You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2015/04/22 23:13:31 UTC
[41/49] incubator-nifi git commit: NIFI-271 checkpoint
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java
index 23ef8eb..6ac0fdd 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/StandardOptimisticLockingManager.java
@@ -32,31 +32,31 @@ import org.slf4j.LoggerFactory;
public class StandardOptimisticLockingManager implements OptimisticLockingManager {
private static final Logger logger = LoggerFactory.getLogger(StandardOptimisticLockingManager.class);
-
+
private static final String INVALID_REVISION_ERROR = "Given revision %s does not match current revision %s.";
private static final String SYNC_ERROR = "This NiFi instance has been updated by '%s'. Please refresh to synchronize the view.";
-
+
private Revision currentRevision = new Revision(0L, "");
private String lastModifier = "unknown";
private final Lock lock = new ReentrantLock();
-
+
private void lock() {
lock.lock();
}
-
+
private void unlock() {
lock.unlock();
}
private void checkRevision(final Revision revision) {
final FlowModification lastMod = getLastModification();
-
+
// with lock, verify revision
boolean approved = lastMod.getRevision().equals(revision);
if (!approved) {
logger.debug("Revision check failed because current revision is " + lastMod.getRevision() + " but supplied revision is " + revision);
-
+
if (lastMod.getRevision().getClientId() == null || lastMod.getRevision().getClientId().trim().isEmpty() || lastMod.getRevision().getVersion() == null) {
throw new InvalidRevisionException(String.format(INVALID_REVISION_ERROR, revision, lastMod.getRevision()));
} else {
@@ -64,11 +64,11 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
}
}
}
-
+
private Revision updateRevision(final Revision updatedRevision) {
// record the current modification
setLastModification(new FlowModification(updatedRevision, NiFiUserUtils.getNiFiUserName()));
-
+
// return the revision
return updatedRevision;
}
@@ -98,7 +98,7 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
lock();
try {
final Revision updatedRevision = updateRevision.execute(getLastModification().getRevision());
-
+
// update the revision
if (updatedRevision != null) {
updateRevision(updatedRevision);
@@ -107,7 +107,7 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
unlock();
}
}
-
+
@Override
public FlowModification getLastModification() {
lock();
@@ -119,19 +119,19 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
} else {
revision = ctx.getRevision();
}
-
+
return new FlowModification(revision, lastModifier);
} finally {
unlock();
}
}
-
+
private void setLastModification(final FlowModification lastModification) {
lock();
try {
// record the last modifier
lastModifier = lastModification.getLastModifier();
-
+
// record the updated revision in the cluster context if possible
final ClusterContext ctx = ClusterContextThreadLocal.getContext();
if (ctx != null) {
@@ -143,10 +143,10 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
unlock();
}
}
-
+
private Revision incrementRevision(String clientId) {
final Revision current = getLastModification().getRevision();
-
+
final long incrementedVersion;
if (current.getVersion() == null) {
incrementedVersion = 0;
@@ -155,5 +155,5 @@ public class StandardOptimisticLockingManager implements OptimisticLockingManage
}
return new Revision(incrementedVersion, clientId);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java
index e691bbe..88fcdaa 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/main/java/org/apache/nifi/web/UpdateRevision.java
@@ -23,9 +23,9 @@ public interface UpdateRevision {
/**
* Executes the action that will result in an updated revision
- *
- * @param currentRevision The current revision
- * @return The updated revision
+ *
+ * @param currentRevision The current revision
+ * @return The updated revision
*/
Revision execute(Revision currentRevision);
}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java
index b56f23d..f3bd11e 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/DnUtils.java
@@ -34,10 +34,8 @@ public class DnUtils {
private static final Pattern proxyChainPattern = Pattern.compile("<(.*?)>");
/**
- * Gets the X-ProxiedEntitiesChain from the specified request.
- *
- * @param request
- * @return
+ * @param request http request
+ * @return the X-ProxiedEntitiesChain from the specified request
*/
public static String getXProxiedEntitiesChain(final HttpServletRequest request) {
String xProxiedEntitiesChain = request.getHeader("X-ProxiedEntitiesChain");
@@ -60,8 +58,8 @@ public class DnUtils {
* Formats the specified DN to be set as a HTTP header using well known
* conventions.
*
- * @param dn
- * @return
+ * @param dn raw dn
+ * @return the dn formatted as an HTTP header
*/
public static String formatProxyDn(String dn) {
return "<" + dn + ">";
@@ -70,8 +68,8 @@ public class DnUtils {
/**
* Tokenizes the specified proxy chain.
*
- * @param rawProxyChain
- * @return
+ * @param rawProxyChain raw chain
+ * @return tokenized proxy chain
*/
public static Deque<String> tokenizeProxyChain(String rawProxyChain) {
final Deque<String> dnList = new ArrayDeque<>();
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
index a82787b..295f09c 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
@@ -76,8 +76,8 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
/**
* Only supports anonymous users for non-secure requests or one way ssl.
*
- * @param request
- * @return
+ * @param request request
+ * @return true if allowed
*/
@Override
protected boolean applyAnonymousForThisRequest(HttpServletRequest request) {
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java
index d19219c..cd5f1ac 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authentication/NiFiAuthenticationEntryPoint.java
@@ -38,11 +38,12 @@ public class NiFiAuthenticationEntryPoint implements AuthenticationEntryPoint {
/**
* Always returns a 403 error code to the client.
- * @param request
- * @param response
- * @param ae
- * @throws java.io.IOException
- * @throws javax.servlet.ServletException
+ *
+ * @param request request
+ * @param response response
+ * @param ae ae
+ * @throws java.io.IOException ex
+ * @throws javax.servlet.ServletException ex
*/
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException, ServletException {
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
index dec7c4b..95b4669 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
@@ -51,17 +51,17 @@ public class NiFiAuthorizationService implements UserDetailsService {
private NiFiProperties properties;
/**
- * Loads the user details for the specified dn.
- *
- * Synchronizing because we want each request to be authorized atomically since
- * each may contain any number of DNs. We wanted an access decision made
- * for each individual request as a whole (without other request potentially
- * impacting it).
+ * Loads the user details for the specified dn.
+ *
+ * Synchronizing because we want each request to be authorized atomically
+ * since each may contain any number of DNs. We wanted an access decision
+ * made for each individual request as a whole (without other request
+ * potentially impacting it).
*
- * @param rawProxyChain
- * @return
- * @throws UsernameNotFoundException
- * @throws org.springframework.dao.DataAccessException
+ * @param rawProxyChain proxy chain
+ * @return user details
+ * @throws UsernameNotFoundException ex
+ * @throws org.springframework.dao.DataAccessException ex
*/
@Override
public synchronized UserDetails loadUserByUsername(String rawProxyChain) throws UsernameNotFoundException, DataAccessException {
@@ -75,7 +75,7 @@ public class NiFiAuthorizationService implements UserDetailsService {
}
NiFiUser proxy = null;
-
+
// process each part of the proxy chain
for (final Iterator<String> dnIter = dnList.iterator(); dnIter.hasNext();) {
final String dn = dnIter.next();
@@ -92,12 +92,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
logger.warn(String.format("Proxy '%s' must have '%s' authority. Current authorities: %s", dn, Authority.ROLE_PROXY.toString(), StringUtils.join(user.getAuthorities(), ", ")));
throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
}
-
+
// if we've already encountered a proxy, update the chain
if (proxy != null) {
user.setChain(proxy);
}
-
+
// record this user as the proxy for the next user in the chain
proxy = user;
} catch (UsernameNotFoundException unfe) {
@@ -118,7 +118,8 @@ public class NiFiAuthorizationService implements UserDetailsService {
// attempting to auto create the user account request
final String message = String.format("Account request was already submitted for '%s'", dn);
logger.warn(message);
- throw new AccountStatusException(message) {};
+ throw new AccountStatusException(message) {
+ };
}
} else {
logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
@@ -130,7 +131,7 @@ public class NiFiAuthorizationService implements UserDetailsService {
}
} else {
userDetails = getNiFiUserDetails(dn);
-
+
// if we've already encountered a proxy, update the chain
if (proxy != null) {
final NiFiUser user = userDetails.getNiFiUser();
@@ -145,8 +146,8 @@ public class NiFiAuthorizationService implements UserDetailsService {
/**
* Loads the user details for the specified dn.
