Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-655: 

- Adding a few new exceptions for the login identity provider.
This commit is contained in:
Matt Gilman 2015-11-09 09:20:49 -05:00
parent 018c0864e3
commit 3cf3addd85
6 changed files with 151 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
View File

@ -16,6 +16,7 @@
*/
package org.apache.nifi.authentication;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authorization.exception.ProviderDestructionException;
@ -37,7 +38,7 @@ public interface LoginIdentityProvider {
*
* @param credentials the login credentials
*/
void register(LoginCredentials credentials) throws IdentityAlreadyExistsException;
void register(LoginCredentials credentials) throws IdentityAlreadyExistsException, IdentityAccessException;
/**
* Authenticates the specified login credentials.
@ -45,7 +46,7 @@ public interface LoginIdentityProvider {
* @param credentials the credentials
* @return whether the user was authenticated
*/
boolean authenticate(LoginCredentials credentials);
boolean authenticate(LoginCredentials credentials) throws IdentityAccessException;
/**
* Called immediately after instance creation for implementers to perform additional setup

33
nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityAccessException.java Normal file
View File

@ -0,0 +1,33 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.authentication.exception;
/**
* Represents the case when the identity could not be confirmed because it was unable
* to access the backing store.
*/
public class IdentityAccessException extends RuntimeException {
public IdentityAccessException(String message, Throwable cause) {
super(message, cause);
}
public IdentityAccessException(String message) {
super(message);
}
}

33
nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityRegistrationException.java Normal file
View File

@ -0,0 +1,33 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.authentication.exception;
/**
* Represents the case when the identity could not be registered for some reason.
* Like the credentials did not meet the minimum requirements
*/
public class IdentityRegistrationException extends RuntimeException {
public IdentityRegistrationException(String message, Throwable cause) {
super(message, cause);
}
public IdentityRegistrationException(String message) {
super(message);
}
}

73
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java
View File

@ -123,6 +123,12 @@ public final class AuthorizedUsers {
return authorizedUsers;
}
/**
* Gets the user identity.
*
* @param user The user
* @return The user identity
*/
public String getUserIdentity(final NiFiUser user) {
if (User.class.isAssignableFrom(user.getClass())) {
return ((User) user).getDn();
@ -131,6 +137,11 @@ public final class AuthorizedUsers {
}
}
/**
* Gets all users from configured file.
*
* @return The Users
*/
public synchronized Users getUsers() {
try {
// ensure the directory exists and it can be created
@ -152,6 +163,12 @@ public final class AuthorizedUsers {
}
}
/**
* Determines if a user exists through the specified HasUser.
*
* @param finder The finder
* @return Whether the user exists
*/
public synchronized boolean hasUser(final HasUser finder) {
// load the users
final Users users = getUsers();
@ -165,6 +182,13 @@ public final class AuthorizedUsers {
return finder.hasUser(nifiUsers);
}
/**
* Gets the desired user.
*
* @param finder The finder
* @return The NiFiUser
* @throws UnknownIdentityException If the desired user could not be found
*/
public synchronized NiFiUser getUser(final FindUser finder) {
// load the users
final Users users = getUsers();
@ -178,6 +202,13 @@ public final class AuthorizedUsers {
return finder.findUser(nifiUsers);
}
/**
* Gets the desired users.
*
* @param finder The finder
* @return The NiFiUsers
* @throws UnknownIdentityException If the users could not be found
*/
public synchronized List<NiFiUser> getUsers(final FindUsers finder) {
// load the users
final Users users = getUsers();
@ -191,6 +222,11 @@ public final class AuthorizedUsers {
return finder.findUsers(nifiUsers);
}
/**
* Creates the user via the specified CreateUser.
*
* @param creator The creator
*/
public synchronized void createUser(final CreateUser creator) {
// add the user
final Users users = getUsers();
@ -207,6 +243,13 @@ public final class AuthorizedUsers {
saveUsers(users);
}
/**
* Creates or Updates a user identified by the finder. If the user exists, it's updated otherwise it's created.
*
* @param finder The finder
* @param creator The creator
* @param updater The updater
*/
public synchronized void createOrUpdateUser(final FindUser finder, final CreateUser creator, final UpdateUser updater) {
try {
updateUser(finder, updater);
@ -215,6 +258,12 @@ public final class AuthorizedUsers {
}
}
/**
* Updates the user identified by the finder.
*
* @param finder The finder
* @param updater The updater
*/
public synchronized void updateUser(final FindUser finder, final UpdateUser updater) {
// update the user
final Users users = getUsers();
@ -234,6 +283,12 @@ public final class AuthorizedUsers {
saveUsers(users);
}
/**
* Updates the users identified by the finder.
*
* @param finder The finder
* @param updater The updater
*/
public synchronized void updateUsers(final FindUsers finder, final UpdateUsers updater) {
// update the user
final Users users = getUsers();
@ -252,7 +307,12 @@ public final class AuthorizedUsers {
saveUsers(users);
}
public synchronized Users removeUser(final FindUser finder) {
/**
* Removes the user identified by the finder.
*
* @param finder The finder
*/
public synchronized void removeUser(final FindUser finder) {
// load the users
final Users users = getUsers();
@ -271,11 +331,14 @@ public final class AuthorizedUsers {
// save the users
saveUsers(users);
return users;
}
public synchronized Users removeUsers(final FindUsers finder) {
/**
* Removes the users identified by the finder.
*
* @param finder The finder
*/
public synchronized void removeUsers(final FindUsers finder) {
// load the users
final Users users = getUsers();
@ -296,8 +359,6 @@ public final class AuthorizedUsers {
// save the users
saveUsers(users);
return users;
}
private synchronized void saveUsers(final Users users) {

16
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java
View File

@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.jwt.JwtService;
@ -38,6 +39,7 @@ import org.apache.nifi.web.security.x509.X509CertificateValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@ -139,10 +141,14 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
throw new BadCredentialsException("Login not supported.");
}
if (loginIdentityProvider.authenticate(credentials)) {
return new LoginAuthenticationToken(credentials);
} else {
throw new BadCredentialsException("The supplied username and password are not valid.");
try {
if (loginIdentityProvider.authenticate(credentials)) {
return new LoginAuthenticationToken(credentials);
} else {
throw new BadCredentialsException("The supplied username and password are not valid.");
}
} catch (final IdentityAccessException iae) {
throw new AuthenticationServiceException(iae.getMessage(), iae);
}
}
}
@ -196,6 +202,8 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
if (failed instanceof BadCredentialsException || failed instanceof AuthenticationCredentialsNotFoundException) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
} else if (failed instanceof AuthenticationServiceException) {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}

3
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java
View File

@ -29,6 +29,7 @@ import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.web.security.jwt.JwtService;
@ -79,6 +80,8 @@ public class RegistrationFilter extends AbstractAuthenticationProcessingFilter {
loginIdentityProvider.register(credentials);
} catch (final IdentityAlreadyExistsException iaee) {
// if the identity already exists, try to create the nifi account request
} catch (final IdentityAccessException iae) {
throw new AuthenticationServiceException(iae.getMessage(), iae);
}
try {