use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.
the class KnoxAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication;
try {
final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken());
final String mappedIdentity = mapIdentity(jwtPrincipal);
final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build();
return new NiFiAuthenticationToken(new NiFiUserDetails(user));
} catch (ParseException | JOSEException e) {
logger.info("Unable to validate the access token: " + e.getMessage(), e);
throw new InvalidAuthenticationException("Unable to validate the access token.", e);
}
}
use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.
the class OtpAuthenticationProviderTest method testDownload.
@Test
public void testDownload() throws Exception {
final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true, null);
final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
assertEquals(DOWNLOAD_AUTHENTICATED_USER, details.getUsername());
verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
}
use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.
the class X509AuthenticationProviderTest method testAnonymousProxyInChain.
@Test
public void testAnonymousProxyInChain() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(IDENTITY_1, ANONYMOUS), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(IDENTITY_1, user.getIdentity());
assertFalse(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getChain().getIdentity());
assertTrue(user.getChain().isAnonymous());
assertNotNull(user.getChain().getChain());
assertEquals(PROXY_1, user.getChain().getChain().getIdentity());
assertFalse(user.getChain().getChain().isAnonymous());
}
use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.
the class X509AuthenticationProviderTest method testAnonymousWithOneProxy.
@Test
public void testAnonymousWithOneProxy() {
final NiFiAuthenticationToken auth = (NiFiAuthenticationToken) x509AuthenticationProvider.authenticate(getX509Request(buildProxyChain(ANONYMOUS), PROXY_1));
final NiFiUser user = ((NiFiUserDetails) auth.getDetails()).getNiFiUser();
assertNotNull(user);
assertEquals(StandardNiFiUser.ANONYMOUS_IDENTITY, user.getIdentity());
assertTrue(user.isAnonymous());
assertNotNull(user.getChain());
assertEquals(PROXY_1, user.getChain().getIdentity());
assertFalse(user.getChain().isAnonymous());
}
use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.
the class TestThreadPoolRequestReplicator method testMonitorNotifiedOnFailureResponse.
@Test(timeout = 5000)
public void testMonitorNotifiedOnFailureResponse() {
withReplicator(replicator -> {
final Object monitor = new Object();
final CountDownLatch preNotifyLatch = new CountDownLatch(1);
final CountDownLatch postNotifyLatch = new CountDownLatch(1);
new Thread(new Runnable() {
@Override
public void run() {
synchronized (monitor) {
while (true) {
// If monitor is not notified, this will block indefinitely, and the test will timeout
try {
preNotifyLatch.countDown();
monitor.wait();
break;
} catch (InterruptedException e) {
continue;
}
}
postNotifyLatch.countDown();
}
}
}).start();
// wait for the background thread to notify that it is synchronized on monitor.
preNotifyLatch.await();
final Set<NodeIdentifier> nodeIds = new HashSet<>();
final NodeIdentifier nodeId = new NodeIdentifier("1", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false);
nodeIds.add(nodeId);
final URI uri = new URI("http://localhost:8080/processors/1");
final Entity entity = new ProcessorEntity();
// set the user
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
SecurityContextHolder.getContext().setAuthentication(authentication);
// ensure the proxied entities header is set
final Map<String, String> updatedHeaders = new HashMap<>();
replicator.updateRequestHeaders(updatedHeaders, NiFiUserUtils.getNiFiUser());
replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, updatedHeaders, true, null, true, true, monitor);
// wait for monitor to be notified.
postNotifyLatch.await();
}, Status.INTERNAL_SERVER_ERROR, 0L, null);
}
Aggregations