Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-07 10:38:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-11604 Improve handling of non-renewable tickets in AbstractKerberosUser

Browse Source 
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7301.
This commit is contained in:
Bryan Bende 2023-05-25 15:48:32 -04:00 committed by Pierre Villard
parent ddc1330a1a
commit 5f5bf48d74
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nifi-commons/nifi-security-kerberos/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java
View File

@ -196,10 +196,8 @@ public abstract class AbstractKerberosUser implements KerberosUser {
public synchronized boolean checkTGTAndRelogin() {
final KerberosTicket tgt = getTGT();
if (tgt == null) {
LOGGER.debug("TGT for {} was not found, performing logout/login", principal);
logout();
login();
return true;
LOGGER.debug("TGT for {} was not found", principal);
return logoutAndLogin();
}
if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) {
@ -207,6 +205,11 @@ public abstract class AbstractKerberosUser implements KerberosUser {
return false;
}
if (!tgt.isRenewable() || tgt.getRenewTill() == null) {
return logoutAndLogin();
}
LOGGER.debug("TGT for {} is renewable, will attempt refresh", principal);
try {
tgt.refresh();
LOGGER.debug("TGT for {} was refreshed", principal);
@ -214,12 +217,15 @@ public abstract class AbstractKerberosUser implements KerberosUser {
} catch (final RefreshFailedException e) {
LOGGER.debug("TGT for {} could not be refreshed", principal);
LOGGER.trace("", e);
LOGGER.debug("Performing logout/login for {}", principal);
logout();
login();
return true;
return logoutAndLogin();
}
}
private boolean logoutAndLogin() {
LOGGER.debug("Performing logout/login", principal);
logout();
login();
return true;
}
/**