/pom.xml
+++ b/service/pom.xml
@@ -156,6 +156,27 @@
        <version>${junit.version}</version>
        <scope>test</scope>
      </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.client.ldap</groupId>
+ <artifactId>ldap-client-api</artifactId>
+ <version>${apache-directory-clientapi.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-integ</artifactId>
+ <version>${apache-directory-server.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-test-framework</artifactId>
+ <version>${apache-directory-server.version}</version>
+ <scope>test</scope>
+ </dependency>
    </dependencies>

    <build>
@@ -279,5 +300,4 @@
        </plugin>
      </plugins>
    </build>
-
  </project>

http://git-wip-us.apache.org/repos/asf/hive/blob/1afa8e7e/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
index bddfe50..1d4aba2 100644
--- a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
+++ b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
@@ -43,29 +43,33 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticationProviderImpl.class);
    private static final String DN_ATTR = "distinguishedName";

- private final String ldapURL;
- private final String baseDN;
- private final String ldapDomain;
+ private String ldapURL;
+ private String baseDN;
+ private String ldapDomain;
    private static List<String> groupBases;
    private static List<String> userBases;
    private static List<String> userFilter;
    private static List<String> groupFilter;
- private final String customQuery;
+ private String customQuery;

    LdapAuthenticationProviderImpl() {
      HiveConf conf = new HiveConf();
- ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
- baseDN = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
- ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
- customQuery = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY);
+ init(conf);
+ }
+
+ protected void init(HiveConf conf) {
+ ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
+ baseDN = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
+ ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
+ customQuery = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY);

      if (customQuery == null) {
- groupBases = new ArrayList<String>();
- userBases = new ArrayList<String>();
- String groupDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN);
- String groupFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER);
- String userDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN);
- String userFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER);
+ groupBases = new ArrayList<String>();
+ userBases = new ArrayList<String>();
+ String groupDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN);
+ String groupFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER);
+ String userDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN);
+ String userFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER);

        // parse COLON delimited root DNs for users/groups that may or may not be under BaseDN.
        // Expect the root DNs be fully qualified including the baseDN

