Search in sources :

Example 1 with DefaultTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy in project nifi by apache.

the class LdapUserGroupProvider method onConfigured.

@Override
public void onConfigured(final AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
    final LdapContextSource context = new LdapContextSource();
    final Map<String, Object> baseEnvironment = new HashMap<>();
    // connect/read time out
    setTimeout(configurationContext, baseEnvironment, PROP_CONNECT_TIMEOUT, "com.sun.jndi.ldap.connect.timeout");
    setTimeout(configurationContext, baseEnvironment, PROP_READ_TIMEOUT, "com.sun.jndi.ldap.read.timeout");
    // authentication strategy
    final PropertyValue rawAuthenticationStrategy = configurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY);
    final LdapAuthenticationStrategy authenticationStrategy;
    try {
        authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new AuthorizerCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy.getValue(), StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
    }
    switch(authenticationStrategy) {
        case ANONYMOUS:
            context.setAnonymousReadOnly(true);
            break;
        default:
            final String userDn = configurationContext.getProperty(PROP_MANAGER_DN).getValue();
            final String password = configurationContext.getProperty(PROP_MANAGER_PASSWORD).getValue();
            context.setUserDn(userDn);
            context.setPassword(password);
            switch(authenticationStrategy) {
                case SIMPLE:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    break;
                case LDAPS:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    // indicate a secure connection
                    baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
                    // get the configured ssl context
                    final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
                    if (ldapsSslContext != null) {
                        // initialize the ldaps socket factory prior to use
                        LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
                        baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
                    }
                    break;
                case START_TLS:
                    final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                    // shutdown gracefully
                    final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully").getValue();
                    if (StringUtils.isNotBlank(rawShutdownGracefully)) {
                        final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
                        tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
                    }
                    // get the configured ssl context
                    final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
                    if (startTlsSslContext != null) {
                        tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
                    }
                    // set the authentication strategy
                    context.setAuthenticationStrategy(tlsAuthenticationStrategy);
                    break;
            }
            break;
    }
    // referrals
    final String rawReferralStrategy = configurationContext.getProperty(PROP_REFERRAL_STRATEGY).getValue();
    final ReferralStrategy referralStrategy;
    try {
        referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new AuthorizerCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
    }
    // using the value as this needs to be the lowercase version while the value is configured with the enum constant
    context.setReferral(referralStrategy.getValue());
    // url
    final String urls = configurationContext.getProperty(PROP_URL).getValue();
    if (StringUtils.isBlank(urls)) {
        throw new AuthorizerCreationException("LDAP identity provider 'Url' must be specified.");
    }
    // connection
    context.setUrls(StringUtils.split(urls));
    // raw user search base
