You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/12 15:10:43 UTC
nifi git commit: NIFI-655: - Allowing the ldap provider to specify if
client authentication is required/desired.
Repository: nifi
Updated Branches:
refs/heads/NIFI-655 cfee612a7 -> b3ae3e314
NIFI-655:
- Allowing the ldap provider to specify if client authentication is required/desired.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/b3ae3e31
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/b3ae3e31
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/b3ae3e31
Branch: refs/heads/NIFI-655
Commit: b3ae3e31497f2d6810c202ca0130f398c2f170ca
Parents: cfee612
Author: Matt Gilman <ma...@gmail.com>
Authored: Thu Nov 12 09:10:29 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Thu Nov 12 09:10:29 2015 -0500
----------------------------------------------------------------------
.../java/org/apache/nifi/ldap/LdapProvider.java | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/b3ae3e31/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index 7d471d5..cccff5d 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -44,6 +44,8 @@ import org.springframework.security.ldap.search.LdapUserSearch;
*/
public class LdapProvider extends AbstractLdapProvider {
+ private static final String TLS = "TLS";
+
@Override
protected AbstractLdapAuthenticationProvider getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
final LdapContextSource context = new LdapContextSource();
@@ -90,17 +92,23 @@ public class LdapProvider extends AbstractLdapProvider {
final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
+ final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
try {
final SSLContext sslContext;
if (StringUtils.isBlank(rawKeystore)) {
- sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, "TLS");
+ sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, TLS);
} else {
if (StringUtils.isBlank(rawTruststore)) {
- sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, "TLS");
+ sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, TLS);
} else {
- sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
- rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, ClientAuth.REQUIRED, "TLS");
+ try {
+ final ClientAuth clientAuth = ClientAuth.valueOf(rawClientAuth);
+ sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
+ rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, TLS);
+ } catch (final IllegalArgumentException iae) {
+ throw new ProviderCreationException(String.format("Unrecgonized client auth '%s'", rawClientAuth));
+ }
}
}
tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory());
@@ -133,7 +141,7 @@ public class LdapProvider extends AbstractLdapProvider {
// query
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
- // bind vs password?
+ // bind
final BindAuthenticator authenticator = new BindAuthenticator(context);
authenticator.setUserSearch(userSearch);