Search in sources :

Example 6 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testCompleteOnError.

@Test(timeout = 15000)
public void testCompleteOnError() {
    withReplicator(replicator -> {
        final Set<NodeIdentifier> nodeIds = new HashSet<>();
        final NodeIdentifier id1 = new NodeIdentifier("1", "localhost", 8100, "localhost", 8101, "localhost", 8102, 8103, false);
        final NodeIdentifier id2 = new NodeIdentifier("2", "localhost", 8200, "localhost", 8201, "localhost", 8202, 8203, false);
        final NodeIdentifier id3 = new NodeIdentifier("3", "localhost", 8300, "localhost", 8301, "localhost", 8302, 8303, false);
        final NodeIdentifier id4 = new NodeIdentifier("4", "localhost", 8400, "localhost", 8401, "localhost", 8402, 8403, false);
        nodeIds.add(id1);
        nodeIds.add(id2);
        nodeIds.add(id3);
        nodeIds.add(id4);
        final URI uri = new URI("http://localhost:8080/processors/1");
        final Entity entity = new ProcessorEntity();
        // set the user
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        final AsyncClusterResponse response = replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, new HashMap<>(), true, true);
        assertNotNull(response.awaitMergedResponse(1, TimeUnit.SECONDS));
    }, null, 0L, new IllegalArgumentException("Exception created for unit test"));
}
Also used : ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) Entity(org.apache.nifi.web.api.entity.Entity) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 7 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testOneNodeRejectsTwoPhaseCommit.

@Test(timeout = 15000)
public void testOneNodeRejectsTwoPhaseCommit() {
    final Set<NodeIdentifier> nodeIds = new HashSet<>();
    nodeIds.add(new NodeIdentifier("1", "localhost", 8100, "localhost", 8101, "localhost", 8102, 8103, false));
    nodeIds.add(new NodeIdentifier("2", "localhost", 8200, "localhost", 8201, "localhost", 8202, 8203, false));
    final ClusterCoordinator coordinator = createClusterCoordinator();
    final AtomicInteger requestCount = new AtomicInteger(0);
    final NiFiProperties props = NiFiProperties.createBasicNiFiProperties(null, null);
    final ThreadPoolRequestReplicator replicator = new ThreadPoolRequestReplicator(2, 5, 100, ClientBuilder.newClient(), coordinator, "1 sec", "1 sec", null, null, props) {

        @Override
        protected NodeResponse replicateRequest(final Invocation invocation, final NodeIdentifier nodeId, final String method, final URI uri, final String requestId, Map<String, String> givenHeaders, final StandardAsyncClusterResponse response) {
            // the resource builder will not expose its headers to us, so we are using Mockito's Whitebox class to extract them.
            final ClientRequest requestContext = (ClientRequest) Whitebox.getInternalState(invocation, "requestContext");
            final Object expectsHeader = requestContext.getHeaders().getFirst(ThreadPoolRequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
            final int requestIndex = requestCount.incrementAndGet();
            assertEquals(ThreadPoolRequestReplicator.NODE_CONTINUE, expectsHeader);
            if (requestIndex == 1) {
                final Response clientResponse = mock(Response.class);
                when(clientResponse.getStatus()).thenReturn(150);
                return new NodeResponse(nodeId, method, uri, clientResponse, -1L, requestId);
            } else {
                final IllegalClusterStateException explanation = new IllegalClusterStateException("Intentional Exception for Unit Testing");
                return new NodeResponse(nodeId, method, uri, explanation);
            }
        }
    };
    try {
        // set the user
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        final AsyncClusterResponse clusterResponse = replicator.replicate(nodeIds, HttpMethod.POST, new URI("http://localhost:80/processors/1"), new ProcessorEntity(), new HashMap<>(), true, true);
        clusterResponse.awaitMergedResponse();
        Assert.fail("Expected to get an IllegalClusterStateException but did not");
    } catch (final IllegalClusterStateException e) {
    // Expected
    } catch (final Exception e) {
        Assert.fail(e.toString());
    } finally {
        replicator.shutdown();
    }
}
Also used : NiFiProperties(org.apache.nifi.util.NiFiProperties) Invocation(javax.ws.rs.client.Invocation) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) ClientRequest(org.glassfish.jersey.client.ClientRequest) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) IllegalClusterStateException(org.apache.nifi.cluster.manager.exception.IllegalClusterStateException) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) DisconnectedNodeMutableRequestException(org.apache.nifi.cluster.manager.exception.DisconnectedNodeMutableRequestException) URISyntaxException(java.net.URISyntaxException) IllegalClusterStateException(org.apache.nifi.cluster.manager.exception.IllegalClusterStateException) ProcessingException(javax.ws.rs.ProcessingException) ConnectingNodeMutableRequestException(org.apache.nifi.cluster.manager.exception.ConnectingNodeMutableRequestException) SocketTimeoutException(java.net.SocketTimeoutException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) Response(javax.ws.rs.core.Response) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Map(java.util.Map) HashMap(java.util.HashMap) MultiValueMap(org.apache.commons.collections4.map.MultiValueMap) Test(org.junit.Test)

