subject:"\[GitHub\] nifi pull request\: NIFI\-1614 File Identity Provider implementation"

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-03 Thread alopresto

Github user alopresto commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-216661583
  
I'm away from my keyboard right now but I have always used the 
`maven:shade` plugin.

Andy LoPresto
alopre...@hortonworks.com
Sr. Member of Technical Staff
410.292.6331
PGP Fingerprint: 9B51 8C0D A489 0D3C 2F5B  0F2B 125A 4E68 51BF 2B79

On May 3, 2016, at 12:48, James Wing 
> wrote:


I added a new CLI utility that just hashes passwords using Bcrypt. For the 
moment, I left the rest of the code alone. I'm still struggling with how to 
best package and distribute any command-line utility. There are currently a 
couple of undesirable steps to running this:

  1.  Build a standalone jar of nifi-file-identity-provider using mvn 
compile assembly:single
  2.  Run the standalone jar like java -jar 
nifi-file-identity-provider-1.0.0-SNAPSHOT-jar-with-dependencies.jar

I do not know how to run the class from within the NAR file. It seems like 
we would need to get the module to compile to JAR, get the JAR in the lib 
folder, and then make a shell script to wrap the nice java syntax. Any ideas on 
that?

-
You are receiving this because you were mentioned.
Reply to this email directly or view it on 
GitHub



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread jvwing

Github user jvwing commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-216431685
  
What would you recommend for this pull request?  No utility?  A simpler 
hashing utility?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r61836807
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/CredentialsStore.java
 ---
@@ -0,0 +1,229 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.InvalidObjectException;
+import java.util.List;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.file.generated.ObjectFactory;
--- End diff --

They are used to serialize and deserialize the XML credentials file.  What 
kind of issues are you experiencing?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread alopresto

Github user alopresto commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-216417900
  
I think my earlier comments may have been unclear or ambiguous. I do not 
believe we need a full command-line interface for modifying the configuration 
file, as hand-editing the files is the existing norm. I simply meant that the 
process of protecting a raw password with bcrypt is not an "in-head" operation 
for most instance admins, so we should provide a utility to perform that 
operation. 

While I very much respect the effort that went into the supporting 
infrastructure, I think it is overkill and not consistent with the global 
approach. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r61832014
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/CredentialsStore.java
 ---
@@ -0,0 +1,229 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.InvalidObjectException;
+import java.util.List;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.file.generated.ObjectFactory;
--- End diff --

I'm getting a number of issues building the project with these generated 
classes. Why do they need to be generated?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r61821120
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/CredentialsCLI.java
 ---
@@ -0,0 +1,207 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.ArrayList;
+
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+
+
+/**
+ * Command-line interface for working with a {@link CredentialsStore}
+ * persisted as an XML file.
+ *
+ * Usage:
+ * 
+ *   list credentials.xml
+ *   add credentials.xml admin password
--- End diff --

Thanks, I'll try that method.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r61817392
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/CredentialsCLI.java
 ---
@@ -0,0 +1,207 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.ArrayList;
+
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+
+
+/**
+ * Command-line interface for working with a {@link CredentialsStore}
+ * persisted as an XML file.
+ *
+ * Usage:
+ * 
+ *   list credentials.xml
+ *   add credentials.xml admin password
--- End diff --

Accepting the raw password on the command line will mean that it is 
persisted in the terminal history and available to any other processes running. 
It is more secure to use 
[Console#readPassword()](https://docs.oracle.com/javase/7/docs/api/java/io/Console.html#readPassword%28%29)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-05-02 Thread jvwing

Github user jvwing commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-216353947
  
I rebased the commits on the master branch to resolve conflicts and use the 
updated LoginIdentityProvider interface and Administrator's Guide content.  I 
apologize if it complicates reviewing.  Changes include:

- Improved performance by only reloading the credentials data if the file 
has been modified
- Provided a command-line utility reference implementation
- Added documentation to the Administrator's Guide
- Included a sample login-credentials.xml file to the conf directory


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-04-19 Thread jvwing

Github user jvwing commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-212002570
  
I have been working (slowly) on the suggested improvements for performance 
and a reference CLI for basic admin operations.  I haven't figured out an 
elegant way of packaging a CLI-executable class in a NAR file, but I agree 
there should be some most basic tool available to generate proper hashes, or at 
least demonstrate how to do so.

I will add a sample config file and documentation.  

I do not propose to add any UI features within this ticket/PR.  However, 
I'm curious how you think that might work.  Can plugin NARs can add to the web 
API and UI, or would that imply tighter coupling with the core features?  For 
the moment, I see this as a more peripheral and optional plugin.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-04-18 Thread joewitt

Github user joewitt commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-211716593
  
@jvwing @alopresto Have you had a chance to re-engage on this?  It seems 
like a reasonable easy-path option for folks just wanting to use some 
simple/local username and password based setup.  My responses to the questions 
James posed:

What is required to make this viable?
- This discussion appears on track

Is there a better medium than bcrypt that combines widespread tool support 
with decent encryption.
- Sounds like you and Andy both see it as a good option.