    final PropertyValue rawUserSearchBase = configurationContext.getProperty(PROP_USER_SEARCH_BASE);
    final PropertyValue rawUserObjectClass = configurationContext.getProperty(PROP_USER_OBJECT_CLASS);
    final PropertyValue rawUserSearchScope = configurationContext.getProperty(PROP_USER_SEARCH_SCOPE);
    // if loading the users, ensure the object class set
    if (rawUserSearchBase.isSet() && !rawUserObjectClass.isSet()) {
        throw new AuthorizerCreationException("LDAP user group provider 'User Object Class' must be specified when 'User Search Base' is set.");
    }
    // if loading the users, ensure the search scope is set
    if (rawUserSearchBase.isSet() && !rawUserSearchScope.isSet()) {
        throw new AuthorizerCreationException("LDAP user group provider 'User Search Scope' must be specified when 'User Search Base' is set.");
    }
    // user search criteria
    userSearchBase = rawUserSearchBase.getValue();
    userObjectClass = rawUserObjectClass.getValue();
    userSearchFilter = configurationContext.getProperty(PROP_USER_SEARCH_FILTER).getValue();
    userIdentityAttribute = configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE).getValue();
    userGroupNameAttribute = configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE).getValue();
    userGroupReferencedGroupAttribute = configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE).getValue();
    try {
        userSearchScope = SearchScope.valueOf(rawUserSearchScope.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new AuthorizerCreationException(String.format("Unrecognized user search scope '%s'. Possible values are [%s]", rawUserSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
    }
    // determine user behavior
    useDnForUserIdentity = StringUtils.isBlank(userIdentityAttribute);
    performUserSearch = StringUtils.isNotBlank(userSearchBase);
    // raw group search criteria
    final PropertyValue rawGroupSearchBase = configurationContext.getProperty(PROP_GROUP_SEARCH_BASE);
    final PropertyValue rawGroupObjectClass = configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS);
    final PropertyValue rawGroupSearchScope = configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE);
    // if loading the groups, ensure the object class is set
    if (rawGroupSearchBase.isSet() && !rawGroupObjectClass.isSet()) {
        throw new AuthorizerCreationException("LDAP user group provider 'Group Object Class' must be specified when 'Group Search Base' is set.");
    }
    // if loading the groups, ensure the search scope is set
    if (rawGroupSearchBase.isSet() && !rawGroupSearchScope.isSet()) {
        throw new AuthorizerCreationException("LDAP user group provider 'Group Search Scope' must be specified when 'Group Search Base' is set.");
    }
    // group search criteria
    groupSearchBase = rawGroupSearchBase.getValue();
    groupObjectClass = rawGroupObjectClass.getValue();
    groupSearchFilter = configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER).getValue();
    groupNameAttribute = configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE).getValue();
    groupMemberAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE).getValue();
    groupMemberReferencedUserAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE).getValue();
    try {
        groupSearchScope = SearchScope.valueOf(rawGroupSearchScope.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new AuthorizerCreationException(String.format("Unrecognized group search scope '%s'. Possible values are [%s]", rawGroupSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
    }
    // determine group behavior
    useDnForGroupName = StringUtils.isBlank(groupNameAttribute);
    performGroupSearch = StringUtils.isNotBlank(groupSearchBase);
    // ensure we are either searching users or groups (at least one must be specified)
    if (!performUserSearch && !performGroupSearch) {
        throw new AuthorizerCreationException("LDAP user group provider 'User Search Base' or 'Group Search Base' must be specified.");
    }
