Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-03-01 06:59:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-13622 Corrected Logout Complete Redirect for Proxies (#9143)

Browse Source 
This closes #9143
This commit is contained in:
David Handermann 2024-08-02 15:40:47 -05:00 committed by GitHub
parent 458844909b
commit 141ca71cbc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 196 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
View File

@ -85,6 +85,11 @@
<artifactId>nifi-web-security</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-web-servlet-shared</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>

37
nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
View File

@ -100,6 +100,7 @@ import org.apache.nifi.web.NiFiWebConfigurationContext;
import org.apache.nifi.web.UiExtensionType;
import org.apache.nifi.web.server.connector.FrameworkServerConnectorFactory;
import org.apache.nifi.web.server.filter.FilterParameter;
import org.apache.nifi.web.server.filter.LogoutCompleteRedirectFilter;
import org.apache.nifi.web.server.filter.RequestFilterProvider;
import org.apache.nifi.web.server.filter.RestApiRequestFilterProvider;
import org.apache.nifi.web.server.filter.StandardRequestFilterProvider;
@ -226,21 +227,8 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
configureConnectors(server);
final ContextHandlerCollection handlerCollection = new ContextHandlerCollection();
// Only restrict the host header if running in HTTPS mode
if (props.isHTTPSConfigured()) {
final HostHeaderHandler hostHeaderHandler = new HostHeaderHandler(props);
handlerCollection.addHandler(hostHeaderHandler);
}
final Handler warHandlers = loadInitialWars(bundles);
handlerCollection.addHandler(warHandlers);
final RewriteHandler logoutCompleteRewriteHandler = new RewriteHandler();
final RedirectPatternRule redirectLogoutComplete = new RedirectPatternRule("/nifi/logout-complete", "/nifi/#/logout-complete");
logoutCompleteRewriteHandler.addRule(redirectLogoutComplete);
logoutCompleteRewriteHandler.setHandler(handlerCollection);
server.setHandler(logoutCompleteRewriteHandler);
final Handler standardHandler = getStandardHandler(handlerCollection);
server.setHandler(standardHandler);
final RewriteHandler defaultRewriteHandler = new RewriteHandler();
final RedirectPatternRule redirectDefault = new RedirectPatternRule("/*", "/nifi");
@ -256,6 +244,18 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
server.setRequestLog(requestLog);
}
private Handler getStandardHandler(final ContextHandlerCollection handlerCollection) {
// Only restrict the host header if running in HTTPS mode
if (props.isHTTPSConfigured()) {
final HostHeaderHandler hostHeaderHandler = new HostHeaderHandler(props);
handlerCollection.addHandler(hostHeaderHandler);
}
final Handler warHandlers = loadInitialWars(bundles);
handlerCollection.addHandler(warHandlers);
return handlerCollection;
}
private Handler loadInitialWars(final Set<Bundle> bundles) {
final Map<File, Bundle> warToBundleLookup = findWars(bundles);
@ -644,6 +644,13 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
? REST_API_REQUEST_FILTER_PROVIDER.getFilters(props)
: REQUEST_FILTER_PROVIDER.getFilters(props);
// Add Logout Complete Filter for web user interface integration
if (CONTEXT_PATH_NIFI.equals(contextPath)) {
final FilterHolder logoutCompleteFilterHolder = new FilterHolder(LogoutCompleteRedirectFilter.class);
logoutCompleteFilterHolder.setName(LogoutCompleteRedirectFilter.class.getSimpleName());
requestFilters.add(logoutCompleteFilterHolder);
}
requestFilters.forEach(filter -> {
final String pathSpecification = filter.getInitParameter(FilterParameter.PATH_SPECIFICATION.name());
final String filterPathSpecification = pathSpecification == null ? CONTEXT_PATH_ALL : pathSpecification;

64
nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/filter/LogoutCompleteRedirectFilter.java Normal file
View File

@ -0,0 +1,64 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.server.filter;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.nifi.web.servlet.shared.RequestUriBuilder;
import java.io.IOException;
import java.net.URI;
/**
* Logout Complete Redirect Filter for web user interface integration with fragment-based routing
*/
public class LogoutCompleteRedirectFilter implements Filter {
private static final String LOGOUT_COMPLETE_PATH = "/nifi/logout-complete";
private static final String USER_INTERFACE_PATH = "/nifi/";
private static final String FRAGMENT_PATH = "/logout-complete";
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
if (servletRequest instanceof HttpServletRequest httpServletRequest) {
final String requestUri = httpServletRequest.getRequestURI();
if (requestUri.endsWith(LOGOUT_COMPLETE_PATH)) {
final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
doRedirect(httpServletRequest, httpServletResponse);
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
}
private void doRedirect(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws IOException {
final URI redirectUri = RequestUriBuilder.fromHttpServletRequest(httpServletRequest)
.path(USER_INTERFACE_PATH)
.fragment(FRAGMENT_PATH)
.build();
final String redirectLocation = redirectUri.toString();
httpServletResponse.sendRedirect(redirectLocation);
}
}

105
nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/filter/LogoutCompleteRedirectFilterTest.java Normal file
View File

@ -0,0 +1,105 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.server.filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.io.IOException;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
public class LogoutCompleteRedirectFilterTest {
private static final String LOGOUT_COMPLETE_URI = "/nifi/logout-complete";
private static final String ROOT_URI = "/nifi/";
private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";
private static final String FORWARDED_PATH = "/forwarded";
private static final String LOGOUT_COMPLETE_EXPECTED = "/forwarded/nifi/#/logout-complete";
private static final String CONTEXT_PATH_HEADER = "X-ProxyContextPath";
@Mock
private ServletContext servletContext;
@Mock
private FilterConfig filterConfig;
@Mock
private FilterChain filterChain;
@Mock(strictness = Mock.Strictness.LENIENT)
private HttpServletRequest request;
@Mock
private HttpServletResponse response;
@Captor
private ArgumentCaptor<String> redirectCaptor;
private LogoutCompleteRedirectFilter filter;
@BeforeEach
public void setFilter() throws ServletException {
filter = new LogoutCompleteRedirectFilter();
filter.init(filterConfig);
}
@Test
public void testDoFilter() throws ServletException, IOException {
when(request.getRequestURI()).thenReturn(ROOT_URI);
filter.doFilter(request, response, filterChain);
verify(response, never()).sendRedirect(anyString());
}
@Test
public void testDoFilterLogoutComplete() throws ServletException, IOException {
when(request.getRequestURI()).thenReturn(LOGOUT_COMPLETE_URI);
when(request.getServletContext()).thenReturn(servletContext);
when(servletContext.getInitParameter(eq(ALLOWED_CONTEXT_PATHS_PARAMETER))).thenReturn(FORWARDED_PATH);
when(request.getHeader(eq(CONTEXT_PATH_HEADER))).thenReturn(FORWARDED_PATH);
filter.doFilter(request, response, filterChain);
verify(response).sendRedirect(redirectCaptor.capture());
final String redirect = redirectCaptor.getValue();
assertEquals(LOGOUT_COMPLETE_EXPECTED, redirect);
}
}