NIFI-655: - Renaming spring tokens to avoid confusion over authentication and authorization.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/e22b51f3 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/e22b51f3 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/e22b51f3 Branch: refs/heads/master Commit: e22b51f3a7fee3b7079ea2007d88ffad4f60596b Parents: 85eb8de Author: Matt Gilman <[email protected]> Authored: Tue Dec 1 10:08:36 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Tue Dec 1 10:08:36 2015 -0500 ---------------------------------------------------------------------- .../web/NiFiWebApiSecurityConfiguration.java | 4 +- .../org/apache/nifi/web/api/AccessResource.java | 10 ++-- .../web/security/NiFiAuthenticationFilter.java | 10 ++-- .../security/NiFiAuthenticationProvider.java | 24 ++++----- .../authorization/NiFiAuthorizationService.java | 6 +-- .../security/jwt/JwtAuthenticationFilter.java | 10 ++-- .../NewAccountAuthenticationRequestToken.java | 40 --------------- .../token/NewAccountAuthenticationToken.java | 46 ----------------- .../NewAccountAuthorizationRequestToken.java | 40 +++++++++++++++ .../token/NewAccountAuthorizationToken.java | 46 +++++++++++++++++ .../token/NiFiAuthenticationRequestToken.java | 54 -------------------- .../token/NiFiAuthortizationRequestToken.java | 54 ++++++++++++++++++++ .../security/x509/X509AuthenticationFilter.java | 10 ++-- .../NiFiAuthorizationServiceTest.java | 6 +-- 14 files changed, 180 insertions(+), 180 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index 0680b74..1488aba 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -24,7 +24,7 @@ import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.x509.X509AuthenticationFilter; import org.apache.nifi.web.security.x509.X509CertificateExtractor; import org.apache.nifi.web.security.x509.X509IdentityProvider; @@ -157,7 +157,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte } @Autowired - public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { + public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) { this.userDetailsService = userDetailsService; } http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java index c67a314..7bf9690 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java @@ -61,7 +61,7 @@ import org.apache.nifi.web.security.UntrustedProxyException; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.token.LoginAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.x509.X509CertificateExtractor; import org.apache.nifi.web.security.x509.X509IdentityProvider; import org.slf4j.Logger; @@ -93,7 +93,7 @@ public class AccessResource extends ApplicationResource { private X509IdentityProvider certificateIdentityProvider; private JwtService jwtService; - private AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService; + private AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService; /** * Retrieves the access configuration for this NiFi. @@ -285,7 +285,7 @@ public class AccessResource extends ApplicationResource { * @throws AuthenticationException if the proxy chain is not authorized */ private UserDetails checkAuthorization(final List<String> proxyChain) throws AuthenticationException { - return userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain)); + return userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain)); } /** @@ -399,7 +399,7 @@ public class AccessResource extends ApplicationResource { private void authorizeProxyIfNecessary(final List<String> proxyChain) throws AuthenticationException { if (proxyChain.size() > 1) { try { - userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain)); + userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain)); } catch (final UsernameNotFoundException unfe) { // if a username not found exception was thrown, the proxies were authorized and now // we can issue a new token to the end user which they will use to identify themselves @@ -435,7 +435,7 @@ public class AccessResource extends ApplicationResource { this.certificateIdentityProvider = certificateIdentityProvider; } - public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { + public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) { this.userDetailsService = userDetailsService; } http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index f0000f8..d63f01e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NiFiUserUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -82,7 +82,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { String dnChain = null; try { - final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request); + final NiFiAuthortizationRequestToken authenticated = attemptAuthentication(request); if (authenticated != null) { dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><")); @@ -118,14 +118,14 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { /** * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication - * request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when + * request, the implementation should convert it to a NiFiAuthorizationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when * the request contains an authentication request but it could not be authenticated. * * @param request The request - * @return The NiFiAuthenticationRequestToken used to later authorized the client + * @return The NiFiAutorizationRequestToken used to later authorized the client * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate */ - public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request); + public abstract NiFiAuthortizationRequestToken attemptAuthentication(HttpServletRequest request); protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { if (log.