http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java index 23ef8eb..6ac0fdd 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java @@ -32,31 +32,31 @@ import org.slf4j.LoggerFactory; public class StandardOptimisticLockingManager implements OptimisticLockingManager { private static final Logger logger = LoggerFactory.getLogger(StandardOptimisticLockingManager.class); - + private static final String INVALID_REVISION_ERROR = "Given revision %s does not match current revision %s."; private static final String SYNC_ERROR = "This NiFi instance has been updated by '%s'. Please refresh to synchronize the view."; - + private Revision currentRevision = new Revision(0L, ""); private String lastModifier = "unknown"; private final Lock lock = new ReentrantLock(); - + private void lock() { lock.lock(); } - + private void unlock() { lock.unlock(); } private void checkRevision(final Revision revision) { final FlowModification lastMod = getLastModification(); - + // with lock, verify revision boolean approved = lastMod.getRevision().equals(revision); if (!approved) { logger.debug("Revision check failed because current revision is " + lastMod.getRevision() + " but supplied revision is " + revision); - + if (lastMod.getRevision().getClientId() == null || lastMod.getRevision().getClientId().trim().isEmpty() || lastMod.getRevision().getVersion() == null) { throw new InvalidRevisionException(String.format(INVALID_REVISION_ERROR, revision, lastMod.getRevision())); } else { @@ -64,11 +64,11 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage } } } - + private Revision updateRevision(final Revision updatedRevision) { // record the current modification setLastModification(new FlowModification(updatedRevision, NiFiUserUtils.getNiFiUserName())); - + // return the revision return updatedRevision; } @@ -98,7 +98,7 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage lock(); try { final Revision updatedRevision = updateRevision.execute(getLastModification().getRevision()); - + // update the revision if (updatedRevision != null) { updateRevision(updatedRevision); @@ -107,7 +107,7 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage unlock(); } } - + @Override public FlowModification getLastModification() { lock(); @@ -119,19 +119,19 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage } else { revision = ctx.getRevision(); } - + return new FlowModification(revision, lastModifier); } finally { unlock(); } } - + private void setLastModification(final FlowModification lastModification) { lock(); try { // record the last modifier lastModifier = lastModification.getLastModifier(); - + // record the updated revision in the cluster context if possible final ClusterContext ctx = ClusterContextThreadLocal.getContext(); if (ctx != null) { @@ -143,10 +143,10 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage unlock(); } } - + private Revision incrementRevision(String clientId) { final Revision current = getLastModification().getRevision(); - + final long incrementedVersion; if (current.getVersion() == null) { incrementedVersion = 0; @@ -155,5 +155,5 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage } return new Revision(incrementedVersion, clientId); } - + }
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java index e691bbe..88fcdaa 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java @@ -23,9 +23,9 @@ public interface UpdateRevision { /** * Executes the action that will result in an updated revision - * - * @param currentRevision The current revision - * @return The updated revision + * + * @param currentRevision The current revision + * @return The updated revision */ Revision execute(Revision currentRevision); } http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java index b56f23d..f3bd11e 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java @@ -34,10 +34,8 @@ public class DnUtils { private static final Pattern proxyChainPattern = Pattern.compile("<(.*?)>"); /** - * Gets the X-ProxiedEntitiesChain from the specified request. - * - * @param request - * @return + * @param request http request + * @return the X-ProxiedEntitiesChain from the specified request */ public static String getXProxiedEntitiesChain(final HttpServletRequest request) { String xProxiedEntitiesChain = request.getHeader("X-ProxiedEntitiesChain"); @@ -60,8 +58,8 @@ public class DnUtils { * Formats the specified DN to be set as a HTTP header using well known * conventions. * - * @param dn - * @return + * @param dn raw dn + * @return the dn formatted as an HTTP header */ public static String formatProxyDn(String dn) { return "<" + dn + ">"; @@ -70,8 +68,8 @@ public class DnUtils { /** * Tokenizes the specified proxy chain. * - * @param rawProxyChain - * @return + * @param rawProxyChain raw chain + * @return tokenized proxy chain */ public static Deque<String> tokenizeProxyChain(String rawProxyChain) { final Deque<String> dnList = new ArrayDeque<>(); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java index a82787b..295f09c 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java @@ -76,8 +76,8 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter { /** * Only supports anonymous users for non-secure requests or one way ssl. * - * @param request - * @return + * @param request