Repository: nifi Updated Branches: refs/heads/NIFI-655 [created] 5b658143a
http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java index 6d0c3cb..a74c75e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java @@ -1,251 +1,251 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.authorization; - -import org.apache.nifi.admin.service.AccountDisabledException; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.admin.service.AccountPendingException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.admin.service.UserService; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.user.NiFiUser; -import org.apache.nifi.util.NiFiProperties; -import org.apache.nifi.web.security.DnUtils; -import org.apache.nifi.web.security.UntrustedProxyException; -import org.apache.nifi.web.security.user.NiFiUserDetails; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.stubbing.Answer; -import org.springframework.security.authentication.AccountStatusException; -import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.core.userdetails.UsernameNotFoundException; - -/** - * Test case for NiFiAuthorizationService. - */ -public class NiFiAuthorizationServiceTest { - - private static final String USER = "user"; - private static final String PROXY = "proxy"; - private static final String PROXY_PROXY = "proxy-proxy"; - private static final String USER_NOT_FOUND = "user-not-found"; - private static final String USER_DISABLED = "user-disabled"; - private static final String USER_PENDING = "user-pending"; - private static final String USER_ADMIN_EXCEPTION = "user-admin-exception"; - private static final String PROXY_NOT_FOUND = "proxy-not-found"; - - private NiFiAuthorizationService authorizationService; - private UserService userService; - - @Before - public void setup() throws Exception { - // mock the web security properties - final NiFiProperties properties = Mockito.mock(NiFiProperties.class); - Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE); - - userService = Mockito.mock(UserService.class); - Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString()); - Mockito.doAnswer(new Answer() { - @Override - public Object answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - String dn = (String) args[0]; - - if (null != dn) { - switch (dn) { - case USER_NOT_FOUND: - case PROXY_NOT_FOUND: - throw new AccountNotFoundException(""); - case USER_DISABLED: - throw new AccountDisabledException(""); - case USER_PENDING: - throw new AccountPendingException(""); - case USER_ADMIN_EXCEPTION: - throw new AdministrationException(); - case USER: - final NiFiUser monitor = new NiFiUser(); - monitor.setDn(dn); - monitor.getAuthorities().add(Authority.ROLE_MONITOR); - return monitor; - case PROXY: - case PROXY_PROXY: - final NiFiUser proxy = new NiFiUser(); - proxy.setDn(dn); - proxy.getAuthorities().add(Authority.ROLE_PROXY); - return proxy; - } - } - - return null; - } - }).when(userService).checkAuthorization(Mockito.anyString()); - - // create the authorization service - authorizationService = new NiFiAuthorizationService(); - authorizationService.setProperties(properties); - authorizationService.setUserService(userService); - } - - /** - * Ensures the authorization service correctly handles users invalid dn - * chain. - * - * @throws Exception ex - */ - @Test(expected = UntrustedProxyException.class) - public void testInvalidDnChain() throws Exception { - authorizationService.loadUserByUsername(USER); - } - - /** - * Ensures the authorization service correctly handles account not found. - * - * @throws Exception ex - */ - @Test(expected = UsernameNotFoundException.class) - public void testAccountNotFound() throws Exception { - authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_NOT_FOUND)); - } - - /** - * Ensures the authorization service correctly handles account disabled. - * - * @throws Exception ex - */ - @Test(expected = AccountStatusException.class) - public void testAccountDisabled() throws Exception { - authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_DISABLED)); - } - - /** - * Ensures the authorization service correctly handles account pending. - * - * @throws Exception ex - */ - @Test(expected = AccountStatusException.class) - public void testAccountPending() throws Exception { - authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_PENDING)); - } - - /** - * Ensures the authorization service correctly handles account - * administration exception. - * - * @throws Exception ex - */ - @Test(expected = AuthenticationServiceException.class) - public void testAccountAdminException() throws Exception { - authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_ADMIN_EXCEPTION)); - } - - /** - * Tests the case when there is no proxy. - * - * @throws Exception ex - */ - @Test - public void testNoProxy() throws Exception { - final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER)); - final NiFiUser user = details.getNiFiUser(); - - Assert.assertEquals(USER, user.getDn()); - Assert.assertNull(user.getChain()); - } - - /** - * Tests the case when the proxy does not have ROLE_PROXY. - * - * @throws Exception ex - */ - @Test(expected = UntrustedProxyException.class) - public void testInvalidProxy() throws Exception { - final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(USER); - authorizationService.loadUserByUsername(dnChain); - } - - /** - * Ensures the authorization service correctly handles proxy not found by - * attempting to create an account request for the proxy. - * - * @throws Exception ex - */ - @Test(expected = UsernameNotFoundException.class) - public void testProxyNotFound() throws Exception { - try { - final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY_NOT_FOUND); - authorizationService.loadUserByUsername(DnUtils.formatProxyDn(dnChain)); - } finally { - Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString()); - } - } - - /** - * Tests the case when there is a proxy. - * - * @throws Exception ex - */ - @Test - public void testProxy() throws Exception { - final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY); - final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); - final NiFiUser user = details.getNiFiUser(); - - // verify the user - Assert.assertEquals(USER, user.getDn()); - Assert.assertNotNull(user.getChain()); - - // get the proxy - final NiFiUser proxy = user.getChain(); - - // verify the proxy - Assert.assertEquals(PROXY, proxy.getDn()); - Assert.assertNull(proxy.getChain()); - } - - /** - * Tests the case when there is are multiple proxies. - * - * @throws Exception ex - */ - @Test - public void testProxyProxy() throws Exception { - final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY) + DnUtils.formatProxyDn(PROXY_PROXY); - final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); - final NiFiUser user = details.getNiFiUser(); - - // verify the user - Assert.assertEquals(USER, user.getDn()); - Assert.assertNotNull(user.getChain()); - - // get the proxy - NiFiUser proxy = user.getChain(); - - // verify the proxy - Assert.assertEquals(PROXY, proxy.getDn()); - Assert.assertNotNull(proxy.getChain()); - - // get the proxies proxy - proxy = proxy.getChain(); - - // verify the proxies proxy - Assert.assertEquals(PROXY_PROXY, proxy.getDn()); - Assert.assertNull(proxy.getChain()); - } -} +///* +// * Licensed to the Apache Software Foundation (ASF) under one or more +// * contributor license agreements. See the NOTICE file distributed with +// * this work for additional information regarding copyright ownership. +// * The ASF licenses this file to You under the Apache License, Version 2.0 +// * (the "License"); you may not use this file except in compliance with +// * the License. You may obtain a copy of the License at +// * +// * http://www.apache.org/licenses/LICENSE-2.0 +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the License is distributed on an "AS IS" BASIS, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the License for the specific language governing permissions and +// * limitations under the License. +// */ +//package org.apache.nifi.web.security.authorization; +// +//import org.apache.nifi.admin.service.AccountDisabledException; +//import org.apache.nifi.admin.service.AccountNotFoundException; +//import org.apache.nifi.admin.service.AccountPendingException; +//import org.apache.nifi.admin.service.AdministrationException; +//import