Examples with CacheKey org.apache.nifi.web.security.util.CacheKey used on opensource projects

Example 1 with CacheKey

use of org.apache.nifi.web.security.util.CacheKey in project nifi by apache.

the class ApplicationResource method phaseTwoVerifyTransaction.

private <T extends Entity> Request<T> phaseTwoVerifyTransaction() {
    // get the transaction id
    final String transactionId = httpServletRequest.getHeader(RequestReplicator.REQUEST_TRANSACTION_ID_HEADER);
    if (StringUtils.isBlank(transactionId)) {
        throw new IllegalArgumentException("Two phase commit Transaction Id missing.");
    }
    // get the entry for the second phase
    final Request<T> request;
    synchronized (twoPhaseCommitCache) {
        final CacheKey key = new CacheKey(transactionId);
        request = (Request<T>) twoPhaseCommitCache.getIfPresent(key);
        if (request == null) {
            throw new IllegalArgumentException("The request from phase one is missing.");
        }
        twoPhaseCommitCache.invalidate(key);
    }
    final String phaseOneChain = request.getUserChain();
    // build the chain for the current request
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final String phaseTwoChain = ProxiedEntitiesUtils.buildProxiedEntitiesChainString(user);
    if (phaseOneChain == null || !phaseOneChain.equals(phaseTwoChain)) {
        throw new IllegalArgumentException("The same user must issue the request for phase one and two.");
    }
    final String phaseOneUri = request.getUri();
    if (phaseOneUri == null || !phaseOneUri.equals(getAbsolutePath().toString())) {
        throw new IllegalArgumentException("The URI must be the same for phase one and two.");
    }
    return request;
}

Example 2 with CacheKey

use of org.apache.nifi.web.security.util.CacheKey in project nifi by apache.

the class OidcService method exchangeAuthorizationCode.

/**
 * Exchanges the specified authorization grant for an ID token for the given request identifier.
 *
 * @param oidcRequestIdentifier request identifier
 * @param authorizationGrant authorization grant
 * @throws IOException exceptional case for communication error with the OpenId Connect provider
 */
public void exchangeAuthorizationCode(final String oidcRequestIdentifier, final AuthorizationGrant authorizationGrant) throws IOException {
    if (!isOidcEnabled()) {
        throw new IllegalStateException(OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED);
    }
    final CacheKey oidcRequestIdentifierKey = new CacheKey(oidcRequestIdentifier);
    final String nifiJwt = identityProvider.exchangeAuthorizationCode(authorizationGrant);
    try {
        // cache the jwt for later retrieval
        synchronized (jwtLookupForCompletedRequests) {
            final String cachedJwt = jwtLookupForCompletedRequests.get(oidcRequestIdentifierKey, () -> nifiJwt);
            if (!timeConstantEqualityCheck(nifiJwt, cachedJwt)) {
                throw new IllegalStateException("An existing login request is already in progress.");
            }
        }
    } catch (final ExecutionException e) {
        throw new IllegalStateException("Unable to store the login authentication token.");
    }
}

Example 3 with CacheKey

use of org.apache.nifi.web.security.util.CacheKey in project nifi by apache.

the class OtpService method generateToken.

/**
 * Generates a token and stores it in the specified cache.
 *
 * @param cache                     The cache
 * @param authenticationToken       The authentication
 * @return                          The one time use token
 */
private String generateToken(final ConcurrentMap<CacheKey, String> cache, final OtpAuthenticationToken authenticationToken) {
    if (cache.size() >= MAX_CACHE_SOFT_LIMIT) {
        throw new IllegalStateException("The maximum number of single use tokens have been issued.");
    }
    // hash the authentication and build a cache key
    final CacheKey cacheKey = new CacheKey(hash(authenticationToken));
    // store the token unless the token is already stored which should not update it's original timestamp
    cache.putIfAbsent(cacheKey, authenticationToken.getName());
    // return the token
    return cacheKey.getKey();
}

Example 4 with CacheKey

use of org.apache.nifi.web.security.util.CacheKey in project nifi by apache.

the class ApplicationResource method cancelTransaction.

private void cancelTransaction() {
    // get the transaction id
    final String transactionId = httpServletRequest.getHeader(RequestReplicator.REQUEST_TRANSACTION_ID_HEADER);
    if (StringUtils.isBlank(transactionId)) {
        throw new IllegalArgumentException("Two phase commit Transaction Id missing.");
    }
    synchronized (twoPhaseCommitCache) {
        final CacheKey key = new CacheKey(transactionId);
        twoPhaseCommitCache.invalidate(key);
    }
}

Example 5 with CacheKey

use of org.apache.nifi.web.security.util.CacheKey in project nifi by apache.

the class ApplicationResource method phaseOneStoreTransaction.

private <T extends Entity> void phaseOneStoreTransaction(final T requestEntity, final Revision revision, final Set<Revision> revisions) {
    if (twoPhaseCommitCache.size() > MAX_CACHE_SOFT_LIMIT) {
        throw new IllegalStateException("The maximum number of requests are in progress.");
    }
    // get the transaction id
    final String transactionId = httpServletRequest.getHeader(RequestReplicator.REQUEST_TRANSACTION_ID_HEADER);
    if (StringUtils.isBlank(transactionId)) {
        throw new IllegalArgumentException("Two phase commit Transaction Id missing.");
    }
    synchronized (twoPhaseCommitCache) {
        final CacheKey key = new CacheKey(transactionId);
        if (twoPhaseCommitCache.getIfPresent(key) != null) {
            throw new IllegalStateException("Transaction " + transactionId + " is already in progress.");
        }
        // store the entry for the second phase
        final NiFiUser user = NiFiUserUtils.getNiFiUser();
        final Request<T> request = new Request<>(ProxiedEntitiesUtils.buildProxiedEntitiesChainString(user), getAbsolutePath().toString(), revision, revisions, requestEntity);
        twoPhaseCommitCache.put(key, request);
    }
}