    // ensure group member attribute is set if searching groups but not users
    if (performGroupSearch && !performUserSearch && StringUtils.isBlank(groupMemberAttribute)) {
        throw new AuthorizerCreationException("'Group Member Attribute' is required when searching groups but not users.");
    }
    // ensure that performUserSearch is set when groupMemberReferencedUserAttribute is specified
    if (StringUtils.isNotBlank(groupMemberReferencedUserAttribute) && !performUserSearch) {
        throw new AuthorizerCreationException("''User Search Base' must be set when specifying 'Group Member Attribute - Referenced User Attribute'.");
    }
    // ensure that performGroupSearch is set when userGroupReferencedGroupAttribute is specified
    if (StringUtils.isNotBlank(userGroupReferencedGroupAttribute) && !performGroupSearch) {
        throw new AuthorizerCreationException("'Group Search Base' must be set when specifying 'User Group Name Attribute - Referenced Group Attribute'.");
    }
    // get the page size if configured
    final PropertyValue rawPageSize = configurationContext.getProperty(PROP_PAGE_SIZE);
    if (rawPageSize.isSet() && StringUtils.isNotBlank(rawPageSize.getValue())) {
        pageSize = rawPageSize.asInteger();
    }
    // extract the identity mappings from nifi.properties if any are provided
    identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
    // set the base environment is necessary
    if (!baseEnvironment.isEmpty()) {
        context.setBaseEnvironmentProperties(baseEnvironment);
    }
    try {
        // handling initializing beans
        context.afterPropertiesSet();
    } catch (final Exception e) {
        throw new AuthorizerCreationException(e.getMessage(), e);
    }
    final PropertyValue rawSyncInterval = configurationContext.getProperty(PROP_SYNC_INTERVAL);
    final long syncInterval;
    if (rawSyncInterval.isSet()) {
        try {
            syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(), TimeUnit.MILLISECONDS);
        } catch (final IllegalArgumentException iae) {
            throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", PROP_SYNC_INTERVAL, rawSyncInterval.getValue()));
        }
        if (syncInterval < MINIMUM_SYNC_INTERVAL_MILLISECONDS) {
            throw new AuthorizerCreationException(String.format("The %s '%s' is below the minimum value of '%d ms'", PROP_SYNC_INTERVAL, rawSyncInterval.getValue(), MINIMUM_SYNC_INTERVAL_MILLISECONDS));
        }
    } else {
        throw new AuthorizerCreationException(String.format("The '%s' must be specified.", PROP_SYNC_INTERVAL));
    }
    try {
        // perform the initial load, tenants must be loaded as the configured UserGroupProvider is supplied
        // to the AccessPolicyProvider for granting initial permissions
        load(context);
        // ensure the tenants were successfully synced
        if (tenants.get() == null) {
            throw new AuthorizerCreationException("Unable to sync users and groups.");
        }
        // schedule the background thread to load the users/groups
        ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval, syncInterval, TimeUnit.MILLISECONDS);
    } catch (final AuthorizationAccessException e) {
        throw new AuthorizerCreationException(e);
    }
}
Also used : LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) HashMap(java.util.HashMap) SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy) AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException) PropertyValue(org.apache.nifi.components.PropertyValue) AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy) LdapAuthenticationStrategy(org.apache.nifi.ldap.LdapAuthenticationStrategy) SSLContext(javax.net.ssl.SSLContext) LdapsSocketFactory(org.apache.nifi.ldap.LdapsSocketFactory) NamingException(javax.naming.NamingException) KeyStoreException(java.security.KeyStoreException) AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException) AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException) ReferralStrategy(org.apache.nifi.ldap.ReferralStrategy) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)

