From d4f5eb51ad6017b9ada29034cbf20f24c99baa6f Mon Sep 17 00:00:00 2001 From: Dain Sundstrom Date: Thu, 30 Jul 2020 19:19:43 -0700 Subject: [PATCH] Add user mapping to insecure authenticator --- .../src/main/sphinx/security/user-mapping.rst | 2 + .../server/security/AuthenticationFilter.java | 10 ++- .../security/InsecureAuthenticator.java | 24 ++++++- .../security/InsecureAuthenticatorConfig.java | 50 ++++++++++++++ .../server/security/ServerSecurityModule.java | 2 + .../TestInsecureAuthenticatorConfig.java | 55 ++++++++++++++++ .../server/security/TestResourceSecurity.java | 66 ++++++++++++------- 7 files changed, 179 insertions(+), 30 deletions(-) create mode 100644 presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticatorConfig.java create mode 100644 presto-main/src/test/java/io/prestosql/server/security/TestInsecureAuthenticatorConfig.java diff --git a/presto-docs/src/main/sphinx/security/user-mapping.rst b/presto-docs/src/main/sphinx/security/user-mapping.rst index c0a648e3ded19..d14b6694d905b 100644 --- a/presto-docs/src/main/sphinx/security/user-mapping.rst +++ b/presto-docs/src/main/sphinx/security/user-mapping.rst @@ -26,6 +26,7 @@ Username and Password (file or LDAP) ``http-server.authentication.password.user Kerberos ``http-server.authentication.krb5.user-mapping.pattern`` Certificate ``http-server.authentication.certificate.user-mapping.pattern`` Json Web Token ``http-server.authentication.jwt.user-mapping.pattern`` +Insecure ``http-server.authentication.insecure.user-mapping.pattern`` ===================================== =============================================================== File Mapping Rules @@ -57,5 +58,6 @@ Username and password (file or LDAP) ``http-server.authentication.password.user Kerberos ``http-server.authentication.krb5.user-mapping.file`` Certificate ``http-server.authentication.certificate.user-mapping.file`` Json Web Token ``http-server.authentication.jwt.user-mapping.file`` +Insecure ``http-server.authentication.insecure.user-mapping.file`` ===================================== =============================================================== diff --git a/presto-main/src/main/java/io/prestosql/server/security/AuthenticationFilter.java b/presto-main/src/main/java/io/prestosql/server/security/AuthenticationFilter.java index 509b578e987dd..0b9c7b989e47b 100644 --- a/presto-main/src/main/java/io/prestosql/server/security/AuthenticationFilter.java +++ b/presto-main/src/main/java/io/prestosql/server/security/AuthenticationFilter.java @@ -41,14 +41,20 @@ public class AuthenticationFilter private final List authenticators; private final InternalAuthenticationManager internalAuthenticationManager; private final boolean insecureAuthenticationOverHttpAllowed; + private final InsecureAuthenticator insecureAuthenticator; @Inject - public AuthenticationFilter(List authenticators, InternalAuthenticationManager internalAuthenticationManager, SecurityConfig securityConfig) + public AuthenticationFilter( + List authenticators, + InternalAuthenticationManager internalAuthenticationManager, + SecurityConfig securityConfig, + InsecureAuthenticator insecureAuthenticator) { this.authenticators = ImmutableList.copyOf(requireNonNull(authenticators, "authenticators is null")); checkArgument(!authenticators.isEmpty(), "authenticators is empty"); this.internalAuthenticationManager = requireNonNull(internalAuthenticationManager, "internalAuthenticationManager is null"); insecureAuthenticationOverHttpAllowed = requireNonNull(securityConfig, "securityConfig is null").isInsecureAuthenticationOverHttpAllowed(); + this.insecureAuthenticator = requireNonNull(insecureAuthenticator, "insecureAuthenticator is null"); } @Override @@ -64,7 +70,7 @@ public void filter(ContainerRequestContext request) authenticators = this.authenticators; } else if (insecureAuthenticationOverHttpAllowed) { - authenticators = ImmutableList.of(new InsecureAuthenticator()); + authenticators = ImmutableList.of(insecureAuthenticator); } else { throw new ForbiddenException("Authentication over HTTP is not enabled"); diff --git a/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticator.java b/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticator.java index 8c0c0e6030ffe..c6e67bf7e758f 100644 --- a/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticator.java +++ b/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticator.java @@ -16,6 +16,7 @@ import io.prestosql.spi.security.BasicPrincipal; import io.prestosql.spi.security.Identity; +import javax.inject.Inject; import javax.ws.rs.container.ContainerRequestContext; import java.util.Optional; @@ -23,10 +24,21 @@ import static com.google.common.base.Strings.emptyToNull; import static io.prestosql.client.PrestoHeaders.PRESTO_USER; import static io.prestosql.server.security.BasicAuthCredentials.extractBasicAuthCredentials; +import static io.prestosql.server.security.UserMapping.createUserMapping; +import static java.util.Objects.requireNonNull; public class InsecureAuthenticator implements Authenticator { + private final UserMapping userMapping; + + @Inject + public InsecureAuthenticator(InsecureAuthenticatorConfig config) + { + requireNonNull(config, "config is null"); + this.userMapping = createUserMapping(config.getUserMappingPattern(), config.getUserMappingFile()); + } + @Override public Identity authenticate(ContainerRequestContext request) throws AuthenticationException @@ -48,8 +60,14 @@ public Identity authenticate(ContainerRequestContext request) throw new AuthenticationException("Basic authentication or " + PRESTO_USER + " must be sent", BasicAuthCredentials.AUTHENTICATE_HEADER); } - return Identity.forUser(user) - .withPrincipal(new BasicPrincipal(user)) - .build(); + try { + String authenticatedUser = userMapping.mapUser(user); + return Identity.forUser(authenticatedUser) + .withPrincipal(new BasicPrincipal(user)) + .build(); + } + catch (UserMappingException e) { + throw new AuthenticationException(e.getMessage()); + } } } diff --git a/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticatorConfig.java b/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticatorConfig.java new file mode 100644 index 0000000000000..17bca7fd76f08 --- /dev/null +++ b/presto-main/src/main/java/io/prestosql/server/security/InsecureAuthenticatorConfig.java @@ -0,0 +1,50 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.prestosql.server.security; + +import io.airlift.configuration.Config; +import io.airlift.configuration.validation.FileExists; + +import java.io.File; +import java.util.Optional; + +public class InsecureAuthenticatorConfig +{ + private Optional userMappingPattern = Optional.empty(); + private Optional userMappingFile = Optional.empty(); + + public Optional getUserMappingPattern() + { + return userMappingPattern; + } + + @Config("http-server.authentication.insecure.user-mapping.pattern") + public InsecureAuthenticatorConfig setUserMappingPattern(String userMappingPattern) + { + this.userMappingPattern = Optional.ofNullable(userMappingPattern); + return this; + } + + public Optional<@FileExists File> getUserMappingFile() + { + return userMappingFile; + } + + @Config("http-server.authentication.insecure.user-mapping.file") + public InsecureAuthenticatorConfig setUserMappingFile(File userMappingFile) + { + this.userMappingFile = Optional.ofNullable(userMappingFile); + return this; + } +} diff --git a/presto-main/src/main/java/io/prestosql/server/security/ServerSecurityModule.java b/presto-main/src/main/java/io/prestosql/server/security/ServerSecurityModule.java index 952a694f763ff..491a61df761da 100644 --- a/presto-main/src/main/java/io/prestosql/server/security/ServerSecurityModule.java +++ b/presto-main/src/main/java/io/prestosql/server/security/ServerSecurityModule.java @@ -66,6 +66,8 @@ protected void setup(Binder binder) installAuthenticator("password", PasswordAuthenticator.class, PasswordAuthenticatorConfig.class); installAuthenticator("jwt", JsonWebTokenAuthenticator.class, JsonWebTokenConfig.class); + configBinder(binder).bindConfig(InsecureAuthenticatorConfig.class); + binder.bind(InsecureAuthenticator.class).in(Scopes.SINGLETON); install(authenticatorModule("insecure", InsecureAuthenticator.class, unused -> {})); } diff --git a/presto-main/src/test/java/io/prestosql/server/security/TestInsecureAuthenticatorConfig.java b/presto-main/src/test/java/io/prestosql/server/security/TestInsecureAuthenticatorConfig.java new file mode 100644 index 0000000000000..3008ae2de554a --- /dev/null +++ b/presto-main/src/test/java/io/prestosql/server/security/TestInsecureAuthenticatorConfig.java @@ -0,0 +1,55 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.prestosql.server.security; + +import com.google.common.collect.ImmutableMap; +import org.testng.annotations.Test; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.Map; + +import static io.airlift.configuration.testing.ConfigAssertions.assertFullMapping; +import static io.airlift.configuration.testing.ConfigAssertions.assertRecordedDefaults; +import static io.airlift.configuration.testing.ConfigAssertions.recordDefaults; + +public class TestInsecureAuthenticatorConfig +{ + @Test + public void testDefaults() + { + assertRecordedDefaults(recordDefaults(InsecureAuthenticatorConfig.class) + .setUserMappingPattern(null) + .setUserMappingFile(null)); + } + + @Test + public void testExplicitPropertyMappings() + throws IOException + { + Path userMappingFile = Files.createTempFile(null, null); + + Map properties = new ImmutableMap.Builder() + .put("http-server.authentication.insecure.user-mapping.pattern", "(.*)@something") + .put("http-server.authentication.insecure.user-mapping.file", userMappingFile.toString()) + .build(); + + InsecureAuthenticatorConfig expected = new InsecureAuthenticatorConfig() + .setUserMappingPattern("(.*)@something") + .setUserMappingFile(userMappingFile.toFile()); + + assertFullMapping(properties, expected); + } +} diff --git a/presto-main/src/test/java/io/prestosql/server/security/TestResourceSecurity.java b/presto-main/src/test/java/io/prestosql/server/security/TestResourceSecurity.java index 17caa5fbcf36b..683b7754da4f0 100644 --- a/presto-main/src/test/java/io/prestosql/server/security/TestResourceSecurity.java +++ b/presto-main/src/test/java/io/prestosql/server/security/TestResourceSecurity.java @@ -57,15 +57,19 @@ public class TestResourceSecurity { private static final String LOCALHOST_KEYSTORE = Resources.getResource("cert/localhost.pem").getPath(); + private static final String ALLOWED_USER_MAPPING_PATTERN = "(.