List of usage examples for org.springframework.security.authentication AuthenticationServiceException getMessage
public String getMessage()
From source file:org.apache.nifi.web.api.AccessResource.java
/** * Gets the status the client's access./*from w w w . j a v a2s.co m*/ * * @param httpServletRequest the servlet request * @return A accessStatusEntity */ @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("") @ApiOperation(value = "Gets the status the client's access", notes = NON_GUARANTEED_ENDPOINT, response = AccessStatusEntity.class) @ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Unable to determine access status because the client could not be authenticated."), @ApiResponse(code = 403, message = "Unable to determine access status because the client is not authorized to make this request."), @ApiResponse(code = 409, message = "Unable to determine access status because NiFi is not in the appropriate state."), @ApiResponse(code = 500, message = "Unable to determine access status because an unexpected error occurred.") }) public Response getAccessStatus(@Context HttpServletRequest httpServletRequest) { // only consider user specific access over https if (!httpServletRequest.isSecure()) { throw new IllegalStateException( "User authentication/authorization is only supported when running over HTTPS."); } final AccessStatusDTO accessStatus = new AccessStatusDTO(); try { final X509Certificate[] certificates = certificateExtractor .extractClientCertificate(httpServletRequest); // if there is not certificate, consider a token if (certificates == null) { // look for an authorization token final String authorization = httpServletRequest.getHeader(JwtAuthenticationFilter.AUTHORIZATION); // if there is no authorization header, we don't know the user if (authorization == null) { accessStatus.setStatus(AccessStatusDTO.Status.UNKNOWN.name()); accessStatus.setMessage("No credentials supplied, unknown user."); } else { try { // Extract the Base64 encoded token from the Authorization header final String token = StringUtils.substringAfterLast(authorization, " "); final JwtAuthenticationRequestToken jwtRequest = new JwtAuthenticationRequestToken(token, httpServletRequest.getRemoteAddr()); final NiFiAuthenticationToken authenticationResponse = (NiFiAuthenticationToken) jwtAuthenticationProvider .authenticate(jwtRequest); final NiFiUser nifiUser = ((NiFiUserDetails) authenticationResponse.getDetails()) .getNiFiUser(); // set the user identity accessStatus.setIdentity(nifiUser.getIdentity()); // attempt authorize to /flow accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); accessStatus.setMessage("You are already logged in."); } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); } } } else { try { final X509AuthenticationRequestToken x509Request = new X509AuthenticationRequestToken( httpServletRequest.getHeader(ProxiedEntitiesUtils.PROXY_ENTITIES_CHAIN), principalExtractor, certificates, httpServletRequest.getRemoteAddr()); final NiFiAuthenticationToken authenticationResponse = (NiFiAuthenticationToken) x509AuthenticationProvider .authenticate(x509Request); final NiFiUser nifiUser = ((NiFiUserDetails) authenticationResponse.getDetails()).getNiFiUser(); // set the user identity accessStatus.setIdentity(nifiUser.getIdentity()); // attempt authorize to /flow accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); accessStatus.setMessage("You are already logged in."); } catch (final IllegalArgumentException iae) { throw new InvalidAuthenticationException(iae.getMessage(), iae); } } } catch (final UntrustedProxyException upe) { throw new AccessDeniedException(upe.getMessage(), upe); } catch (final AuthenticationServiceException ase) { throw new AdministrationException(ase.getMessage(), ase); } // create the entity final AccessStatusEntity entity = new AccessStatusEntity(); entity.setAccessStatus(accessStatus); return generateOkResponse(entity).build(); }