mirror of https://github.com/apache/nifi.git
NIFI-655:
- Ensuring the access token is not replicated when the user is already authenticated/authorized.
This commit is contained in:
parent
a84e505bcd
commit
c722b56335
|
@ -370,9 +370,6 @@ public abstract class ApplicationResource {
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
// add the proxied user details
|
// add the proxied user details
|
||||||
result.put(PROXIED_ENTITIES_CHAIN_HTTP_HEADER, ProxiedEntitiesUtils.buildProxiedEntitiesChainString(user));
|
result.put(PROXIED_ENTITIES_CHAIN_HTTP_HEADER, ProxiedEntitiesUtils.buildProxiedEntitiesChainString(user));
|
||||||
|
|
||||||
// remove the access token if present, since the user is already authenticated/authorized
|
|
||||||
result.remove(JwtAuthenticationFilter.AUTHORIZATION);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// add the user's authorities (if any) to the headers
|
// add the user's authorities (if any) to the headers
|
||||||
|
@ -385,9 +382,11 @@ public abstract class ApplicationResource {
|
||||||
|
|
||||||
// put serialized user details in header
|
// put serialized user details in header
|
||||||
result.put(PROXIED_ENTITY_USER_DETAILS_HTTP_HEADER, hexEncodedUserDetails);
|
result.put(PROXIED_ENTITY_USER_DETAILS_HTTP_HEADER, hexEncodedUserDetails);
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
// remove the access token if present, since the user is already authenticated/authorized
|
||||||
|
result.remove(JwtAuthenticationFilter.AUTHORIZATION);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue