@Override public void destroy() throws Exception { if (loginIdentityProvider != null) { loginIdentityProvider.preDestruction(); } }
@Override public AuthenticationResponse authenticate(LoginCredentials credentials) { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { return baseProvider.authenticate(credentials); } }
@Override public void initialize(LoginIdentityProviderInitializationContext initializationContext) throws ProviderCreationException { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { baseProvider.initialize(initializationContext); } }
@Override public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException { if (provider == null) { throw new IdentityAccessException("The Kerberos authentication provider is not initialized."); } try { // Perform the authentication final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword()); logger.debug("Created authentication token for principal {} with name {} and is authenticated {}", token.getPrincipal(), token.getName(), token.isAuthenticated()); final Authentication authentication = provider.authenticate(token); logger.debug("Ran provider.authenticate() and returned authentication for " + "principal {} with name {} and is authenticated {}", authentication.getPrincipal(), authentication.getName(), authentication.isAuthenticated()); return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer); } catch (final AuthenticationException e) { throw new InvalidLoginCredentialsException(e.getMessage(), e); } }
private void setTimeout(final LoginIdentityProviderConfigurationContext configurationContext, final Map<String, Object> baseEnvironment, final String configurationProperty, final String environmentKey) { final String rawTimeout = configurationContext.getProperty(configurationProperty); if (StringUtils.isNotBlank(rawTimeout)) { try { final Long timeout = FormatUtils.getTimeDuration(rawTimeout, TimeUnit.MILLISECONDS); baseEnvironment.put(environmentKey, timeout.toString()); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format("The %s '%s' is not a valid time duration", configurationProperty, rawTimeout)); } } }
final AuthenticationResponse authenticationResponse = loginIdentityProvider.authenticate(new LoginCredentials(username, password)); long expiration = validateTokenExpiration(authenticationResponse.getExpiration(), authenticationResponse.getIdentity()); loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, authenticationResponse.getIssuer()); } catch (final InvalidLoginCredentialsException ilce) { throw new IllegalArgumentException("The supplied username and password are not valid.", ilce); } catch (final IdentityAccessException iae) { throw new AdministrationException(iae.getMessage(), iae);
@Override public Object getObject() throws Exception { if (loginIdentityProvider == null) { // look up the login identity provider to use final String loginIdentityProviderIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER); // ensure the login identity provider class name was specified if (StringUtils.isNotBlank(loginIdentityProviderIdentifier)) { final LoginIdentityProviders loginIdentityProviderConfiguration = loadLoginIdentityProvidersConfiguration(); // create each login identity provider for (final Provider provider : loginIdentityProviderConfiguration.getProvider()) { loginIdentityProviders.put(provider.getIdentifier(), createLoginIdentityProvider(provider.getIdentifier(), provider.getClazz())); } // configure each login identity provider for (final Provider provider : loginIdentityProviderConfiguration.getProvider()) { final LoginIdentityProvider instance = loginIdentityProviders.get(provider.getIdentifier()); instance.onConfigured(loadLoginIdentityProviderConfiguration(provider)); } // get the login identity provider instance loginIdentityProvider = getLoginIdentityProvider(loginIdentityProviderIdentifier); // ensure it was found if (loginIdentityProvider == null) { throw new Exception(String.format("The specified login identity provider '%s' could not be found.", loginIdentityProviderIdentifier)); } } } return loginIdentityProvider; }
return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS), issuer);
final String mappedIdentity = mapIdentity(authenticationResponse.getIdentity()); return new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build())); } else { proxyChain.add(authenticationResponse.getIdentity());
@Override public void onConfigured(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { baseProvider.onConfigured(configurationContext); } }
@Override public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException { if (provider == null) { throw new IdentityAccessException("The LDAP authentication provider is not initialized."); final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword()); final Authentication authentication = provider.authenticate(token); return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer); } else { logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName())); return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer); return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer); throw new InvalidLoginCredentialsException(e.getMessage(), e); } catch (final Exception e) { throw new InvalidLoginCredentialsException(e.getMessage(), e); logger.debug(StringUtils.EMPTY, e); throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
private SSLContext getConfiguredSslContext(final LoginIdentityProviderConfigurationContext configurationContext) { final String rawKeystore = configurationContext.getProperty("TLS - Keystore"); final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password"); final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type"); final String rawTruststore = configurationContext.getProperty("TLS - Truststore"); final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password"); final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type"); final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth"); final String rawProtocol = configurationContext.getProperty("TLS - Protocol"); throw new ProviderCreationException("TLS - Protocol must be specified."); clientAuth = ClientAuth.valueOf(rawClientAuth); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", "))); throw new ProviderCreationException(e.getMessage(), e);
@Override public AuthenticationResponse authenticate(LoginCredentials credentials) { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { return baseProvider.authenticate(credentials); } }
@Override public void preDestruction() throws ProviderDestructionException { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { baseProvider.preDestruction(); } } };
instance.initialize(new StandardLoginIdentityProviderInitializationContext(identifier, this)); } finally { if (currentClassLoader != null) {
@Override public void onConfigured(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { baseProvider.onConfigured(configurationContext); } }
@Override public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new ProviderCreationException("The Authentication Expiration must be specified."); } try { expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); } provider = new KerberosAuthenticationProvider(); SunJaasKerberosClient client = new SunJaasKerberosClient(); client.setDebug(true); provider.setKerberosClient(client); provider.setUserDetailsService(new KerberosUserDetailsService()); }
@Override public void destroy() throws Exception { if (loginIdentityProvider != null) { loginIdentityProvider.preDestruction(); } }
@Override public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { throw new ProviderCreationException("The Authentication Expiration must be specified."); expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration)); final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy; try { authenticationStrategy = LdapAuthenticationStrategy.valueOf(rawAuthenticationStrategy); } catch (final IllegalArgumentException iae) { throw new ProviderCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", rawAuthenticationStrategy, StringUtils.join(LdapAuthenticationStrategy.values(), ", "))); break; default: final String userDn = configurationContext.getProperty("Manager DN"); final String password = configurationContext.getProperty("Manager Password"); final String rawShutdownGracefully = configurationContext.getProperty("TLS - Shutdown Gracefully"); if (StringUtils.isNotBlank(rawShutdownGracefully)) { final boolean shutdownGracefully = Boolean.TRUE.toString().equalsIgnoreCase(rawShutdownGracefully); final String rawReferralStrategy = configurationContext.getProperty("Referral Strategy"); referralStrategy = ReferralStrategy.valueOf(rawReferralStrategy);
@Override public void preDestruction() throws ProviderDestructionException { try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { baseProvider.preDestruction(); } } };