*
- * @param dn
- * @return
+ * @param dn user dn
+ * @return user detail
*/
private NiFiUserDetails getNiFiUserDetails(String dn) {
try {
@@ -155,7 +156,8 @@ public class NiFiAuthorizationService implements UserDetailsService {
} catch (AdministrationException ase) {
throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
} catch (AccountDisabledException | AccountPendingException e) {
- throw new AccountStatusException(e.getMessage(), e) {};
+ throw new AccountStatusException(e.getMessage(), e) {
+ };
} catch (AccountNotFoundException anfe) {
throw new UsernameNotFoundException(anfe.getMessage());
}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
index d9e8f80..c69b1e6 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
@@ -36,7 +36,7 @@ public class NiFiUserDetails implements UserDetails {
/**
* Creates a new NiFiUserDetails.
*
- * @param user
+ * @param user user
*/
public NiFiUserDetails(NiFiUser user) {
this.user = user;
@@ -45,7 +45,7 @@ public class NiFiUserDetails implements UserDetails {
/**
* Get the user for this UserDetails.
*
- * @return
+ * @return user
*/
public NiFiUser getNiFiUser() {
return user;
@@ -54,7 +54,7 @@ public class NiFiUserDetails implements UserDetails {
/**
* Returns the authorities that this NiFi user has.
*
- * @return
+ * @return authorities
*/
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
@@ -66,21 +66,11 @@ public class NiFiUserDetails implements UserDetails {
return grantedAuthorities;
}
- /**
- * Not used.
- *
- * @return
- */
@Override
public String getPassword() {
return StringUtils.EMPTY;
}
- /**
- * Gets the user name.
- *
- * @return
- */
@Override
public String getUsername() {
return user.getDn();
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
index acf37dc..a1b6717 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
@@ -35,7 +35,7 @@ public final class NiFiUserUtils {
/**
* Return the authorities for the current user.
*
- * @return
+ * @return authorities
*/
public static Set<String> getAuthorities() {
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
@@ -62,7 +62,7 @@ public final class NiFiUserUtils {
* Returns the current NiFiUser or null if the current user is not a
* NiFiUser.
*
- * @return
+ * @return user
*/
public static NiFiUser getNiFiUser() {
NiFiUser user = null;
@@ -79,7 +79,7 @@ public final class NiFiUserUtils {
return user;
}
-
+
public static String getNiFiUserName() {
// get the nifi user to extract the username
NiFiUser user = NiFiUserUtils.getNiFiUser();
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java
index f290e1f..48a12de 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/SubjectDnX509PrincipalExtractor.java
@@ -24,12 +24,6 @@ import org.springframework.security.web.authentication.preauth.x509.X509Principa
*/
public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
- /**
- * Extracts the principal from the specified client certificate.
- *
- * @param cert
- * @return
- */
@Override
public Object extractPrincipal(X509Certificate cert) {
return cert.getSubjectDN().getName().trim();
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
index 3de4b75..72baecb 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
@@ -58,16 +58,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
private NiFiProperties properties;
private UserService userService;
- /**
- * Override doFilter in order to properly handle when users could not be
- * authenticated.
- *
- * @param request
- * @param response
- * @param chain
- * @throws IOException
- * @throws ServletException
- */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
final HttpServletResponse httpResponse = (HttpServletResponse) response;
@@ -194,13 +184,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
return certificateExtractor.extractClientCertificate(request);
}
- /**
- * Sets the response headers for successful proxied requests.
