use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.
the class StandardNiFiServiceFacadeTest method testGetActionsForUser2.
@Test
public void testGetActionsForUser2() throws Exception {
// set the user
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_2).build()));
SecurityContextHolder.getContext().setAuthentication(authentication);
final HistoryDTO dto = serviceFacade.getActions(new HistoryQueryDTO());
// verify user 2 only has access to actions for processor 2
dto.getActions().forEach(action -> {
if (PROCESSOR_ID_1.equals(action.getSourceId())) {
assertFalse(action.getCanRead());
assertNull(action.getAction());
} else if (PROCESSOR_ID_2.equals(action.getSourceId())) {
assertTrue(action.getCanRead());
}
});
}
use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.
the class StandardNiFiServiceFacadeTest method testGetActionDeniedDespiteControllerAccess.
@Test(expected = AccessDeniedException.class)
public void testGetActionDeniedDespiteControllerAccess() throws Exception {
// set the user
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_2).build()));
SecurityContextHolder.getContext().setAuthentication(authentication);
try {
// get the action
serviceFacade.getAction(ACTION_ID_1);
fail();
} finally {
// resource exists, but should trigger access denied and will not check the controller
verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {
@Override
public boolean matches(Object o) {
return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
}
}));
verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {
@Override
public boolean matches(Object o) {
return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
}
}));
}
}
use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.
the class StandardNiFiServiceFacadeTest method testGetActionApprovedThroughAction.
@Test
public void testGetActionApprovedThroughAction() throws Exception {
// set the user
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_1).build()));
SecurityContextHolder.getContext().setAuthentication(authentication);
// get the action
final ActionEntity entity = serviceFacade.getAction(ACTION_ID_1);
// verify
assertEquals(ACTION_ID_1, entity.getId());
assertTrue(entity.getCanRead());
// resource exists and is approved, no need to check the controller
verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {
@Override
public boolean matches(Object o) {
return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
}
}));
verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {
@Override
public boolean matches(Object o) {
return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
}
}));
}
use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.
the class StandardNiFiServiceFacadeTest method testGetActionsForUser1.
@Test
public void testGetActionsForUser1() throws Exception {
// set the user
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_1).build()));
SecurityContextHolder.getContext().setAuthentication(authentication);
final HistoryDTO dto = serviceFacade.getActions(new HistoryQueryDTO());
// verify user 1 only has access to actions for processor 1
dto.getActions().forEach(action -> {
if (PROCESSOR_ID_1.equals(action.getSourceId())) {
assertTrue(action.getCanRead());
} else if (PROCESSOR_ID_2.equals(action.getSourceId())) {
assertFalse(action.getCanRead());
assertNull(action.getAction());
}
});
}
use of org.apache.nifi.authorization.user.StandardNiFiUser.Builder in project nifi by apache.
the class JwtAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication;
try {
final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken());
final String mappedIdentity = mapIdentity(jwtPrincipal);
final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
return new NiFiAuthenticationToken(new NiFiUserDetails(user));
} catch (JwtException e) {
throw new InvalidAuthenticationException(e.getMessage(), e);
}
}
Aggregations