Package org.apache.nifi.web.security.knox

Class KnoxService

java.lang.Object
org.apache.nifi.web.security.knox.KnoxService
public class KnoxService extends Object
KnoxService is a service for managing the Apache Knox SSO.

  • Field Details

    • logger

      private static final org.slf4j.Logger logger

    • configuration

      private KnoxConfiguration configuration

    • verifier

      private com.nimbusds.jose.JWSVerifier verifier

    • knoxUrl

      private String knoxUrl

    • audiences

      private Set<String> audiences

  • Constructor Details

    • KnoxService

      public KnoxService(KnoxConfiguration configuration)
      Creates a new KnoxService.
      Parameters:
      configuration - knox configuration

  • Method Details

    • isKnoxEnabled

      public boolean isKnoxEnabled()
      Returns whether Knox support is enabled.
      Returns:
      whether Knox support is enabled

    • getKnoxUrl

      public String getKnoxUrl()
      Returns the Knox Url.
      Returns:
      knox url

    • getAuthenticationFromToken

      public String getAuthenticationFromToken(String jwt) throws ParseException, com.nimbusds.jose.JOSEException
      Extracts the authentication from the token and verify it.
      Parameters:
      jwt - signed jwt string
      Returns:
      the user authentication
      Throws:
      ParseException - if the payload of the jwt doesn't represent a valid json object and a jwt claims set
      com.nimbusds.jose.JOSEException - if the JWS object couldn't be verified

    • validateToken

      private boolean validateToken(com.nimbusds.jwt.SignedJWT jwtToken) throws com.nimbusds.jose.JOSEException, ParseException
      Validate the specified jwt.
      Parameters:
      jwtToken - knox jwt
      Returns:
      whether this jwt is valid
      Throws:
      com.nimbusds.jose.JOSEException - if the jws object couldn't be verified
      ParseException - if the payload of the jwt doesn't represent a valid json object and a jwt claims set

    • validateSignature

      private boolean validateSignature(com.nimbusds.jwt.SignedJWT jwtToken) throws com.nimbusds.jose.JOSEException
      Validate the jwt signature.
      Parameters:
      jwtToken - knox jwt
      Returns:
      whether this jwt signature is valid
      Throws:
      com.nimbusds.jose.JOSEException - if the jws object couldn't be verified

    • validateAudience

      private boolean validateAudience(com.nimbusds.jwt.SignedJWT jwtToken) throws ParseException
      Validate the jwt audience.
      Parameters:
      jwtToken - knox jwt
      Returns:
      whether this jwt audience is valid
      Throws:
      ParseException - if the payload of the jwt doesn't represent a valid json object and a jwt claims set

    • validateExpiration

      private boolean validateExpiration(com.nimbusds.jwt.SignedJWT jwtToken) throws ParseException
      Validate the jwt expiration.
      Parameters:
      jwtToken - knox jwt
      Returns:
      whether this jwt is not expired
      Throws:
      ParseException - if the payload of the jwt doesn't represent a valid json object and a jwt claims set