[
https://issues.apache.org/jira/browse/NIFI-4382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181314#comment-16181314
]
ASF GitHub Bot commented on NIFI-4382:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2177#discussion_r141149586
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/knox/KnoxService.java
---
@@ -0,0 +1,243 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.knox;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.text.ParseException;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * KnoxService is a service for managing the Apache Knox SSO.
+ */
+public class KnoxService {
+
+ private static final Logger logger =
LoggerFactory.getLogger(KnoxService.class);
+
+ private KnoxConfiguration configuration;
+ private JWSVerifier verifier;
+ private String knoxUrl;
+ private Set<String> audiences;
+
+ /**
+ * Creates a new KnoxService.
+ *
+ * @param configuration knox configuration
+ */
+ public KnoxService(final KnoxConfiguration configuration) {
+ this.configuration = configuration;
+
+ // if knox sso support is enabled, validate the configuration
+ if (configuration.isKnoxEnabled()) {
+ // ensure the url is provided
+ knoxUrl = configuration.getKnoxUrl();
+ if (StringUtils.isBlank(knoxUrl)) {
+ throw new RuntimeException("Knox URL is required when
Apache Knox SSO support is enabled.");
+ }
+
+ // ensure the cookie name is set
+ if (StringUtils.isBlank(configuration.getKnoxCookieName())) {
+ throw new RuntimeException("Knox Cookie Name is required
when Apache Knox SSO support is enabled.");
+ }
+
+ // create the verifier
+ verifier = new
RSASSAVerifier(configuration.getKnoxPublicKey());
+
+ // get the audience
+ audiences = configuration.getAudiences();
+ }
+ }
+
+ /**
+ * Returns whether OpenId Connect is enabled.
--- End diff --
Think this might be a copy/paste error.
> Add KnoxSSO support to NiFi
> ---------------------------
>
> Key: NIFI-4382
> URL: https://issues.apache.org/jira/browse/NIFI-4382
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> Add support for KnoxSSO to NiFi.
> Reference documentation:
> http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
