Search in sources :

Example 1 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class KnoxAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication;
    try {
        final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken());
        final String mappedIdentity = mapIdentity(jwtPrincipal);
        final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
        return new NiFiAuthenticationToken(new NiFiUserDetails(user));
    } catch (ParseException | JOSEException e) {
        logger.info("Unable to validate the access token: " + e.getMessage(), e);
        throw new InvalidAuthenticationException("Unable to validate the access token.", e);
    }
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken)

Example 2 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class OtpAuthenticationProviderTest method testDownload.

@Test
public void testDownload() throws Exception {
    final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true, null);
    final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
    final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
    assertEquals(DOWNLOAD_AUTHENTICATED_USER, details.getUsername());
    verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
    verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
}
Also used : NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 3 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class X509AuthenticationProviderTest method testAnonymousProxyInChain.

@Test
public void testAnonymousProxyInChain() {
    final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(IDENTITY_1, ANONYMOUS), PROXY_1));
    final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
    assertNotNull(user);
    assertEquals(IDENTITY_1, user.getIdentity());
    assertFalse(user.isAnonymous());
    assertNotNull(user.getChain());
    assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getChain().getIdentity());
    assertTrue(user.getChain().isAnonymous());
    assertNotNull(user.getChain().getChain());
    assertEquals(PROXY_1, user.getChain().getChain().getIdentity());
    assertFalse(user.getChain().getChain().isAnonymous());
}
Also used : StandardNiFiUser(org.apache.nifi.authorization.user.StandardNiFiUser) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 4 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class X509AuthenticationProviderTest method testAnonymousWithOneProxy.

@Test
public void testAnonymousWithOneProxy() {
    final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(ANONYMOUS), PROXY_1));
    final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
    assertNotNull(user);
    assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getIdentity());
    assertTrue(user.isAnonymous());
    assertNotNull(user.getChain());
    assertEquals(PROXY_1, user.getChain().getIdentity());
    assertFalse(user.getChain().isAnonymous());
}
Also used : StandardNiFiUser(org.apache.nifi.authorization.user.StandardNiFiUser) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 5 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testMonitorNotifiedOnFailureResponse.

@Test(timeout = 5000)
public void testMonitorNotifiedOnFailureResponse() {
    withReplicator(replicator -> {
        final Object monitor = new Object();
        final CountDownLatch preNotifyLatch = new CountDownLatch(1);
        final CountDownLatch postNotifyLatch = new CountDownLatch(1);
        new Thread(new Runnable() {

            @Override
            public void run() {
                synchronized (monitor) {
                    while (true) {
                        // If monitor is not notified, this will block indefinitely, and the test will timeout
                        try {
                            preNotifyLatch.countDown();
                            monitor.wait();
                            break;
                        } catch (InterruptedException e) {
                            continue;
                        }
                    }
                    postNotifyLatch.countDown();
                }
            }
        }).start();
        // wait for the background thread to notify that it is synchronized on monitor.
        preNotifyLatch.await();
        final Set<NodeIdentifier> nodeIds = new HashSet<>();
        final NodeIdentifier nodeId = new NodeIdentifier("1", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false);
        nodeIds.add(nodeId);
        final URI uri = new URI("http://localhost:8080/processors/1");
        final Entity entity = new ProcessorEntity();
        // set the user
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // ensure the proxied entities header is set
        final Map<String, String> updatedHeaders = new HashMap<>();
        replicator.updateRequestHeaders(updatedHeaders, NiFiUserUtils.getNiFiUser());
        replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, updatedHeaders, true, null, true, true, monitor);
        // wait for monitor to be notified.
        postNotifyLatch.await();
    }, Status.INTERNAL_SERVER_ERROR, 0L, null);
}
Also used : ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) Entity(org.apache.nifi.web.api.entity.Entity) HashMap(java.util.HashMap) CountDownLatch(java.util.concurrent.CountDownLatch) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)29 NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)29 Test (org.junit.Test)23 Authentication (org.springframework.security.core.Authentication)17 URI (java.net.URI)12 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)12 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)11 HashSet (java.util.HashSet)10 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)10 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)10 Entity (org.apache.nifi.web.api.entity.Entity)8 HashMap (java.util.HashMap)7 StandardNiFiUser (org.apache.nifi.authorization.user.StandardNiFiUser)7 NodeResponse (org.apache.nifi.cluster.manager.NodeResponse)6 InvalidAuthenticationException (org.apache.nifi.web.security.InvalidAuthenticationException)5 Map (java.util.Map)4 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)3 ArgumentMatcher (org.mockito.ArgumentMatcher)3 JwtException (io.jsonwebtoken.JwtException)2 ApiOperation (io.swagger.annotations.ApiOperation)2