- *
- * @param request
- * @param response
- * @param authResult
- */
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
if (StringUtils.isNotBlank(request.getHeader(PROXY_ENTITIES_CHAIN))) {
@@ -209,13 +192,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
super.successfulAuthentication(request, response, authResult);
}
- /**
- * Sets the response headers for unsuccessful proxied requests.
- *
- * @param request
- * @param response
- * @param failed
- */
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
if (StringUtils.isNotBlank(request.getHeader(PROXY_ENTITIES_CHAIN))) {
@@ -228,8 +204,8 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
* Determines if the specified request is attempting to register a new user
* account.
*
- * @param request
- * @return
+ * @param request http request
+ * @return true if new user
*/
private boolean isNewAccountRequest(HttpServletRequest request) {
if ("POST".equalsIgnoreCase(request.getMethod())) {
@@ -246,10 +222,10 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
/**
* Handles requests that were unable to be authorized.
*
- * @param request
- * @param response
- * @param ae
- * @throws IOException
+ * @param request request
+ * @param response response
+ * @param ae ex
+ * @throws IOException ex
*/
private void handleUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException {
// set the response status
@@ -292,14 +268,6 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
}
}
- /**
- * Handles requests that failed because of a user service error.
- *
- * @param request
- * @param response
- * @param e
- * @throws IOException
- */
private void handleUserServiceError(HttpServletRequest request, HttpServletResponse response, int responseCode, String message) throws IOException {
// set the response status
response.setContentType("text/plain");
@@ -316,9 +284,9 @@ public class X509AuthenticationFilter extends AbstractPreAuthenticatedProcessing
/**
* Handles requests that failed because they were bad input.
*
- * @param request
- * @param response
- * @throws IOException
+ * @param request request
+ * @param response response
+ * @throws IOException ioe
*/
private void handleMissingCertificate(HttpServletRequest request, HttpServletResponse response) throws IOException {
// set the response status
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java
index 546d7be..b40d5a5 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509CertificateExtractor.java
@@ -32,8 +32,8 @@ public class X509CertificateExtractor {
* Extract the client certificate from the specified HttpServletRequest or
* null if none is specified.
*
- * @param request
- * @return
+ * @param request http request
+ * @return cert
*/
public X509Certificate extractClientCertificate(HttpServletRequest request) {
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index 8d2c318..81e4bd6 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -63,9 +63,6 @@ import org.bouncycastle.ocsp.SingleResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-/**
- *
- */
public class OcspCertificateValidator {
private static final Logger logger = LoggerFactory.getLogger(OcspCertificateValidator.class);
@@ -141,8 +138,8 @@ public class OcspCertificateValidator {
/**
* Loads the ocsp certificate if specified. Null otherwise.
*
- * @param properties
- * @return
+ * @param properties nifi properties
+ * @return certificate
*/
private X509Certificate getOcspCertificate(final NiFiProperties properties) {
X509Certificate validationAuthorityCertificate = null;
@@ -164,8 +161,8 @@ public class OcspCertificateValidator {
* Loads the trusted certificate authorities according to the specified
* properties.
*
- * @param properties
- * @return
+ * @param properties properties
+ * @return map of certificate authorities
*/
private Map<String, X509Certificate> getTrustedCAs(final NiFiProperties properties) {
final Map<String, X509Certificate> certificateAuthorities = new HashMap<>();
@@ -211,8 +208,8 @@ public class OcspCertificateValidator {
/**
* Validates the specified certificate using OCSP if configured.
*
- * @param request
- * @throws CertificateStatusException
+ * @param request http request
+ * @throws CertificateStatusException ex
*/
public void validate(final HttpServletRequest request) throws CertificateStatusException {
final X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
@@ -235,7 +232,8 @@ public class OcspCertificateValidator {
// we only disallow when we have a verified response that states the certificate is revoked
if (VerificationStatus.Verified.equals(ocspStatus.getVerificationStatus()) && ValidationStatus.Revoked.equals(ocspStatus.getValidationStatus())) {
- throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.", subjectCertificate.getSubjectX500Principal().getName()));
+ throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.",
+ subjectCertificate.getSubjectX500Principal().getName()));
}
} catch (final UncheckedExecutionException uee) {
logger.warn(String.format("Unable to validate client certificate via OCSP: <%s>", subjectCertificate.getSubjectX500Principal().getName()), uee.getCause());
@@ -246,8 +244,8 @@ public class OcspCertificateValidator {
/**
* Gets the subject certificate.
