Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-2555: 

- Addressing potential NullPointerException when an AccessDeniedException is thrown from an endpoint that isn't subject to the security filter chain.

This closes #846.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
Matt Gilman 2016-08-12 08:48:10 -04:00 committed by Andy LoPresto
parent 6799bd4919
commit 0855cb9bd4
No known key found for this signature in database
GPG Key ID: 3C6EF65B2F7DEF69
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
View File

@ -333,7 +333,6 @@ public class AccessResource extends ApplicationResource {
@ApiResponse(code = 401, message = "NiFi was unable to complete the request because it did not contain a valid Kerberos " + @ApiResponse(code = 401, message = "NiFi was unable to complete the request because it did not contain a valid Kerberos " +
"ticket in the Authorization header. Retry this request after initializing a ticket with kinit and " + "ticket in the Authorization header. Retry this request after initializing a ticket with kinit and " +
"ensuring your browser is configured to support SPNEGO."), "ensuring your browser is configured to support SPNEGO."),
@ApiResponse(code = 403, message = "Client is not authorized to make this request."),
@ApiResponse(code = 409, message = "Unable to create access token because NiFi is not in the appropriate state. (i.e. may not be configured to support Kerberos login."), @ApiResponse(code = 409, message = "Unable to create access token because NiFi is not in the appropriate state. (i.e. may not be configured to support Kerberos login."),
@ApiResponse(code = 500, message = "Unable to create access token because an unexpected error occurred.") @ApiResponse(code = 500, message = "Unable to create access token because an unexpected error occurred.")
} }

15
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java
View File

@ -41,15 +41,24 @@ public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDenied
// get the current user // get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser(); NiFiUser user = NiFiUserUtils.getNiFiUser();
// if the user was authenticated - forbidden, otherwise unauthorized // if the user was authenticated - forbidden, otherwise unauthorized... the user may be null if the
// AccessDeniedException was thrown from a /access endpoint that isn't subject to the security
// filter chain. for instance, one that performs kerberos negotiation
final Response.Status status; final Response.Status status;
if (user.isAnonymous()) { if (user == null || user.isAnonymous()) {
status = Status.UNAUTHORIZED; status = Status.UNAUTHORIZED;
} else { } else {
status = Status.FORBIDDEN; status = Status.FORBIDDEN;
} }
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getIdentity(), status)); final String identity;
if (user == null) {
identity = "<no user found>";
} else {
identity = user.getIdentity();
}
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", identity, status));
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug(StringUtils.EMPTY, exception); logger.debug(StringUtils.EMPTY, exception);