NIFI-655:

- Renaming spring tokens to avoid confusion over authentication and authorization.

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java

@@ -24,7 +24,7 @@ import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter;
 import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter;
 import org.apache.nifi.web.security.jwt.JwtService;
 import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.x509.X509AuthenticationFilter;
 import org.apache.nifi.web.security.x509.X509CertificateExtractor;
 import org.apache.nifi.web.security.x509.X509IdentityProvider;
@@ -157,7 +157,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
     }
 
     @Autowired
-    public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) {
+    public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java

@@ -61,7 +61,7 @@ import org.apache.nifi.web.security.UntrustedProxyException;
 import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter;
 import org.apache.nifi.web.security.jwt.JwtService;
 import org.apache.nifi.web.security.token.LoginAuthenticationToken;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.x509.X509CertificateExtractor;
 import org.apache.nifi.web.security.x509.X509IdentityProvider;
 import org.slf4j.Logger;
@@ -93,7 +93,7 @@ public class AccessResource extends ApplicationResource {
     private X509IdentityProvider certificateIdentityProvider;
     private JwtService jwtService;
 
-    private AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService;
+    private AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService;
 
     /**
      * Retrieves the access configuration for this NiFi.
@@ -285,7 +285,7 @@ public class AccessResource extends ApplicationResource {
      * @throws AuthenticationException if the proxy chain is not authorized
      */
     private UserDetails checkAuthorization(final List<String> proxyChain) throws AuthenticationException {
-        return userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain));
+        return userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain));
     }
 
     /**
@@ -399,7 +399,7 @@ public class AccessResource extends ApplicationResource {
     private void authorizeProxyIfNecessary(final List<String> proxyChain) throws AuthenticationException {
         if (proxyChain.size() > 1) {
             try {
-                userDetailsService.loadUserDetails(new NiFiAuthenticationRequestToken(proxyChain));
+                userDetailsService.loadUserDetails(new NiFiAuthortizationRequestToken(proxyChain));
             } catch (final UsernameNotFoundException unfe) {
                 // if a username not found exception was thrown, the proxies were authorized and now
                 // we can issue a new token to the end user which they will use to identify themselves
@@ -435,7 +435,7 @@ public class AccessResource extends ApplicationResource {
         this.certificateIdentityProvider = certificateIdentityProvider;
     }
 
-    public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) {
+    public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java

@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.user.NiFiUser;
 import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.user.NiFiUserUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -82,7 +82,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
     private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
         String dnChain = null;
         try {
-            final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request);
+            final NiFiAuthortizationRequestToken authenticated = attemptAuthentication(request);
             if (authenticated != null) {
                 dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><"));
 
@@ -118,14 +118,14 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
 
     /**
      * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication
-     * request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when
+     * request, the implementation should convert it to a NiFiAuthorizationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when
      * the request contains an authentication request but it could not be authenticated.
      *
      * @param request The request
-     * @return The NiFiAuthenticationRequestToken used to later authorized the client
+     * @return The NiFiAutorizationRequestToken used to later authorized the client
      * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate
      */
-    public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request);
+    public abstract NiFiAuthortizationRequestToken attemptAuthentication(HttpServletRequest request);
 
     protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
         if (log.isDebugEnabled()) {

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java

@@ -16,9 +16,9 @@
  */
 package org.apache.nifi.web.security;
 
-import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NewAccountAuthenticationToken;
+import org.apache.nifi.web.security.token.NewAccountAuthorizationToken;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
@@ -32,29 +32,29 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
  */
 public class NiFiAuthenticationProvider implements AuthenticationProvider {
 
-    private final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService;
+    private final AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService;
 
-    public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) {
+    public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        final NiFiAuthenticationRequestToken request = (NiFiAuthenticationRequestToken) authentication;
+        final NiFiAuthortizationRequestToken request = (NiFiAuthortizationRequestToken) authentication;
 
         try {
             // defer to the nifi user details service to authorize the user
             final UserDetails userDetails = userDetailsService.loadUserDetails(request);
 
