Search in sources :

Example 21 with NiFiUserDetails

use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionDeniedDespiteControllerAccess.

@Test(expected = AccessDeniedException.class)
public void testGetActionDeniedDespiteControllerAccess() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_2).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    try {
        // get the action
        serviceFacade.getAction(ACTION_ID_1);
        fail();
    } finally {
        // resource exists, but should trigger access denied and will not check the controller
        verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

            @Override
            public boolean matches(Object o) {
                return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
            }
        }));
        verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

            @Override
            public boolean matches(Object o) {
                return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
            }
        }));
    }
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ArgumentMatcher(org.mockito.ArgumentMatcher) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 22 with NiFiUserDetails

use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionApprovedThroughAction.

@Test
public void testGetActionApprovedThroughAction() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_1).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // get the action
    final ActionEntity entity = serviceFacade.getAction(ACTION_ID_1);
    // verify
    assertEquals(ACTION_ID_1, entity.getId());
    assertTrue(entity.getCanRead());
    // resource exists and is approved, no need to check the controller
    verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
        }
    }));
    verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
        }
    }));
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ArgumentMatcher(org.mockito.ArgumentMatcher) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 23 with NiFiUserDetails

use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionsForUser1.

@Test
public void testGetActionsForUser1() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_1).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    final HistoryDTO dto = serviceFacade.getActions(new HistoryQueryDTO());
    // verify user 1 only has access to actions for processor 1
    dto.getActions().forEach(action -> {
        if (PROCESSOR_ID_1.equals(action.getSourceId())) {
            assertTrue(action.getCanRead());
        } else if (PROCESSOR_ID_2.equals(action.getSourceId())) {
            assertFalse(action.getCanRead());
            assertNull(action.getAction());
        }
    });
}
Also used : HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 24 with NiFiUserDetails

use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.

the class JwtAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication;
    try {
        final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken());
        final String mappedIdentity = mapIdentity(jwtPrincipal);
        final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
        return new NiFiAuthenticationToken(new NiFiUserDetails(user));
    } catch (JwtException e) {
        throw new InvalidAuthenticationException(e.getMessage(), e);
    }
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) JwtException(io.jsonwebtoken.JwtException) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)

Example 25 with NiFiUserDetails

use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.

the class OtpAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final OtpAuthenticationRequestToken request = (OtpAuthenticationRequestToken) authentication;
    try {
        final String otpPrincipal;
        if (request.isDownloadToken()) {
            otpPrincipal = otpService.getAuthenticationFromDownloadToken(request.getToken());
        } else {
            otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken());
        }
        final String mappedIdentity = mapIdentity(otpPrincipal);
        final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
        return new NiFiAuthenticationToken(new NiFiUserDetails(user));
    } catch (OtpAuthenticationException e) {
        throw new InvalidAuthenticationException(e.getMessage(), e);
    }
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)

Aggregations

NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)30 NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)29 Test (org.junit.Test)23 Authentication (org.springframework.security.core.Authentication)18 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)13 URI (java.net.URI)12 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)11 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)11 HashSet (java.util.HashSet)10 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)10 Entity (org.apache.nifi.web.api.entity.Entity)8 HashMap (java.util.HashMap)7 StandardNiFiUser (org.apache.nifi.authorization.user.StandardNiFiUser)7 NodeResponse (org.apache.nifi.cluster.manager.NodeResponse)6 InvalidAuthenticationException (org.apache.nifi.web.security.InvalidAuthenticationException)5 Map (java.util.Map)4 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)3 ArgumentMatcher (org.mockito.ArgumentMatcher)3 JwtException (io.jsonwebtoken.JwtException)2 ApiOperation (io.swagger.annotations.ApiOperation)2