Example 8 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testFailedRequestsAreCleanedUp.

@Test
public void testFailedRequestsAreCleanedUp() {
    withReplicator(replicator -> {
        final Set<NodeIdentifier> nodeIds = new HashSet<>();
        nodeIds.add(new NodeIdentifier("1", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false));
        final URI uri = new URI("http://localhost:8080/processors/1");
        final Entity entity = new ProcessorEntity();
        // set the user
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        final AsyncClusterResponse response = replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, new HashMap<>(), true, true);
        // We should get back the same response object
        assertTrue(response == replicator.getClusterResponse(response.getRequestIdentifier()));
        assertEquals(HttpMethod.GET, response.getMethod());
        assertEquals(nodeIds, response.getNodesInvolved());
        assertTrue(response == replicator.getClusterResponse(response.getRequestIdentifier()));
        final NodeResponse nodeResponse = response.awaitMergedResponse(3, TimeUnit.SECONDS);
        assertEquals(8000, nodeResponse.getNodeId().getApiPort());
        assertEquals(Response.Status.FORBIDDEN.getStatusCode(), nodeResponse.getStatus());
        assertNull(replicator.getClusterResponse(response.getRequestIdentifier()));
    }, Status.FORBIDDEN, 0L, null);
}
Also used : ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) Entity(org.apache.nifi.web.api.entity.Entity) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 9 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testMonitorNotifiedOnException.

@Test(timeout = 5000)
public void testMonitorNotifiedOnException() {
    withReplicator(replicator -> {
        final Object monitor = new Object();
        final CountDownLatch preNotifyLatch = new CountDownLatch(1);
        final CountDownLatch postNotifyLatch = new CountDownLatch(1);
        new Thread(new Runnable() {

            @Override
            public void run() {
                synchronized (monitor) {
                    while (true) {
                        // If monitor is not notified, this will block indefinitely, and the test will timeout
                        try {
                            preNotifyLatch.countDown();
                            monitor.wait();
                            break;
                        } catch (InterruptedException e) {
                            continue;
                        }
                    }
                    postNotifyLatch.countDown();
                }
            }
        }).start();
        // wait for the background thread to notify that it is synchronized on monitor.
        preNotifyLatch.await();
        try {
            // set the user
            final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
            SecurityContextHolder.getContext().setAuthentication(authentication);
            // ensure the proxied entities header is set
            final Map<String, String> updatedHeaders = new HashMap<>();
            replicator.updateRequestHeaders(updatedHeaders, NiFiUserUtils.getNiFiUser());
            // Pass in Collections.emptySet() for the node ID's so that an Exception is thrown
            replicator.replicate(Collections.emptySet(), "GET", new URI("localhost:8080/nifi"), Collections.emptyMap(), updatedHeaders, true, null, true, true, monitor);
            Assert.fail("replicate did not throw IllegalArgumentException");
        } catch (final IllegalArgumentException iae) {
        // expected
        }
        // wait for monitor to be notified.
        postNotifyLatch.await();
    });
}
Also used : HashMap(java.util.HashMap) CountDownLatch(java.util.concurrent.CountDownLatch) URI(java.net.URI) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Authentication(org.springframework.security.core.Authentication) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) Test(org.junit.Test)

Example 10 with NiFiAuthenticationToken

use of org.apache.nifi.web.security.token.NiFiAuthenticationToken in project nifi by apache.

the class TestThreadPoolRequestReplicator method testMultipleRequestWithTwoPhaseCommit.