Example 2 with DefaultTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy in project nifi-registry by apache.

the class LdapIdentityProvider method onConfigured.

@Override
public final void onConfigured(final IdentityProviderConfigurationContext configurationContext) throws SecurityProviderCreationException {
    final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
    if (StringUtils.isBlank(rawExpiration)) {
        throw new SecurityProviderCreationException("The Authentication Expiration must be specified.");
    }
    try {
        expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
    }
    final LdapContextSource context = new LdapContextSource();
    final Map<String, Object> baseEnvironment = new HashMap<>();
    // connect/read time out
    setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout");
    setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout");
    // authentication strategy
    final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy");
    final LdapAuthenticationStrategy authenticationStrategy;
    try {
        authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
    }
    switch(authenticationStrategy) {
        case ANONYMOUS:
            context.setAnonymousReadOnly(true);
            break;
        default:
            final String userDn = configurationContext.getProperty("Manager DN");
            final String password = configurationContext.getProperty("Manager Password");
            context.setUserDn(userDn);
            context.setPassword(password);
            switch(authenticationStrategy) {
                case SIMPLE:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    break;
                case LDAPS:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    // indicate a secure connection
                    baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
                    // get the configured ssl context
                    final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
                    if (ldapsSslContext != null) {
                        // initialize the ldaps socket factory prior to use
                        LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
                        baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
                    }
                    break;
                case START_TLS:
                    final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                    // shutdown gracefully
                    final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully");
                    if (StringUtils.isNotBlank(rawShutdownGracefully)) {
                        final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
                        tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
                    }
                    // get the configured ssl context
                    final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
                    if (startTlsSslContext != null) {
                        tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
                    }
                    // set the authentication strategy
                    context.setAuthenticationStrategy(tlsAuthenticationStrategy);
                    break;
            }
            break;
    }
    // referrals
    final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy");
    final ReferralStrategy referralStrategy;
    try {
        referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
    }
    // using the value as this needs to be the lowercase version while the value is configured with the enum constant
    context.setReferral(referralStrategy.getValue());
    // url
    final String urls = configurationContext.getProperty("Url");
    if (StringUtils.isBlank(urls)) {
        throw new SecurityProviderCreationException("LDAP identity provider 'Url' must be specified.");
    }
    // connection
    context.setUrls(StringUtils.split(urls));
    // search criteria
    final String userSearchBase = configurationContext.getProperty("User Search Base");
    final String userSearchFilter = configurationContext.getProperty("User Search Filter");
    if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) {
        throw new SecurityProviderCreationException("LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified.");
    }
    final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
    // bind
    final BindAuthenticator authenticator = new BindAuthenticator(context);
    authenticator.setUserSearch(userSearch);
    // identity strategy
    final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy");
    if (StringUtils.isBlank(rawIdentityStrategy)) {
        logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN));
        // if this value is not configured, default to use dn which was the previous implementation
        identityStrategy = IdentityStrategy.USE_DN;
    } else {
        try {
            // attempt to get the configured identity strategy
            identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy);
        } catch (final IllegalArgumentException iae) {
            throw new SecurityProviderCreationException(String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", ")));
        }
    }
    // set the base environment is necessary
    if (!baseEnvironment.isEmpty()) {
        context.setBaseEnvironmentProperties(baseEnvironment);
    }
    try {
        // handling initializing beans
        context.afterPropertiesSet();
        authenticator.afterPropertiesSet();
    } catch (final Exception e) {
        throw new SecurityProviderCreationException(e.getMessage(), e);
    }
    // create the underlying provider
    ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator);
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) HashMap(java.util.HashMap) SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy) AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy) SSLContext(javax.net.ssl.SSLContext) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.ldap.AuthenticationException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) KeyStoreException(java.security.KeyStoreException) IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException) InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy) AbstractLdapAuthenticationProvider(org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 3 with DefaultTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy in project nifi-registry by apache.

