Testing Perimeter Security

To ensure that you've configured security correctly, run these simple tests to verify that the security components are working as expected. For information on the conventions used for these examples, see CDAP Microservices. Note that if SSL is enabled for CDAP servers, then the base URL used in these examples will use https instead of http.

• After configuring CDAP as described above, start (or restart) CDAP and attempt to make a request:

  GET /v3/apps

such as:

This should return a 401 Unauthorized response with a list of authentication URIs in the response body. For example:

• Submit a username and password to one of the authentication URIs (<auth-uri>) to obtain an AccessToken by submitting a Basic Authorization header with the username and password:

  GET <auth-uri> "Authorization: Basic <encoded_username_password_string>"

  Using curl, assuming a CDAP authentication server at the URI localhost:10009 and that you have defined a username:password pair such as cdap:bigdata in the realm file, you can use curl's -u option to create the header:

• This should return a 200 OK response with the AccessToken string in the response body (formatted to fit):

  {"access_token":"AghjZGFwAI7e8p65Uo7OpfG5UrD87psGQE0u0sFDoqxtacdRR5GxEb6bkTypP7mXdqvqqnLmfxOS", "token_type":"Bearer","expires_in":86400}

• Reattempt the first command, but this time include the access_token as a header in the request:

  GET /v3/apps "Authorization: Bearer <access_token>"

  such as (formatted to fit):

This should return a 200 OK response.

• Visiting the CDAP UI should redirect you to a login page that prompts for credentials. Entering the credentials that you have configured should let you work with the CDAP UI as normal.