Example 1 with OtpAuthenticationToken
use of org.apache.nifi.web.security.token.OtpAuthenticationToken in project nifi by apache.
the class AccessResource method createUiExtensionToken.
/**
* Creates a single use access token for accessing a NiFi UI extension.
*
* @param httpServletRequest the servlet request
* @return A token (string)
*/
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_PLAIN)
@Path("/ui-extension-token")
@ApiOperation(value = "Creates a single use access token for accessing a NiFi UI extension.", notes = "The token returned is a base64 encoded string. It is valid for a single request up to five minutes from being issued. " + "It is used as a query parameter name 'access_token'.", response = String.class)
@ApiResponses(value = { @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "Unable to create the download token because NiFi is not in the appropriate state. " + "(i.e. may not have any tokens to grant or be configured to support username/password login)"), @ApiResponse(code = 500, message = "Unable to create download token because an unexpected error occurred.") })
public Response createUiExtensionToken(@Context HttpServletRequest httpServletRequest) {
// only support access tokens when communicating over HTTPS
if (!httpServletRequest.isSecure()) {
throw new IllegalStateException("UI extension access tokens are only issued over HTTPS.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new AccessDeniedException("No user authenticated in the request.");
}
final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(user.getIdentity());
// generate otp for response
final String token = otpService.generateUiExtensionToken(authenticationToken);
// build the response
final URI uri = URI.create(generateResourceUri("access", "ui-extension-token"));
return generateCreatedResponse(uri, token).build();
}
Also used :
AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException)
OtpAuthenticationToken(org.apache.nifi.web.security.token.OtpAuthenticationToken)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
URI(java.net.URI)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with OtpAuthenticationToken
use of org.apache.nifi.web.security.token.OtpAuthenticationToken in project nifi by apache.
the class OtpServiceTest method testDownloadTokenExpiration.
@Test(expected = OtpAuthenticationException.class)
public void testDownloadTokenExpiration() throws Exception {
final OtpService otpServiceWithTightExpiration = new OtpService(2, TimeUnit.SECONDS);
final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(USER_1);
final String downloadToken = otpServiceWithTightExpiration.generateDownloadToken(authenticationToken);
// sleep for 4 seconds which should sufficiently expire the valid token
Thread.sleep(4 * 1000);
// attempt to get the token now that its expired
otpServiceWithTightExpiration.getAuthenticationFromDownloadToken(downloadToken);
}
Also used :
OtpAuthenticationToken(org.apache.nifi.web.security.token.OtpAuthenticationToken)
Test(org.junit.Test)
Example 3 with OtpAuthenticationToken
use of org.apache.nifi.web.security.token.OtpAuthenticationToken in project nifi by apache.
the class OtpServiceTest method testGetAuthenticationForValidDownloadToken.
@Test
public void testGetAuthenticationForValidDownloadToken() throws Exception {
final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(USER_1);
final String downloadToken = otpService.generateDownloadToken(authenticationToken);
final String authenticatedUser = otpService.getAuthenticationFromDownloadToken(downloadToken);
assertNotNull(authenticatedUser);
assertEquals(USER_1, authenticatedUser);
try {
// ensure the token is no longer valid
otpService.getAuthenticationFromDownloadToken(downloadToken);
fail();
} catch (final OtpAuthenticationException oae) {
}
}
Also used :
OtpAuthenticationToken(org.apache.nifi.web.security.token.OtpAuthenticationToken)
Test(org.junit.Test)
Example 4 with OtpAuthenticationToken
use of org.apache.nifi.web.security.token.OtpAuthenticationToken in project nifi by apache.
the class OtpServiceTest method testGetAuthenticationForValidUiExtensionToken.
@Test
public void testGetAuthenticationForValidUiExtensionToken() throws Exception {
final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(USER_1);
final String uiExtensionToken = otpService.generateUiExtensionToken(authenticationToken);
final String authenticatedUser = otpService.getAuthenticationFromUiExtensionToken(uiExtensionToken);
assertNotNull(authenticatedUser);
assertEquals(USER_1, authenticatedUser);
try {
// ensure the token is no longer valid
otpService.getAuthenticationFromUiExtensionToken(uiExtensionToken);
fail();
} catch (final OtpAuthenticationException oae) {
}
}
Also used :
OtpAuthenticationToken(org.apache.nifi.web.security.token.OtpAuthenticationToken)
Test(org.junit.Test)
Example 5 with OtpAuthenticationToken
use of org.apache.nifi.web.security.token.OtpAuthenticationToken in project nifi by apache.
the class AccessResource method createDownloadToken.
/**
* Creates a single use access token for downloading FlowFile content.
*
* @param httpServletRequest the servlet request
* @return A token (string)
*/
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_PLAIN)
@Path("/download-token")
@ApiOperation(value = "Creates a single use access token for downloading FlowFile content.", notes = "The token returned is a base64 encoded string. It is valid for a single request up to five minutes from being issued. " + "It is used as a query parameter name 'access_token'.", response = String.class)
@ApiResponses(value = { @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "Unable to create the download token because NiFi is not in the appropriate state. " + "(i.e. may not have any tokens to grant or be configured to support username/password login)"), @ApiResponse(code = 500, message = "Unable to create download token because an unexpected error occurred.") })
public Response createDownloadToken(@Context HttpServletRequest httpServletRequest) {
// only support access tokens when communicating over HTTPS
if (!httpServletRequest.isSecure()) {
throw new IllegalStateException("Download tokens are only issued over HTTPS.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new AccessDeniedException("No user authenticated in the request.");
}
final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(user.getIdentity());
// generate otp for response
final String token = otpService.generateDownloadToken(authenticationToken);
// build the response
final URI uri = URI.create(generateResourceUri("access", "download-token"));
return generateCreatedResponse(uri, token).build();
}
Also used :
AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException)
OtpAuthenticationToken(org.apache.nifi.web.security.token.OtpAuthenticationToken)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
URI(java.net.URI)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
OtpAuthenticationToken (org.apache.nifi.web.security.token.OtpAuthenticationToken)8
Test (org.junit.Test)6
ApiOperation (io.swagger.annotations.ApiOperation)2
ApiResponses (io.swagger.annotations.ApiResponses)2
URI (java.net.URI)2
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
Path (javax.ws.rs.Path)2
Produces (javax.ws.rs.Produces)2
AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)2
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)2
