http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java index 6486d32..e372781 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java @@ -40,8 +40,8 @@ public class CreateUserActionTest { private final String USER_ID_2 = "2"; private final String USER_ID_3 = "3"; - private final String USER_DN_1 = "data access exception when creating user"; - private final String USER_DN_3 = "general create user case"; + private final String USER_IDENTITY_1 = "data access exception when creating user"; + private final String USER_IDENTITY_3 = "general create user case"; private DAOFactory daoFactory; private UserDAO userDao; @@ -57,9 +57,9 @@ public class CreateUserActionTest { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - if (USER_DN_1.equals(user.getDn())) { + if (USER_IDENTITY_1.equals(user.getIdentity())) { throw new DataAccessException(); - } else if (USER_DN_3.equals(user.getDn())) { + } else if (USER_IDENTITY_3.equals(user.getIdentity())) { user.setId(USER_ID_3); } @@ -100,7 +100,7 @@ public class CreateUserActionTest { @Test(expected = DataAccessException.class) public void testExceptionCreatingUser() throws Exception { NiFiUser user = new NiFiUser(); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); CreateUserAction createUser = new CreateUserAction(user); createUser.execute(daoFactory, null); @@ -128,7 +128,7 @@ public class CreateUserActionTest { @Test public void testCreateUserAccount() throws Exception { NiFiUser user = new NiFiUser(); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN)); CreateUserAction createUser = new CreateUserAction(user);
http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java index b0e1ac1..ac2ab29 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java @@ -40,8 +40,8 @@ public class DisableUserActionTest { private static final String USER_ID_3 = "3"; private static final String USER_ID_4 = "4"; - private static final String USER_DN_3 = "authority access exception"; - private static final String USER_DN_4 = "general disable user case"; + private static final String USER_IDENTITY_3 = "authority access exception"; + private static final String USER_IDENTITY_4 = "general disable user case"; private DAOFactory daoFactory; private UserDAO userDao; @@ -66,11 +66,11 @@ public class DisableUserActionTest { } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(id); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); } else if (USER_ID_4.equals(id)) { user = new NiFiUser(); user.setId(id); - user.setDn(USER_DN_4); + user.setIdentity(USER_IDENTITY_4); user.setStatus(AccountStatus.ACTIVE); } return user; @@ -103,7 +103,7 @@ public class DisableUserActionTest { Object[] args = invocation.getArguments(); String dn = (String) args[0]; - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { throw new AuthorityAccessException(StringUtils.EMPTY); } @@ -158,11 +158,11 @@ public class DisableUserActionTest { // verify the user Assert.assertEquals(USER_ID_4, user.getId()); - Assert.assertEquals(USER_DN_4, user.getDn()); + Assert.assertEquals(USER_IDENTITY_4, user.getIdentity()); Assert.assertEquals(AccountStatus.DISABLED, user.getStatus()); // verify the interaction with the dao and provider Mockito.verify(userDao, Mockito.times(1)).updateUser(user); - Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_DN_4); + Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java index 7707b2c..7bc863b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java @@ -36,9 +36,9 @@ public class RequestUserAccountActionTest { private static final String USER_ID_3 = "3"; - private static final String USER_DN_1 = "existing user account dn"; - private static final String USER_DN_2 = "data access exception"; - private static final String USER_DN_3 = "new account request"; + private static final String USER_IDENTITY_1 = "existing user account"; + private static final String USER_IDENTITY_2 = "data access exception"; + private static final String USER_IDENTITY_3 = "new account request"; private DAOFactory daoFactory; private UserDAO userDao; @@ -54,7 +54,7 @@ public class RequestUserAccountActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_1.equals(dn)) { + if (USER_IDENTITY_1.equals(dn)) { user = new NiFiUser(); } return user; @@ -65,10 +65,10 @@ public class RequestUserAccountActionTest { public Void answer(InvocationOnMock invocation) throws Throwable { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - switch (user.getDn()) { - case USER_DN_2: + switch (user.getIdentity()) { + case USER_IDENTITY_2: throw new DataAccessException(); - case USER_DN_3: + case USER_IDENTITY_3: user.setId(USER_ID_3); break; } @@ -90,7 +90,7 @@ public class RequestUserAccountActionTest { */ @Test(expected = IllegalArgumentException.class) public void