-            // build an authentication for accesing nifi
+            // build a token for accesing nifi
             final NiFiAuthorizationToken result = new NiFiAuthorizationToken(userDetails);
             result.setDetails(request.getDetails());
             return result;
         } catch (final UsernameNotFoundException unfe) {
-            // if the authentication request is for a new account and it could not be authorized because the user was not found,
+            // if the authorization request is for a new account and it could not be authorized because the user was not found,
-            // return the token so the new account could be created. this must go here toe nsure that any proxies have been authorized
+            // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized
             if (isNewAccountAuthenticationToken(request)) {
-                return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest());
+                return new NewAccountAuthorizationToken(((NewAccountAuthorizationRequestToken) authentication).getNewAccountRequest());
             } else {
                 throw unfe;
             }
@@ -62,12 +62,12 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider {
     }
 
     private boolean isNewAccountAuthenticationToken(final Authentication authentication) {
-        return NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass());
+        return NewAccountAuthorizationRequestToken.class.isAssignableFrom(authentication.getClass());
     }
 
     @Override
     public boolean supports(Class<?> authentication) {
-        return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication);
+        return NiFiAuthortizationRequestToken.class.isAssignableFrom(authentication);
     }
 
 }

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java

@@ -30,7 +30,7 @@ import org.apache.nifi.user.NiFiUser;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.security.UntrustedProxyException;
 import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.dao.DataAccessException;
@@ -44,7 +44,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 /**
  * UserDetailsService that will verify user identity and grant user authorities.
  */
-public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> {
+public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthortizationRequestToken> {
 
     private static final Logger logger = LoggerFactory.getLogger(NiFiAuthorizationService.class);
 
@@ -63,7 +63,7 @@ public class NiFiAuthorizationService implements AuthenticationUserDetailsServic
      * @throws org.springframework.dao.DataAccessException ex
      */
     @Override
-    public synchronized UserDetails loadUserDetails(NiFiAuthenticationRequestToken request) throws UsernameNotFoundException, DataAccessException {
+    public synchronized UserDetails loadUserDetails(NiFiAuthortizationRequestToken request) throws UsernameNotFoundException, DataAccessException {
         NiFiUserDetails userDetails = null;
         final List<String> chain = new ArrayList<>(request.getChain());
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java

@@ -19,8 +19,8 @@ package org.apache.nifi.web.security.jwt;
 import io.jsonwebtoken.JwtException;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.web.security.NiFiAuthenticationFilter;
-import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.user.NewAccountRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -40,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
     private JwtService jwtService;
 
     @Override
-    public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) {
+    public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) {
         // only suppport jwt login when running securely
         if (!request.isSecure()) {
             return null;
@@ -66,9 +66,9 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
                 final String jwtPrincipal = jwtService.getAuthenticationFromToken(token);
 
                 if (isNewAccountRequest(request)) {
-                    return new NewAccountAuthenticationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request)));
+                    return new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request)));
                 } else {
-                    return new NiFiAuthenticationRequestToken(Arrays.asList(jwtPrincipal));
+                    return new NiFiAuthortizationRequestToken(Arrays.asList(jwtPrincipal));
                 }
             } catch (JwtException e) {
                 throw new InvalidAuthenticationException(e.getMessage(), e);

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java

@@ -19,13 +19,13 @@ package org.apache.nifi.web.security.token;
 import org.apache.nifi.web.security.user.NewAccountRequest;
 
 /**
- * This is an Authentication Token for a user that is requesting authentication in order to submit a new account request.
+ * An authentication token that is used as an authorization request when submitting a new account.
  */
-public class NewAccountAuthenticationRequestToken extends NiFiAuthenticationRequestToken {
+public class NewAccountAuthorizationRequestToken extends NiFiAuthortizationRequestToken {
 
     final NewAccountRequest newAccountRequest;
 
