Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-12 04:55:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-11604 Improve handling of non-renewable tickets in AbstractKerberosUser

Browse Source 
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7301.
This commit is contained in:
Bryan Bende 2023-05-25 15:48:32 -04:00 committed by Pierre Villard
parent ddc1330a1a
commit 5f5bf48d74
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nifi-commons/nifi-security-kerberos/src/main/java/org/apache/nifi/security/krb/AbstractKerberosUser.java
View File

@ -196,10 +196,8 @@ public abstract class AbstractKerberosUser implements KerberosUser {
public synchronized boolean checkTGTAndRelogin() { public synchronized boolean checkTGTAndRelogin() {
final KerberosTicket tgt = getTGT(); final KerberosTicket tgt = getTGT();
if (tgt == null) { if (tgt == null) {
LOGGER.debug("TGT for {} was not found, performing logout/login", principal); LOGGER.debug("TGT for {} was not found", principal);
logout(); return logoutAndLogin();
login();
return true;
} }
if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) { if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) {
@ -207,6 +205,11 @@ public abstract class AbstractKerberosUser implements KerberosUser {
return false; return false;
} }
if (!tgt.isRenewable() || tgt.getRenewTill() == null) {
return logoutAndLogin();
}
LOGGER.debug("TGT for {} is renewable, will attempt refresh", principal);
try { try {
tgt.refresh(); tgt.refresh();
LOGGER.debug("TGT for {} was refreshed", principal); LOGGER.debug("TGT for {} was refreshed", principal);
@ -214,12 +217,15 @@ public abstract class AbstractKerberosUser implements KerberosUser {
} catch (final RefreshFailedException e) { } catch (final RefreshFailedException e) {
LOGGER.debug("TGT for {} could not be refreshed", principal); LOGGER.debug("TGT for {} could not be refreshed", principal);
LOGGER.trace("", e); LOGGER.trace("", e);
LOGGER.debug("Performing logout/login for {}", principal); return logoutAndLogin();
logout();
login();
return true;
} }
}
private boolean logoutAndLogin() {
LOGGER.debug("Performing logout/login", principal);
logout();
login();
return true;
} }
/** /**