http://git-wip-us.apache.org/repos/asf/hive/blob/1afa8e7e/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
----------------------------------------------------------------------
diff --git a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
new file mode 100644
index 0000000..934b207
--- /dev/null
+++ b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
@@ -0,0 +1,311 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.hive.service.auth;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Iterator;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.ldap.LdapContext;
+import javax.security.sasl.AuthenticationException;
+
+import static org.apache.directory.server.integ.ServerIntegrationUtils.getWiredContext;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.ContextEntry;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.ldap.LdapServer;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hive.service.auth.LdapAuthenticationProviderImpl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * TestSuite to test Hive's LDAP Authentication provider with an
+ * in-process LDAP Server (Apache Directory Server instance).
+ *
+ */
+@RunWith(FrameworkRunner.class)
+@CreateLdapServer(transports =
+ { @CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS") })
+// Define the DirectoryService
+@CreateDS(
+partitions = {
+ @CreatePartition(
+ name = "example",
+ suffix = "dc=example,dc=com",
+ contextEntry = @ContextEntry(
+ entryLdif = "dn: dc=example,dc=com\n" +
+ "dc: example\n" +
+ "objectClass: top\n" +
+ "objectClass: domain\n\n"
+ ),
+ indexes = {
+ @CreateIndex( attribute = "objectClass" ),
+ @CreateIndex( attribute = "dc" ),
+ @CreateIndex( attribute = "ou"),
+ @CreateIndex( attribute = "distinguishedName")
+ } )
+ }
+)
+
+@ApplyLdifs(
+ {
+ "dn: ou=People,dc=example,dc=com",
+ "distinguishedName: ou=People,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "objectClass: ExtensibleObject",
+ "ou: People",
+ "description: Contains entries which describe persons (seamen)",
+
+ "dn: ou=Groups,dc=example,dc=com",
+ "distinguishedName: ou=Groups,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "objectClass: ExtensibleObject",
+ "ou: Groups",
+ "description: Contains entries which describe groups (crews, for instance)",
+
+ "dn: uid=group1,ou=Groups,dc=example,dc=com",
+ "distinguishedName: uid=group1,ou=Groups,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "objectClass: ExtensibleObject",
+ "cn: group1",
+ "ou: Groups",
+ "sn: group1",
+
+ "dn: uid=group2,ou=Groups,dc=example,dc=com",
+ "distinguishedName: uid=group2,ou=Groups,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "objectClass: ExtensibleObject",
+ "givenName: Group2",
+ "ou: Groups",
+ "cn: group1",
+ "sn: group1",
+
+ "dn: uid=user1,ou=People,dc=example,dc=com",
+ "distinguishedName: uid=user1,ou=People,dc=example,dc=com",
+ "objectClass: inetOrgPerson",
+ "objectClass: person",
+ "objectClass: top",
+ "objectClass: ExtensibleObject",
+ "givenName: Test1",
+ "cn: Test User1",
+ "sn: user1",
+ "uid: user1",
+ "userPassword: user1",
+
+ "dn: uid=user2,ou=People,dc=example,dc=com",
+ "distinguishedName: uid=user2,ou=People,dc=example,dc=com",
+ "objectClass: inetOrgPerson",
+ "objectClass: person",
+ "objectClass: top",
+ "objectClass: ExtensibleObject",
+ "givenName: Test2",
+ "cn: Test User2",
+ "sn: user2",
+ "uid: user2",
+ "userPassword: user2"
+})
+
+public class TestLdapAtnProviderWithMiniDS extends AbstractLdapTestUnit {
+
+ private static String ldapUrl;
+ private static LdapServer server;
+ private static HiveConf hiveConf;
+ private static byte[] hiveConfBackup;
+ private static LdapContext ctx;
+ private static LdapAuthenticationProviderImpl ldapProvider;
+
+ @Before
+ public void setup() throws Exception {
+ ctx = ( LdapContext ) getWiredContext( ldapServer, null ).lookup( "dc=example,dc=com" );
+ }
+
+ @After
+ public void shutdown() throws Exception {
+ }
+
+ @BeforeClass
+ public static void init() throws Exception {
+ hiveConf = new HiveConf();
+
+ ldapProvider = new LdapAuthenticationProviderImpl();
+ ldapProvider.init(hiveConf);
+ }
+
+ @AfterClass
+ public static void tearDown() throws Exception {
+ if (ldapServer.isStarted()) {
+ ldapServer.stop();
+ }
+ }
+
+ private static void initLdapAtn(Map<String, String> hiveProperties)
+ throws Exception {
+ hiveConf = new HiveConf();
+
+ int port;
+ if (ldapUrl == null) {
+ port = ldapServer.getPort();
+ ldapUrl = new String("ldap://localhost:" + port);
+ }
+
+ hiveConf.set("hive.root.logger", "DEBUG,console");
+ hiveConf.set("hive.server2.authentication.ldap.url", ldapUrl);
+
+ if (hiveProperties != null) {
+ String key;
+ String value;
+ Iterator<String> iter = hiveProperties.keySet().iterator();
+ while (iter.hasNext()) {
+ key = iter.next();
+ value = hiveProperties.get(key);
+ hiveConf.set(key, value);
+ }
+ }
+
+ ldapProvider.init(hiveConf);
+ }
+
+ @Test
+ public void testLDAPServer() throws Exception {
+ initLdapAtn(null);
+ assertTrue(ldapServer.isStarted());
+ assertTrue(ldapServer.getPort() > 0);
+ }
+
+ @Test
+ public void testUserBindPositiveWithShortname() throws Exception {
+ Map<String, String> ldapProperties = new HashMap<String, String>();
+ ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com");
+ ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com");
+ initLdapAtn(ldapProperties);
+ String user;
+
+ user = "user1";
+ try {
+ ldapProvider.Authenticate(user, "user1");
+ assertTrue("testUserBindPositive: Authentication succeeded for user1 as expected", true);
+ } catch (AuthenticationException e) {
+ Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user1, expected to succeed");
+ }
+
+ user = "user2";
+ try {
+ ldapProvider.Authenticate(user, "user2");
+ assertTrue("testUserBindPositive: Authentication succeeded for user2 as expected", true);
+ } catch (AuthenticationException e) {
+ Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user2, expected to succeed");
+ }
+ }
+
+ @Test
+ public void testUserBindPositiveWithShortnameOldConfig() throws Exception {
+ Map<String, String> ldapProperties = new HashMap<String, String>();
+ ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com");
+ initLdapAtn(ldapProperties);
+ String user;
+
+ user = "user1";
+ try {
+ ldapProvider.Authenticate(user, "user1");
+ assertTrue("testUserBindPositive: Authentication succeeded for user1 as expected", true);
+ } catch (AuthenticationException e) {
+ Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user1, expected to succeed");
+ }
+
+ user = "user2";
+ try {
+ ldapProvider.Authenticate(user, "user2");
+ assertTrue("testUserBindPositive: Authentication succeeded for user2 as expected", true);
+ } catch (AuthenticationException e) {
+ Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user2, expected to succeed");
+ }
+ }
+
+ @Test
+ public void testUserBindNegativeWithShortname() throws Exception {
+ Map<String, String> ldapProperties = new HashMap<String, String>();
+ ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com");
+ ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com");
+ initLdapAtn(ldapProperties);
+
+ try {
+ ldapProvider.Authenticate("user1", "user2");
+ Assert.fail("testUserBindNegative: Authentication succeeded for user1 with password user2, expected to fail");
+ } catch (AuthenticationException e) {
+ assertTrue("testUserBindNegative: Authentication failed for user1 as expected", true);
+ }
+
+ try {
+ ldapProvider.Authenticate("user2", "user");
+ Assert.fail("testUserBindNegative: Authentication failed for user2 with password user, expected to fail");
+ } catch (AuthenticationException e) {
+ assertTrue("testUserBindNegative: Authentication failed for user2 as expected", true);
+ }
+ }
+
+ @Test
+ public void testUserBindNegativeWithShortnameOldConfig() throws Exception {
+ Map<String, String> ldapProperties = new HashMap<String, String>();
+ ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com");
+ initLdapAtn(ldapProperties);
+
+ try {
+ ldapProvider.Authenticate("user1", "user2");
+ Assert.fail("testUserBindNegative: Authentication succeeded for user1 with password user2, expected to fail");
+ } catch (AuthenticationException e) {
+ assertTrue("testUserBindNegative: Authentication failed for user1 as expected", true);
+ }
+
+ try {
+ ldapProvider.Authenticate("user2", "user");
+ Assert.fail("testUserBindNegative: Authentication failed for user2 with password user, expected to fail");
+ } catch (AuthenticationException e) {
+ assertTrue("testUserBindNegative: Authentication failed for user2 as expected", true);
+ }
+ }
+}