testExistingAccount() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_1, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY); requestUserAccount.execute(daoFactory, null); } @@ -102,7 +102,7 @@ public class RequestUserAccountActionTest { */ @Test(expected = DataAccessException.class) public void testDataAccessException() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_2, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY); requestUserAccount.execute(daoFactory, null); } @@ -113,12 +113,12 @@ public class RequestUserAccountActionTest { */ @Test public void testRequestUserAccountAction() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_3, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY); NiFiUser user = requestUserAccount.execute(daoFactory, null); // verfiy the user Assert.assertEquals(USER_ID_3, user.getId()); - Assert.assertEquals(USER_DN_3, user.getDn()); + Assert.assertEquals(USER_IDENTITY_3, user.getIdentity()); Assert.assertEquals(AccountStatus.PENDING, user.getStatus()); // verify interaction with dao http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java index 652d992..58db56a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java @@ -44,10 +44,10 @@ public class SeedUserAccountsActionTest { private static final String USER_ID_3 = "3"; private static final String USER_ID_4 = "4"; - private static final String USER_DN_1 = "user dn 1 - active user - remove monitor and operator, add dfm"; - private static final String USER_DN_2 = "user dn 2 - active user - no action"; - private static final String USER_DN_3 = "user dn 3 - pending user - add operator"; - private static final String USER_DN_4 = "user dn 4 - new user - add monitor"; + private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm"; + private static final String USER_IDENTITY_2 = "user 2 - active user - no action"; + private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator"; + private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor"; private DAOFactory daoFactory; private UserDAO userDao; @@ -68,19 +68,19 @@ public class SeedUserAccountsActionTest { if (USER_ID_1.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_1); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } else if (USER_ID_2.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); user.setStatus(AccountStatus.ACTIVE); } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.setStatus(AccountStatus.PENDING); } return user; @@ -93,22 +93,22 @@ public class SeedUserAccountsActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_1.equals(dn)) { + if (USER_IDENTITY_1.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_1); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); - } else if (USER_DN_2.equals(dn)) { + } else if (USER_IDENTITY_2.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); user.setStatus(AccountStatus.ACTIVE); - } else if (USER_DN_3.equals(dn)) { + } else if (USER_IDENTITY_3.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.setStatus(AccountStatus.PENDING); } return user; @@ -120,7 +120,7 @@ public class SeedUserAccountsActionTest { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - if (USER_DN_4.equals(user.getDn())) { + if (USER_IDENTITY_4.equals(user.getIdentity())) { user.setId(USER_ID_4); } @@ -141,13 +141,13 @@ public class SeedUserAccountsActionTest { Set<String> users = new HashSet<>(); if (Authority.ROLE_DFM.equals(role)) { - users.add(USER_DN_1); + users.add(USER_IDENTITY_1); } else if (Authority.ROLE_ADMIN.equals(role)) { - users.add(USER_DN_2); + users.add(USER_IDENTITY_2); } else if (Authority.ROLE_PROXY.equals(role)) { - users.add(USER_DN_3); + users.add(USER_IDENTITY_3); } else if (Authority.ROLE_MONITOR.equals(role)) { - users.add(USER_DN_4); + users.add(USER_IDENTITY_4); } return users; } @@ -160,16 +160,16 @@ public class SeedUserAccountsActionTest { Set<Authority> authorities = EnumSet.noneOf(Authority.class); switch (dn) { - case USER_DN_1: + case USER_IDENTITY_1: authorities.add(Authority.ROLE_DFM); break; - case USER_DN_2: + case USER_IDENTITY_2: authorities.add(Authority.ROLE_ADMIN); break; - case USER_DN_3: + case USER_IDENTITY_3: authorities.add(Authority.ROLE_PROXY); break; - case USER_DN_4: + case USER_IDENTITY_4: authorities.add(Authority.ROLE_MONITOR); break; } http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java index 22504f7..5effdbb 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java @@ -46,8 +46,8 @@ public class SetUserAuthoritiesActionTest { private static final String USER_ID_2 = "2"; private static final String USER_ID_3 = "3"; - private static final String USER_DN_2 = "user dn 2"; - private static final String USER_DN_3 = "user dn 3"; + private static final String USER_IDENTITY_2 = "user 2"; + private static final String USER_IDENTITY_3 = "user 3"; private DAOFactory daoFactory; private UserDAO userDao; @@ -70,11 +70,11 @@ public class SetUserAuthoritiesActionTest { } else if (USER_ID_2.