[GitHub] nifi pull request #2085: NIFI-4246 - Client Credentials Grant based OAuth2 C...

Thu, 15 Mar 2018 17:03:06 -0700 

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2085#discussion_r174967440
  
    --- Diff: 
nifi-nar-bundles/nifi-oauth-bundle/nifi-oauth/src/main/java/org/apache/nifi/oauth/OAuth2ClientCredentialsGrantControllerService.java
 ---
    @@ -0,0 +1,167 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + * <p>
    + * http://www.apache.org/licenses/LICENSE-2.0
    + * <p>
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + * <p>
    + * Created on 7/25/17.
    + */
    +
    +package org.apache.nifi.oauth;
    +
    +import java.util.ArrayList;
    +import java.util.Base64;
    +import java.util.Collections;
    +import java.util.Iterator;
    +import java.util.List;
    +
    +import org.apache.nifi.annotation.documentation.CapabilityDescription;
    +import org.apache.nifi.annotation.documentation.Tags;
    +import org.apache.nifi.annotation.lifecycle.OnDisabled;
    +import org.apache.nifi.annotation.lifecycle.OnEnabled;
    +import org.apache.nifi.components.PropertyDescriptor;
    +import org.apache.nifi.controller.ConfigurationContext;
    +import org.apache.nifi.oauth.httpclient.OAuthHTTPConnectionClient;
    +import org.apache.nifi.processor.util.StandardValidators;
    +import org.apache.nifi.reporting.InitializationException;
    +import org.apache.oltu.oauth2.client.HttpClient;
    +import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
    +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
    +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
    +import org.apache.oltu.oauth2.common.message.types.GrantType;
    +
    +@Tags({ "oauth2", "client", "secret", "post"})
    +@CapabilityDescription("POSTs the ClientId and ClientSecret to the OAuth2 
authentication server to retrieve the" +
    +        " access token. The access token is stored locally in the 
controller service and used by processors " +
    +        "referencing this controller service.")
    +public class OAuth2ClientCredentialsGrantControllerService
    +        extends AbstractOAuthControllerService
    +        implements OAuth2ClientService {
    +
    +    public static final PropertyDescriptor CLIENT_ID = new 
PropertyDescriptor
    +            .Builder().name("OAuth2 Client ID")
    +            .displayName("OAuth2 Client ID")
    +            .description("OAuth2 Client ID passed to the authorization 
server")
    +            .required(true)
    +            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
    +            .build();
    +
    +    public static final PropertyDescriptor CLIENT_SECRET = new 
PropertyDescriptor
    +            .Builder().name("OAuth2 Client Secret")
    +            .displayName("OAuth2 Client Secret")
    +            .description("OAuth2 Client Secret that will be passed to the 
authorization server in exchange for an access token")
    +            .sensitive(true)
    +            .required(true)
    +            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
    +            .build();
    +
    +    private static final List<PropertyDescriptor> properties;
    +
    +    static {
    +        final List<PropertyDescriptor> props = new ArrayList<>();
    +        props.add(AUTH_SERVER_URL);
    +        props.add(CLIENT_ID);
    +        props.add(CLIENT_SECRET);
    +        props.add(RESPONSE_ACCESS_TOKEN_FIELD_NAME);
    +        props.add(RESPONSE_EXPIRE_TIME_FIELD_NAME);
    +        props.add(RESPONSE_EXPIRE_IN_FIELD_NAME);
    +        props.add(RESPONSE_SCOPE_FIELD_NAME);
    +        props.add(RESPONSE_TOKEN_TYPE_FIELD_NAME);
    +        properties = Collections.unmodifiableList(props);
    +    }
    +
    +    @Override
    +    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
    +        return properties;
    +    }
    +
    +    private String clientId = null;
    +    private String clientSecret = null;
    +    private Base64.Encoder enc = Base64.getEncoder();
    +
    +    /**
    +     * @param context the configuration context
    +     * @throws InitializationException if unable to create a database 
connection
    +     */
    +    @OnEnabled
    +    public void onEnabled(final ConfigurationContext context) throws 
InitializationException {
    +
    +        super.onEnabled(context);
    +
    +        clientId = context.getProperty(CLIENT_ID).getValue();
    +        clientSecret = context.getProperty(CLIENT_SECRET).getValue();
    +    }
    +
    +    public boolean authenticate() {
    +        HttpClient con = null;
    +
    +        try {
    +
    +            String base64String = enc.encodeToString((clientId + ":" + 
clientSecret).getBytes());
    --- End diff --
    
    I say we enforce HTTPS, and if someone wants to connect to an HTTP auth 
server, we do not let them. 


---

Reply via email to