Search Discussions

  • Ctang at Feb 11, 2016 at 6:45 pm
    Repository: hive
    Updated Branches:
       refs/heads/branch-1 f94ce3dfc -> dce033be5


    HIVE-11866: Add framework to enable testing using LDAPServer using LDAP protocol (Naveen Gangam, via Chaoyu Tang, reviewed by Xuefu Zhang)


    Project: http://git-wip-us.apache.org/repos/asf/hive/repo
    Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/dce033be
    Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/dce033be
    Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/dce033be

    Branch: refs/heads/branch-1
    Commit: dce033be53b8eee45aa1b4e93fbd0501766ea2aa
    Parents: f94ce3d
    Author: ctang <ctang@cloudera.com>
    Authored: Thu Feb 11 13:36:40 2016 -0500
    Committer: ctang <ctang@cloudera.com>
    Committed: Thu Feb 11 13:45:25 2016 -0500

    ----------------------------------------------------------------------
      pom.xml | 2 +
      service/pom.xml | 22 +-
      .../auth/LdapAuthenticationProviderImpl.java | 32 +-
      .../auth/TestLdapAtnProviderWithMiniDS.java | 311 +++++++++++++++++++
      4 files changed, 352 insertions(+), 15 deletions(-)
    ----------------------------------------------------------------------


    http://git-wip-us.apache.org/repos/asf/hive/blob/dce033be/pom.xml
    ----------------------------------------------------------------------
    diff --git a/pom.xml b/pom.xml
    index 7df9005..bb3c84c 100644
    --- a/pom.xml
    +++ b/pom.xml
    @@ -99,6 +99,8 @@
          <activemq.version>5.5.0</activemq.version>
          <ant.version>1.9.1</ant.version>
          <antlr.version>3.4</antlr.version>
    + <apache-directory-server.version>1.5.6</apache-directory-server.version>
    + <apache-directory-clientapi.version>0.1</apache-directory-clientapi.version>
          <avro.version>1.7.7</avro.version>
          <bonecp.version>0.8.0.RELEASE</bonecp.version>
          <calcite.version>1.2.0-incubating</calcite.version>

    http://git-wip-us.apache.org/repos/asf/hive/blob/dce033be/service/pom.xml
    ----------------------------------------------------------------------
    diff --git a/service/pom.xml b/service/pom.xml
    index d8e3126..005145c 100644
    --- a/service/pom.xml
    +++ b/service/pom.xml
    @@ -111,6 +111,27 @@
            <version>${junit.version}</version>
            <scope>test</scope>
          </dependency>
    +
    + <dependency>
    + <groupId>org.apache.directory.client.ldap</groupId>
    + <artifactId>ldap-client-api</artifactId>
    + <version>${apache-directory-clientapi.version}</version>
    + <scope>test</scope>
    + </dependency>
    +
    + <dependency>
    + <groupId>org.apache.directory.server</groupId>
    + <artifactId>apacheds-server-integ</artifactId>
    + <version>${apache-directory-server.version}</version>
    + <scope>test</scope>
    + </dependency>
    +
    + <dependency>
    + <groupId>org.apache.directory.server</groupId>
    + <artifactId>apacheds-test-framework</artifactId>
    + <version>${apache-directory-server.version}</version>
    + <scope>test</scope>
    + </dependency>
        </dependencies>

        <profiles>
    @@ -180,5 +201,4 @@
            </plugin>
          </plugins>
        </build>
    -
      </project>

    http://git-wip-us.apache.org/repos/asf/hive/blob/dce033be/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
    ----------------------------------------------------------------------
    diff --git a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
    index 2c0abcb..60b2284 100644
    --- a/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
    +++ b/service/src/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
    @@ -43,29 +43,33 @@ public class LdapAuthenticationProviderImpl implements PasswdAuthenticationProvi
        private static final Log LOG = LogFactory.getLog(LdapAuthenticationProviderImpl.class);
        private static final String DN_ATTR = "distinguishedName";

    - private final String ldapURL;
    - private final String baseDN;
    - private final String ldapDomain;
    + private String ldapURL;
    + private String baseDN;
    + private String ldapDomain;
        private static List<String> groupBases;
        private static List<String> userBases;
        private static List<String> userFilter;
        private static List<String> groupFilter;
    - private final String customQuery;
    + private String customQuery;

        LdapAuthenticationProviderImpl() {
          HiveConf conf = new HiveConf();
    - ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
    - baseDN = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
    - ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
    - customQuery = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY);
    + init(conf);
    + }
    +
    + protected void init(HiveConf conf) {
    + ldapURL = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL);
    + baseDN = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN);
    + ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN);
    + customQuery = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY);

          if (customQuery == null) {
    - groupBases = new ArrayList<String>();
    - userBases = new ArrayList<String>();
    - String groupDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN);
    - String groupFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER);
    - String userDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN);
    - String userFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER);
    + groupBases = new ArrayList<String>();
    + userBases = new ArrayList<String>();
    + String groupDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN);
    + String groupFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER);
    + String userDNPatterns = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN);
    + String userFilterVal = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER);

