org.apache.nifi.registry.security.util

Class ProxiedEntitiesUtils

java.lang.Object

org.apache.nifi.registry.security.util.ProxiedEntitiesUtils

public class ProxiedEntitiesUtils
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
private static String	ANONYMOUS_CHAIN
private static String	ESCAPED_GT
private static String	ESCAPED_LT
private static String	GT
private static org.slf4j.Logger	logger
private static String	LT
static String	PROXY_ENTITIES_ACCEPTED
static String	PROXY_ENTITIES_CHAIN
static String	PROXY_ENTITIES_DETAILS

Constructor Summary

Constructors

Constructor and Description
ProxiedEntitiesUtils()

Method Summary

Modifier and Type	Method and Description
static String	formatProxyDn(String dn) Formats the specified DN to be set as a HTTP header using well known conventions.
private static String	sanitizeDn(String rawDn) If a user provides a DN with the sequence '><', they could escape the tokenization process and impersonate another user.
static List<String>	tokenizeProxiedEntitiesChain(String rawProxyChain) Tokenizes the specified proxy chain.
private static String	unsanitizeDn(String sanitizedDn) Reconstitutes the original DN from the sanitized version passed in the proxy chain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

PROXY_ENTITIES_CHAIN

public static final String PROXY_ENTITIES_CHAIN

See Also:

Constant Field Values

PROXY_ENTITIES_ACCEPTED

public static final String PROXY_ENTITIES_ACCEPTED

See Also:

Constant Field Values

PROXY_ENTITIES_DETAILS

public static final String PROXY_ENTITIES_DETAILS

See Also:

Constant Field Values

GT

private static final String GT

See Also:

Constant Field Values

ESCAPED_GT

private static final String ESCAPED_GT

See Also:

Constant Field Values

LT

private static final String LT

See Also:

Constant Field Values

ESCAPED_LT

private static final String ESCAPED_LT

See Also:

Constant Field Values

ANONYMOUS_CHAIN

private static final String ANONYMOUS_CHAIN

See Also:

Constant Field Values

Constructor Detail

ProxiedEntitiesUtils

public ProxiedEntitiesUtils()

Method Detail

formatProxyDn

public static String formatProxyDn(String dn)

Formats the specified DN to be set as a HTTP header using well known conventions.

Parameters:

dn - raw dn

Returns:

the dn formatted as an HTTP header

sanitizeDn

private static String sanitizeDn(String rawDn)

If a user provides a DN with the sequence '><', they could escape the tokenization process and impersonate another user.

Example:

Provided DN: jdoe><alopresto -> <jdoe><alopresto><proxy...> would allow the user to impersonate jdoe

Parameters:

rawDn - the unsanitized DN

Returns:

the sanitized DN

unsanitizeDn

private static String unsanitizeDn(String sanitizedDn)

Reconstitutes the original DN from the sanitized version passed in the proxy chain.

Example:

alopresto\>\<proxy1 -> alopresto><proxy1

Parameters:

sanitizedDn - the sanitized DN

Returns:

the original DN

tokenizeProxiedEntitiesChain

public static List<String> tokenizeProxiedEntitiesChain(String rawProxyChain)

Tokenizes the specified proxy chain.

Parameters:

rawProxyChain - raw chain

Returns:

tokenized proxy chain