*
- * @param certificates
- * @return
+ * @param certificates certs
+ * @return subject cert
*/
private X509Certificate getSubjectCertificate(final X509Certificate[] certificates) {
return certificates[0];
@@ -256,8 +254,8 @@ public class OcspCertificateValidator {
/**
* Gets the issuer certificate.
*
- * @param certificates
- * @return
+ * @param certificates certs
+ * @return issuer cert
*/
private X509Certificate getIssuerCertificate(final X509Certificate[] certificates) {
if (certificates.length > 1) {
@@ -274,9 +272,8 @@ public class OcspCertificateValidator {
/**
* Gets the OCSP status for the specified subject and issuer certificates.
*
- * @param subjectCertificate
- * @param issuerCertificate
- * @return
+ * @param ocspStatusKey status key
+ * @return ocsp status
*/
private OcspStatus getOcspStatus(final OcspRequest ocspStatusKey) {
final X509Certificate subjectCertificate = ocspStatusKey.getSubjectCertificate();
@@ -406,9 +403,9 @@ public class OcspCertificateValidator {
* that issued the subject certificate. Other various checks may be required
* (this portion is currently not implemented).
*
- * @param responderCertificate
- * @param issuerCertificate
- * @return
+ * @param responderCertificate cert
+ * @param issuerCertificate cert
+ * @return cert
*/
private X509Certificate getTrustedResponderCertificate(final X509Certificate responderCertificate, final X509Certificate issuerCertificate) {
// look for the responder's certificate specifically
@@ -425,13 +422,13 @@ public class OcspCertificateValidator {
// if (keyUsage == null || !keyUsage.contains(KP_OCSP_SIGNING_OID)) {
// return null;
// }
-//
+//
// // ensure the certificate is valid
// responderCertificate.checkValidity();
-//
+//
// // verify the signature
// responderCertificate.verify(issuerCertificate.getPublicKey());
-//
+//
// return responderCertificate;
// } catch (final CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) {
// return null;
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/9dda16c9/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
index 057a854..6d0c3cb 100644
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
@@ -37,12 +37,11 @@ import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
/**
* Test case for NiFiAuthorizationService.
*/
public class NiFiAuthorizationServiceTest {
-
+
private static final String USER = "user";
private static final String PROXY = "proxy";
private static final String PROXY_PROXY = "proxy-proxy";
@@ -51,16 +50,16 @@ public class NiFiAuthorizationServiceTest {
private static final String USER_PENDING = "user-pending";
private static final String USER_ADMIN_EXCEPTION = "user-admin-exception";
private static final String PROXY_NOT_FOUND = "proxy-not-found";
-
+
private NiFiAuthorizationService authorizationService;
private UserService userService;
-
+
@Before
public void setup() throws Exception {
// mock the web security properties
final NiFiProperties properties = Mockito.mock(NiFiProperties.class);
Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE);
-
+
userService = Mockito.mock(UserService.class);
Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString());
Mockito.doAnswer(new Answer() {
@@ -68,7 +67,7 @@ public class NiFiAuthorizationServiceTest {
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
String dn = (String) args[0];
-
+
if (null != dn) {
switch (dn) {
case USER_NOT_FOUND:
@@ -93,97 +92,99 @@ public class NiFiAuthorizationServiceTest {
return proxy;
}
}
-
+
return null;
}
}).when(userService).checkAuthorization(Mockito.anyString());
-
+
// create the authorization service
authorizationService = new NiFiAuthorizationService();
authorizationService.setProperties(properties);
authorizationService.setUserService(userService);
}
-
+
/**
- * Ensures the authorization service correctly handles users invalid dn chain.