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java index eb0684b..0887901 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java @@ -16,9 +16,9 @@ */ package org.apache.nifi.web.security; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NewAccountAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.token.NiFiAuthorizationToken; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; @@ -32,29 +32,29 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; */ public class NiFiAuthenticationProvider implements AuthenticationProvider { - private final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService; + private final AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService; - public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { + public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) { this.userDetailsService = userDetailsService; } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { - final NiFiAuthenticationRequestToken request = (NiFiAuthenticationRequestToken) authentication; + final NiFiAuthortizationRequestToken request = (NiFiAuthortizationRequestToken) authentication; try { // defer to the nifi user details service to authorize the user final UserDetails userDetails = userDetailsService.loadUserDetails(request); - // build an authentication for accesing nifi + // build a token for accesing nifi final NiFiAuthorizationToken result = new NiFiAuthorizationToken(userDetails); result.setDetails(request.getDetails()); return result; } catch (final UsernameNotFoundException unfe) { - // if the authentication request is for a new account and it could not be authorized because the user was not found, - // return the token so the new account could be created. this must go here toe nsure that any proxies have been authorized + // if the authorization request is for a new account and it could not be authorized because the user was not found, + // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized if (isNewAccountAuthenticationToken(request)) { - return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest()); + return new NewAccountAuthorizationToken(((NewAccountAuthorizationRequestToken) authentication).getNewAccountRequest()); } else { throw unfe; } @@ -62,12 +62,12 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider { } private boolean isNewAccountAuthenticationToken(final Authentication authentication) { - return NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass()); + return NewAccountAuthorizationRequestToken.class.isAssignableFrom(authentication.getClass()); } @Override public boolean supports(Class<?> authentication) { - return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); + return NiFiAuthortizationRequestToken.class.isAssignableFrom(authentication); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java index 23d9e61..75c01bf 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java @@ -30,7 +30,7 @@ import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.UntrustedProxyException; import org.apache.nifi.web.security.user.NiFiUserDetails; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.dao.DataAccessException; @@ -44,7 +44,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * UserDetailsService that will verify user identity and grant user authorities. */ -public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> { +public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> { private static final Logger logger = LoggerFactory.getLogger(NiFiAuthorizationService.class); @@ -63,7 +63,7 @@ public class NiFiAuthorizationService implements AuthenticationUserDetailsServic * @throws org.springframework.dao.DataAccessException ex */ @Override - public synchronized UserDetails loadUserDetails(NiFiAuthenticationRequestToken request) throws UsernameNotFoundException, DataAccessException { + public synchronized UserDetails loadUserDetails(NiFiAuthortizationRequestToken request) throws UsernameNotFoundException, DataAccessException { NiFiUserDetails userDetails = null; final List<String> chain = new ArrayList<>(request.getChain()); http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java index 155610a..faf3cde 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java @@ -19,8 +19,8 @@ package org.apache.nifi.web.security.jwt; import io.jsonwebtoken.JwtException; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.web.security.NiFiAuthenticationFilter; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NewAccountRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { private JwtService jwtService; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { + public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport jwt login when running securely if (!request.isSecure()) { return null; @@ -66,9 +66,9 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { final String jwtPrincipal = jwtService.getAuthenticationFromToken(token); if (isNewAccountRequest(request)) { - return new NewAccountAuthenticationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request))); + return new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request))); } else { - return new NiFiAuthenticationRequestToken(Arrays.asList(jwtPrincipal)); + return new NiFiAuthortizationRequestToken(Arrays.asList(jwtPrincipal)); } } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java deleted file mode 100644 index 6fee4ec..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.token; - -import org.apache.nifi.web.security.user.NewAccountRequest; - -/** - * This is an Authentication Token for a user that is requesting authentication in order to submit a new account request. - */ -public class NewAccountAuthenticationRequestToken extends NiFiAuthenticationRequestToken { - - final NewAccountRequest newAccountRequest; - - public NewAccountAuthenticationRequestToken(final NewAccountRequest newAccountRequest) { - super(newAccountRequest.getChain()); - this.newAccountRequest = newAccountRequest; - } - - public String getJustification() { - return newAccountRequest.getJustification(); - } - - public NewAccountRequest getNewAccountRequest() { - return newAccountRequest; - } -} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java deleted file mode 100644 index 5fe3a1d..