NIFI-655:

- Ensuring the access token is not replicated when the user is already authenticated/authorized.
2015-11-30 14:57:38 -05:00 · 2015-11-30 14:57:38 -05:00 · c722b56335
parent a84e505bcd
commit c722b56335
1 changed files with 3 additions and 4 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java
@ -370,9 +370,6 @@ public abstract class ApplicationResource {
            if (user != null) {
                // add the proxied user details
                result.put(PROXIED_ENTITIES_CHAIN_HTTP_HEADER, ProxiedEntitiesUtils.buildProxiedEntitiesChainString(user));
-
-                // remove the access token if present, since the user is already authenticated/authorized
-                result.remove(JwtAuthenticationFilter.AUTHORIZATION);
            }

            // add the user's authorities (if any) to the headers
@ -385,9 +382,11 @@ public abstract class ApplicationResource {

                    // put serialized user details in header
                    result.put(PROXIED_ENTITY_USER_DETAILS_HTTP_HEADER, hexEncodedUserDetails);
+
+                    // remove the access token if present, since the user is already authenticated/authorized
+                    result.remove(JwtAuthenticationFilter.AUTHORIZATION);
                }
            }
-
        }
        return result;
    }