            // parse COLON delimited root DNs for users/groups that may or may not be under BaseDN.
            // Expect the root DNs be fully qualified including the baseDN

    http://git-wip-us.apache.org/repos/asf/hive/blob/dce033be/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
    ----------------------------------------------------------------------
    diff --git a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
    new file mode 100644
    index 0000000..934b207
    --- /dev/null
    +++ b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java
    @@ -0,0 +1,311 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements. See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership. The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License. You may obtain a copy of the License at
    + *
    + * http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing,
    + * software distributed under the License is distributed on an
    + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    + * KIND, either express or implied. See the License for the
    + * specific language governing permissions and limitations
    + * under the License.
    + *
    + */
    +
    +package org.apache.hive.service.auth;
    +
    +import java.io.ByteArrayOutputStream;
    +import java.io.File;
    +import java.io.FileOutputStream;
    +import java.util.HashMap;
    +import java.util.Map;
    +import java.util.Iterator;
    +
    +import javax.naming.NamingEnumeration;
    +import javax.naming.ldap.LdapContext;
    +import javax.security.sasl.AuthenticationException;
    +
    +import static org.apache.directory.server.integ.ServerIntegrationUtils.getWiredContext;
    +import org.apache.directory.server.annotations.CreateLdapServer;
    +import org.apache.directory.server.annotations.CreateTransport;
    +import org.apache.directory.server.core.annotations.ApplyLdifs;
    +import org.apache.directory.server.core.annotations.ContextEntry;
    +import org.apache.directory.server.core.annotations.CreateDS;
    +import org.apache.directory.server.core.annotations.CreateIndex;
    +import org.apache.directory.server.core.annotations.CreatePartition;
    +import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
    +import org.apache.directory.server.core.integ.FrameworkRunner;
    +import org.apache.directory.server.ldap.LdapServer;
    +
    +import org.apache.hadoop.hive.conf.HiveConf;
    +import org.apache.hive.service.auth.LdapAuthenticationProviderImpl;
    +
    +import static org.junit.Assert.assertEquals;
    +import static org.junit.Assert.assertNotNull;
    +import static org.junit.Assert.assertTrue;
    +import org.junit.After;
    +import org.junit.AfterClass;
    +import org.junit.Assert;
    +import org.junit.Before;
    +import org.junit.BeforeClass;
    +import org.junit.Ignore;
    +import org.junit.Test;
    +import org.junit.runner.RunWith;
    +
    +
    +/**
    + * TestSuite to test Hive's LDAP Authentication provider with an
    + * in-process LDAP Server (Apache Directory Server instance).
    + *
    + */
    +@RunWith(FrameworkRunner.class)
    +@CreateLdapServer(transports =
    + { @CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS") })
    +// Define the DirectoryService
    +@CreateDS(
    +partitions = {
    + @CreatePartition(
    + name = "example",
    + suffix = "dc=example,dc=com",
    + contextEntry = @ContextEntry(
    + entryLdif = "dn: dc=example,dc=com\n" +
    + "dc: example\n" +
    + "objectClass: top\n" +
    + "objectClass: domain\n\n"
    + ),
    + indexes = {
    + @CreateIndex( attribute = "objectClass" ),
    + @CreateIndex( attribute = "dc" ),
    + @CreateIndex( attribute = "ou"),
    + @CreateIndex( attribute = "distinguishedName")
    + } )
    + }
    +)
    +
    +@ApplyLdifs(
    + {
    + "dn: ou=People,dc=example,dc=com",
    + "distinguishedName: ou=People,dc=example,dc=com",
    + "objectClass: top",