org.apache.nifi.admin.service.UserService; +//import org.apache.nifi.authorization.Authority; +//import org.apache.nifi.user.NiFiUser; +//import org.apache.nifi.util.NiFiProperties; +//import org.apache.nifi.web.security.ProxiedEntitiesUtils; +//import org.apache.nifi.web.security.UntrustedProxyException; +//import org.apache.nifi.web.security.user.NiFiUserDetails; +//import org.junit.Assert; +//import org.junit.Before; +//import org.junit.Test; +//import org.mockito.Mockito; +//import org.mockito.invocation.InvocationOnMock; +//import org.mockito.stubbing.Answer; +//import org.springframework.security.authentication.AccountStatusException; +//import org.springframework.security.authentication.AuthenticationServiceException; +//import org.springframework.security.core.userdetails.UsernameNotFoundException; +// +///** +// * Test case for NiFiAuthorizationService. +// */ +//public class NiFiAuthorizationServiceTest { +// +// private static final String USER = "user"; +// private static final String PROXY = "proxy"; +// private static final String PROXY_PROXY = "proxy-proxy"; +// private static final String USER_NOT_FOUND = "user-not-found"; +// private static final String USER_DISABLED = "user-disabled"; +// private static final String USER_PENDING = "user-pending"; +// private static final String USER_ADMIN_EXCEPTION = "user-admin-exception"; +// private static final String PROXY_NOT_FOUND = "proxy-not-found"; +// +// private NiFiAuthorizationService authorizationService; +// private UserService userService; +// +// @Before +// public void setup() throws Exception { +// // mock the web security properties +// final NiFiProperties properties = Mockito.mock(NiFiProperties.class); +// Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE); +// +// userService = Mockito.mock(UserService.class); +// Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString()); +// Mockito.doAnswer(new Answer() { +// @Override +// public Object answer(InvocationOnMock invocation) throws Throwable { +// Object[] args = invocation.getArguments(); +// String dn = (String) args[0]; +// +// if (null != dn) { +// switch (dn) { +// case USER_NOT_FOUND: +// case PROXY_NOT_FOUND: +// throw new AccountNotFoundException(""); +// case USER_DISABLED: +// throw new AccountDisabledException(""); +// case USER_PENDING: +// throw new AccountPendingException(""); +// case USER_ADMIN_EXCEPTION: +// throw new AdministrationException(); +// case USER: +// final NiFiUser monitor = new NiFiUser(); +// monitor.setDn(dn); +// monitor.getAuthorities().add(Authority.ROLE_MONITOR); +// return monitor; +// case PROXY: +// case PROXY_PROXY: +// final NiFiUser proxy = new NiFiUser(); +// proxy.setDn(dn); +// proxy.getAuthorities().add(Authority.ROLE_PROXY); +// return proxy; +// } +// } +// +// return null; +// } +// }).when(userService).checkAuthorization(Mockito.anyString()); +// +// // create the authorization service +// authorizationService = new NiFiAuthorizationService(); +// authorizationService.setProperties(properties); +// authorizationService.setUserService(userService); +// } +// +// /** +// * Ensures the authorization service correctly handles users invalid dn +// * chain. +// * +// * @throws Exception ex +// */ +// @Test(expected = UntrustedProxyException.class) +// public void testInvalidDnChain() throws Exception { +// authorizationService.loadUserByUsername(USER); +// } +// +// /** +// * Ensures the authorization service correctly handles account not found. +// * +// * @throws Exception ex +// */ +// @Test(expected = UsernameNotFoundException.class) +// public void testAccountNotFound() throws Exception { +// authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(USER_NOT_FOUND)); +// } +// +// /** +// * Ensures the authorization service correctly handles account disabled. +// * +// * @throws Exception ex +// */ +// @Test(expected = AccountStatusException.class) +// public void testAccountDisabled() throws Exception { +// authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(USER_DISABLED)); +// } +// +// /** +// * Ensures the authorization service correctly handles account pending. +// * +// * @throws Exception ex +// */ +// @Test(expected = AccountStatusException.class) +// public void testAccountPending() throws Exception { +// authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(USER_PENDING)); +// } +// +// /** +// * Ensures the authorization service correctly handles account +// * administration exception. +// * +// * @throws Exception ex +// */ +// @Test(expected = AuthenticationServiceException.class) +// public void testAccountAdminException() throws Exception { +// authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(USER_ADMIN_EXCEPTION)); +// } +// +// /** +// * Tests the case when there is no proxy. +// * +// * @throws Exception ex +// */ +// @Test +// public void testNoProxy() throws Exception { +// final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(USER)); +// final NiFiUser user = details.getNiFiUser(); +// +// Assert.assertEquals(USER, user.getDn()); +// Assert.assertNull(user.getChain()); +// } +// +// /** +// * Tests the case when the proxy does not have ROLE_PROXY. +// * +// * @throws Exception ex +// */ +// @Test(expected = UntrustedProxyException.class) +// public void testInvalidProxy() throws Exception { +// final String dnChain = ProxiedEntitiesUtils.formatProxyDn(USER) + ProxiedEntitiesUtils.formatProxyDn(USER); +// authorizationService.loadUserByUsername(dnChain); +// } +// +// /** +// * Ensures the authorization service correctly handles proxy not found by +// * attempting to create an account request for the proxy. +// * +// * @throws Exception ex +// */ +// @Test(expected = UsernameNotFoundException.class) +// public void testProxyNotFound() throws Exception { +// try { +// final String dnChain = ProxiedEntitiesUtils.formatProxyDn(USER) + ProxiedEntitiesUtils.formatProxyDn(PROXY_NOT_FOUND); +// authorizationService.loadUserByUsername(ProxiedEntitiesUtils.formatProxyDn(dnChain)); +// } finally { +// Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString()); +// } +// } +// +// /** +// * Tests the case when there is a proxy. +// * +// * @throws Exception ex +// */ +// @Test +// public void testProxy() throws Exception { +// final String dnChain = ProxiedEntitiesUtils.formatProxyDn(USER) + ProxiedEntitiesUtils.formatProxyDn(PROXY); +// final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); +// final NiFiUser user = details.getNiFiUser(); +// +// // verify the user +// Assert.assertEquals(USER, user.getDn()); +// Assert.assertNotNull(user.getChain()); +// +// // get the proxy +// final NiFiUser proxy = user.getChain(); +// +// // verify the proxy +// Assert.assertEquals(PROXY, proxy.getDn()); +// Assert.assertNull(proxy.getChain()); +// } +// +// /** +// * Tests the case when there is are multiple proxies. +// * +// * @throws Exception ex +// */ +// @Test +// public void testProxyProxy() throws Exception { +// final String dnChain = ProxiedEntitiesUtils.formatProxyDn(USER) + ProxiedEntitiesUtils.formatProxyDn(PROXY) + ProxiedEntitiesUtils.formatProxyDn(PROXY_PROXY); +// final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); +// final NiFiUser user = details.getNiFiUser(); +// +// // verify the user +// Assert.assertEquals(USER, user.getDn()); +// Assert.assertNotNull(user.getChain()); +// +// // get the proxy +// NiFiUser proxy = user.getChain(); +// +// // verify the proxy +// Assert.assertEquals(PROXY, proxy.getDn()); +// Assert.assertNotNull(proxy.getChain()); +// +// // get the proxies proxy +// proxy = proxy.getChain(); +// +// // verify the proxies proxy +// Assert.assertEquals(PROXY_PROXY, proxy.getDn()); +// Assert.assertNull(proxy.getChain()); +// } +//} http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml index 08218f6..70ec5b9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml @@ -615,7 +615,6 @@ the application classpath or the maven jetty plugin classpath defined above. --> - <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> @@ -651,6 +650,25 @@ <artifactId>javax.servlet.jsp.jstl-api</artifactId> <scope>provided</scope> </dependency> - + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-web-security</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-core</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-web</artifactId> + <scope>provided</scope> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiConfiguration.java new file mode 100644 index 0000000..2c9bdf5 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiConfiguration.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.context.annotation.ImportResource; + +/** + * + */ +@Configuration +@Import({ NiFiWebUiSecurityConfiguration.class}) +@ImportResource( {"classpath:nifi-context.xml", + "classpath:nifi-administration-context.xml", + "classpath:nifi-cluster-manager-context.xml", + "classpath:nifi-cluster-protocol-context.xml", + "classpath:nifi-web-security-context.xml"} ) +public class NiFiWebUiConfiguration { + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiSecurityConfiguration.java new file mode 100644 index 0000000..09f5fbe --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/java/org/apache/nifi/web/NiFiWebUiSecurityConfiguration.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web; + +import org.apache.nifi.web.security.form.FormAuthenticationFilter; +import org.apache.nifi.web.security.jwt.JwtService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +/** + * NiFi Web Ui Security Config + */ +@Configuration +@EnableWebSecurity +public class NiFiWebUiSecurityConfiguration extends WebSecurityConfigurerAdapter { + + public NiFiWebUiSecurityConfiguration() { + super(true); // disable defaults + } + + private JwtService jwtService; + + @Override + protected void configure(final HttpSecurity http) throws Exception { + http + .addFilterBefore(buildFormLoginFilter(), UsernamePasswordAuthenticationFilter.class) + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + } + + private FormAuthenticationFilter buildFormLoginFilter() throws Exception { + final FormAuthenticationFilter loginFilter = new FormAuthenticationFilter("/token"); + loginFilter.setJwtService(jwtService); + return loginFilter; + } + + @Autowired + public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception { + auth + .inMemoryAuthentication() + .withUser("gilman").password("password").roles("USER"); + } + + @Autowired + public void setJwtService(JwtService jwtService) { + this.jwtService = jwtService; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp new file mode 100644 index 0000000..62582f9 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp @@ -0,0 +1,66 @@ +<%-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--%> +<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> +<!DOCTYPE html> +<html> + <head> + <title>NiFi Login</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> + <link rel="shortcut icon" href="images/nifi16.ico"/> + <link rel="stylesheet" href="css/reset.css" type="text/css" /> + <script type="text/javascript" src="js/jquery/jquery-2.1.1.min.js"></script> + <script type="text/javascript" src="js/jquery/jquery.form.min.js"></script> + <script type="text/javascript" src="js/nf/nf-namespace.js?${project.version}"></script> + <script type="text/javascript"> + /* global nf */ + + $(document).ready(function() { + nf.LogIn.init(); + }); + + nf.LogIn = (function () { + var initializePage = function () { + return $.Deferred(function(deferred) { + + }); + }; + + return { + /** + * Initializes the login page. + */ + init: function () { + initializePage().done(function () { + }); + } + }; + }()); + </script> + </head> + <body> + <form name="loginForm" action="token" method="post"> + <legend>Please Login</legend> + <label for="username">Username</label> + <input type="text" id="username" name="username" value="${username}"/> + <label for="password">Password</label> + <input type="password" id="password" name="password"/> + <div class="form-actions"> + <button type="submit" class="btn">Log in</button> + </div> + </form> + </body> +</html> http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp index f312327..d17f46e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp @@ -50,6 +50,9 @@ <li> <span id="about-link" class="link">about</span> </li> + <li> + <span id="about-link" class="link"><a href="login">login</a></span> + </li> </ul> </div> </div> http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/web.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/web.xml index d0a5e39..561bd39 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/web.