return new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build())); } else {
return new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build())); } else {
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final OtpAuthenticationRequestToken request = (OtpAuthenticationRequestToken) authentication; try { final String otpPrincipal; if (request.isDownloadToken()) { otpPrincipal = otpService.getAuthenticationFromDownloadToken(request.getToken()); } else { otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken()); } final String mappedIdentity = mapIdentity(otpPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (OtpAuthenticationException e) { throw new InvalidAuthenticationException(e.getMessage(), e); } }
@Override public PortAuthorizationResult checkUserAuthorization(final String dn) { if (!secure) { return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure"); } if (dn == null) { final String message = String.format("%s authorization failed for user %s because the DN is unknown", this, dn); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, "User DN is not known"); } final String identity = IdentityMappingUtil.mapIdentity(dn, identityMappings); final Set<String> groups = UserGroupUtil.getUserGroups(authorizer, identity); return checkUserAuthorization(new Builder().identity(identity).groups(groups).build()); }
/** * Returns a regular user populated with the provided values, or if the user should be anonymous, a well-formed instance of the anonymous user with the provided values. * * @param identity the user's identity * @param chain the proxied entities * @param clientAddress the requesting IP address * @param isAnonymous if true, an anonymous user will be returned (identity will be ignored) * @return the populated user */ protected static NiFiUser createUser(String identity, Set<String> groups, NiFiUser chain, String clientAddress, boolean isAnonymous) { if (isAnonymous) { return StandardNiFiUser.populateAnonymousUser(chain, clientAddress); } else { return new Builder().identity(identity).groups(groups).chain(chain).clientAddress(clientAddress).build(); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication; try { final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken()); final String mappedIdentity = mapIdentity(jwtPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (ParseException | JOSEException e) { logger.info("Unable to validate the access token: " + e.getMessage(), e); throw new InvalidAuthenticationException("Unable to validate the access token.", e); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication; try { final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken()); final String mappedIdentity = mapIdentity(jwtPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final OtpAuthenticationRequestToken request = (OtpAuthenticationRequestToken) authentication; try { final String otpPrincipal; if (request.isDownloadToken()) { otpPrincipal = otpService.getAuthenticationFromDownloadToken(request.getToken()); } else { otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken()); } final String mappedIdentity = mapIdentity(otpPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (OtpAuthenticationException e) { throw new InvalidAuthenticationException(e.getMessage(), e); } }
/** * Returns a regular user populated with the provided values, or if the user should be anonymous, a well-formed instance of the anonymous user with the provided values. * * @param identity the user's identity * @param chain the proxied entities * @param clientAddress the requesting IP address * @param isAnonymous if true, an anonymous user will be returned (identity will be ignored) * @return the populated user */ protected static NiFiUser createUser(String identity, Set<String> groups, NiFiUser chain, String clientAddress, boolean isAnonymous) { if (isAnonymous) { return StandardNiFiUser.populateAnonymousUser(chain, clientAddress); } else { return new Builder().identity(identity).groups(groups).chain(chain).clientAddress(clientAddress).build(); } }
@Override public PortAuthorizationResult checkUserAuthorization(final String dn) { if (!secure) { return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure"); } if (dn == null) { final String message = String.format("%s authorization failed for user %s because the DN is unknown", this, dn); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, "User DN is not known"); } final String identity = IdentityMappingUtil.mapIdentity(dn, identityMappings); final Set<String> groups = UserGroupUtil.getUserGroups(authorizer, identity); return checkUserAuthorization(new Builder().identity(identity).groups(groups).build()); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final KnoxAuthenticationRequestToken request = (KnoxAuthenticationRequestToken) authentication; try { final String jwtPrincipal = knoxService.getAuthenticationFromToken(request.getToken()); final String mappedIdentity = mapIdentity(jwtPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (ParseException | JOSEException e) { logger.info("Unable to validate the access token: " + e.getMessage(), e); throw new InvalidAuthenticationException("Unable to validate the access token.", e); } }
/** * This static builder allows the chain and clientAddress to be populated without allowing calling code to provide a non-anonymous identity of the anonymous user. * * @param chain the proxied entities in {@see NiFiUser} form * @param clientAddress the address the request originated from * @return an anonymous user instance with the identity "anonymous" */ public static StandardNiFiUser populateAnonymousUser(NiFiUser chain, String clientAddress) { return new Builder().identity(ANONYMOUS_IDENTITY).chain(chain).clientAddress(clientAddress).anonymous(true).build(); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication; try { final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken()); final String mappedIdentity = mapIdentity(jwtPrincipal); final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); } }