From e22b51f3a7fee3b7079ea2007d88ffad4f60596b Mon Sep 17 00:00:00 2001 From: Matt Gilman Date: Tue, 1 Dec 2015 10:08:36 -0500 Subject: [PATCH] NIFI-655: - Renaming spring tokens to avoid confusion over authentication and authorization. --- .../web/NiFiWebApiSecurityConfiguration.java | 4 ++-- .../apache/nifi/web/api/AccessResource.java | 10 ++++---- .../security/NiFiAuthenticationFilter.java | 10 ++++---- .../security/NiFiAuthenticationProvider.java | 24 +++++++++---------- .../NiFiAuthorizationService.java | 6 ++--- .../security/jwt/JwtAuthenticationFilter.java | 10 ++++---- ... NewAccountAuthorizationRequestToken.java} | 6 ++--- ...java => NewAccountAuthorizationToken.java} | 4 ++-- ...va => NiFiAuthortizationRequestToken.java} | 8 +++---- .../x509/X509AuthenticationFilter.java | 10 ++++---- .../NiFiAuthorizationServiceTest.java | 6 ++--- 11 files changed, 49 insertions(+), 49 deletions(-) rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/{NewAccountAuthenticationRequestToken.java => NewAccountAuthorizationRequestToken.java} (80%) rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/{NewAccountAuthenticationToken.java => NewAccountAuthorizationToken.java} (90%) rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/{NiFiAuthenticationRequestToken.java => NiFiAuthortizationRequestToken.java} (80%) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index 0680b7491f..1488aba57c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -24,7 +24,7 @@ import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.x509.X509AuthenticationFilter; import org.apache.nifi.web.security.x509.X509CertificateExtractor; import org.apache.nifi.web.security.x509.X509IdentityProvider; @@ -157,7 +157,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte } @Autowired - public void setUserDetailsService(AuthenticationUserDetailsService userDetailsService) { + public void setUserDetailsService(AuthenticationUserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java index c67a314cf5..7bf9690e6b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java @@ -61,7 +61,7 @@ import org.apache.nifi.web.security.UntrustedProxyException; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.token.LoginAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.x509.X509CertificateExtractor; import org.apache.nifi.web.security.x509.X509IdentityProvider; import org.slf4j.Logger; @@ -93,7 +93,7 @@ public class AccessResource extends ApplicationResource { private X509IdentityProvider certificateIdentityProvider; private JwtService jwtService; - private AuthenticationUserDetailsService userDetailsService; + private AuthenticationUserDetailsService userDetailsService; /** * Retrieves the access configuration for this NiFi. @@ -285,7 +285,7 @@ public class AccessResource extends ApplicationResource { * @throws AuthenticationException if the proxy chain is not authorized */ private UserDetails checkAuthorization(final List proxyChain) throws AuthenticationException { - return userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain)); + return userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain)); } /** @@ -399,7 +399,7 @@ public class AccessResource extends ApplicationResource { private void authorizeProxyIfNecessary(final List proxyChain) throws AuthenticationException { if (proxyChain.size() > 1) { try { - userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain)); + userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain)); } catch (final UsernameNotFoundException unfe) { // if a username not found exception was thrown, the proxies were authorized and now // we can issue a new token to the end user which they will use to identify themselves @@ -435,7 +435,7 @@ public class AccessResource extends ApplicationResource { this.certificateIdentityProvider = certificateIdentityProvider; } - public void setUserDetailsService(AuthenticationUserDetailsService userDetailsService) { + public void setUserDetailsService(AuthenticationUserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index f0000f86a3..d63f01e70d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NiFiUserUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -82,7 +82,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { String dnChain = null; try { - final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request); + final NiFiAuthortizationRequestToken authenticated = attemptAuthentication(request); if (authenticated != null) { dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><")); @@ -118,14 +118,14 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { /** * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication - * request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when + * request, the implementation should convert it to a NiFiAuthorizationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when * the request contains an authentication request but it could not be authenticated. * * @param request The request - * @return The NiFiAuthenticationRequestToken used to later authorized the client + * @return The NiFiAutorizationRequestToken used to later authorized the client * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate */ - public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request); + public abstract NiFiAuthortizationRequestToken attemptAuthentication(HttpServletRequest request); protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { if (log.isDebugEnabled()) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java index eb0684b0d4..0887901750 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java @@ -16,9 +16,9 @@ */ package org.apache.nifi.web.security; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NewAccountAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.token.NiFiAuthorizationToken; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; @@ -32,29 +32,29 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; */ public class NiFiAuthenticationProvider implements AuthenticationProvider { - private final AuthenticationUserDetailsService userDetailsService; + private final AuthenticationUserDetailsService userDetailsService; - public NiFiAuthenticationProvider(final AuthenticationUserDetailsService userDetailsService) { + public NiFiAuthenticationProvider(final AuthenticationUserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { - final NiFiAuthenticationRequestToken request = (NiFiAuthenticationRequestToken) authentication; + final NiFiAuthortizationRequestToken request = (NiFiAuthortizationRequestToken) authentication; try { // defer to the nifi user details service to authorize the user final UserDetails userDetails = userDetailsService.loadUserDetails(request); - // build an authentication for accesing nifi + // build a token for accesing nifi final NiFiAuthorizationToken result = new NiFiAuthorizationToken(userDetails); result.setDetails(request.getDetails()); return result; } catch (final UsernameNotFoundException unfe) { - // if the authentication request is for a new account and it could not be authorized because the user was not found, - // return the token so the new account could be created. this must go here toe nsure that any proxies have been authorized + // if the authorization request is for a new account and it could not be authorized because the user was not found, + // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized if (isNewAccountAuthenticationToken(request)) { - return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest()); + return new NewAccountAuthorizationToken(((NewAccountAuthorizationRequestToken) authentication).getNewAccountRequest()); } else { throw unfe; } @@ -62,12 +62,12 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider { } private boolean isNewAccountAuthenticationToken(final Authentication authentication) { - return NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass()); + return NewAccountAuthorizationRequestToken.class.isAssignableFrom(authentication.getClass()); } @Override public boolean supports(Class authentication) { - return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); + return NiFiAuthortizationRequestToken.class.isAssignableFrom(authentication); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java index 23d9e61867..75c01bf961 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java @@ -30,7 +30,7 @@ import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.UntrustedProxyException; import org.apache.nifi.web.security.user.NiFiUserDetails; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.dao.DataAccessException; @@ -44,7 +44,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * UserDetailsService that will verify user identity and grant user authorities. */ -public class NiFiAuthorizationService implements AuthenticationUserDetailsService { +public class NiFiAuthorizationService implements AuthenticationUserDetailsService { private static final Logger logger = LoggerFactory.getLogger(NiFiAuthorizationService.class); @@ -63,7 +63,7 @@ public class NiFiAuthorizationService implements AuthenticationUserDetailsServic * @throws org.springframework.dao.DataAccessException ex */ @Override - public synchronized UserDetails loadUserDetails(NiFiAuthenticationRequestToken request) throws UsernameNotFoundException, DataAccessException { + public synchronized UserDetails loadUserDetails(NiFiAuthortizationRequestToken request) throws UsernameNotFoundException, DataAccessException { NiFiUserDetails userDetails = null; final List chain = new ArrayList<>(request.getChain()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java index 155610a37e..faf3cded2b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java @@ -19,8 +19,8 @@ package org.apache.nifi.web.security.jwt; import io.jsonwebtoken.JwtException; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.web.security.NiFiAuthenticationFilter; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NewAccountRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { private JwtService jwtService; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { + public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport jwt login when running securely if (!request.isSecure()) { return null; @@ -66,9 +66,9 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { final String jwtPrincipal = jwtService.getAuthenticationFromToken(token); if (isNewAccountRequest(request)) { - return new NewAccountAuthenticationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request))); + return new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request))); } else { - return new NiFiAuthenticationRequestToken(Arrays.asList(jwtPrincipal)); + return new NiFiAuthortizationRequestToken(Arrays.asList(jwtPrincipal)); } } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java similarity index 80% rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java index 6fee4ece93..35c371df5b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationRequestToken.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java @@ -19,13 +19,13 @@ package org.apache.nifi.web.security.token; import org.apache.nifi.web.security.user.NewAccountRequest; /** - * This is an Authentication Token for a user that is requesting authentication in order to submit a new account request. + * An authentication token that is used as an authorization request when submitting a new account. */ -public class NewAccountAuthenticationRequestToken extends NiFiAuthenticationRequestToken { +public class NewAccountAuthorizationRequestToken extends NiFiAuthortizationRequestToken { final NewAccountRequest newAccountRequest; - public NewAccountAuthenticationRequestToken(final NewAccountRequest newAccountRequest) { + public NewAccountAuthorizationRequestToken(final NewAccountRequest newAccountRequest) { super(newAccountRequest.getChain()); this.newAccountRequest = newAccountRequest; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java similarity index 90% rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java index 5fe3a1dc4c..de0fde66bc 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthenticationToken.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java @@ -23,11 +23,11 @@ import org.springframework.security.authentication.AbstractAuthenticationToken; * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a * NiFi account. Requesting any other endpoint would be rejected due to lack of roles. */ -public class NewAccountAuthenticationToken extends AbstractAuthenticationToken { +public class NewAccountAuthorizationToken extends AbstractAuthenticationToken { final NewAccountRequest newAccountRequest; - public NewAccountAuthenticationToken(final NewAccountRequest newAccountRequest) { + public NewAccountAuthorizationToken(final NewAccountRequest newAccountRequest) { super(null); super.setAuthenticated(true); this.newAccountRequest = newAccountRequest; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java similarity index 80% rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java index 3ae6491d08..a1459a48fc 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationRequestToken.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java @@ -21,14 +21,14 @@ import java.util.List; import org.springframework.security.authentication.AbstractAuthenticationToken; /** - * An authentication token that is used as an authentication request. The request chain is specified during creation and is used authenticate the user(s). If the user is authenticated, the token is - * used to authorized the user(s). + * An authentication token that is used as an authorization request. The request has already been authenticated and is now going to be authorized. + * The request chain is specified during creation and is used authorize the user(s). */ -public class NiFiAuthenticationRequestToken extends AbstractAuthenticationToken { +public class NiFiAuthortizationRequestToken extends AbstractAuthenticationToken { private final List chain; - public NiFiAuthenticationRequestToken(final List chain) { + public NiFiAuthortizationRequestToken(final List chain) { super(null); this.chain = chain; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java index 708b6078af..2c792f674a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java @@ -23,8 +23,8 @@ import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationFilter; import org.apache.nifi.web.security.ProxiedEntitiesUtils; -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NewAccountRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { private X509IdentityProvider certificateIdentityProvider; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { + public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport x509 login when running securely if (!request.isSecure()) { return null; @@ -62,9 +62,9 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { final List proxyChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(request, authenticationResponse.getIdentity()); if (isNewAccountRequest(request)) { - return new NewAccountAuthenticationRequestToken(new NewAccountRequest(proxyChain, getJustification(request))); + return new NewAccountAuthorizationRequestToken(new NewAccountRequest(proxyChain, getJustification(request))); } else { - return new NiFiAuthenticationRequestToken(proxyChain); + return new NiFiAuthortizationRequestToken(proxyChain); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java index 545655252a..414d9f8b77 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java @@ -26,7 +26,7 @@ import org.apache.nifi.authorization.Authority; import org.apache.nifi.user.NiFiUser; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.UntrustedProxyException; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; +import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken; import org.apache.nifi.web.security.user.NiFiUserDetails; import org.junit.Assert; import org.junit.Before; @@ -104,8 +104,8 @@ public class NiFiAuthorizationServiceTest { authorizationService.setUserService(userService); } - private NiFiAuthenticationRequestToken createRequestAuthentication(final String... identities) { - return new NiFiAuthenticationRequestToken(Arrays.asList(identities)); + private NiFiAuthortizationRequestToken createRequestAuthentication(final String... identities) { + return new NiFiAuthortizationRequestToken(Arrays.asList(identities)); } /**