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } @@ -88,10 +88,10 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } @@ -148,7 +148,7 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; Set<Authority> authorities = EnumSet.noneOf(Authority.class); - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { authorities.add(Authority.ROLE_DFM); } @@ -162,7 +162,7 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; Set<Authority> authorites = (Set<Authority>) args[1]; - if (USER_DN_2.equals(dn)) { + if (USER_IDENTITY_2.equals(dn)) { throw new AuthorityAccessException(StringUtils.EMPTY); } @@ -218,6 +218,6 @@ public class SetUserAuthoritiesActionTest { Set<Authority> authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN); // verify interaction with provider - Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_DN_3, authoritiesAddedToProvider); + Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java new file mode 100644 index 0000000..d9719b3 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.dto; + +import com.wordnik.swagger.annotations.ApiModelProperty; +import javax.xml.bind.annotation.XmlType; + +/** + * Details for the access configuration. + */ +@XmlType(name = "accessConfig") +public class AccessConfigurationDTO { + + private Boolean supportsLogin; + private Boolean supportsAnonymous; + + /** + * @return Indicates whether or not this NiFi supports user login. + */ + @ApiModelProperty( + value = "Indicates whether or not this NiFi supports user login.", + readOnly = true + ) + public Boolean getSupportsLogin() { + return supportsLogin; + } + + public void setSupportsLogin(Boolean supportsLogin) { + this.supportsLogin = supportsLogin; + } + + /** + * @return Indicates whether or not this NiFi supports anonymous access. + */ + @ApiModelProperty( + value = "Indicates whether or not this NiFi supports anonymous.", + readOnly = true + ) + public Boolean getSupportsAnonymous() { + return supportsAnonymous; + } + + public void setSupportsAnonymous(Boolean supportsAnonymous) { + this.supportsAnonymous = supportsAnonymous; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java new file mode 100644 index 0000000..712da0e --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.dto; + +import com.wordnik.swagger.annotations.ApiModelProperty; +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users access status. + */ +@XmlRootElement(name = "accessStatus") +public class AccessStatusDTO { + + public static enum Status { + + UNKNOWN, + UNREGISTERED, + NOT_ACTIVE, + ACTIVE + } + + private String identity; + private String username; + private String status; + private String message; + + /** + * @return the user identity + */ + @ApiModelProperty( + value = "The user identity.", + readOnly = true + ) + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + + /** + * @return the username + */ + @ApiModelProperty( + value = "The username.", + readOnly = true + ) + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the user access status + */ + @ApiModelProperty( + value = "The user access status.", + readOnly = true + ) + public String getStatus() { + return status; + } + + public void setStatus(String status) { + this.status = status; + } + + /** + * @return additional details about the user access status + */ + @ApiModelProperty( + value = "Additional details about the user access status.", + readOnly = true + ) + public String getMessage() { + return message; + } + + public void setMessage(String message) { + this.message = message; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java new file mode 100644 index 0000000..3af0e49 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import javax.xml.bind.annotation.XmlRootElement; +import org.apache.nifi.web.api.dto.AccessConfigurationDTO; + +/** + * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a AccessConfigurationDTO. + */ +@XmlRootElement(name = "accessConfigurationEntity") +public class AccessConfigurationEntity extends Entity { + + private AccessConfigurationDTO config; + + /** + * The AccessConfigurationDTO that is being serialized. + * + * @return The AccessConfigurationDTO object + */ + public AccessConfigurationDTO getConfig() { + return config; + } + + public void setConfig(AccessConfigurationDTO config) { + this.config = config; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java new file mode 100644 index 0000000..f19a268 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import javax.xml.bind.annotation.XmlRootElement; +import org.apache.nifi.web.api.dto.AccessStatusDTO; + +/** + * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a