mirror of https://github.com/apache/nifi.git
NIFI-655:
- Allowing the ldap provider to specify if client authentication is required/desired.
This commit is contained in:
parent
cfee612a78
commit
b3ae3e3149
|
@ -44,6 +44,8 @@ import org.springframework.security.ldap.search.LdapUserSearch;
|
||||||
*/
|
*/
|
||||||
public class LdapProvider extends AbstractLdapProvider {
|
public class LdapProvider extends AbstractLdapProvider {
|
||||||
|
|
||||||
|
private static final String TLS = "TLS";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AbstractLdapAuthenticationProvider getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
|
protected AbstractLdapAuthenticationProvider getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
|
||||||
final LdapContextSource context = new LdapContextSource();
|
final LdapContextSource context = new LdapContextSource();
|
||||||
|
@ -90,17 +92,23 @@ public class LdapProvider extends AbstractLdapProvider {
|
||||||
final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
|
final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
|
||||||
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
|
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
|
||||||
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
|
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
|
||||||
|
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
final SSLContext sslContext;
|
final SSLContext sslContext;
|
||||||
if (StringUtils.isBlank(rawKeystore)) {
|
if (StringUtils.isBlank(rawKeystore)) {
|
||||||
sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, "TLS");
|
sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, TLS);
|
||||||
} else {
|
} else {
|
||||||
if (StringUtils.isBlank(rawTruststore)) {
|
if (StringUtils.isBlank(rawTruststore)) {
|
||||||
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, "TLS");
|
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, TLS);
|
||||||
} else {
|
} else {
|
||||||
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
|
try {
|
||||||
rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, ClientAuth.REQUIRED, "TLS");
|
final ClientAuth clientAuth = ClientAuth.valueOf(rawClientAuth);
|
||||||
|
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
|
||||||
|
rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, TLS);
|
||||||
|
} catch (final IllegalArgumentException iae) {
|
||||||
|
throw new ProviderCreationException(String.format("Unrecgonized client auth '%s'", rawClientAuth));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory());
|
tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory());
|
||||||
|
@ -133,7 +141,7 @@ public class LdapProvider extends AbstractLdapProvider {
|
||||||
// query
|
// query
|
||||||
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
|
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
|
||||||
|
|
||||||
// bind vs password?
|
// bind
|
||||||
final BindAuthenticator authenticator = new BindAuthenticator(context);
|
final BindAuthenticator authenticator = new BindAuthenticator(context);
|
||||||
authenticator.setUserSearch(userSearch);
|
authenticator.setUserSearch(userSearch);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue