You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/09 15:21:08 UTC
nifi git commit: NIFI-655: - Adding a few new exceptions for the
login identity provider.
Repository: nifi
Updated Branches:
refs/heads/NIFI-655 018c0864e -> 3cf3addd8
NIFI-655:
- Adding a few new exceptions for the login identity provider.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/3cf3addd
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/3cf3addd
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/3cf3addd
Branch: refs/heads/NIFI-655
Commit: 3cf3addd85e3734e089d5d41df8075a7a5b5b9f7
Parents: 018c086
Author: Matt Gilman <ma...@gmail.com>
Authored: Mon Nov 9 09:20:49 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Mon Nov 9 09:20:49 2015 -0500
----------------------------------------------------------------------
.../authentication/LoginIdentityProvider.java | 5 +-
.../exception/IdentityAccessException.java | 33 +++++++++
.../IdentityRegistrationException.java | 33 +++++++++
.../nifi/authorized/users/AuthorizedUsers.java | 73 ++++++++++++++++++--
.../form/LoginAuthenticationFilter.java | 16 +++--
.../web/security/form/RegistrationFilter.java | 3 +
6 files changed, 151 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
index 15a20a8..290b694 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.authentication;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authorization.exception.ProviderDestructionException;
@@ -37,7 +38,7 @@ public interface LoginIdentityProvider {
*
* @param credentials the login credentials
*/
- void register(LoginCredentials credentials) throws IdentityAlreadyExistsException;
+ void register(LoginCredentials credentials) throws IdentityAlreadyExistsException, IdentityAccessException;
/**
* Authenticates the specified login credentials.
@@ -45,7 +46,7 @@ public interface LoginIdentityProvider {
* @param credentials the credentials
* @return whether the user was authenticated
*/
- boolean authenticate(LoginCredentials credentials);
+ boolean authenticate(LoginCredentials credentials) throws IdentityAccessException;
/**
* Called immediately after instance creation for implementers to perform additional setup
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityAccessException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityAccessException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityAccessException.java
new file mode 100644
index 0000000..b68c675
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityAccessException.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the case when the identity could not be confirmed because it was unable
+ * to access the backing store.
+ */
+public class IdentityAccessException extends RuntimeException {
+
+ public IdentityAccessException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public IdentityAccessException(String message) {
+ super(message);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityRegistrationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityRegistrationException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityRegistrationException.java
new file mode 100644
index 0000000..4b80c61
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/IdentityRegistrationException.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the case when the identity could not be registered for some reason.
+ * Like the credentials did not meet the minimum requirements
+ */
+public class IdentityRegistrationException extends RuntimeException {
+
+ public IdentityRegistrationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public IdentityRegistrationException(String message) {
+ super(message);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java
index f19514e..b48f348 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorized-users/src/main/java/org/apache/nifi/authorized/users/AuthorizedUsers.java
@@ -123,6 +123,12 @@ public final class AuthorizedUsers {
return authorizedUsers;
}
+ /**
+ * Gets the user identity.
+ *
+ * @param user The user
+ * @return The user identity
+ */
public String getUserIdentity(final NiFiUser user) {
if (User.class.isAssignableFrom(user.getClass())) {
return ((User) user).getDn();
@@ -131,6 +137,11 @@ public final class AuthorizedUsers {
}
}
+ /**
+ * Gets all users from configured file.
+ *
+ * @return The Users
+ */
public synchronized Users getUsers() {
try {
// ensure the directory exists and it can be created
@@ -152,6 +163,12 @@ public final class AuthorizedUsers {
}
}
+ /**
+ * Determines if a user exists through the specified HasUser.
+ *
+ * @param finder The finder
+ * @return Whether the user exists
+ */
public synchronized boolean hasUser(final HasUser finder) {
// load the users
final Users users = getUsers();
@@ -165,6 +182,13 @@ public final class AuthorizedUsers {
return finder.hasUser(nifiUsers);
}
+ /**
+ * Gets the desired user.
+ *
+ * @param finder The finder
+ * @return The NiFiUser
+ * @throws UnknownIdentityException If the desired user could not be found
+ */
public synchronized NiFiUser getUser(final FindUser finder) {
// load the users
final Users users = getUsers();
@@ -178,6 +202,13 @@ public final class AuthorizedUsers {
return finder.findUser(nifiUsers);
}
+ /**
+ * Gets the desired users.