the class LdapUserGroupProvider method onConfigured.

@Override
public void onConfigured(final AuthorizerConfigurationContext configurationContext) throws SecurityProviderCreationException {
    final LdapContextSource context = new LdapContextSource();
    final Map<String, Object> baseEnvironment = new HashMap<>();
    // connect/read time out
    setTimeout(configurationContext, baseEnvironment, PROP_CONNECT_TIMEOUT, "com.sun.jndi.ldap.connect.timeout");
    setTimeout(configurationContext, baseEnvironment, PROP_READ_TIMEOUT, "com.sun.jndi.ldap.read.timeout");
    // authentication strategy
    final PropertyValue rawAuthenticationStrategy = configurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY);
    final LdapAuthenticationStrategy authenticationStrategy;
    try {
        authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy.getValue(), StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
    }
    switch(authenticationStrategy) {
        case ANONYMOUS:
            context.setAnonymousReadOnly(true);
            break;
        default:
            final String userDn = configurationContext.getProperty(PROP_MANAGER_DN).getValue();
            final String password = configurationContext.getProperty(PROP_MANAGER_PASSWORD).getValue();
            context.setUserDn(userDn);
            context.setPassword(password);
            switch(authenticationStrategy) {
                case SIMPLE:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    break;
                case LDAPS:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    // indicate a secure connection
                    baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
                    // get the configured ssl context
                    final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
                    if (ldapsSslContext != null) {
                        // initialize the ldaps socket factory prior to use
                        LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
                        baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
                    }
                    break;
                case START_TLS:
                    final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                    // shutdown gracefully
                    final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully").getValue();
                    if (StringUtils.isNotBlank(rawShutdownGracefully)) {
                        final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
                        tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
                    }
                    // get the configured ssl context
                    final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
                    if (startTlsSslContext != null) {
                        tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
                    }
                    // set the authentication strategy
                    context.setAuthenticationStrategy(tlsAuthenticationStrategy);
                    break;
            }
            break;
    }
    // referrals
    final String rawReferralStrategy = configurationContext.getProperty(PROP_REFERRAL_STRATEGY).getValue();
    final ReferralStrategy referralStrategy;
    try {
        referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
    }
    // using the value as this needs to be the lowercase version while the value is configured with the enum constant
    context.setReferral(referralStrategy.getValue());
    // url
    final String urls = configurationContext.getProperty(PROP_URL).getValue();
    if (StringUtils.isBlank(urls)) {
        throw new SecurityProviderCreationException("LDAP identity provider 'Url' must be specified.");
    }
    // connection
    context.setUrls(StringUtils.split(urls));
    // raw user search base
    final PropertyValue rawUserSearchBase = configurationContext.getProperty(PROP_USER_SEARCH_BASE);
    final PropertyValue rawUserObjectClass = configurationContext.getProperty(PROP_USER_OBJECT_CLASS);
    final PropertyValue rawUserSearchScope = configurationContext.getProperty(PROP_USER_SEARCH_SCOPE);
    // if loading the users, ensure the object class set
    if (rawUserSearchBase.isSet() && !rawUserObjectClass.isSet()) {
        throw new SecurityProviderCreationException("LDAP user group provider 'User Object Class' must be specified when 'User Search Base' is set.");
    }
    // if loading the users, ensure the search scope is set
    if (rawUserSearchBase.isSet() && !rawUserSearchScope.isSet()) {
        throw new SecurityProviderCreationException("LDAP user group provider 'User Search Scope' must be specified when 'User Search Base' is set.");
    }
    // user search criteria
    userSearchBase = rawUserSearchBase.getValue();
    userObjectClass = rawUserObjectClass.getValue();
    userSearchFilter = configurationContext.getProperty(PROP_USER_SEARCH_FILTER).getValue();
    userIdentityAttribute = configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE).getValue();
    userGroupNameAttribute = configurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE).getValue();
    userGroupReferencedGroupAttribute = configurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE).getValue();
    try {
        userSearchScope = SearchScope.valueOf(rawUserSearchScope.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized user search scope '%s'. Possible values are [%s]", rawUserSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
    }
    // determine user behavior
    useDnForUserIdentity = StringUtils.isBlank(userIdentityAttribute);
    performUserSearch = StringUtils.isNotBlank(userSearchBase);
    // raw group search criteria
    final PropertyValue rawGroupSearchBase = configurationContext.getProperty(PROP_GROUP_SEARCH_BASE);