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/web.xml @@ -16,19 +16,31 @@ <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";> <display-name>nifi</display-name> - <!-- servlet to map to canvas page --> + <!-- spring secutiry configuration --> + <context-param> + <param-name>contextClass</param-name> + <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value> + </context-param> + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>org.apache.nifi.web</param-value> + </context-param> + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + <!-- servlet to map to canvas page --> <servlet> <servlet-name>NiFiCanvas</servlet-name> <jsp-file>/WEB-INF/pages/canvas.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>NiFiCanvas</servlet-name> + <!--<url-pattern>/token</url-pattern>--> <url-pattern>/canvas</url-pattern> </servlet-mapping> <!-- servlet to map to summary page --> - <servlet> <servlet-name>NiFiSummary</servlet-name> <jsp-file>/WEB-INF/pages/summary.jsp</jsp-file> @@ -39,7 +51,6 @@ </servlet-mapping> <!-- servlet to map to history page --> - <servlet> <servlet-name>NiFiHistory</servlet-name> <jsp-file>/WEB-INF/pages/history.jsp</jsp-file> @@ -50,7 +61,6 @@ </servlet-mapping> <!-- servlet to map to provenance page --> - <servlet> <servlet-name>NiFiProvenance</servlet-name> <jsp-file>/WEB-INF/pages/provenance.jsp</jsp-file> @@ -61,7 +71,6 @@ </servlet-mapping> <!-- servlet to map to counters page --> - <servlet> <servlet-name>NiFiCounters</servlet-name> <jsp-file>/WEB-INF/pages/counters.jsp</jsp-file> @@ -72,7 +81,6 @@ </servlet-mapping> <!-- servlet to map to templates page --> - <servlet> <servlet-name>NiFiTemplates</servlet-name> <jsp-file>/WEB-INF/pages/templates.jsp</jsp-file> @@ -83,7 +91,6 @@ </servlet-mapping> <!-- servlet to map to users page --> - <servlet> <servlet-name>NiFiUsers</servlet-name> <jsp-file>/WEB-INF/pages/users.jsp</jsp-file> @@ -94,7 +101,6 @@ </servlet-mapping> <!-- servlet to map to cluster page --> - <servlet> <servlet-name>NiFiCluster</servlet-name> <jsp-file>/WEB-INF/pages/cluster.jsp</jsp-file> @@ -105,7 +111,6 @@ </servlet-mapping> <!-- servlet to map to bulletin board page --> - <servlet> <servlet-name>BulletinBoard</servlet-name> <jsp-file>/WEB-INF/pages/bulletin-board.jsp</jsp-file> @@ -116,7 +121,6 @@ </servlet-mapping> <!-- servlet to support message page --> - <servlet> <servlet-name>MessagePage</servlet-name> <jsp-file>/WEB-INF/pages/message-page.jsp</jsp-file> @@ -127,7 +131,6 @@ </servlet-mapping> <!-- servlet to support image downloading --> - <servlet> <servlet-name>DownloadSvg</servlet-name> <servlet-class>org.apache.nifi.web.servlet.DownloadSvg</servlet-class> @@ -137,6 +140,16 @@ <url-pattern>/download-svg</url-pattern> </servlet-mapping> + <!-- servlet to login page --> + <servlet> + <servlet-name>Login</servlet-name> + <jsp-file>/WEB-INF/pages/login.jsp</jsp-file> + </servlet> + <servlet-mapping> + <servlet-name>Login</servlet-name> + <url-pattern>/login</url-pattern> + </servlet-mapping> + <filter> <filter-name>IeEdgeHeader</filter-name> <filter-class>org.apache.nifi.web.filter.IeEdgeHeader</filter-class> @@ -146,6 +159,15 @@ <url-pattern>/*</url-pattern> </filter-mapping> + <filter> + <filter-name>springSecurityFilterChain</filter-name> + <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> + </filter> + <filter-mapping> + <filter-name>springSecurityFilterChain</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <welcome-file-list> <welcome-file>canvas.jsp</welcome-file> <welcome-file>/WEB-INF/pages/canvas.jsp</welcome-file> http://git-wip-us.apache.org/repos/asf/nifi/blob/61046707/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 1d5a857..94a3e96 100644 --- a/pom.xml +++ b/pom.xml @@ -91,7 +91,7 @@ <jetty.version>9.2.11.v20150529</jetty.version> <lucene.version>4.10.4</lucene.version> <spring.version>4.1.6.RELEASE</spring.version> - <spring.security.version>3.2.7.RELEASE</spring.security.version> + <spring.security.version>4.0.2.RELEASE</spring.security.version> <jersey.version>1.19</jersey.version> <hadoop.version>2.6.0</hadoop.version> <yammer.metrics.version>2.2.0</yammer.metrics.version>