+ *
+ * @param finder The finder
+ * @return The NiFiUsers
+ * @throws UnknownIdentityException If the users could not be found
+ */
public synchronized List<NiFiUser> getUsers(final FindUsers finder) {
// load the users
final Users users = getUsers();
@@ -191,6 +222,11 @@ public final class AuthorizedUsers {
return finder.findUsers(nifiUsers);
}
+ /**
+ * Creates the user via the specified CreateUser.
+ *
+ * @param creator The creator
+ */
public synchronized void createUser(final CreateUser creator) {
// add the user
final Users users = getUsers();
@@ -207,6 +243,13 @@ public final class AuthorizedUsers {
saveUsers(users);
}
+ /**
+ * Creates or Updates a user identified by the finder. If the user exists, it's updated otherwise it's created.
+ *
+ * @param finder The finder
+ * @param creator The creator
+ * @param updater The updater
+ */
public synchronized void createOrUpdateUser(final FindUser finder, final CreateUser creator, final UpdateUser updater) {
try {
updateUser(finder, updater);
@@ -215,6 +258,12 @@ public final class AuthorizedUsers {
}
}
+ /**
+ * Updates the user identified by the finder.
+ *
+ * @param finder The finder
+ * @param updater The updater
+ */
public synchronized void updateUser(final FindUser finder, final UpdateUser updater) {
// update the user
final Users users = getUsers();
@@ -234,6 +283,12 @@ public final class AuthorizedUsers {
saveUsers(users);
}
+ /**
+ * Updates the users identified by the finder.
+ *
+ * @param finder The finder
+ * @param updater The updater
+ */
public synchronized void updateUsers(final FindUsers finder, final UpdateUsers updater) {
// update the user
final Users users = getUsers();
@@ -252,7 +307,12 @@ public final class AuthorizedUsers {
saveUsers(users);
}
- public synchronized Users removeUser(final FindUser finder) {
+ /**
+ * Removes the user identified by the finder.
+ *
+ * @param finder The finder
+ */
+ public synchronized void removeUser(final FindUser finder) {
// load the users
final Users users = getUsers();
@@ -271,11 +331,14 @@ public final class AuthorizedUsers {
// save the users
saveUsers(users);
-
- return users;
}
- public synchronized Users removeUsers(final FindUsers finder) {
+ /**
+ * Removes the users identified by the finder.
+ *
+ * @param finder The finder
+ */
+ public synchronized void removeUsers(final FindUsers finder) {
// load the users
final Users users = getUsers();
@@ -296,8 +359,6 @@ public final class AuthorizedUsers {
// save the users
saveUsers(users);
-
- return users;
}
private synchronized void saveUsers(final Users users) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java
index dc4cca8..4848801 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.jwt.JwtService;
@@ -38,6 +39,7 @@ import org.apache.nifi.web.security.x509.X509CertificateValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@@ -139,10 +141,14 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
throw new BadCredentialsException("Login not supported.");
}
- if (loginIdentityProvider.authenticate(credentials)) {
- return new LoginAuthenticationToken(credentials);
- } else {
- throw new BadCredentialsException("The supplied username and password are not valid.");
+ try {
+ if (loginIdentityProvider.authenticate(credentials)) {
+ return new LoginAuthenticationToken(credentials);
+ } else {
+ throw new BadCredentialsException("The supplied username and password are not valid.");
+ }
+ } catch (final IdentityAccessException iae) {
+ throw new AuthenticationServiceException(iae.getMessage(), iae);
}
}
}
@@ -196,6 +202,8 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
if (failed instanceof BadCredentialsException || failed instanceof AuthenticationCredentialsNotFoundException) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ } else if (failed instanceof AuthenticationServiceException) {
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} else {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3cf3addd/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java
index 68d7383..ea54127 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java
@@ -29,6 +29,7 @@ import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.web.security.jwt.JwtService;
@@ -79,6 +80,8 @@ public class RegistrationFilter extends AbstractAuthenticationProcessingFilter {
loginIdentityProvider.register(credentials);
} catch (final IdentityAlreadyExistsException iaee) {
// if the identity already exists, try to create the nifi account request
+ } catch (final IdentityAccessException iae) {
+ throw new AuthenticationServiceException(iae.getMessage(), iae);
}
try {