mirror of https://github.com/apache/nifi.git
NIFI-655:
- Keeping token expiration between 1 minute and 12 hours.
This commit is contained in:
Matt Gilman
parent
a196207725
commit
4bb8b137f0
|
|
@ -33,6 +33,7 @@ import java.net.URI;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.ws.rs.DefaultValue;
|
import javax.ws.rs.DefaultValue;
|
||||||
import javax.ws.rs.FormParam;
|
import javax.ws.rs.FormParam;
|
||||||
|
|
@ -316,9 +317,24 @@ public class AccessResource extends ApplicationResource {
|
||||||
try {
|
try {
|
||||||
// attempt to authenticate
|
// attempt to authenticate
|
||||||
final AuthenticationResponse authenticationResponse = loginIdentityProvider.authenticate(new LoginCredentials(username, password));
|
final AuthenticationResponse authenticationResponse = loginIdentityProvider.authenticate(new LoginCredentials(username, password));
|
||||||
|
final long maxExpiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
|
||||||
|
final long minExpiration = TimeUnit.MILLISECONDS.convert(1, TimeUnit.MINUTES);
|
||||||
|
|
||||||
|
long expiration = authenticationResponse.getExpiration();
|
||||||
|
if (expiration > maxExpiration) {
|
||||||
|
expiration = maxExpiration;
|
||||||
|
|
||||||
|
logger.warn(String.format("Max token expiration exceeded. Setting expiration to %s from %s for %s", expiration,
|
||||||
|
authenticationResponse.getExpiration(), authenticationResponse.getIdentity()));
|
||||||
|
} else if (expiration < minExpiration) {
|
||||||
|
expiration = minExpiration;
|
||||||
|
|
||||||
|
logger.warn(String.format("Min token expiration not met. Setting expiration to %s from %s for %s", expiration,
|
||||||
|
authenticationResponse.getExpiration(), authenticationResponse.getIdentity()));
|
||||||
|
}
|
||||||
|
|
||||||
// create the authentication token
|
// create the authentication token
|
||||||
loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getUsername(), authenticationResponse.getExpiration());
|
loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getUsername(), expiration);
|
||||||
} catch (final InvalidLoginCredentialsException ilce) {
|
} catch (final InvalidLoginCredentialsException ilce) {
|
||||||
throw new IllegalArgumentException("The supplied username and password are not valid.", ilce);
|
throw new IllegalArgumentException("The supplied username and password are not valid.", ilce);
|
||||||
} catch (final IdentityAccessException iae) {
|
} catch (final IdentityAccessException iae) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue