Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-655: 

- Adding documentation around the behavior of the authentication filters.
- Only passing along necessary parameters.
This commit is contained in:
Matt Gilman 2015-11-30 15:07:40 -05:00
parent c722b56335
commit 774d626f88
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
View File

@ -81,7 +81,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
try { try {
final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request, response); final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request);
if (authenticated != null) { if (authenticated != null) {
// log the request attempt - response details will be logged later // log the request attempt - response details will be logged later
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)",
@ -108,7 +108,16 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
} }
} }
public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response); /**
* Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication
* request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when
* the request contains an authentication request but it could not be authenticated.
*
* @param request The request
* @return The NiFiAuthenticationRequestToken used to later authorized the client
* @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate
*/
public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request);
protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {

3
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
View File

@ -26,7 +26,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays; import java.util.Arrays;
import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.InvalidAuthenticationException;
@ -41,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
private JwtService jwtService; private JwtService jwtService;
@Override @Override
public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) {
// only suppport jwt login when running securely // only suppport jwt login when running securely
if (!request.isSecure()) { if (!request.isSecure()) {
return null; return null;

3
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
View File

@ -19,7 +19,6 @@ package org.apache.nifi.web.security.x509;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter; import org.apache.nifi.web.security.NiFiAuthenticationFilter;
@ -41,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
private X509IdentityProvider certificateIdentityProvider; private X509IdentityProvider certificateIdentityProvider;
@Override @Override
public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) {
// only suppport x509 login when running securely // only suppport x509 login when running securely
if (!request.isSecure()) { if (!request.isSecure()) {
return null; return null;