    final PropertyValue rawGroupObjectClass = configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS);
    final PropertyValue rawGroupSearchScope = configurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE);
    // if loading the groups, ensure the object class is set
    if (rawGroupSearchBase.isSet() && !rawGroupObjectClass.isSet()) {
        throw new SecurityProviderCreationException("LDAP user group provider 'Group Object Class' must be specified when 'Group Search Base' is set.");
    }
    // if loading the groups, ensure the search scope is set
    if (rawGroupSearchBase.isSet() && !rawGroupSearchScope.isSet()) {
        throw new SecurityProviderCreationException("LDAP user group provider 'Group Search Scope' must be specified when 'Group Search Base' is set.");
    }
    // group search criteria
    groupSearchBase = rawGroupSearchBase.getValue();
    groupObjectClass = rawGroupObjectClass.getValue();
    groupSearchFilter = configurationContext.getProperty(PROP_GROUP_SEARCH_FILTER).getValue();
    groupNameAttribute = configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE).getValue();
    groupMemberAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE).getValue();
    groupMemberReferencedUserAttribute = configurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE).getValue();
    try {
        groupSearchScope = SearchScope.valueOf(rawGroupSearchScope.getValue());
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("Unrecognized group search scope '%s'. Possible values are [%s]", rawGroupSearchScope.getValue(), StringUtils.join(SearchScope.values(), ", ")));
    }
    // determine group behavior
    useDnForGroupName = StringUtils.isBlank(groupNameAttribute);
    performGroupSearch = StringUtils.isNotBlank(groupSearchBase);
    // ensure we are either searching users or groups (at least one must be specified)
    if (!performUserSearch && !performGroupSearch) {
        throw new SecurityProviderCreationException("LDAP user group provider 'User Search Base' or 'Group Search Base' must be specified.");
    }
    // ensure group member attribute is set if searching groups but not users
    if (performGroupSearch && !performUserSearch && StringUtils.isBlank(groupMemberAttribute)) {
        throw new SecurityProviderCreationException("'Group Member Attribute' is required when searching groups but not users.");
    }
    // ensure that performUserSearch is set when groupMemberReferencedUserAttribute is specified
    if (StringUtils.isNotBlank(groupMemberReferencedUserAttribute) && !performUserSearch) {
        throw new SecurityProviderCreationException("''User Search Base' must be set when specifying 'Group Member Attribute - Referenced User Attribute'.");
    }
    // ensure that performGroupSearch is set when userGroupReferencedGroupAttribute is specified
    if (StringUtils.isNotBlank(userGroupReferencedGroupAttribute) && !performGroupSearch) {
        throw new SecurityProviderCreationException("'Group Search Base' must be set when specifying 'User Group Name Attribute - Referenced Group Attribute'.");
    }
    // get the page size if configured
    final PropertyValue rawPageSize = configurationContext.getProperty(PROP_PAGE_SIZE);
    if (rawPageSize.isSet() && StringUtils.isNotBlank(rawPageSize.getValue())) {
        pageSize = rawPageSize.asInteger();
    }
    // extract the identity mappings from nifi-registry.properties if any are provided
    identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
    // set the base environment is necessary
    if (!baseEnvironment.isEmpty()) {
        context.setBaseEnvironmentProperties(baseEnvironment);
    }
    try {
        // handling initializing beans
        context.afterPropertiesSet();
    } catch (final Exception e) {
        throw new SecurityProviderCreationException(e.getMessage(), e);
    }
    final PropertyValue rawSyncInterval = configurationContext.getProperty(PROP_SYNC_INTERVAL);
    final long syncInterval;
    if (rawSyncInterval.isSet()) {
        try {
            syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(), TimeUnit.MILLISECONDS);
        } catch (final IllegalArgumentException iae) {
            throw new SecurityProviderCreationException(String.format("The %s '%s' is not a valid time duration", PROP_SYNC_INTERVAL, rawSyncInterval.getValue()));
        }
    } else {
        throw new SecurityProviderCreationException("The 'Sync Interval' must be specified.");
    }
    try {
        // perform the initial load, tenants must be loaded as the configured UserGroupProvider is supplied
        // to the AccessPolicyProvider for granting initial permissions
        load(context);
        // ensure the tenants were successfully synced
        if (tenants.get() == null) {
            throw new SecurityProviderCreationException("Unable to sync users and groups.");
        }
        // schedule the background thread to load the users/groups
        ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval, syncInterval, TimeUnit.MILLISECONDS);
    } catch (final AuthorizationAccessException e) {
        throw new SecurityProviderCreationException(e);
    }
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) HashMap(java.util.HashMap) SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy) PropertyValue(org.apache.nifi.registry.util.PropertyValue) AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy) LdapAuthenticationStrategy(org.apache.nifi.registry.security.ldap.LdapAuthenticationStrategy) SSLContext(javax.net.ssl.SSLContext) LdapsSocketFactory(org.apache.nifi.registry.security.ldap.LdapsSocketFactory) NamingException(javax.naming.NamingException) KeyStoreException(java.security.KeyStoreException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) ReferralStrategy(org.apache.nifi.registry.security.ldap.ReferralStrategy) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)