    + "objectClass: organizationalUnit",
    + "objectClass: ExtensibleObject",
    + "ou: People",
    + "description: Contains entries which describe persons (seamen)",
    +
    + "dn: ou=Groups,dc=example,dc=com",
    + "distinguishedName: ou=Groups,dc=example,dc=com",
    + "objectClass: top",
    + "objectClass: organizationalUnit",
    + "objectClass: ExtensibleObject",
    + "ou: Groups",
    + "description: Contains entries which describe groups (crews, for instance)",
    +
    + "dn: uid=group1,ou=Groups,dc=example,dc=com",
    + "distinguishedName: uid=group1,ou=Groups,dc=example,dc=com",
    + "objectClass: top",
    + "objectClass: organizationalUnit",
    + "objectClass: ExtensibleObject",
    + "cn: group1",
    + "ou: Groups",
    + "sn: group1",
    +
    + "dn: uid=group2,ou=Groups,dc=example,dc=com",
    + "distinguishedName: uid=group2,ou=Groups,dc=example,dc=com",
    + "objectClass: top",
    + "objectClass: organizationalUnit",
    + "objectClass: ExtensibleObject",
    + "givenName: Group2",
    + "ou: Groups",
    + "cn: group1",
    + "sn: group1",
    +
    + "dn: uid=user1,ou=People,dc=example,dc=com",
    + "distinguishedName: uid=user1,ou=People,dc=example,dc=com",
    + "objectClass: inetOrgPerson",
    + "objectClass: person",
    + "objectClass: top",
    + "objectClass: ExtensibleObject",
    + "givenName: Test1",
    + "cn: Test User1",
    + "sn: user1",
    + "uid: user1",
    + "userPassword: user1",
    +
    + "dn: uid=user2,ou=People,dc=example,dc=com",
    + "distinguishedName: uid=user2,ou=People,dc=example,dc=com",
    + "objectClass: inetOrgPerson",
    + "objectClass: person",
    + "objectClass: top",
    + "objectClass: ExtensibleObject",
    + "givenName: Test2",
    + "cn: Test User2",
    + "sn: user2",
    + "uid: user2",
    + "userPassword: user2"
    +})
    +
    +public class TestLdapAtnProviderWithMiniDS extends AbstractLdapTestUnit {
    +
    + private static String ldapUrl;
    + private static LdapServer server;
    + private static HiveConf hiveConf;
    + private static byte[] hiveConfBackup;
    + private static LdapContext ctx;
    + private static LdapAuthenticationProviderImpl ldapProvider;
    +
    + @Before
    + public void setup() throws Exception {
    + ctx = ( LdapContext ) getWiredContext( ldapServer, null ).lookup( "dc=example,dc=com" );
    + }
    +
    + @After
    + public void shutdown() throws Exception {
    + }
    +
    + @BeforeClass
    + public static void init() throws Exception {
    + hiveConf = new HiveConf();
    +
    + ldapProvider = new LdapAuthenticationProviderImpl();
    + ldapProvider.init(hiveConf);
    + }
    +
    + @AfterClass
    + public static void tearDown() throws Exception {
    + if (ldapServer.isStarted()) {
    + ldapServer.stop();
    + }
    + }
    +
    + private static void initLdapAtn(Map<String, String> hiveProperties)
    + throws Exception {
    + hiveConf = new HiveConf();
    +
    + int port;
    + if (ldapUrl == null) {
    + port = ldapServer.getPort();
    + ldapUrl = new String("ldap://localhost:" + port);
    + }
    +
    + hiveConf.set("hive.root.logger", "DEBUG,console");
    + hiveConf.set("hive.server2.authentication.ldap.url", ldapUrl);
    +
    + if (hiveProperties != null) {
    + String key;
    + String value;
    + Iterator<String> iter = hiveProperties.keySet().iterator();
    + while (iter.hasNext()) {
    + key = iter.next();
    + value = hiveProperties.get(key);
    + hiveConf.set(key, value);
    + }
    + }
    +
    + ldapProvider.init(hiveConf);
    + }
    +
    + @Test
    + public void testLDAPServer() throws Exception {
    + initLdapAtn(null);
    + assertTrue(ldapServer.isStarted());
    + assertTrue(ldapServer.getPort() > 0);
    + }
    +
    + @Test
    + public void testUserBindPositiveWithShortname() throws Exception {
    + Map<String, String> ldapProperties = new HashMap<String, String>();
    + ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com");
    + ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com");
    + initLdapAtn(ldapProperties);
    + String user;
    +
    + user = "user1";
    + try {
    + ldapProvider.Authenticate(user, "user1");
    + assertTrue("testUserBindPositive: Authentication succeeded for user1 as expected", true);
    + } catch (AuthenticationException e) {
    + Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user1, expected to succeed");
    + }
    +
    + user = "user2";
    + try {
    + ldapProvider.Authenticate(user, "user2");
    + assertTrue("testUserBindPositive: Authentication succeeded for user2 as expected", true);
    + } catch (AuthenticationException e) {
    + Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user2, expected to succeed");
    + }
    + }
    +
    + @Test
    + public void testUserBindPositiveWithShortnameOldConfig() throws Exception {
    + Map<String, String> ldapProperties = new HashMap<String, String>();
    + ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com");
    + initLdapAtn(ldapProperties);
    + String user;
    +
    + user = "user1";
    + try {
    + ldapProvider.Authenticate(user, "user1");
    + assertTrue("testUserBindPositive: Authentication succeeded for user1 as expected", true);
    + } catch (AuthenticationException e) {
    + Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user1, expected to succeed");
    + }
    +
    + user = "user2";
    + try {
    + ldapProvider.Authenticate(user, "user2");
    + assertTrue("testUserBindPositive: Authentication succeeded for user2 as expected", true);
    + } catch (AuthenticationException e) {
    + Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password user2, expected to succeed");
    + }
    + }
    +
    + @Test
    + public void testUserBindNegativeWithShortname() throws Exception {
    + Map<String, String> ldapProperties = new HashMap<String, String>();
    + ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com");
    + ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com");
    + initLdapAtn(ldapProperties);
    +
    + try {
    + ldapProvider.Authenticate("user1", "user2");
    + Assert.fail("testUserBindNegative: Authentication succeeded for user1 with password user2, expected to fail");
    + } catch (AuthenticationException e) {
    + assertTrue("testUserBindNegative: Authentication failed for user1 as expected", true);
    + }
    +
    + try {
    + ldapProvider.Authenticate("user2", "user");
    + Assert.fail("testUserBindNegative: Authentication failed for user2 with password user, expected to fail");
    + } catch (AuthenticationException e) {
    + assertTrue("testUserBindNegative: Authentication failed for user2 as expected", true);
    + }
    + }
    +
    + @Test
    + public void testUserBindNegativeWithShortnameOldConfig() throws Exception {
    + Map<String, String> ldapProperties = new HashMap<String, String>();
    + ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com");
    + initLdapAtn(ldapProperties);
    +
    + try {
    + ldapProvider.Authenticate("user1", "user2");
    + Assert.fail("testUserBindNegative: Authentication succeeded for user1 with password user2, expected to fail");
    + } catch (AuthenticationException e) {
    + assertTrue("testUserBindNegative: Authentication failed for user1 as expected", true);
    + }
    +
    + try {
    + ldapProvider.Authenticate("user2", "user");
    + Assert.fail("testUserBindNegative: Authentication failed for user2 with password user, expected to fail");
    + } catch (AuthenticationException e) {
    + assertTrue("testUserBindNegative: Authentication failed for user2 as expected", true);
    + }
    + }
    +}

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommits @
categorieshive, hadoop
postedFeb 11, '16 at 6:36p
activeFeb 11, '16 at 6:45p
posts2
users1
websitehive.apache.org

1 user in discussion

Ctang: 2 posts

People

Translate

site design / logo © 2021 Grokbase