Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-655: 

- Fixing issue with filter bean initialization when clustered.
This commit is contained in:
Matt Gilman 2015-11-27 10:05:58 -05:00
parent 6bce858e4a
commit c1cc165edb
2 changed files with 47 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
View File

@ -58,6 +58,11 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
private X509IdentityProvider certificateIdentityProvider; private X509IdentityProvider certificateIdentityProvider;
private LoginIdentityProvider loginIdentityProvider; private LoginIdentityProvider loginIdentityProvider;
private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
private JwtAuthenticationFilter jwtAuthenticationFilter;
private X509AuthenticationFilter x509AuthenticationFilter;
private NiFiAnonymousUserFilter anonymousAuthenticationFilter;
public NiFiWebApiSecurityConfiguration() { public NiFiWebApiSecurityConfiguration() {
super(true); // disable defaults super(true); // disable defaults
} }
@ -80,17 +85,17 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
.sessionCreationPolicy(SessionCreationPolicy.STATELESS); .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// cluster authorized user // cluster authorized user
http.addFilterBefore(buildNodeAuthorizedUserFilter(), AnonymousAuthenticationFilter.class); http.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class);
// anonymous // anonymous
http.anonymous().authenticationFilter(buildAnonymousFilter()); http.anonymous().authenticationFilter(anonymousFilterBean());
// x509 // x509
http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class); http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt - consider when configured for log in // jwt - consider when configured for log in
if (loginIdentityProvider != null) { if (loginIdentityProvider != null) {
http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
} }
} }
@ -106,35 +111,48 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService)); auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService));
} }
private NodeAuthorizedUserFilter buildNodeAuthorizedUserFilter() { @Bean
final NodeAuthorizedUserFilter nodeFilter = new NodeAuthorizedUserFilter(); public NodeAuthorizedUserFilter nodeAuthorizedUserFilterBean() throws Exception {
nodeFilter.setProperties(properties); if (nodeAuthorizedUserFilter == null) {
nodeFilter.setCertificateExtractor(certificateExtractor); nodeAuthorizedUserFilter = new NodeAuthorizedUserFilter();
nodeFilter.setCertificateIdentityProvider(certificateIdentityProvider); nodeAuthorizedUserFilter.setProperties(properties);
return nodeFilter; nodeAuthorizedUserFilter.setCertificateExtractor(certificateExtractor);
nodeAuthorizedUserFilter.setCertificateIdentityProvider(certificateIdentityProvider);
}
return nodeAuthorizedUserFilter;
} }
private JwtAuthenticationFilter buildJwtFilter() throws Exception { @Bean
final JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter(); public JwtAuthenticationFilter jwtFilterBean() throws Exception {
jwtFilter.setProperties(properties); // only consider the jwt authentication filter when configured for login
jwtFilter.setJwtService(jwtService); if (jwtAuthenticationFilter == null && loginIdentityProvider != null) {
jwtFilter.setAuthenticationManager(authenticationManager()); jwtAuthenticationFilter = new JwtAuthenticationFilter();
return jwtFilter; jwtAuthenticationFilter.setProperties(properties);
jwtAuthenticationFilter.setJwtService(jwtService);
jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
}
return jwtAuthenticationFilter;
} }
private X509AuthenticationFilter buildX509Filter() throws Exception { @Bean
final X509AuthenticationFilter x509Filter = new X509AuthenticationFilter(); public X509AuthenticationFilter x509FilterBean() throws Exception {
x509Filter.setProperties(properties); if (x509AuthenticationFilter == null) {
x509Filter.setCertificateExtractor(certificateExtractor); x509AuthenticationFilter = new X509AuthenticationFilter();
x509Filter.setCertificateIdentityProvider(certificateIdentityProvider); x509AuthenticationFilter.setProperties(properties);
x509Filter.setAuthenticationManager(authenticationManager()); x509AuthenticationFilter.setCertificateExtractor(certificateExtractor);
return x509Filter; x509AuthenticationFilter.setCertificateIdentityProvider(certificateIdentityProvider);
x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
}
return x509AuthenticationFilter;
} }
private AnonymousAuthenticationFilter buildAnonymousFilter() { @Bean
final NiFiAnonymousUserFilter anonymousFilter = new NiFiAnonymousUserFilter(); public NiFiAnonymousUserFilter anonymousFilterBean() throws Exception {
anonymousFilter.setUserService(userService); if (anonymousAuthenticationFilter == null) {
return anonymousFilter; anonymousAuthenticationFilter = new NiFiAnonymousUserFilter();
anonymousAuthenticationFilter.setUserService(userService);
}
return anonymousAuthenticationFilter;
} }
@Autowired @Autowired

10
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
View File

@ -18,9 +18,7 @@ package org.apache.nifi.web.security;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
@ -40,22 +38,18 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* *
*/ */
public abstract class NiFiAuthenticationFilter implements Filter { public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class); private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class);
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private NiFiProperties properties; private NiFiProperties properties;
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
@Override @Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {