mirror of
https://github.com/apache/nifi.git
synced 2025-03-01 06:59:08 +00:00
NIFI-13622 Corrected Logout Complete Redirect for Proxies (#9143)
This closes #9143
This commit is contained in:
parent
458844909b
commit
141ca71cbc
@ -85,6 +85,11 @@
|
||||
<artifactId>nifi-web-security</artifactId>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-web-servlet-shared</artifactId>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-web</artifactId>
|
||||
|
@ -100,6 +100,7 @@ import org.apache.nifi.web.NiFiWebConfigurationContext;
|
||||
import org.apache.nifi.web.UiExtensionType;
|
||||
import org.apache.nifi.web.server.connector.FrameworkServerConnectorFactory;
|
||||
import org.apache.nifi.web.server.filter.FilterParameter;
|
||||
import org.apache.nifi.web.server.filter.LogoutCompleteRedirectFilter;
|
||||
import org.apache.nifi.web.server.filter.RequestFilterProvider;
|
||||
import org.apache.nifi.web.server.filter.RestApiRequestFilterProvider;
|
||||
import org.apache.nifi.web.server.filter.StandardRequestFilterProvider;
|
||||
@ -226,21 +227,8 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
|
||||
configureConnectors(server);
|
||||
|
||||
final ContextHandlerCollection handlerCollection = new ContextHandlerCollection();
|
||||
|
||||
// Only restrict the host header if running in HTTPS mode
|
||||
if (props.isHTTPSConfigured()) {
|
||||
final HostHeaderHandler hostHeaderHandler = new HostHeaderHandler(props);
|
||||
handlerCollection.addHandler(hostHeaderHandler);
|
||||
}
|
||||
|
||||
final Handler warHandlers = loadInitialWars(bundles);
|
||||
handlerCollection.addHandler(warHandlers);
|
||||
|
||||
final RewriteHandler logoutCompleteRewriteHandler = new RewriteHandler();
|
||||
final RedirectPatternRule redirectLogoutComplete = new RedirectPatternRule("/nifi/logout-complete", "/nifi/#/logout-complete");
|
||||
logoutCompleteRewriteHandler.addRule(redirectLogoutComplete);
|
||||
logoutCompleteRewriteHandler.setHandler(handlerCollection);
|
||||
server.setHandler(logoutCompleteRewriteHandler);
|
||||
final Handler standardHandler = getStandardHandler(handlerCollection);
|
||||
server.setHandler(standardHandler);
|
||||
|
||||
final RewriteHandler defaultRewriteHandler = new RewriteHandler();
|
||||
final RedirectPatternRule redirectDefault = new RedirectPatternRule("/*", "/nifi");
|
||||
@ -256,6 +244,18 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
|
||||
server.setRequestLog(requestLog);
|
||||
}
|
||||
|
||||
private Handler getStandardHandler(final ContextHandlerCollection handlerCollection) {
|
||||
// Only restrict the host header if running in HTTPS mode
|
||||
if (props.isHTTPSConfigured()) {
|
||||
final HostHeaderHandler hostHeaderHandler = new HostHeaderHandler(props);
|
||||
handlerCollection.addHandler(hostHeaderHandler);
|
||||
}
|
||||
|
||||
final Handler warHandlers = loadInitialWars(bundles);
|
||||
handlerCollection.addHandler(warHandlers);
|
||||
return handlerCollection;
|
||||
}
|
||||
|
||||
private Handler loadInitialWars(final Set<Bundle> bundles) {
|
||||
final Map<File, Bundle> warToBundleLookup = findWars(bundles);
|
||||
|
||||
@ -644,6 +644,13 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
|
||||
? REST_API_REQUEST_FILTER_PROVIDER.getFilters(props)
|
||||
: REQUEST_FILTER_PROVIDER.getFilters(props);
|
||||
|
||||
// Add Logout Complete Filter for web user interface integration
|
||||
if (CONTEXT_PATH_NIFI.equals(contextPath)) {
|
||||
final FilterHolder logoutCompleteFilterHolder = new FilterHolder(LogoutCompleteRedirectFilter.class);
|
||||
logoutCompleteFilterHolder.setName(LogoutCompleteRedirectFilter.class.getSimpleName());
|
||||
requestFilters.add(logoutCompleteFilterHolder);
|
||||
}
|
||||
|
||||
requestFilters.forEach(filter -> {
|
||||
final String pathSpecification = filter.getInitParameter(FilterParameter.PATH_SPECIFICATION.name());
|
||||
final String filterPathSpecification = pathSpecification == null ? CONTEXT_PATH_ALL : pathSpecification;
|
||||
|
@ -0,0 +1,64 @@
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.nifi.web.server.filter;
|
||||
|
||||
import jakarta.servlet.Filter;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.ServletRequest;
