Google Git
Sign in
apache / nifi / 9744644b9d643dada81566f58dc8a78f008e8fe6 / . / nifi-nar-bundles / nifi-framework-bundle / nifi-framework / nifi-web / nifi-web-security / src / main / resources / nifi-web-security-context.xml
blob: 0405dc5d5b1cb873fbacef4422ce6a5eb51048b3 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- certificate extractor -->
<bean id="certificateExtractor" class="org.apache.nifi.web.security.x509.X509CertificateExtractor"/>
<!-- principal extractor -->
<bean id="principalExtractor" class="org.apache.nifi.web.security.x509.SubjectDnX509PrincipalExtractor"/>
<!-- ocsp validator -->
<bean id="ocspValidator" class="org.apache.nifi.web.security.x509.ocsp.OcspCertificateValidator">
<constructor-arg ref="nifiProperties"/>
</bean>
<!-- x509 validator -->
<bean id="certificateValidator" class="org.apache.nifi.web.security.x509.X509CertificateValidator">
<property name="ocspValidator" ref="ocspValidator"/>
</bean>
<!-- x509 identity provider -->
<bean id="certificateIdentityProvider" class="org.apache.nifi.web.security.x509.X509IdentityProvider">
<property name="principalExtractor" ref="principalExtractor"/>
<property name="certificateValidator" ref="certificateValidator"/>
</bean>
<!-- otp authentication provider -->
<bean id="x509AuthenticationProvider" class="org.apache.nifi.web.security.x509.X509AuthenticationProvider">
<constructor-arg ref="certificateIdentityProvider" index="0"/>
<constructor-arg ref="authorizer" index="1"/>
<constructor-arg ref="nifiProperties" index="2"/>
</bean>
<!-- jwt service -->
<bean id="jwtService" class="org.apache.nifi.web.security.jwt.JwtService">
<constructor-arg ref="keyService"/>
</bean>
<!-- jwt authentication provider -->
<bean id="jwtAuthenticationProvider" class="org.apache.nifi.web.security.jwt.JwtAuthenticationProvider">
<constructor-arg ref="jwtService" index="0"/>
<constructor-arg ref="nifiProperties" index="1"/>
<constructor-arg ref="authorizer" index="2"/>
<constructor-arg ref="idpUserGroupService" index="3"/>
</bean>
<!-- otp service -->
<bean id="otpService" class="org.apache.nifi.web.security.otp.OtpService"/>
<!-- otp authentication provider -->
<bean id="otpAuthenticationProvider" class="org.apache.nifi.web.security.otp.OtpAuthenticationProvider">
<constructor-arg ref="otpService" index="0"/>
<constructor-arg ref="nifiProperties" index="1"/>
<constructor-arg ref="authorizer" index="2"/>
<constructor-arg ref="idpUserGroupService" index="3"/>
</bean>
<!-- knox service -->
<bean id="knoxService" class="org.apache.nifi.web.security.knox.KnoxServiceFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
<!-- knox authentication provider -->
<bean id="knoxAuthenticationProvider" class="org.apache.nifi.web.security.knox.KnoxAuthenticationProvider">
<constructor-arg ref="knoxService" index="0"/>
<constructor-arg ref="nifiProperties" index="1"/>
<constructor-arg ref="authorizer" index="2"/>
</bean>
<!-- Kerberos service -->
<bean id="kerberosService" class="org.apache.nifi.web.security.spring.KerberosServiceFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
<!-- login identity provider -->
<bean id="loginIdentityProvider" class="org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean">
<property name="properties" ref="nifiProperties"/>
<property name="extensionManager" ref="extensionManager" />
</bean>
<!-- oidc -->
<bean id="oidcProvider" class="org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider">
<constructor-arg ref="jwtService" index="0"/>
<constructor-arg ref="nifiProperties" index="1"/>
</bean>
<bean id="oidcService" class="org.apache.nifi.web.security.oidc.OidcService">
<constructor-arg ref="oidcProvider"/>
</bean>
<!-- saml -->
<bean id="samlConfigurationFactory" class="org.apache.nifi.web.security.saml.impl.StandardSAMLConfigurationFactory" />
<bean id="samlService" class="org.apache.nifi.web.security.saml.impl.StandardSAMLService" init-method="initialize" destroy-method="shutdown">
<constructor-arg ref="samlConfigurationFactory" index="0"/>
<constructor-arg ref="nifiProperties" index="1"/>
</bean>
<bean id="samlStateManager" class="org.apache.nifi.web.security.saml.impl.StandardSAMLStateManager">
<constructor-arg ref="jwtService" index="0"/>
</bean>
<bean id="samlCredentialStore" class="org.apache.nifi.web.security.saml.impl.StandardSAMLCredentialStore">
<constructor-arg ref="idpCredentialService" index="0"/>
</bean>
<!-- logout -->
<bean id="logoutRequestManager" class="org.apache.nifi.web.security.logout.LogoutRequestManager" scope="singleton"/>
<!-- anonymous -->
<bean id="anonymousAuthenticationProvider" class="org.apache.nifi.web.security.anonymous.NiFiAnonymousAuthenticationProvider">
<constructor-arg ref="nifiProperties" index="0"/>
<constructor-arg ref="authorizer" index="1"/>
</bean>
</beans>