@Test(timeout = 15000)
public void testMultipleRequestWithTwoPhaseCommit() {
    final Set<NodeIdentifier> nodeIds = new HashSet<>();
    final NodeIdentifier nodeId = new NodeIdentifier("1", "localhost", 8100, "localhost", 8101, "localhost", 8102, 8103, false);
    nodeIds.add(nodeId);
    final ClusterCoordinator coordinator = mock(ClusterCoordinator.class);
    when(coordinator.getConnectionStatus(Mockito.any(NodeIdentifier.class))).thenReturn(new NodeConnectionStatus(nodeId, NodeConnectionState.CONNECTED));
    final AtomicInteger requestCount = new AtomicInteger(0);
    final NiFiProperties props = NiFiProperties.createBasicNiFiProperties(null, null);
    final ThreadPoolRequestReplicator replicator = new ThreadPoolRequestReplicator(2, 5, 100, ClientBuilder.newClient(), coordinator, "1 sec", "1 sec", null, null, props) {

        @Override
        protected NodeResponse replicateRequest(final Invocation invocation, final NodeIdentifier nodeId, final String method, final URI uri, final String requestId, Map<String, String> givenHeaders, final StandardAsyncClusterResponse response) {
            // the resource builder will not expose its headers to us, so we are using Mockito's Whitebox class to extract them.
            final ClientRequest requestContext = (ClientRequest) Whitebox.getInternalState(invocation, "requestContext");
            final Object expectsHeader = requestContext.getHeaders().getFirst(ThreadPoolRequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
            final int statusCode;
            if (requestCount.incrementAndGet() == 1) {
                assertEquals(ThreadPoolRequestReplicator.NODE_CONTINUE, expectsHeader);
                statusCode = 150;
            } else {
                assertNull(expectsHeader);
                statusCode = Status.OK.getStatusCode();
            }
            // Return given response from all nodes.
            final Response clientResponse = mock(Response.class);
            when(clientResponse.getStatus()).thenReturn(statusCode);
            return new NodeResponse(nodeId, method, uri, clientResponse, -1L, requestId);
        }
    };
    try {
        // set the user
        final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(StandardNiFiUser.ANONYMOUS));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        final AsyncClusterResponse clusterResponse = replicator.replicate(nodeIds, HttpMethod.POST, new URI("http://localhost:80/processors/1"), new ProcessorEntity(), new HashMap<>(), true, true);
        clusterResponse.awaitMergedResponse();
        // Ensure that we received two requests - the first should contain the X-NcmExpects header; the second should not.
        // These assertions are validated above, in the overridden replicateRequest method.
        assertEquals(2, requestCount.get());
    } catch (final Exception e) {
        e.printStackTrace();
        Assert.fail(e.toString());
    } finally {
        replicator.shutdown();
    }
}
Also used : NiFiProperties(org.apache.nifi.util.NiFiProperties) Invocation(javax.ws.rs.client.Invocation) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) URI(java.net.URI) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) ClientRequest(org.glassfish.jersey.client.ClientRequest) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) HashSet(java.util.HashSet) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) DisconnectedNodeMutableRequestException(org.apache.nifi.cluster.manager.exception.DisconnectedNodeMutableRequestException) URISyntaxException(java.net.URISyntaxException) IllegalClusterStateException(org.apache.nifi.cluster.manager.exception.IllegalClusterStateException) ProcessingException(javax.ws.rs.ProcessingException) ConnectingNodeMutableRequestException(org.apache.nifi.cluster.manager.exception.ConnectingNodeMutableRequestException) SocketTimeoutException(java.net.SocketTimeoutException) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) NodeResponse(org.apache.nifi.cluster.manager.NodeResponse) Response(javax.ws.rs.core.Response) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) Authentication(org.springframework.security.core.Authentication) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Map(java.util.Map) HashMap(java.util.HashMap) MultiValueMap(org.apache.commons.collections4.map.MultiValueMap) Test(org.junit.Test)

Aggregations

NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)29 NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)29 Test (org.junit.Test)23 Authentication (org.springframework.security.core.Authentication)17 URI (java.net.URI)12 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)12 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)11 HashSet (java.util.HashSet)10 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)10 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)10 Entity (org.apache.nifi.web.api.entity.Entity)8 HashMap (java.util.HashMap)7 StandardNiFiUser (org.apache.nifi.authorization.user.StandardNiFiUser)7 NodeResponse (org.apache.nifi.cluster.manager.NodeResponse)6 InvalidAuthenticationException (org.apache.nifi.web.security.InvalidAuthenticationException)5 Map (java.util.Map)4 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)3 ArgumentMatcher (org.mockito.ArgumentMatcher)3 JwtException (io.jsonwebtoken.JwtException)2 ApiOperation (io.swagger.annotations.ApiOperation)2