request + * @return true if allowed */ @Override protected boolean applyAnonymousForThisRequest(HttpServletRequest request) { http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java index d19219c..cd5f1ac 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java @@ -38,11 +38,12 @@ public class NiFiAuthenticationEntryPoint implements AuthenticationEntryPoint { /** * Always returns a 403 error code to the client. - * @param request - * @param response - * @param ae - * @throws java.io.IOException - * @throws javax.servlet.ServletException + * + * @param request request + * @param response response + * @param ae ae + * @throws java.io.IOException ex + * @throws javax.servlet.ServletException ex */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException, ServletException { http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java index dec7c4b..95b4669 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java @@ -51,17 +51,17 @@ public class NiFiAuthorizationService implements UserDetailsService { private NiFiProperties properties; /** - * Loads the user details for the specified dn. - * - * Synchronizing because we want each request to be authorized atomically since - * each may contain any number of DNs. We wanted an access decision made - * for each individual request as a whole (without other request potentially - * impacting it). + * Loads the user details for the specified dn. + * + * Synchronizing because we want each request to be authorized atomically + * since each may contain any number of DNs. We wanted an access decision + * made for each individual request as a whole (without other request + * potentially impacting it). * - * @param rawProxyChain - * @return - * @throws UsernameNotFoundException - * @throws org.springframework.dao.DataAccessException + * @param rawProxyChain proxy chain + * @return user details + * @throws UsernameNotFoundException ex + * @throws org.springframework.dao.DataAccessException ex */ @Override public synchronized UserDetails loadUserByUsername(String rawProxyChain) throws UsernameNotFoundException, DataAccessException { @@ -75,7 +75,7 @@ public class NiFiAuthorizationService implements UserDetailsService { } NiFiUser proxy = null; - + // process each part of the proxy chain for (final Iterator<String> dnIter = dnList.iterator(); dnIter.hasNext();) { final String dn = dnIter.next(); @@ -92,12 +92,12 @@ public class NiFiAuthorizationService implements UserDetailsService { logger.warn(String.format("Proxy '%s' must have '%s' authority. Current authorities: %s", dn, Authority.ROLE_PROXY.toString(), StringUtils.join(user.getAuthorities(), ", "))); throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString())); } - + // if we've already encountered a proxy, update the chain if (proxy != null) { user.setChain(proxy); } - + // record this user as the proxy for the next user in the chain proxy = user; } catch (UsernameNotFoundException unfe) { @@ -118,7 +118,8 @@ public class NiFiAuthorizationService implements UserDetailsService { // attempting to auto create the user account request final String message = String.format("Account request was already submitted for '%s'", dn); logger.warn(message); - throw new AccountStatusException(message) {}; + throw new AccountStatusException(message) { + }; } } else { logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage())); @@ -130,7 +131,7 @@ public class NiFiAuthorizationService implements UserDetailsService { } } else { userDetails = getNiFiUserDetails(dn); - + // if we've already encountered a proxy, update the chain if (proxy != null) { final NiFiUser user = userDetails.getNiFiUser(); @@ -145,8 +146,8 @@ public class NiFiAuthorizationService implements UserDetailsService { /** * Loads the user details for the specified dn. * - * @param dn - * @return + * @param dn user dn + * @return user detail */ private NiFiUserDetails getNiFiUserDetails(String dn) { try { @@ -155,7 +156,8 @@ public class NiFiAuthorizationService implements UserDetailsService { } catch (AdministrationException ase) { throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase); } catch (AccountDisabledException | AccountPendingException e) { - throw new AccountStatusException(e.getMessage(), e) {}; + throw new AccountStatusException(e.getMessage(), e) { + }; } catch (AccountNotFoundException anfe) { throw new UsernameNotFoundException(anfe.getMessage()); } http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java index d9e8f80..c69b1e6 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java @@ -36,7 +36,7 @@ public class NiFiUserDetails implements UserDetails { /** * Creates a new NiFiUserDetails. * - * @param user + * @param user user */ public NiFiUserDetails(NiFiUser user) { this.user = user; @@ -45,7 +45,7 @@ public class NiFiUserDetails implements UserDetails { /** * Get the user for this UserDetails. * - * @return + * @return user */ public NiFiUser getNiFiUser() { return user; @@ -54,7 +54,7 @@ public class NiFiUserDetails implements UserDetails { /** * Returns the authorities that this NiFi user has. * - * @return + * @return authorities */ @Override public Collection<? extends GrantedAuthority> getAuthorities() { @@ -66,21 +66,11 @@ public class NiFiUserDetails implements UserDetails { return grantedAuthorities; } - /** - * Not used. - * - * @return - */ @Override public String getPassword() { return StringUtils.EMPTY; } - /** - * Gets the user name. - * - * @return - */ @Override public String getUsername() { return user.getDn(); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java index acf37dc..a1b6717 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java @@ -35,7 +35,7 @@ public final class NiFiUserUtils { /** * Return the authorities for the current user. * - * @return + * @return authorities */ public static Set<String> getAuthorities() { Set<GrantedAuthority> grantedAuthorities = new HashSet<>(); @@ -62,7 +62,7 @@ public final class NiFiUserUtils { * Returns the current NiFiUser or null if the current user is not a * NiFiUser. * - * @return + * @return user */ public static NiFiUser getNiFiUser() { NiFiUser user = null; @@ -79,7 +79,7 @@ public final class NiFiUserUtils { return user; } - + public static String getNiFiUserName() { // get the nifi user to extract the username NiFiUser user = NiFiUserUtils.getNiFiUser(); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java index f290e1f..48a12de 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java @@ -24,12 +24,6 @@ import org.springframework.security.web.authentication.preauth.x509.X509Principa */ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor { - /** - * Extracts the principal from the specified client certificate. - * - * @param cert - * @return - */ @Override public Object extractPrincipal(X509Certificate cert) { return cert.getSubjectDN().getName().trim(); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java index 3de4b75..72baecb 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java @@ -58,16 +58,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing private NiFiProperties properties; private UserService userService; - /** - * Override doFilter in order to properly handle when users could not be - * authenticated. - * - * @param request - * @param response - * @param chain - * @throws IOException - * @throws ServletException - */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse) response; @@ -194,13 +184,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing return certificateExtractor.extractClientCertificate(request); } - /** - * Sets the response headers for successful proxied requests. - * - * @param request - * @param response - * @param authResult - */ @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { if (StringUtils.isNotBlank(request.getHeader(PROXY_ENTITIES_CHAIN))) { @@ -209,13 +192,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing super.successfulAuthentication(request, response, authResult); } - /** - * Sets the response headers for unsuccessful proxied requests. - * - * @param request - * @param response - * @param failed - */ @Override protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) { if (StringUtils.isNotBlank(request.getHeader(PROXY_ENTITIES_CHAIN))) { @@ -228,8 +204,8 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing * Determines if the specified request is attempting to register a new user * account. * - * @param request - * @return + * @param request http request + * @return true if new user */ private boolean isNewAccountRequest(HttpServletRequest request) { if ("POST".equalsIgnoreCase(request.getMethod())) { @@ -246,10 +222,10 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing /** * Handles requests that were unable to be authorized. * - * @param request - * @param response - * @param ae - * @throws IOException + * @param request request + * @param response response + * @param ae ex + * @throws IOException ex */ private void handleUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException { // set the response status @@ -292,14 +268,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing } } - /** - * Handles requests that failed because of a user service error. - * - * @param request - * @param response - * @param e - * @throws IOException - */ private void handleUserServiceError(HttpServletRequest request, HttpServletResponse response, int responseCode, String message) throws IOException { // set the response status response.setContentType("text/plain"); @@ -316,9 +284,9 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing /** * Handles requests that failed because they were bad input. * - * @param request - * @param response - * @throws IOException + * @param request request + * @param response response + * @throws IOException ioe */ private void handleMissingCertificate(HttpServletRequest request, HttpServletResponse response) throws IOException { // set the response status http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java index 546d7be..b40d5a5 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java @@ -32,8 +32,8 @@ public class X509CertificateExtractor { * Extract the client certificate from the specified HttpServletRequest or * null if none is specified. * - * @param request - * @return + * @param request http request + * @return cert */ public X509Certificate extractClientCertificate(HttpServletRequest request) { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java index 8d2c318..81e4bd6 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java @@ -63,9 +63,6 @@ import org.bouncycastle.ocsp.SingleResp; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** - * - */ public class OcspCertificateValidator { private static final Logger logger = LoggerFactory.getLogger(OcspCertificateValidator.class); @@ -141,8 +138,8 @@ public class OcspCertificateValidator { /** * Loads the ocsp certificate if specified. Null otherwise. * - * @param properties - * @return + * @param properties nifi properties + * @return certificate */ private X509Certificate getOcspCertificate(final NiFiProperties properties) { X509Certificate validationAuthorityCertificate = null; @@ -164,8 +161,8 @@ public class OcspCertificateValidator { * Loads the trusted certificate authorities according to the specified * properties. * - * @param properties - * @return + * @param properties properties + * @return map of certificate authorities */ private Map<String, X509Certificate> getTrustedCAs(final NiFiProperties properties) { final Map<String, X509Certificate> certificateAuthorities = new HashMap<>(); @@ -211,8 +208,8 @@ public class OcspCertificateValidator { /** * Validates the specified certificate using OCSP if configured. * - * @param request - * @throws CertificateStatusException + * @param request http request + * @throws CertificateStatusException ex */ public void validate(final HttpServletRequest request) throws CertificateStatusException { final X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); @@ -235,7 +232,8 @@ public class OcspCertificateValidator { // we only disallow when we have a verified response that states the certificate is revoked if (VerificationStatus.Verified.equals(ocspStatus.getVerificationStatus()) && ValidationStatus.Revoked.equals(ocspStatus.getValidationStatus())) { - throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.", subjectCertificate.getSubjectX500Principal().getName())); + throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.", + subjectCertificate.getSubjectX500Principal().getName())); } } catch (final UncheckedExecutionException uee) { logger.warn(String.format("Unable to validate client certificate via OCSP: <%s>", subjectCertificate.getSubjectX500Principal().getName()), uee.getCause()); @@ -246,8 +244,8 @@ public class OcspCertificateValidator { /** * Gets the subject certificate. * - * @param certificates - * @return + * @param certificates certs + * @return subject cert */ private X509Certificate getSubjectCertificate(final X509Certificate[] certificates) { return certificates[0]; @@ -256,8 +254,8 @@ public class OcspCertificateValidator { /** * Gets the issuer certificate. * - * @param certificates - * @return + * @param certificates certs + * @return issuer cert */ private X509Certificate getIssuerCertificate(final X509Certificate[] certificates) { if (certificates.length > 1) { @@ -274,9 +272,8 @@ public class OcspCertificateValidator { /** * Gets the OCSP status for the specified subject and issuer certificates. * - * @param subjectCertificate - * @param issuerCertificate - * @return + * @param ocspStatusKey status key + * @return ocsp status */ private OcspStatus getOcspStatus(final OcspRequest ocspStatusKey) { final X509Certificate subjectCertificate = ocspStatusKey.getSubjectCertificate(); @@ -406,9 +403,9 @@ public class OcspCertificateValidator { * that issued the subject certificate. Other various checks may be required * (this portion is currently not implemented). * - * @param responderCertificate - * @param issuerCertificate - * @return + * @param responderCertificate cert + * @param issuerCertificate cert + * @return cert */ private X509Certificate getTrustedResponderCertificate(final X509Certificate responderCertificate, final X509Certificate issuerCertificate) { // look for the responder's certificate specifically @@ -425,13 +422,13 @@ public class OcspCertificateValidator { // if (keyUsage == null || !keyUsage.contains(KP_OCSP_SIGNING_OID)) { // return null; // } -// +// // // ensure the certificate is valid // responderCertificate.checkValidity(); -// +// // // verify the signature // responderCertificate.verify(issuerCertificate.getPublicKey()); -// +// // return responderCertificate; // } catch (final CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) { // return null; http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java index 057a854..6d0c3cb 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java @@ -37,12 +37,11 @@ import org.springframework.security.authentication.AccountStatusException; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.userdetails.UsernameNotFoundException; - /** * Test case for NiFiAuthorizationService. */ public class NiFiAuthorizationServiceTest { - + private static final String USER = "user"; private static final String PROXY = "proxy"; private static final String PROXY_PROXY = "proxy-proxy"; @@ -51,16 +50,16 @@ public class NiFiAuthorizationServiceTest { private static final String USER_PENDING = "user-pending"; private static final String USER_ADMIN_EXCEPTION = "user-admin-exception"; private static final String PROXY_NOT_FOUND = "proxy-not-found"; - + private NiFiAuthorizationService authorizationService; private UserService userService; - + @Before public void setup() throws Exception { // mock the web security properties final