Example 4 with DefaultTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy in project nifi by apache.

the class LdapProvider method onConfigured.

@Override
public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
    final String rawExpiration = configurationContext.getProperty("Authentication Expiration");
    if (StringUtils.isBlank(rawExpiration)) {
        throw new ProviderCreationException("The Authentication Expiration must be specified.");
    }
    try {
        expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
    } catch (final IllegalArgumentException iae) {
        throw new ProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
    }
    final LdapContextSource context = new LdapContextSource();
    final Map<String, Object> baseEnvironment = new HashMap<>();
    // connect/read time out
    setTimeout(configurationContext, baseEnvironment, "Connect Timeout", "com.sun.jndi.ldap.connect.timeout");
    setTimeout(configurationContext, baseEnvironment, "Read Timeout", "com.sun.jndi.ldap.read.timeout");
    // authentication strategy
    final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy");
    final LdapAuthenticationStrategy authenticationStrategy;
    try {
        authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new ProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
    }
    switch(authenticationStrategy) {
        case ANONYMOUS:
            context.setAnonymousReadOnly(true);
            break;
        default:
            final String userDn = configurationContext.getProperty("Manager DN");
            final String password = configurationContext.getProperty("Manager Password");
            context.setUserDn(userDn);
            context.setPassword(password);
            switch(authenticationStrategy) {
                case SIMPLE:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    break;
                case LDAPS:
                    context.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                    // indicate a secure connection
                    baseEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
                    // get the configured ssl context
                    final SSLContext ldapsSslContext = getConfiguredSslContext(configurationContext);
                    if (ldapsSslContext != null) {
                        // initialize the ldaps socket factory prior to use
                        LdapsSocketFactory.initialize(ldapsSslContext.getSocketFactory());
                        baseEnvironment.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
                    }
                    break;
                case START_TLS:
                    final AbstractTlsDirContextAuthenticationStrategy tlsAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                    // shutdown gracefully
                    final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully");
                    if (StringUtils.isNotBlank(rawShutdownGracefully)) {
                        final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully);
                        tlsAuthenticationStrategy.setShutdownTlsGracefully(shutdownGracefully);
                    }
                    // get the configured ssl context
                    final SSLContext startTlsSslContext = getConfiguredSslContext(configurationContext);
                    if (startTlsSslContext != null) {
                        tlsAuthenticationStrategy.setSslSocketFactory(startTlsSslContext.getSocketFactory());
                    }
                    // set the authentication strategy
                    context.setAuthenticationStrategy(tlsAuthenticationStrategy);
                    break;
            }
            break;
    }
    // referrals
    final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy");
    final ReferralStrategy referralStrategy;
    try {
        referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
    } catch (final IllegalArgumentException iae) {
        throw new ProviderCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", rawReferralStrategy, StringUtils.join(ReferralStrategy.values(), ", ")));
    }
    // using the value as this needs to be the lowercase version while the value is configured with the enum constant
    context.setReferral(referralStrategy.getValue());
    // url
    final String urls = configurationContext.getProperty("Url");
    if (StringUtils.isBlank(urls)) {
        throw new ProviderCreationException("LDAP identity provider 'Url' must be specified.");
    }
    // connection
    context.setUrls(StringUtils.split(urls));
    // search criteria
    final String userSearchBase = configurationContext.getProperty("User Search Base");
    final String userSearchFilter = configurationContext.getProperty("User Search Filter");
    if (StringUtils.isBlank(userSearchBase) || StringUtils.isBlank(userSearchFilter)) {
        throw new ProviderCreationException("LDAP identity provider 'User Search Base' and 'User Search Filter' must be specified.");
    }
    final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
    // bind
    final BindAuthenticator authenticator = new BindAuthenticator(context);
    authenticator.setUserSearch(userSearch);
    // identity strategy
    final String rawIdentityStrategy = configurationContext.getProperty("Identity Strategy");
    if (StringUtils.isBlank(rawIdentityStrategy)) {
        logger.info(String.format("Identity Strategy is not configured, defaulting strategy to %s.", IdentityStrategy.USE_DN));
        // if this value is not configured, default to use dn which was the previous implementation
        identityStrategy = IdentityStrategy.USE_DN;
    } else {
        try {
            // attempt to get the configured identity strategy
            identityStrategy = IdentityStrategy.valueOf(rawIdentityStrategy);
        } catch (final IllegalArgumentException iae) {
            throw new ProviderCreationException(String.format("Unrecognized identity strategy '%s'. Possible values are [%s]", rawIdentityStrategy, StringUtils.join(IdentityStrategy.values(), ", ")));
        }
    }
    // set the base environment is necessary
    if (!baseEnvironment.isEmpty()) {
        context.setBaseEnvironmentProperties(baseEnvironment);
    }
    try {
        // handling initializing beans
        context.afterPropertiesSet();
        authenticator.afterPropertiesSet();
    } catch (final Exception e) {
        throw new ProviderCreationException(e.getMessage(), e);
    }
    // create the underlying provider
    provider = new LdapAuthenticationProvider(authenticator);
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) HashMap(java.util.HashMap) SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy) AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy) SSLContext(javax.net.ssl.SSLContext) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.ldap.AuthenticationException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) KeyStoreException(java.security.KeyStoreException) IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException) ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) LdapUserSearch(org.springframework.security.ldap.search.LdapUserSearch) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy) AbstractLdapAuthenticationProvider(org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 5 with DefaultTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy in project shinyproxy by openanalytics.

