Examples with BasicAuthIdentityProvider org.apache.nifi.registry.security.authentication.BasicAuthIdentityProvider used on opensource projects

Example 1 with BasicAuthIdentityProvider

use of org.apache.nifi.registry.security.authentication.BasicAuthIdentityProvider in project nifi-registry by apache.

the class AccessResource method createAccessTokenUsingBasicAuthCredentials.

/**
 * Creates a token for accessing the REST API.
 *
 * @param httpServletRequest the servlet request
 * @return A JWT (string)
 */
@POST
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.TEXT_PLAIN)
@Path("/token/login")
@ApiOperation(value = "Creates a token for accessing the REST API via username/password", notes = "The user credentials must be passed in standard HTTP Basic Auth format. " + "That is: 'Authorization: Basic <credentials>', where <credentials> is the base64 encoded value of '<username>:<password>'. " + "The token returned is formatted as a JSON Web Token (JWT). The token is base64 encoded and comprised of three parts. The header, " + "the body, and the signature. The expiration of the token is a contained within the body. The token can be used in the Authorization header " + "in the format 'Authorization: Bearer <token>'.", response = String.class, authorizations = { @Authorization("BasicAuth") })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409 + " The NiFi Registry may not be configured to support login with username/password."), @ApiResponse(code = 500, message = HttpStatusMessages.MESSAGE_500) })
public Response createAccessTokenUsingBasicAuthCredentials(@Context HttpServletRequest httpServletRequest) {
    // only support access tokens when communicating over HTTPS
    if (!httpServletRequest.isSecure()) {
        throw new IllegalStateException("Access tokens are only issued over HTTPS");
    }
    // if not configured with custom identity provider, or if provider doesn't support HTTP Basic Auth, don't consider credentials
    if (identityProvider == null) {
        logger.debug("An Identity Provider must be configured to use this endpoint. Please consult the administration guide.");
        throw new IllegalStateException("Username/Password login not supported by this NiFi. Contact System Administrator.");
    }
    if (!(identityProvider instanceof BasicAuthIdentityProvider)) {
        logger.debug("An Identity Provider is configured, but it does not support HTTP Basic Auth authentication. " + "The configured Identity Provider must extend {}", BasicAuthIdentityProvider.class);
        throw new IllegalStateException("Username/Password login not supported by this NiFi. Contact System Administrator.");
    }
    // generate JWT for response
    AuthenticationRequest authenticationRequest = identityProvider.extractCredentials(httpServletRequest);
    if (authenticationRequest == null) {
        throw new UnauthorizedException("The client credentials are missing from the request.").withAuthenticateChallenge(IdentityProviderUsage.AuthType.OTHER);
    }
    final String token;
    try {
        token = createAccessToken(identityProvider, authenticationRequest);
    } catch (final InvalidCredentialsException ice) {
        throw new UnauthorizedException("The supplied client credentials are not valid.", ice).withAuthenticateChallenge(IdentityProviderUsage.AuthType.OTHER);
    }
    // form the response
    final URI uri = URI.create(generateResourceUri("access", "token"));
    return generateCreatedResponse(uri, token).build();
}