From efa1939fc551f4d02de61718e72e1bc896320350 Mon Sep 17 00:00:00 2001 From: Matt Gilman Date: Mon, 9 Nov 2015 10:52:18 -0500 Subject: [PATCH] NIFI-655: - Updating packages for log in filters. - Handling new registration exceptions. - Code clean up. --- .../apache/nifi/authorized/users/AuthorizedUsers.java | 8 ++++---- .../apache/nifi/web/NiFiWebApiSecurityConfiguration.java | 4 ++-- .../{form => login}/LoginAuthenticationFilter.java | 2 +- .../web/security/{form => login}/RegistrationFilter.java | 9 +++++++-- 4 files changed, 14 insertions(+), 9 deletions(-) rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/{form => login}/LoginAuthenticationFilter.java (99%) rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/{form => login}/RegistrationFilter.java (93%) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java index 98922e76da..abdd48e844 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java @@ -130,7 +130,7 @@ public final class AuthorizedUsers { * @return The user identity */ public String getUserIdentity(final NiFiUser user) { - if (User.class.isAssignableFrom(user.getClass())) { + if (user instanceof User) { return ((User) user).getDn(); } else { return ((LoginUser) user).getUsername(); @@ -233,7 +233,7 @@ public final class AuthorizedUsers { // create the user final NiFiUser newUser = creator.createUser(); - if (User.class.isAssignableFrom(newUser.getClass())) { + if (newUser instanceof User) { users.getUser().add((User) newUser); } else { users.getLoginUser().add((LoginUser) newUser); @@ -323,7 +323,7 @@ public final class AuthorizedUsers { // find the desired user final NiFiUser user = finder.findUser(nifiUsers); - if (User.class.isAssignableFrom(user.getClass())) { + if (user instanceof User) { users.getUser().remove((User) user); } else { users.getLoginUser().remove((LoginUser) user); @@ -350,7 +350,7 @@ public final class AuthorizedUsers { // find the desired user final List usersToRemove = finder.findUsers(nifiUsers); for (final NiFiUser user : usersToRemove) { - if (User.class.isAssignableFrom(user.getClass())) { + if (user instanceof User) { users.getUser().remove((User) user); } else { users.getLoginUser().remove((LoginUser) user); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index bdc6ebc2d4..4fb35014f2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -24,8 +24,8 @@ import org.apache.nifi.web.security.NiFiAuthenticationProvider; import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter; import org.apache.nifi.web.security.NiFiAuthenticationEntryPoint; import org.apache.nifi.web.security.RegistrationStatusFilter; -import org.apache.nifi.web.security.form.LoginAuthenticationFilter; -import org.apache.nifi.web.security.form.RegistrationFilter; +import org.apache.nifi.web.security.login.LoginAuthenticationFilter; +import org.apache.nifi.web.security.login.RegistrationFilter; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/LoginAuthenticationFilter.java similarity index 99% rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/LoginAuthenticationFilter.java index 4848801cf4..39f2782a02 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/LoginAuthenticationFilter.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.nifi.web.security.form; +package org.apache.nifi.web.security.login; import org.apache.nifi.web.security.token.LoginAuthenticationToken; import java.io.IOException; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/RegistrationFilter.java similarity index 93% rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/RegistrationFilter.java index ea5412769f..8a3f02e281 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/login/RegistrationFilter.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.nifi.web.security.form; +package org.apache.nifi.web.security.login; import java.io.IOException; import java.io.PrintWriter; @@ -30,6 +30,7 @@ import org.apache.nifi.admin.service.UserService; import org.apache.nifi.authentication.LoginCredentials; import org.apache.nifi.authentication.LoginIdentityProvider; import org.apache.nifi.authentication.exception.IdentityAccessException; +import org.apache.nifi.authentication.exception.IdentityRegistrationException; import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException; import org.apache.nifi.util.StringUtils; import org.apache.nifi.web.security.jwt.JwtService; @@ -38,6 +39,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AccountStatusException; import org.springframework.security.authentication.AuthenticationServiceException; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -80,6 +82,9 @@ public class RegistrationFilter extends AbstractAuthenticationProcessingFilter { loginIdentityProvider.register(credentials); } catch (final IdentityAlreadyExistsException iaee) { // if the identity already exists, try to create the nifi account request + } catch (final IdentityRegistrationException ire) { + // the credentials are not acceptable for some reason + throw new BadCredentialsException(ire.getMessage(), ire); } catch (final IdentityAccessException iae) { throw new AuthenticationServiceException(iae.getMessage(), iae); } @@ -133,7 +138,7 @@ public class RegistrationFilter extends AbstractAuthenticationProcessingFilter { out.println(failed.getMessage()); // set the appropriate response status - if (failed instanceof UsernameNotFoundException) { + if (failed instanceof UsernameNotFoundException || failed instanceof BadCredentialsException) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } else if (failed instanceof AccountStatusException) { // account exists (maybe valid, pending, revoked)