|
||||
import jakarta.servlet.ServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.apache.nifi.web.servlet.shared.RequestUriBuilder;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
|
||||
/**
|
||||
* Logout Complete Redirect Filter for web user interface integration with fragment-based routing
|
||||
*/
|
||||
public class LogoutCompleteRedirectFilter implements Filter {
|
||||
private static final String LOGOUT_COMPLETE_PATH = "/nifi/logout-complete";
|
||||
|
||||
private static final String USER_INTERFACE_PATH = "/nifi/";
|
||||
|
||||
private static final String FRAGMENT_PATH = "/logout-complete";
|
||||
|
||||
@Override
|
||||
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
|
||||
if (servletRequest instanceof HttpServletRequest httpServletRequest) {
|
||||
final String requestUri = httpServletRequest.getRequestURI();
|
||||
if (requestUri.endsWith(LOGOUT_COMPLETE_PATH)) {
|
||||
final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
|
||||
doRedirect(httpServletRequest, httpServletResponse);
|
||||
} else {
|
||||
filterChain.doFilter(servletRequest, servletResponse);
|
||||
}
|
||||
} else {
|
||||
filterChain.doFilter(servletRequest, servletResponse);
|
||||
}
|
||||
}
|
||||
|
||||
private void doRedirect(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws IOException {
|
||||
final URI redirectUri = RequestUriBuilder.fromHttpServletRequest(httpServletRequest)
|
||||
.path(USER_INTERFACE_PATH)
|
||||
.fragment(FRAGMENT_PATH)
|
||||
.build();
|
||||
final String redirectLocation = redirectUri.toString();
|
||||
httpServletResponse.sendRedirect(redirectLocation);
|
||||
}
|
||||
}
|
@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.nifi.web.server.filter;
|
||||
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.FilterConfig;
|
||||
import jakarta.servlet.ServletContext;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Captor;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class LogoutCompleteRedirectFilterTest {
|
||||
private static final String LOGOUT_COMPLETE_URI = "/nifi/logout-complete";
|
||||
|
||||
private static final String ROOT_URI = "/nifi/";
|
||||
|
||||
private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";
|
||||
|
||||
private static final String FORWARDED_PATH = "/forwarded";
|
||||
|
||||
private static final String LOGOUT_COMPLETE_EXPECTED = "/forwarded/nifi/#/logout-complete";
|
||||
|
||||
private static final String CONTEXT_PATH_HEADER = "X-ProxyContextPath";
|
||||
|
||||
@Mock
|
||||
private ServletContext servletContext;
|
||||
|
||||
@Mock
|
||||
private FilterConfig filterConfig;
|
||||
|
||||
@Mock
|
||||
private FilterChain filterChain;
|
||||
|
||||
@Mock(strictness = Mock.Strictness.LENIENT)
|
||||
private HttpServletRequest request;
|
||||
|
||||
@Mock
|
||||
private HttpServletResponse response;
|
||||
|
||||
@Captor
|
||||
private ArgumentCaptor<String> redirectCaptor;
|
||||
|
||||
private LogoutCompleteRedirectFilter filter;
|
||||
|
||||
@BeforeEach
|
||||
public void setFilter() throws ServletException {
|
||||
filter = new LogoutCompleteRedirectFilter();
|
||||
filter.init(filterConfig);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilter() throws ServletException, IOException {
|
||||
when(request.getRequestURI()).thenReturn(ROOT_URI);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(response, never()).sendRedirect(anyString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterLogoutComplete() throws ServletException, IOException {
|
||||
when(request.getRequestURI()).thenReturn(LOGOUT_COMPLETE_URI);
|
||||
when(request.getServletContext()).thenReturn(servletContext);
|
||||
when(servletContext.getInitParameter(eq(ALLOWED_CONTEXT_PATHS_PARAMETER))).thenReturn(FORWARDED_PATH);
|
||||
when(request.getHeader(eq(CONTEXT_PATH_HEADER))).thenReturn(FORWARDED_PATH);
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
verify(response).sendRedirect(redirectCaptor.capture());
|
||||
|
||||
final String redirect = redirectCaptor.getValue();
|
||||
assertEquals(LOGOUT_COMPLETE_EXPECTED, redirect);
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user