AccessStatusDTO. + */ +@XmlRootElement(name = "accessStatusEntity") +public class AccessStatusEntity extends Entity { + + private AccessStatusDTO accessStatus; + + /** + * The AccessStatusDTO that is being serialized. + * + * @return The AccessStatusDTO object + */ + public AccessStatusDTO getAccessStatus() { + return accessStatus; + } + + public void setAccessStatus(AccessStatusDTO accessStatus) { + this.accessStatus = accessStatus; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java new file mode 100644 index 0000000..02991c7 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users identity. + */ +@XmlRootElement(name = "identityEntity") +public class IdentityEntity extends Entity { + + private String userId; + private String identity; + + /** + * @return current user id + */ + public String getUserId() { + return userId; + } + + public void setUserId(String userId) { + this.userId = userId; + } + + /** + * @return the user identity being serialized + */ + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java index 9bbc3a3..db0b35e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java @@ -22,6 +22,7 @@ import java.util.HashSet; import java.util.Map; import java.util.ServiceLoader; import java.util.Set; +import org.apache.nifi.authentication.LoginIdentityProvider; import org.apache.nifi.authorization.AuthorityProvider; import org.apache.nifi.controller.ControllerService; @@ -38,9 +39,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * Scans through the classpath to load all FlowFileProcessors, - * FlowFileComparators, and ReportingTasks using the service provider API and - * running through all classloaders (root, NARs). + * Scans through the classpath to load all FlowFileProcessors, FlowFileComparators, and ReportingTasks using the service provider API and running through all classloaders (root, NARs). * * @ThreadSafe - is immutable */ @@ -60,6 +59,7 @@ public class ExtensionManager { definitionMap.put(ReportingTask.class, new HashSet<Class>()); definitionMap.put(ControllerService.class, new HashSet<Class>()); definitionMap.put(AuthorityProvider.class, new HashSet<Class>()); + definitionMap.put(LoginIdentityProvider.class, new HashSet<Class>()); definitionMap.put(ProvenanceEventRepository.class, new HashSet<Class>()); definitionMap.put(ComponentStatusRepository.class, new HashSet<Class>()); definitionMap.put(FlowFileRepository.class, new HashSet<Class>()); @@ -68,9 +68,7 @@ public class ExtensionManager { } /** - * Loads all FlowFileProcessor, FlowFileComparator, ReportingTask class - * types that can be found on the bootstrap classloader and by creating - * classloaders for all NARs found within the classpath. + * Loads all FlowFileProcessor, FlowFileComparator, ReportingTask class types that can be found on the bootstrap classloader and by creating classloaders for all NARs found within the classpath. */ public static void discoverExtensions() { final ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader(); @@ -113,8 +111,7 @@ public class ExtensionManager { } /** - * Registers extension for the specified type from the specified - * ClassLoader. + * Registers extension for the specified type from the specified ClassLoader. * * @param type the extension type * @param classloaderMap mapping of classname to classloader @@ -152,9 +149,7 @@ public class ExtensionManager { } /** - * Determines the effective classloader for classes of the given type. If - * returns null it indicates the given type is not known or was not - * detected. + * Determines the effective classloader for classes of the given type. If returns null it indicates the given type is not known or was not detected. * * @param classType to lookup the classloader of * @return String of fully qualified class name; null if not a detected type http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java index 9471ba6..9e9bd03 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java @@ -23,6 +23,7 @@ import java.net.URLClassLoader; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; +import org.apache.nifi.authentication.LoginIdentityProvider; import org.apache.nifi.authorization.AuthorityProvider; import org.apache.nifi.components.Validator; @@ -58,6 +59,7 @@ public class NarThreadContextClassLoader extends URLClassLoader { narSpecificClasses.add(StreamCallback.class); narSpecificClasses.add(ControllerService.class); narSpecificClasses.add(AuthorityProvider.class); + narSpecificClasses.add(LoginIdentityProvider.class); narSpecificClasses.add(ProvenanceEventRepository.class); narSpecificClasses.add(ComponentStatusRepository.class); narSpecificClasses.add(FlowFileRepository.class); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml new file mode 100644 index 0000000..9868b9d --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- + This file lists the login identity providers to use when running securely. In order + to use a specific provider it must be configured here and it's identifier + must be specified in the nifi.properties file. +--> +<loginIdentityProviders> + <!