-    public NewAccountAuthenticationRequestToken(final NewAccountRequest newAccountRequest) {
+    public NewAccountAuthorizationRequestToken(final NewAccountRequest newAccountRequest) {
         super(newAccountRequest.getChain());
         this.newAccountRequest = newAccountRequest;
     }

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java

@@ -23,11 +23,11 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
  * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a
  * NiFi account. Requesting any other endpoint would be rejected due to lack of roles.
  */
-public class NewAccountAuthenticationToken extends AbstractAuthenticationToken {
+public class NewAccountAuthorizationToken extends AbstractAuthenticationToken {
 
     final NewAccountRequest newAccountRequest;
 
-    public NewAccountAuthenticationToken(final NewAccountRequest newAccountRequest) {
+    public NewAccountAuthorizationToken(final NewAccountRequest newAccountRequest) {
         super(null);
         super.setAuthenticated(true);
         this.newAccountRequest = newAccountRequest;

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthortizationRequestToken.java

@@ -21,14 +21,14 @@ import java.util.List;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 
 /**
- * An authentication token that is used as an authentication request. The request chain is specified during creation and is used authenticate the user(s). If the user is authenticated, the token is
+ * An authentication token that is used as an authorization request. The request has already been authenticated and is now going to be authorized.
- * used to authorized the user(s).
+ * The request chain is specified during creation and is used authorize the user(s).
  */
-public class NiFiAuthenticationRequestToken extends AbstractAuthenticationToken {
+public class NiFiAuthortizationRequestToken extends AbstractAuthenticationToken {
 
     private final List<String> chain;
 
-    public NiFiAuthenticationRequestToken(final List<String> chain) {
+    public NiFiAuthortizationRequestToken(final List<String> chain) {
         super(null);
         this.chain = chain;
     }

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java

@@ -23,8 +23,8 @@ import org.apache.nifi.authentication.AuthenticationResponse;
 import org.apache.nifi.web.security.InvalidAuthenticationException;
 import org.apache.nifi.web.security.NiFiAuthenticationFilter;
 import org.apache.nifi.web.security.ProxiedEntitiesUtils;
-import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.user.NewAccountRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -40,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
     private X509IdentityProvider certificateIdentityProvider;
 
     @Override
-    public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) {
+    public NiFiAuthortizationRequestToken attemptAuthentication(final HttpServletRequest request) {
         // only suppport x509 login when running securely
         if (!request.isSecure()) {
             return null;
@@ -62,9 +62,9 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
 
         final List<String> proxyChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(request, authenticationResponse.getIdentity());
         if (isNewAccountRequest(request)) {
-            return new NewAccountAuthenticationRequestToken(new NewAccountRequest(proxyChain, getJustification(request)));
+            return new NewAccountAuthorizationRequestToken(new NewAccountRequest(proxyChain, getJustification(request)));
         } else {
-            return new NiFiAuthenticationRequestToken(proxyChain);
+            return new NiFiAuthortizationRequestToken(proxyChain);
         }
     }
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java

@@ -26,7 +26,7 @@ import org.apache.nifi.authorization.Authority;
 import org.apache.nifi.user.NiFiUser;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.security.UntrustedProxyException;
-import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken;
+import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
 import org.apache.nifi.web.security.user.NiFiUserDetails;
 import org.junit.Assert;
 import org.junit.Before;
@@ -104,8 +104,8 @@ public class NiFiAuthorizationServiceTest {
         authorizationService.setUserService(userService);
     }
 
-    private NiFiAuthenticationRequestToken createRequestAuthentication(final String... identities) {
+    private NiFiAuthortizationRequestToken createRequestAuthentication(final String... identities) {
-        return new NiFiAuthenticationRequestToken(Arrays.asList(identities));
+        return new NiFiAuthortizationRequestToken(Arrays.asList(identities));
     }
 
     /**