use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.
the class X509AuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final X509AuthenticationRequestToken request = (X509AuthenticationRequestToken) authentication;
// attempt to authenticate if certificates were found
final AuthenticationResponse authenticationResponse;
try {
authenticationResponse = certificateIdentityProvider.authenticate(request.getCertificates());
} catch (final IllegalArgumentException iae) {
throw new InvalidAuthenticationException(iae.getMessage(), iae);
}
if (StringUtils.isBlank(request.getProxiedEntitiesChain())) {
final String mappedIdentity = mapIdentity(authenticationResponse.getIdentity());
return new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build()));
} else {
// build the entire proxy chain if applicable - <end-user><proxy1><proxy2>
final List<String> proxyChain = new ArrayList<>(ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(request.getProxiedEntitiesChain()));
proxyChain.add(authenticationResponse.getIdentity());
// add the chain as appropriate to each proxy
NiFiUser proxy = null;
for (final ListIterator<String> chainIter = proxyChain.listIterator(proxyChain.size()); chainIter.hasPrevious(); ) {
String identity = chainIter.previous();
// determine if the user is anonymous
final boolean isAnonymous = StringUtils.isBlank(identity);
if (isAnonymous) {
identity = StandardNiFiUser.ANONYMOUS_IDENTITY;
} else {
identity = mapIdentity(identity);
}
final Set<String> groups = getUserGroups(identity);
// Only set the client address for client making the request because we don't know the clientAddress of the proxied entities
String clientAddress = (proxy == null) ? request.getClientAddress() : null;
proxy = createUser(identity, groups, proxy, clientAddress, isAnonymous);
if (chainIter.hasPrevious()) {
try {
PROXY_AUTHORIZABLE.authorize(authorizer, RequestAction.WRITE, proxy);
} catch (final AccessDeniedException e) {
throw new UntrustedProxyException(String.format("Untrusted proxy %s", identity));
}
}
}
return new NiFiAuthenticationToken(new NiFiUserDetails(proxy));
}
}
use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.
the class OtpAuthenticationProviderTest method testUiExtensionPath.
@Test
public void testUiExtensionPath() throws Exception {
final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(UI_EXTENSION_TOKEN, false, null);
final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
assertEquals(UI_EXTENSION_AUTHENTICATED_USER, details.getUsername());
verify(otpService, times(1)).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
verify(otpService, never()).getAuthenticationFromDownloadToken(anyString());
}
use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.
the class X509AuthenticationProviderTest method testNoProxyChain.
@Test
public void testNoProxyChain() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request("", IDENTITY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(IDENTITY_1, user.getIdentity());
assertFalse(user.isAnonymous());
}
use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.
the class X509AuthenticationProviderTest method testTwoProxies.
@Test
public void testTwoProxies() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(IDENTITY_1, PROXY_2), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(IDENTITY_1, user.getIdentity());
assertFalse(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(PROXY_2, user.getChain().getIdentity());
assertFalse(user.getChain().isAnonymous());
assertNotNull(user.getChain().getChain());
assertEquals(PROXY_1, user.getChain().getChain().getIdentity());
assertFalse(user.getChain().getChain().isAnonymous());
}
use of org.apache.nifi.authorization.user.NiFiUserDetails in project nifi by apache.
the class X509AuthenticationProviderTest method testOneProxy.
@Test
public void testOneProxy() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(IDENTITY_1), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(IDENTITY_1, user.getIdentity());
assertFalse(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(PROXY_1, user.getChain().getIdentity());
assertFalse(user.getChain().isAnonymous());
}
Aggregations