-- + Identity Provider for users logging in with username/password against an LDAP server. + + 'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible + values are ANONYMOUS, SIMPLE, or START_TLS. + + 'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users. + 'Manager Password' - The password of the manager that is used to bind to the LDAP server to + search for users. + + 'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using START_TLS. + 'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP + using START_TLS. + 'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using + START_TLS (i.e. JKS or PKCS12). + 'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using START_TLS. + 'TLS - Truststore Password' - Password for the Truststore that is used when connecting to + LDAP using START_TLS. + 'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using + START_TLS (i.e. JKS or PKCS12). + 'TLS - Client Auth' - Client authentication policy when connecting to LDAP using START_TLS. + Possible values are REQUIRED, WANT, NONE. + 'TLS - Protocol' - Protocol to use when connecting to LDAP using START_TLS. (i.e. TLS, + TLSv1.1, TLSv1.2, etc). + 'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully + before the target context is closed. Defaults to false. + + 'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW. + 'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs). + 'Read Timeout' - Duration of read timeout. (i.e. 10 secs). + + 'Url' - Url of the LDAP servier (i.e. ldap://<hostname>:<port>). + 'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com). + 'User Search Filter' - Filter for searching for users against the 'User Search Base'. + (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. + + 'Authentication Expiration' - The duration of how long the user authentication is valid + for. If the user never logs out, they will be required to log back in following + this duration. + --> + <!-- To enable the ldap-provider remove 2 lines. This is 1 of 2. + <provider> + <identifier>ldap-provider</identifier> + <class>org.apache.nifi.ldap.LdapProvider</class> + <property name="Authentication Strategy">START_TLS</property> + + <property name="Manager DN"></property> + <property name="Manager Password"></property> + + <property name="TLS - Keystore"></property> + <property name="TLS - Keystore Password"></property> + <property name="TLS - Keystore Type"></property> + <property name="TLS - Truststore"></property> + <property name="TLS - Truststore Password"></property> + <property name="TLS - Truststore Type"></property> + <property name="TLS - Client Auth"></property> + <property name="TLS - Protocol"></property> + <property name="TLS - Shutdown Gracefully"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Expiration Duration">12 hours</property> + </provider> + To enable the ldap-provider remove 2 lines. This is 2 of 2. --> +</loginIdentityProviders> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties index 54b5283..b25d05a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties @@ -25,6 +25,7 @@ nifi.administrative.yield.duration=${nifi.administrative.yield.duration} nifi.bored.yield.duration=${nifi.bored.yield.duration} nifi.authority.provider.configuration.file=${nifi.authority.provider.configuration.file} +nifi.login.identity.provider.configuration.file=${nifi.login.identity.provider.configuration.file} nifi.templates.directory=${nifi.templates.directory} nifi.ui.banner.text=${nifi.ui.banner.text} nifi.ui.autorefresh.interval=${nifi.ui.autorefresh.interval} @@ -124,7 +125,9 @@ nifi.security.truststorePasswd=${nifi.security.truststorePasswd} nifi.security.needClientAuth=${nifi.security.needClientAuth} nifi.security.user.credential.cache.duration=${nifi.security.user.credential.cache.duration} nifi.security.user.authority.provider=${nifi.security.user.authority.provider} +nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider} nifi.security.support.new.account.requests=${nifi.security.support.new.account.requests} +nifi.security.anonymous.authorities=${nifi.security.anonymous.authorities} nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url} nifi.security.ocsp.responder.certificate=${nifi.security.ocsp.responder.certificate} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java index ecfe2c0..d1bd5c8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java @@ -615,8 +615,12 @@ public class JettyServer implements NiFiServer { private SslContextFactory createSslContextFactory() { final SslContextFactory contextFactory = new SslContextFactory(); - // need client auth - contextFactory.setNeedClientAuth(props.getNeedClientAuth()); + // require client auth when not supporting login or anonymous access + if (StringUtils.isBlank(props.