*)@allowed"; private static final ImmutableMap SECURE_PROPERTIES = ImmutableMap.builder() .put("http-server.https.enabled", "true") .put("http-server.https.keystore.path", LOCALHOST_KEYSTORE) .put("http-server.https.keystore.key", "") .put("http-server.process-forwarded", "true") + .put("http-server.authentication.insecure.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) .build(); private static final String TEST_USER = "test-user"; + private static final String TEST_USER_LOGIN = TEST_USER + "@allowed"; private static final String TEST_PASSWORD = "test-password"; private static final String MANAGEMENT_USER = "management-user"; + private static final String MANAGEMENT_USER_LOGIN = MANAGEMENT_USER + "@allowed"; private static final String MANAGEMENT_PASSWORD = "management-password"; private static final String HMAC_KEY = Resources.getResource("hmac_key.txt").getPath(); @@ -90,6 +94,9 @@ public void testInsecureAuthenticatorHttp() throws Exception { try (TestingPrestoServer server = TestingPrestoServer.builder() + .setProperties(ImmutableMap.builder() + .put("http-server.authentication.insecure.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) + .build()) .build()) { server.getInstance(Key.get(AccessControlManager.class)).addSystemAccessControl(new TestSystemAccessControl()); HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class)); @@ -136,6 +143,7 @@ public void testPasswordAuthenticator() .setProperties(ImmutableMap.builder() .putAll(SECURE_PROPERTIES) .put("http-server.authentication.type", "password") + .put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) .build()) .build()) { server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticator(TestResourceSecurity::authenticate); @@ -155,6 +163,7 @@ public void testPasswordAuthenticatorWithInsecureHttp() .putAll(SECURE_PROPERTIES) .put("http-server.authentication.type", "password") .put("http-server.authentication.allow-insecure-over-http", "true") + .put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) .build()) .build()) { server.getInstance(Key.get(PasswordAuthenticatorManager.class)).setAuthenticator(TestResourceSecurity::authenticate); @@ -174,6 +183,7 @@ public void testFixedManagerAuthenticatorHttpInsecureEnabledOnly() .putAll(SECURE_PROPERTIES) .put("http-server.authentication.type", "password") .put("http-server.authentication.allow-insecure-over-http", "true") + .put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) .put("management.user", MANAGEMENT_USER) .build()) .build()) { @@ -195,6 +205,7 @@ public void testFixedManagerAuthenticatorHttpInsecureDisabledOnly() .putAll(SECURE_PROPERTIES) .put("http-server.authentication.type", "password") .put("http-server.authentication.allow-insecure-over-http", "false") + .put("http-server.authentication.password.user-mapping.pattern", ALLOWED_USER_MAPPING_PATTERN) .put("management.user", MANAGEMENT_USER) .build()) .build()) { @@ -203,7 +214,7 @@ public void testFixedManagerAuthenticatorHttpInsecureDisabledOnly() HttpServerInfo httpServerInfo = server.getInstance(Key.get(HttpServerInfo.class)); assertResponseCode(client, getPublicLocation(httpServerInfo.getHttpUri()), SC_OK); - assertResponseCode(client, getAuthorizedUserLocation(httpServerInfo.getHttpUri()), SC_FORBIDDEN, TEST_USER, null); + assertResponseCode(client, getAuthorizedUserLocation(httpServerInfo.getHttpUri()), SC_FORBIDDEN, TEST_USER_LOGIN, null); assertResponseCode(client, getManagementLocation(httpServerInfo.getHttpUri()), SC_OK); assertResponseCode(client, getManagementLocation(httpServerInfo.getHttpUri()), SC_OK, "unknown", "something"); @@ -297,22 +308,26 @@ public void testJwtAuthenticator() private void assertInsecureAuthentication(URI baseUri) throws IOException { + assertResponseCode(client, getManagementLocation(baseUri), SC_OK, MANAGEMENT_USER_LOGIN, null); // public assertOk(client, getPublicLocation(baseUri)); // authorized user assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, "unknown", null); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, "unknown", "something"); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER_LOGIN, null); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, "something"); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, "unknown", null); // management assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED); - assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, "unknown", null); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, "unknown", "something"); - assertResponseCode(client, getManagementLocation(baseUri), SC_OK, MANAGEMENT_USER, null); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER, "something"); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER, MANAGEMENT_PASSWORD); + assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, null); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, "something"); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, "unknown", null); + assertResponseCode(client, getManagementLocation(baseUri), SC_OK, MANAGEMENT_USER_LOGIN, null); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER_LOGIN, "something"); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER_LOGIN, MANAGEMENT_PASSWORD); // internal assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN); - assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, "unknown", null); + assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, null); + assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, MANAGEMENT_USER_LOGIN, null); } private void assertPasswordAuthentication(URI baseUri) @@ -322,20 +337,20 @@ private void assertPasswordAuthentication(URI baseUri) assertOk(client, getPublicLocation(baseUri)); // authorized user assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, TEST_USER, null); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, TEST_USER, "invalid"); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, null); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, "invalid"); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER_LOGIN, TEST_PASSWORD); // management assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, TEST_USER, null); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, TEST_USER, "invalid"); - assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, TEST_USER, TEST_PASSWORD); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER, null); - assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER, "invalid"); - assertResponseCode(client, getManagementLocation(baseUri), SC_OK, MANAGEMENT_USER, MANAGEMENT_PASSWORD); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, null); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, TEST_USER_LOGIN, "invalid"); + assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, TEST_PASSWORD); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER_LOGIN, null); + assertResponseCode(client, getManagementLocation(baseUri), SC_UNAUTHORIZED, MANAGEMENT_USER_LOGIN, "invalid"); + assertResponseCode(client, getManagementLocation(baseUri), SC_OK, MANAGEMENT_USER_LOGIN, MANAGEMENT_PASSWORD); // internal assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN); - assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, TEST_PASSWORD); } private static void assertAuthenticationAutomatic(URI baseUri, OkHttpClient authorizedClient) @@ -361,17 +376,17 @@ private void assertAuthenticationDisabled(URI baseUri) assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_FORBIDDEN); assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_FORBIDDEN, "unknown", null); assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_FORBIDDEN, "unknown", "something"); - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_FORBIDDEN, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, TEST_PASSWORD); // management assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN); assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, "unknown", null); assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, "unknown", "something"); - assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getManagementLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, TEST_PASSWORD); // internal assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN); assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, "unknown", null); assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, "unknown", "something"); - assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getInternalLocation(baseUri), SC_FORBIDDEN, TEST_USER_LOGIN, TEST_PASSWORD); } private void assertFixedManagementUser(URI baseUri, boolean insecureAuthentication) @@ -379,10 +394,11 @@ private void assertFixedManagementUser(URI baseUri, boolean insecureAuthenticati { assertResponseCode(client, getPublicLocation(baseUri), SC_OK); if (insecureAuthentication) { - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER, null); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER_LOGIN, null); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_UNAUTHORIZED, "unknown", null); } else { - assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER, TEST_PASSWORD); + assertResponseCode(client, getAuthorizedUserLocation(baseUri), SC_OK, TEST_USER_LOGIN, TEST_PASSWORD); } assertResponseCode(client, getManagementLocation(baseUri), SC_OK); assertResponseCode(client, getManagementLocation(baseUri), SC_OK, "unknown", "something"); @@ -452,7 +468,7 @@ private static String getLocation(URI baseUri, String path) private static Principal authenticate(String user, String password) { - if ((TEST_USER.equals(user) && TEST_PASSWORD.equals(password)) || (MANAGEMENT_USER.equals(user) && MANAGEMENT_PASSWORD.equals(password))) { + if ((TEST_USER_LOGIN.equals(user) && TEST_PASSWORD.equals(password)) || (MANAGEMENT_USER_LOGIN.equals(user) && MANAGEMENT_PASSWORD.equals(password))) { return new BasicPrincipal(user); } throw new AccessDeniedException("Invalid credentials");