NIFI-5237:

- Ensuring the proxy headers are considered when redirecting the user following a OIDC or Knox login exchange. This closes #2763. Signed-off-by: Bryan Bende <bbende@apache.org>
2018-06-05 12:47:36 -04:00 · 2018-06-05 12:47:36 -04:00 · 8feac9ae54
parent 09f9260035
commit 8feac9ae54
1 changed files with 8 additions and 2 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@ -266,7 +266,7 @@ public class AccessResource extends ApplicationResource {
            }

            // redirect to the name page
-            httpServletResponse.sendRedirect("../../../nifi");
+            httpServletResponse.sendRedirect(getNiFiUri());
        } else {
            // remove the oidc request cookie
            removeOidcRequestCookie(httpServletResponse);
@ -369,7 +369,7 @@ public class AccessResource extends ApplicationResource {
            return;
        }

-        httpServletResponse.sendRedirect("../../../nifi");
+        httpServletResponse.sendRedirect(getNiFiUri());
    }

    /**
@ -740,6 +740,12 @@ public class AccessResource extends ApplicationResource {
        return generateResourceUri("access", "oidc", "callback");
    }

+    private String getNiFiUri() {
+        final String nifiApiUrl = generateResourceUri();
+        final String baseUrl = StringUtils.substringBeforeLast(nifiApiUrl,"/nifi-api");
+        return baseUrl + "/nifi";
+    }
+
    private void removeOidcRequestCookie(final HttpServletResponse httpServletResponse) {
        final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER, null);
        cookie.setPath("/");