Example 51 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class KnoxAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication;
try {
final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken());
final String mappedIdentity = mapIdentity(jwtPrincipal);
final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
return new NiFiAuthenticationToken(new NiFiUserDetails(user));
} catch (ParseException | JOSEException e) {
logger.info("Unable to validate the access token: " + e.getMessage(), e);
throw new InvalidAuthenticationException("Unable to validate the access token.", e);
}
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails)
InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException)
NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)
Example 52 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class X509AuthenticationProviderTest method testAnonymousProxyInChain.
@Test
public void testAnonymousProxyInChain() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(IDENTITY_1, ANONYMOUS), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(IDENTITY_1, user.getIdentity());
assertFalse(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getChain().getIdentity());
assertTrue(user.getChain().isAnonymous());
assertNotNull(user.getChain().getChain());
assertEquals(PROXY_1, user.getChain().getChain().getIdentity());
assertFalse(user.getChain().getChain().isAnonymous());
}
Also used :
StandardNiFiUser(org.apache.nifi.authorization.user.StandardNiFiUser)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails)
NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)
Test(org.junit.Test)
Example 53 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class X509AuthenticationProviderTest method testAnonymousWithOneProxy.
@Test
public void testAnonymousWithOneProxy() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(ANONYMOUS), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getIdentity());
assertTrue(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(PROXY_1, user.getChain().getIdentity());
assertFalse(user.getChain().isAnonymous());
}
Also used :
StandardNiFiUser(org.apache.nifi.authorization.user.StandardNiFiUser)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails)
NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)
Test(org.junit.Test)
Example 54 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class RequestLogger method doFilter.
@Override
public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
// only log http requests has https requests are logged elsewhere
if ("http".equalsIgnoreCase(request.getScheme())) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// get the user details for the log message
String identity = "<no user found>";
if (user != null) {
identity = user.getIdentity();
}
// log the request attempt - response details will be logged later
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr()));
}
// continue the filter chain
filterChain.doFilter(req, resp);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
Example 55 with NiFiUser
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ClusterReplicationComponentLifecycle method activateControllerServices.
@Override
public Set<AffectedComponentEntity> activateControllerServices(final URI originalUri, final NiFiUser user, final String groupId, final Set<AffectedComponentEntity> affectedServices, final ControllerServiceState desiredState, final Pause pause) throws LifecycleManagementException {
final Set<String> affectedServiceIds = affectedServices.stream().map(component -> component.getId()).collect(Collectors.toSet());
final Map<String, Revision> serviceRevisionMap = getRevisions(groupId, affectedServiceIds);
final Map<String, RevisionDTO> serviceRevisionDtoMap = serviceRevisionMap.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> dtoFactory.createRevisionDTO(entry.getValue())));
final ActivateControllerServicesEntity activateServicesEntity = new ActivateControllerServicesEntity();
activateServicesEntity.setComponents(serviceRevisionDtoMap);
activateServicesEntity.setId(groupId);
activateServicesEntity.setState(desiredState.name());
URI controllerServicesUri;
try {
controllerServicesUri = new URI(originalUri.getScheme(), originalUri.getUserInfo(), originalUri.getHost(), originalUri.getPort(), "/nifi-api/flow/process-groups/" + groupId + "/controller-services", null, originalUri.getFragment());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
final Map<String, String> headers = new HashMap<>();
headers.put("content-type", MediaType.APPLICATION_JSON);
// Determine whether we should replicate only to the cluster coordinator, or if we should replicate directly to the cluster nodes themselves.
try {
final NodeResponse clusterResponse;
if (getReplicationTarget() == ReplicationTarget.CLUSTER_NODES) {
clusterResponse = getRequestReplicator().replicate(user, HttpMethod.PUT, controllerServicesUri, activateServicesEntity, headers).awaitMergedResponse();
} else {
clusterResponse = getRequestReplicator().forwardToCoordinator(getClusterCoordinatorNode(), user, HttpMethod.PUT, controllerServicesUri, activateServicesEntity, headers).awaitMergedResponse();
}
final int disableServicesStatus = clusterResponse.getStatus();
if (disableServicesStatus != Status.OK.getStatusCode()) {
final String explanation = getResponseEntity(clusterResponse, String.class);
throw new LifecycleManagementException("Failed to update Controller Services to a state of " + desiredState + " due to " + explanation);
}
final boolean serviceTransitioned = waitForControllerServiceStatus(user, originalUri, groupId, affectedServiceIds, desiredState, pause);
if (!serviceTransitioned) {
throw new LifecycleManagementException("Failed while waiting for Controller Services to finish transitioning to a state of " + desiredState);
}
} catch (final InterruptedException ie) {
Thread.currentThread().interrupt();
throw new LifecycleManagementException("Interrupted while transitioning Controller Services to a state of " + desiredState);
}
return affectedServices.stream().map(componentEntity -> serviceFacade.getControllerService(componentEntity.getId(), user)).map(dtoFactory::createAffectedComponentEntity).collect(Collectors.toSet());
}
Also used :
NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier)
Revision(org.apache.nifi.web.Revision)
ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity)
HashMap(java.util.HashMap)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
Function(java.util.function.Function)
AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO)
HttpMethod(javax.ws.rs.HttpMethod)
ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity)
MediaType(javax.ws.rs.core.MediaType)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity)
Map(java.util.Map)
ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator)
RequestReplicator(org.apache.nifi.cluster.coordination.http.replication.RequestReplicator)
URI(java.net.URI)
Status(javax.ws.rs.core.Response.Status)
NodeResponse(org.apache.nifi.cluster.manager.NodeResponse)
NiFiServiceFacade(org.apache.nifi.web.NiFiServiceFacade)
NoClusterCoordinatorException(org.apache.nifi.cluster.exception.NoClusterCoordinatorException)
Logger(org.slf4j.Logger)
ControllerServicesEntity(org.apache.nifi.web.api.entity.ControllerServicesEntity)
Set(java.util.Set)
ProcessorsEntity(org.apache.nifi.web.api.entity.ProcessorsEntity)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
Collectors(java.util.stream.Collectors)
ReplicationTarget(org.apache.nifi.web.api.ApplicationResource.ReplicationTarget)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
ScheduledState(org.apache.nifi.controller.ScheduledState)
ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState)
AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)
DtoFactory(org.apache.nifi.web.api.dto.DtoFactory)
ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity)
ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity)
HashMap(java.util.HashMap)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
NodeResponse(org.apache.nifi.cluster.manager.NodeResponse)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
Revision(org.apache.nifi.web.Revision)
HashMap(java.util.HashMap)
Map(java.util.Map)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
Aggregations
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)127
Date (java.util.Date)47
FlowChangeAction (org.apache.nifi.action.FlowChangeAction)42
ArrayList (java.util.ArrayList)33
Authorizable (org.apache.nifi.authorization.resource.Authorizable)32
Action (org.apache.nifi.action.Action)29
HashMap (java.util.HashMap)27
Map (java.util.Map)26
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)26
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)26
IOException (java.io.IOException)25
Set (java.util.Set)25
ScheduledState (org.apache.nifi.controller.ScheduledState)25
Collectors (java.util.stream.Collectors)24
UUID (java.util.UUID)23
ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)22
AffectedComponentDTO (org.apache.nifi.web.api.dto.AffectedComponentDTO)22
DtoFactory (org.apache.nifi.web.api.dto.DtoFactory)22
AffectedComponentEntity (org.apache.nifi.web.api.entity.AffectedComponentEntity)22
ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)22