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.token; - -import org.apache.nifi.web.security.user.NewAccountRequest; -import org.springframework.security.authentication.AbstractAuthenticationToken; - -/** - * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a - * NiFi account. Requesting any other endpoint would be rejected due to lack of roles. - */ -public class NewAccountAuthenticationToken extends AbstractAuthenticationToken { - - final NewAccountRequest newAccountRequest; - - public NewAccountAuthenticationToken(final NewAccountRequest newAccountRequest) { - super(null); - super.setAuthenticated(true); - this.newAccountRequest = newAccountRequest; - } - - @Override - public Object getCredentials() { - return null; - } - - @Override - public Object getPrincipal() { - return newAccountRequest; - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java new file mode 100644 index 0000000..35c371d --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.token; + +import org.apache.nifi.web.security.user.NewAccountRequest; + +/** + * An authentication token that is used as an authorization request when submitting a new account. + */ +public class NewAccountAuthorizationRequestToken extends NiFiAuthortizationRequestToken { + + final NewAccountRequest newAccountRequest; + + public NewAccountAuthorizationRequestToken(final NewAccountRequest newAccountRequest) { + super(newAccountRequest.getChain()); + this.newAccountRequest = newAccountRequest; + } + + public String getJustification() { + return newAccountRequest.getJustification(); + } + + public NewAccountRequest getNewAccountRequest() { + return newAccountRequest; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java new file mode 100644 index 0000000..de0fde6 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.token; + +import org.apache.nifi.web.security.user.NewAccountRequest; +import org.springframework.security.authentication.AbstractAuthenticationToken; + +/** + * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a + * NiFi account. Requesting any other endpoint would be rejected due to lack of roles. + */ +public class NewAccountAuthorizationToken extends AbstractAuthenticationToken { + + final NewAccountRequest newAccountRequest; + + public NewAccountAuthorizationToken(final NewAccountRequest newAccountRequest) { + super(null); + super.setAuthenticated(true); + this.newAccountRequest = newAccountRequest; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getPrincipal() { + return newAccountRequest; + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java deleted file mode 100644 index 3ae6491..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.token; - -import java.util.Collections; -import java.util.List; -import org.springframework.security.authentication.AbstractAuthenticationToken; - -/** - * An authentication token that is used as an authentication request. The request chain is specified during creation and is used authenticate the user(s). If the user is authenticated, the token is - * used to authorized the user(s). - */ -public class NiFiAuthenticationRequestToken extends AbstractAuthenticationToken { - - private final List<String> chain; - - public NiFiAuthenticationRequestToken(final List<String> chain) { - super(null); - this.chain = chain; - } - - @Override - public Object getCredentials() { - return null; - } - - @Override - public Object getPrincipal() { - return chain; - } - - public List<String> getChain() { - return Collections.unmodifiableList(chain); - } - - @Override - public final void setAuthenticated(boolean authenticated) { - throw new IllegalArgumentException("Cannot change the authenticated state."); - } -} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java new file mode 100644 index 0000000..a1459a4 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.security.token; + +import java.util.Collections; +import java.util.List; +import org.springframework.security.authentication.AbstractAuthenticationToken; + +/** + * An authentication token that is used as an authorization request. The request has already been authenticated and is now going to be authorized. + * The request chain is specified during creation and is used authorize the user(s). + */ +public class NiFiAuthortizationRequestToken extends AbstractAuthenticationToken { + + private final List<String> chain; + + public NiFiAuthortizationRequestToken(final List<String> chain) { + super(null); + this.chain = chain; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getPrincipal() { + return chain; + } + + public List<String> getChain() { + return Collections.unmodifiableList(chain); + } + + @Override + public final void setAuthenticated(boolean authenticated) { + throw new IllegalArgumentException("Cannot change the authenticated state."); + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java index 708b607..2c792f6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java @@ -23,8 +23,8 @@ import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationFilter; import org.apache.nifi.web.security.ProxiedEntitiesUtils; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NewAccountRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { private X509IdentityProvider certificateIdentityProvider; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { + public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport x509 login when running securely if (!request.isSecure()) { return null; @@ -62,9 +62,9 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { final List<String> proxyChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(request, authenticationResponse.getIdentity()); if (isNewAccountRequest(request)) { - return new NewAccountAuthenticationRequestToken(new NewAccountRequest(proxyChain, getJustification(request))); + return new NewAccountAuthorizationRequestToken(new NewAccountRequest(proxyChain, getJustification(request))); } else { - return new NiFiAuthenticationRequestToken(proxyChain); + return new NiFiAuthortizationRequestToken(proxyChain); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/e22b51f3/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java index 5456552..414d9f8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java @@ -26,7 +26,7 @@ import org.apache.nifi.authorization.Authority; import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.UntrustedProxyException; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NiFiUserDetails; import org.junit.Assert; import org.junit.Before; @@ -104,8 +104,8 @@ public class NiFiAuthorizationServiceTest { authorizationService.setUserService(userService); } - private NiFiAuthenticationRequestToken createRequestAuthentication(final String... identities) { - return new NiFiAuthenticationRequestToken(Arrays.asList(identities)); + private NiFiAuthortizationRequestToken createRequestAuthentication(final String... identities) { + return new NiFiAuthortizationRequestToken(Arrays.asList(identities)); } /**
