Search in sources :

Example 1 with Builder

use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.

the class KnoxAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication;
    try {
        final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken());
        final String mappedIdentity = mapIdentity(jwtPrincipal);
        final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
        return new NiFiAuthenticationToken(new NiFiUserDetails(user));
    } catch (ParseException | JOSEException e) {
        logger.info("Unable to validate the access token: " + e.getMessage(), e);
        throw new InvalidAuthenticationException("Unable to validate the access token.", e);
    }
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)

Example 2 with Builder

use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.

the class TestRemoteProcessGroupAuditor method setup.

@Before
public void setup() {
    final SecurityContext securityContext = SecurityContextHolder.getContext();
    final Authentication authentication = mock(Authentication.class);
    securityContext.setAuthentication(authentication);
    final NiFiUser user = new Builder().identity("user-id").build();
    final NiFiUserDetails userDetail = new NiFiUserDetails(user);
    when(authentication.getPrincipal()).thenReturn(userDetail);
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) SecurityContext(org.springframework.security.core.context.SecurityContext) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) Before(org.junit.Before)

Example 3 with Builder

use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.

the class DataAuthorizableTest method testCheckAuthorizationUserChain.

@Test
public void testCheckAuthorizationUserChain() {
    final NiFiUser proxy2 = new Builder().identity(PROXY_2).build();
    final NiFiUser proxy1 = new Builder().identity(PROXY_1).chain(proxy2).build();
    final NiFiUser user = new Builder().identity(IDENTITY_1).chain(proxy1).build();
    final AuthorizationResult result = testDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, user, null);
    assertEquals(Result.Approved, result.getResult());
    verify(testAuthorizer, times(3)).authorize(any(AuthorizationRequest.class));
    verifyAuthorizeForUser(IDENTITY_1);
    verifyAuthorizeForUser(PROXY_1);
    verifyAuthorizeForUser(PROXY_2);
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) Test(org.junit.Test)

Example 4 with Builder

use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.

the class DataAuthorizableTest method testAuthorizeUnauthorizedUser.

@Test(expected = AccessDeniedException.class)
public void testAuthorizeUnauthorizedUser() {
    final NiFiUser user = new Builder().identity("unknown").build();
    testDataAuthorizable.authorize(testAuthorizer, RequestAction.READ, user, null);
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) Test(org.junit.Test)

Example 5 with Builder

use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.

the class DataAuthorizableTest method testCheckAuthorizationUnauthorizedUser.

@Test
public void testCheckAuthorizationUnauthorizedUser() {
    final NiFiUser user = new Builder().identity("unknown").build();
    final AuthorizationResult result = testDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, user, null);
    assertEquals(Result.Denied, result.getResult());
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) Test(org.junit.Test)

Aggregations

Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)17 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)12 Test (org.junit.Test)12 NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)11 NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)10 Authentication (org.springframework.security.core.Authentication)7 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)5 ArgumentMatcher (org.mockito.ArgumentMatcher)5 InvalidAuthenticationException (org.apache.nifi.web.security.InvalidAuthenticationException)4 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)3 StandardNiFiUser (org.apache.nifi.authorization.user.StandardNiFiUser)2 HistoryDTO (org.apache.nifi.web.api.dto.action.HistoryDTO)2 HistoryQueryDTO (org.apache.nifi.web.api.dto.action.HistoryQueryDTO)2 ActionEntity (org.apache.nifi.web.api.entity.ActionEntity)2 JOSEException (com.nimbusds.jose.JOSEException)1 JwtException (io.jsonwebtoken.JwtException)1 URI (java.net.URI)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1