Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-10897 Replaced Spring Security Base64 with java.util.Base64 

This closes #6728

Signed-off-by: Mike Thomsen <mthomsen@apache.org>
This commit is contained in:
exceptionfactory 2022-11-23 09:45:40 -06:00 committed by Mike Thomsen
parent d55fb91b0f
commit de296b5e65
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java
View File

@ -20,13 +20,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import javax.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
/**
*
@ -39,8 +39,10 @@ public class KerberosService {
public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate";
public static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
private static final Base64.Decoder decoder = Base64.getDecoder();
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) {
this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider;
@ -59,7 +61,7 @@ public class KerberosService {
logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header);
}
byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
byte[] kerberosTicket = Base64.decode(base64Token);
byte[] kerberosTicket = decoder.decode(base64Token);
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));

14
nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
View File

@ -35,13 +35,13 @@ import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import javax.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.concurrent.TimeUnit;
public class KerberosSpnegoIdentityProvider implements IdentityProvider {
@ -67,9 +67,11 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
private static final String AUTHORIZATION = "Authorization";
private static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
private static final Base64.Decoder decoder = Base64.getDecoder();
private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
private final KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
@Autowired
public KerberosSpnegoIdentityProvider(
@ -80,7 +82,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration();
if (expirationFromProperties != null) {
long expiration = FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS);
expiration = Math.round(FormatUtils.getPreciseTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS));
}
}
@ -105,7 +107,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL());
byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
byte[] kerberosTicket = Base64.decode(base64Token);
byte[] kerberosTicket = decoder.decode(base64Token);
return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request));
}
@ -119,7 +121,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
}
final Object credentials = authenticationRequest.getCredentials();
byte[] kerberosTicket = credentials != null && credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
byte[] kerberosTicket = credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
if (credentials == null) {
logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");