NiFiProperties properties = Mockito.mock(NiFiProperties.class); Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE); - + userService = Mockito.mock(UserService.class); Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString()); Mockito.doAnswer(new Answer() { @@ -68,7 +67,7 @@ public class NiFiAuthorizationServiceTest { public Object answer(InvocationOnMock invocation) throws Throwable { Object[] args = invocation.getArguments(); String dn = (String) args[0]; - + if (null != dn) { switch (dn) { case USER_NOT_FOUND: @@ -93,97 +92,99 @@ public class NiFiAuthorizationServiceTest { return proxy; } } - + return null; } }).when(userService).checkAuthorization(Mockito.anyString()); - + // create the authorization service authorizationService = new NiFiAuthorizationService(); authorizationService.setProperties(properties); authorizationService.setUserService(userService); } - + /** - * Ensures the authorization service correctly handles users invalid dn chain. + * Ensures the authorization service correctly handles users invalid dn + * chain. * - * @throws Exception + * @throws Exception ex */ @Test(expected = UntrustedProxyException.class) public void testInvalidDnChain() throws Exception { authorizationService.loadUserByUsername(USER); } - + /** * Ensures the authorization service correctly handles account not found. * - * @throws Exception + * @throws Exception ex */ @Test(expected = UsernameNotFoundException.class) public void testAccountNotFound() throws Exception { authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_NOT_FOUND)); } - + /** * Ensures the authorization service correctly handles account disabled. * - * @throws Exception + * @throws Exception ex */ @Test(expected = AccountStatusException.class) public void testAccountDisabled() throws Exception { authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_DISABLED)); } - + /** * Ensures the authorization service correctly handles account pending. * - * @throws Exception + * @throws Exception ex */ @Test(expected = AccountStatusException.class) public void testAccountPending() throws Exception { authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_PENDING)); } - + /** - * Ensures the authorization service correctly handles account administration exception. + * Ensures the authorization service correctly handles account + * administration exception. * - * @throws Exception + * @throws Exception ex */ @Test(expected = AuthenticationServiceException.class) public void testAccountAdminException() throws Exception { authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_ADMIN_EXCEPTION)); } - + /** * Tests the case when there is no proxy. - * - * @throws Exception + * + * @throws Exception ex */ @Test public void testNoProxy() throws Exception { final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER)); final NiFiUser user = details.getNiFiUser(); - + Assert.assertEquals(USER, user.getDn()); Assert.assertNull(user.getChain()); } - + /** * Tests the case when the proxy does not have ROLE_PROXY. - * - * @throws Exception + * + * @throws Exception ex */ @Test(expected = UntrustedProxyException.class) public void testInvalidProxy() throws Exception { final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(USER); authorizationService.loadUserByUsername(dnChain); } - + /** - * Ensures the authorization service correctly handles proxy not found by attempting - * to create an account request for the proxy. + * Ensures the authorization service correctly handles proxy not found by + * attempting to create an account request for the proxy. * - * @throws Exception + * @throws Exception ex */ @Test(expected = UsernameNotFoundException.class) public void testProxyNotFound() throws Exception { @@ -194,55 +195,55 @@ public class NiFiAuthorizationServiceTest { Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString()); } } - + /** * Tests the case when there is a proxy. - * - * @throws Exception + * + * @throws Exception ex */ @Test public void testProxy() throws Exception { final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY); final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); final NiFiUser user = details.getNiFiUser(); - + // verify the user Assert.assertEquals(USER, user.getDn()); Assert.assertNotNull(user.getChain()); - + // get the proxy final NiFiUser proxy = user.getChain(); - + // verify the proxy Assert.assertEquals(PROXY, proxy.getDn()); Assert.assertNull(proxy.getChain()); } - + /** * Tests the case when there is are multiple proxies. - * - * @throws Exception + * + * @throws Exception ex */ @Test public void testProxyProxy() throws Exception { final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY) + DnUtils.formatProxyDn(PROXY_PROXY); final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain); final NiFiUser user = details.getNiFiUser(); - + // verify the user Assert.assertEquals(USER, user.getDn()); Assert.assertNotNull(user.getChain()); - + // get the proxy NiFiUser proxy = user.getChain(); - + // verify the proxy Assert.assertEquals(PROXY, proxy.getDn()); Assert.assertNotNull(proxy.getChain()); - + // get the proxies proxy proxy = proxy.getChain(); - + // verify the proxies proxy Assert.assertEquals(PROXY_PROXY, proxy.getDn()); Assert.assertNull(proxy.getChain());