+ * Ensures the authorization service correctly handles users invalid dn
+ * chain.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = UntrustedProxyException.class)
public void testInvalidDnChain() throws Exception {
authorizationService.loadUserByUsername(USER);
}
-
+
/**
* Ensures the authorization service correctly handles account not found.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = UsernameNotFoundException.class)
public void testAccountNotFound() throws Exception {
authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_NOT_FOUND));
}
-
+
/**
* Ensures the authorization service correctly handles account disabled.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = AccountStatusException.class)
public void testAccountDisabled() throws Exception {
authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_DISABLED));
}
-
+
/**
* Ensures the authorization service correctly handles account pending.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = AccountStatusException.class)
public void testAccountPending() throws Exception {
authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_PENDING));
}
-
+
/**
- * Ensures the authorization service correctly handles account administration exception.
+ * Ensures the authorization service correctly handles account
+ * administration exception.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = AuthenticationServiceException.class)
public void testAccountAdminException() throws Exception {
authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER_ADMIN_EXCEPTION));
}
-
+
/**
* Tests the case when there is no proxy.
- *
- * @throws Exception
+ *
+ * @throws Exception ex
*/
@Test
public void testNoProxy() throws Exception {
final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(DnUtils.formatProxyDn(USER));
final NiFiUser user = details.getNiFiUser();
-
+
Assert.assertEquals(USER, user.getDn());
Assert.assertNull(user.getChain());
}
-
+
/**
* Tests the case when the proxy does not have ROLE_PROXY.
- *
- * @throws Exception
+ *
+ * @throws Exception ex
*/
@Test(expected = UntrustedProxyException.class)
public void testInvalidProxy() throws Exception {
final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(USER);
authorizationService.loadUserByUsername(dnChain);
}
-
+
/**
- * Ensures the authorization service correctly handles proxy not found by attempting
- * to create an account request for the proxy.
+ * Ensures the authorization service correctly handles proxy not found by
+ * attempting to create an account request for the proxy.
*
- * @throws Exception
+ * @throws Exception ex
*/
@Test(expected = UsernameNotFoundException.class)
public void testProxyNotFound() throws Exception {
@@ -194,55 +195,55 @@ public class NiFiAuthorizationServiceTest {
Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString());
}
}
-
+
/**
* Tests the case when there is a proxy.
- *
- * @throws Exception
+ *
+ * @throws Exception ex
*/
@Test
public void testProxy() throws Exception {
final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY);
final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain);
final NiFiUser user = details.getNiFiUser();
-
+
// verify the user
Assert.assertEquals(USER, user.getDn());
Assert.assertNotNull(user.getChain());
-
+
// get the proxy
final NiFiUser proxy = user.getChain();
-
+
// verify the proxy
Assert.assertEquals(PROXY, proxy.getDn());
Assert.assertNull(proxy.getChain());
}
-
+
/**
* Tests the case when there is are multiple proxies.
- *
- * @throws Exception
+ *
+ * @throws Exception ex
*/
@Test
public void testProxyProxy() throws Exception {
final String dnChain = DnUtils.formatProxyDn(USER) + DnUtils.formatProxyDn(PROXY) + DnUtils.formatProxyDn(PROXY_PROXY);
final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserByUsername(dnChain);
final NiFiUser user = details.getNiFiUser();
-
+
// verify the user
Assert.assertEquals(USER, user.getDn());
Assert.assertNotNull(user.getChain());
-
+
// get the proxy
NiFiUser proxy = user.getChain();
-
+
// verify the proxy
Assert.assertEquals(PROXY, proxy.getDn());
Assert.assertNotNull(proxy.getChain());
-
+
// get the proxies proxy
proxy = proxy.getChain();
-
+
// verify the proxies proxy
Assert.assertEquals(PROXY_PROXY, proxy.getDn());
Assert.assertNull(proxy.getChain());