~~ Licensed under the Apache License, Version 2.0 (the "License"); ~~ you may not use this file except in compliance with the License. ~~ You may obtain a copy of the License at ~~ ~~ http://www.apache.org/licenses/LICENSE-2.0 ~~ ~~ Unless required by applicable law or agreed to in writing, software ~~ distributed under the License is distributed on an "AS IS" BASIS, ~~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~~ See the License for the specific language governing permissions and ~~ limitations under the License. See accompanying LICENSE file. --- Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples --- --- ${maven.build.timestamp} Hadoop Auth, Java HTTP SPNEGO ${project.version} - Examples * Accessing a Hadoop Auth protected URL Using a browser <> The browser must support HTTP Kerberos SPNEGO. For example, Firefox or Internet Explorer. For Firefox access the low level configuration page by loading the <<>> page. Then go to the <<>> preference and add the hostname or the domain of the web server that is HTTP Kerberos SPNEGO protected (if using multiple domains and hostname use comma to separate them). * Accessing a Hadoop Auth protected URL Using <<>> <> The <<>> version must support GSS, run <<>>. +---+ $ curl -V curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3 Protocols: tftp ftp telnet dict ldap http file https ftps Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz +---+ Login to the KDC using <> and then use <<>> to fetch protected URL: +---+ $ kinit Please enter the password for tucu@LOCALHOST: $ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who Enter host password for user 'tucu': Hello Hadoop Auth Examples! +---+ * The <<<--negotiate>>> option enables SPNEGO in <<>>. * The <<<-u foo>>> option is required but the user ignored (the principal that has been kinit-ed is used). * The <<<-b>>> and <<<-c>>> are use to store and send HTTP Cookies. * Using the Java Client Use the <<>> class to obtain an authenticated HTTP connection: +---+ ... URL url = new URL("http://localhost:8080/hadoop-auth/kerberos/who"); AuthenticatedURL.Token token = new AuthenticatedURL.Token(); ... HttpURLConnection conn = new AuthenticatedURL(url, token).openConnection(); ... conn = new AuthenticatedURL(url, token).openConnection(); ... +---+ * Building and Running the Examples Download Hadoop-Auth's source code, the examples are in the <<>> directory. ** Server Example: Edit the <<>> and set the right configuration init parameters for the <<>> definition configured for Kerberos (the right Kerberos principal and keytab file must be specified). Refer to the {{{./Configuration.html}Configuration document}} for details. Create the web application WAR file by running the <<>> command. Deploy the WAR file in a servlet container. For example, if using Tomcat, copy the WAR file to Tomcat's <<>> directory. Start the servlet container. ** Accessing the server using <<>> Try accessing protected resources using <<>>. The protected resources are: +---+ $ kinit Please enter the password for tucu@LOCALHOST: $ curl http://localhost:8080/hadoop-auth-examples/anonymous/who $ curl http://localhost:8080/hadoop-auth-examples/simple/who?user.name=foo $ curl --negotiate -u foo -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/hadoop-auth-examples/kerberos/who +---+ ** Accessing the server using the Java client example +---+ $ kinit Please enter the password for tucu@LOCALHOST: $ cd examples $ mvn exec:java -Durl=http://localhost:8080/hadoop-auth-examples/kerberos/who .... Token value: "u=tucu,p=tucu@LOCALHOST,t=kerberos,e=1295305313146,s=sVZ1mpSnC5TKhZQE3QLN5p2DWBo=" Status code: 200 OK You are: user[tucu] principal[tucu@LOCALHOST] .... +---+