the class LDAPAuthenticationBackend method configureAuthenticationManagerBuilder.

@Override
public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
    LDAPProviderConfig[] configs = LDAPProviderConfig.loadAll(environment);
    for (LDAPProviderConfig cfg : configs) {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> configurer = new LdapAuthenticationProviderConfigurer<>();
        String[] userDnPatterns = { cfg.userDnPattern };
        if (userDnPatterns[0] == null || userDnPatterns[0].isEmpty())
            userDnPatterns = new String[0];
        if (cfg.managerDn != null && cfg.managerDn.isEmpty())
            cfg.managerDn = null;
        // Manually instantiate contextSource so it can be passed into authoritiesPopulator below.
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(cfg.url);
        if (cfg.managerDn != null) {
            contextSource.setUserDn(cfg.managerDn);
            contextSource.setPassword(cfg.managerPassword);
        }
        if (Boolean.valueOf(cfg.startTLS) || STARTTLS_SIMPLE.equalsIgnoreCase(cfg.startTLS)) {
            // Explicitly disable connection pooling, or Spring may attempt to StartTLS twice on the same connection.
            contextSource.setPooled(false);
            contextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        } else if (STARTTLS_EXTERNAL.equalsIgnoreCase(cfg.startTLS)) {
            contextSource.setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy());
        }
        contextSource.afterPropertiesSet();
        // Manually instantiate authoritiesPopulator because it uses a customized class.
        CNLdapAuthoritiesPopulator authoritiesPopulator = new CNLdapAuthoritiesPopulator(contextSource, cfg.groupSearchBase);
        authoritiesPopulator.setGroupRoleAttribute("cn");
        authoritiesPopulator.setGroupSearchFilter(cfg.groupSearchFilter);
        configurer.userDnPatterns(userDnPatterns).userSearchBase(cfg.userSearchBase).userSearchFilter(cfg.userSearchFilter).ldapAuthoritiesPopulator(authoritiesPopulator).contextSource(contextSource).configure(auth);
    }
}
Also used : DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) ExternalTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) LdapAuthenticationProviderConfigurer(org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)

Aggregations

DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)5 IOException (java.io.IOException)4 KeyManagementException (java.security.KeyManagementException)4 KeyStoreException (java.security.KeyStoreException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 UnrecoverableKeyException (java.security.UnrecoverableKeyException)4 CertificateException (java.security.cert.CertificateException)4 HashMap (java.util.HashMap)4 SSLContext (javax.net.ssl.SSLContext)4 AbstractTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)4 LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)4 SimpleDirContextAuthenticationStrategy (org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)4 NamingException (javax.naming.NamingException)2 ProviderDestructionException (org.apache.nifi.authentication.exception.ProviderDestructionException)2 SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)2 SecurityProviderDestructionException (org.apache.nifi.registry.security.exception.SecurityProviderDestructionException)2 AuthenticationException (org.springframework.ldap.AuthenticationException)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2 AbstractLdapAuthenticationProvider (org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider)2