Are we open to including a command-line user admin tool?
- In my opinion we should be consistent that administrative actions occur 
by editing files on the command line in the less optimal case and interacting 
through a designed/intentional UX in the best case.  We should strive to move 
away from config file based options and move fully towards service/REST API 
driven approaches.  These will serve us better in clustered/cloud type 
environments as well.

Are we open to including a sample credentials file? Where would you 
recommend it go?
- Absolutely.  In conf directory like the others of its type.  I think an 
argument could be made to have this username/password driven mode be the 
default.

Are we open to documenting this identity provider on the front-page of the 
Admin Guide alongside X.509 and LDAP? Where else should I do so?
- We must do so.  We should fully embrace this as an option and document 
what it is good for and not good for.  Our current default of having no 
authentication at all is what we should be working to eliminate.  I think this 
offers us a good first step to do that.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-22 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r57017952
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-18 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r56734268
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread alopresto

Github user alopresto commented on the pull request:

https://github.com/apache/nifi/pull/267#issuecomment-195651563
  
@jvwing James, you've obviously put effort and thought into this and I 
didn't mean to deride it. I am working to get the Kerberos authentication 
completed for the release, but I will re-visit this as soon as I finish up with 
that. 

I think historically, user management and authentication has been 
"certificates or bust" from the NiFi point of view, delegating that 
responsibility to tools more focused on that concern. LDAP integration was just 
recently added, and Kerberos is obviously yet to be delivered. 

Off the top of my head, Bcrypt is definitely a strong candidate for the 
password hashing (single-iteration SHA-256 is essentially the same as 
plaintext), the certificate support is fairly well-documented in the [Admin 
Guide](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration),
 keystores are not user-editable flat files and are password-protected by 
default, and there are substantial third-party resources surrounding the 
documentation of "securing a NiFi instance" from various organizations. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55884048
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55872279
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55870940
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55868135
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-11 Thread jvwing

Github user jvwing commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55863700
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
 ---
@@ -89,4 +89,28 @@
 12 hours
 
 To enable the ldap-provider remove 2 lines. This is 2 of 2. -->
+
+
+
--- End diff --

Yes, thanks, it should say 2 of 2.  I will change that.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-10 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55774945
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-10 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55774678
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-10 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55773583
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-10 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55773241
  
--- Diff: 
nifi-nar-bundles/nifi-iaa-providers-bundle/nifi-file-identity-provider/src/main/java/org/apache/nifi/authentication/file/FileIdentityProvider.java
 ---
@@ -0,0 +1,216 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.file;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.ValidationEvent;
+import javax.xml.bind.ValidationEventHandler;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.file.generated.UserCredentials;
+import org.apache.nifi.authentication.file.generated.UserCredentialsList;
+import org.apache.nifi.util.FormatUtils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+/**
+ * Identity provider for simple username/password authentication backed by 
a local credentials file.  The credentials
+ * file contains usernames and password hashes in bcrypt format.  Any 
compatible bcrypt "2a" implementation may be used
+ * to populate the credentials file.
+ * 
+ * The XML format of the credentials file is as follows:
+ * 
+ * {@code
+ * 
+ * 
+ * 
+ * 
+ * 
+ * 
+ * }
+ * 
+ */
+public class FileIdentityProvider implements LoginIdentityProvider {
+
+static final String PROPERTY_CREDENTIALS_FILE = "Credentials File";
+static final String PROPERTY_EXPIRATION_PERIOD = "Authentication 
Expiration";
+
+private static final Logger logger = 
LoggerFactory.getLogger(FileIdentityProvider.class);
+private static final String CREDENTIALS_XSD = "/credentials.xsd";
+private static final String JAXB_GENERATED_PATH = 
"org.apache.nifi.authentication.file.generated";
+private static final JAXBContext JAXB_CONTEXT = 
initializeJaxbContext();
+
+private String issuer;
+private long expirationPeriodMilliseconds;
+private String credentialsFilePath;
+private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+private String identifier;
+
+private static JAXBContext initializeJaxbContext() {
+try {
+return JAXBContext.newInstance(JAXB_GENERATED_PATH,  
FileIdentityProvider.class.getClassLoader());
+} catch (JAXBException e) {
+throw new RuntimeException("Failed creating JAXBContext for " 
+ FileIdentityProvider.class.getCanonicalName());
+}
+}
+
+private static ValidationEventHandler defaultValidationEventHandler = 
new ValidationEventHandler() {
+@Override
+public boolean handleEvent(ValidationEvent event) {
+return false;

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

2016-03-10 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/267#discussion_r55772695
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml
 ---
@@ -89,4 +89,28 @@
 12 hours
 
 To enable the ldap-provider remove 2 lines. This is 2 of 2. -->
+
+
+
--- End diff --

Is this actually line 2 of 2? If not, where is the other line to be removed?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

23 matches

Site Navigation

Mail list logo

Footer information