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER)) && props.getAnonymousAuthorities().isEmpty()) { + contextFactory.setNeedClientAuth(true); + } else { + contextFactory.setWantClientAuth(true); + } /* below code sets JSSE system properties when values are provided */ // keystore properties http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java index cede675..4357633 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java @@ -78,7 +78,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -131,7 +131,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -184,7 +184,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -237,7 +237,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java index 0187ee4..af8428d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java @@ -167,7 +167,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -187,7 +187,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { if (isDisabled != updateIsDisabled) { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); - serviceAction.setUserIdentity(user.getDn()); + serviceAction.setUserIdentity(user.getIdentity()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); @@ -271,7 +271,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(processor.getIdentifier()); @@ -289,7 +289,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a reporting task action FlowChangeAction reportingTaskAction = new FlowChangeAction(); - reportingTaskAction.setUserIdentity(user.getDn()); + reportingTaskAction.setUserIdentity(user.getIdentity()); reportingTaskAction.setUserName(user.getUserName()); reportingTaskAction.setTimestamp(new Date()); reportingTaskAction.setSourceId(reportingTask.getIdentifier()); @@ -307,7 +307,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); - serviceAction.setUserIdentity(user.getDn()); + serviceAction.setUserIdentity(user.getIdentity()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); @@ -387,7 +387,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create the controller service action for adding this controller service action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java index 51cb20c..3949028 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java @@ -121,7 +121,7 @@ public class FunnelAuditor extends NiFiAuditor { if (user != null) { // create the action for adding this funnel action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java index b07d64f..e99a1aa 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java @@ -205,7 +205,7 @@ public class PortAuditor extends NiFiAuditor { for (ActionDetails detail : configurationDetails) { // create the port action for updating the name FlowChangeAction portAction = new FlowChangeAction(); - portAction.setUserIdentity(user.getDn()); + portAction.setUserIdentity(user.getIdentity()); portAction.setUserName(user.getUserName()); portAction.setOperation(Operation.Configure); portAction.setTimestamp(timestamp); @@ -225,7 +225,7 @@ public class PortAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(updatedPort.getIdentifier()); @@ -323,7 +323,7 @@ public class PortAuditor extends NiFiAuditor { // create the port action for adding this processor action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java index d563555..89871e6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java @@ -140,7 +140,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { // create the port action for updating the name FlowChangeAction processGroupAction = new FlowChangeAction(); - processGroupAction.setUserIdentity(user.getDn()); + processGroupAction.setUserIdentity(user.getIdentity()); processGroupAction.setUserName(user.getUserName()); processGroupAction.setOperation(operation); processGroupAction.setTimestamp(timestamp); @@ -157,7 +157,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { if (processGroupDTO.isRunning() != null) { // create a process group action FlowChangeAction processGroupAction = new FlowChangeAction(); - processGroupAction.setUserIdentity(user.getDn()); + processGroupAction.setUserIdentity(user.getIdentity()); processGroupAction.setUserName(user.getUserName()); processGroupAction.setSourceId(processGroup.getIdentifier()); processGroupAction.setSourceName(processGroup.getName()); @@ -242,7 +242,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { // create the process group action for adding this process group action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java index b8a2c69..4f147fb 