From 774d626f88c13098f69aac0fbb88902defa677df Mon Sep 17 00:00:00 2001 From: Matt Gilman Date: Mon, 30 Nov 2015 15:07:40 -0500 Subject: [PATCH] NIFI-655: - Adding documentation around the behavior of the authentication filters. - Only passing along necessary parameters. --- .../nifi/web/security/NiFiAuthenticationFilter.java | 13 +++++++++++-- .../web/security/jwt/JwtAuthenticationFilter.java | 3 +-- .../web/security/x509/X509AuthenticationFilter.java | 3 +-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index be781c26c9..c9b5c88554 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -81,7 +81,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { try { - final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request, response); + final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request); if (authenticated != null) { // log the request attempt - response details will be logged later logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", @@ -108,7 +108,16 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { } } - public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response); + /** + * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication + * request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when + * the request contains an authentication request but it could not be authenticated. + * + * @param request The request + * @return The NiFiAuthenticationRequestToken used to later authorized the client + * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate + */ + public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request); protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { if (logger.isDebugEnabled()) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java index 2f18406dbb..155610a37e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java @@ -26,7 +26,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import java.util.Arrays; import org.apache.nifi.web.security.InvalidAuthenticationException; @@ -41,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { private JwtService jwtService; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { + public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport jwt login when running securely if (!request.isSecure()) { return null; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java index dd7d47e6b2..708b6078af 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java @@ -19,7 +19,6 @@ package org.apache.nifi.web.security.x509; import java.security.cert.X509Certificate; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationFilter; @@ -41,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { private X509IdentityProvider certificateIdentityProvider; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { + public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport x509 login when running securely if (!request.isSecure()) { return null;