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java @@ -177,7 +177,7 @@ public class ProcessorAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -197,7 +197,7 @@ public class ProcessorAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(processor.getIdentifier()); @@ -294,7 +294,7 @@ public class ProcessorAuditor extends NiFiAuditor { // create the processor action for adding this processor action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java index f90d572..95000d8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java @@ -188,7 +188,7 @@ public class RelationshipAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(Operation.Configure); configurationAction.setTimestamp(actionTimestamp); @@ -353,7 +353,7 @@ public class RelationshipAuditor extends NiFiAuditor { // create a new relationship action action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(actionTimestamp); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java index e145a62..5815634 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java @@ -246,7 +246,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { for (ActionDetails detail : details) { // create the port action for updating the name FlowChangeAction remoteProcessGroupAction = new FlowChangeAction(); - remoteProcessGroupAction.setUserIdentity(user.getDn()); + remoteProcessGroupAction.setUserIdentity(user.getIdentity()); remoteProcessGroupAction.setUserName(user.getUserName()); remoteProcessGroupAction.setOperation(Operation.Configure); remoteProcessGroupAction.setTimestamp(timestamp); @@ -267,7 +267,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { if (transmissionState != updatedTransmissionState) { // create a processor action FlowChangeAction remoteProcessGroupAction = new FlowChangeAction(); - remoteProcessGroupAction.setUserIdentity(user.getDn()); + remoteProcessGroupAction.setUserIdentity(user.getIdentity()); remoteProcessGroupAction.setUserName(user.getUserName()); remoteProcessGroupAction.setTimestamp(new Date()); remoteProcessGroupAction.setSourceId(updatedRemoteProcessGroup.getIdentifier()); @@ -356,7 +356,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { // create the remote process group action action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java index 712f99a..77df12a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java @@ -160,7 +160,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -180,7 +180,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a reporting task action FlowChangeAction taskAction = new FlowChangeAction(); - taskAction.setUserIdentity(user.getDn()); + taskAction.setUserIdentity(user.getIdentity()); taskAction.setUserName(user.getUserName()); taskAction.setTimestamp(new Date()); taskAction.setSourceId(reportingTask.getIdentifier()); @@ -276,7 +276,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { // create the reporting task action for adding this reporting task action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java index 34382b3..4b7c38a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java @@ -232,7 +232,7 @@ public class SnippetAuditor extends NiFiAuditor { if (user != null) { // create the action for adding this funnel action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(timestamp); http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java index 2d3355a..73d76bd 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java @@ -1267,6 +1267,13 @@ public interface NiFiServiceFacade { Collection<UserDTO> getUsers(Boolean grouped); /** + * Creates a new account request. + * + * @return user + */ + UserDTO createUser(); + + /** * Updates the specified user accordingly. * * @param user The user to update http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiConfiguration.java new file mode 100644 index 0000000..58b0af8 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiConfiguration.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.context.annotation.ImportResource; + +/** + * + */ +@Configuration +@Import({NiFiWebApiSecurityConfiguration.class}) +@ImportResource({"classpath:nifi-context.xml", + "classpath:nifi-administration-context.xml", + "classpath:nifi-cluster-manager-context.xml", + "classpath:nifi-cluster-protocol-context.xml", + "classpath:nifi-web-security-context.xml", + "classpath:nifi-web-api-context.xml"}) +public class NiFiWebApiConfiguration { + + public NiFiWebApiConfiguration() { + super(); + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/aaf14c45/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java new file mode 100644 index 0000000..e8ed267 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -0,0 +1,179 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web; + +import org.apache.nifi.admin.service.UserService; +import org.apache.nifi.authentication.LoginIdentityProvider; +import org.apache.nifi.util.NiFiProperties; +import org.apache.nifi.web.security.NiFiAuthenticationProvider; +import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter; +import org.apache.nifi.web.security.NiFiAuthenticationEntryPoint; +import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; +import org.apache.nifi.web.security.jwt.JwtService; +import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter; +import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.x509.X509AuthenticationFilter; +import org.apache.nifi.web.security.x509.X509CertificateExtractor; +import org.apache.nifi.web.security.x509.X509IdentityProvider; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; +import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; + +/** + * NiFi Web Api Spring security + */ +@Configuration +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapter { + + private NiFiProperties properties; + private UserService userService; + private AuthenticationUserDetailsService userDetailsService; + private JwtService jwtService; + private X509CertificateExtractor certificateExtractor; + private X509IdentityProvider certificateIdentityProvider; + private LoginIdentityProvider loginIdentityProvider; + + public NiFiWebApiSecurityConfiguration() { + super(true); // disable defaults + } + + @Override + public void configure(WebSecurity webSecurity) throws Exception { + webSecurity + .ignoring() + .antMatchers("/access/**"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .rememberMe().disable() + .exceptionHandling() + .authenticationEntryPoint(new NiFiAuthenticationEntryPoint(properties)) + .and() + .authorizeRequests() + .anyRequest().fullyAuthenticated() + .and() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + + // cluster authorized user + http.addFilterBefore(buildNodeAuthorizedUserFilter(), AnonymousAuthenticationFilter.class); + + // anonymous + http.anonymous().authenticationFilter(buildAnonymousFilter()); + + // x509 + http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class); + + // jwt - consider when configured for log in + if (loginIdentityProvider != null) { + http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); + } + } + + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + // override xxxBean method so the authentication manager is available in app context (necessary for the method level security) + return super.authenticationManagerBean(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService)); + } + + private NodeAuthorizedUserFilter buildNodeAuthorizedUserFilter() { + final NodeAuthorizedUserFilter nodeFilter = new NodeAuthorizedUserFilter(); + nodeFilter.setProperties(properties); + nodeFilter.setCertificateExtractor(certificateExtractor); + nodeFilter.setCertificateIdentityProvider(certificateIdentityProvider); + return nodeFilter; + } + + private JwtAuthenticationFilter buildJwtFilter() throws Exception { + final JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter(); + jwtFilter.setProperties(properties); + jwtFilter.setJwtService(jwtService); + jwtFilter.setAuthenticationManager(authenticationManager()); + return jwtFilter; + } + + private X509AuthenticationFilter buildX509Filter() throws Exception { + final X509AuthenticationFilter x509Filter = new X509AuthenticationFilter(); + x509Filter.setProperties(properties); + x509Filter.setCertificateExtractor(certificateExtractor); + x509Filter.setCertificateIdentityProvider(certificateIdentityProvider); + x509Filter.setAuthenticationManager(authenticationManager()); + return x509Filter; + } + + private AnonymousAuthenticationFilter buildAnonymousFilter() { + final NiFiAnonymousUserFilter anonymousFilter = new NiFiAnonymousUserFilter(); + anonymousFilter.setUserService(userService); + return anonymousFilter; + } + + @Autowired + public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { + this.userDetailsService = userDetailsService; + } + + @Autowired + public void setUserService(UserService userService) { + this.userService = userService; + } + + @Autowired + public void setProperties(NiFiProperties properties) { + this.properties = properties; + } + + @Autowired + public void setJwtService(JwtService jwtService) { + this.jwtService = jwtService; + } + + @Autowired + public void setLoginIdentityProvider(LoginIdentityProvider loginIdentityProvider) { + this.loginIdentityProvider = loginIdentityProvider; + } + + @Autowired + public void setCertificateExtractor(X509CertificateExtractor certificateExtractor) { + this.certificateExtractor = certificateExtractor; + } + + @Autowired + public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) { + this.certificateIdentityProvider = certificateIdentityProvider; + } + +}
