NIFI-10897 Replaced Spring Security Base64 with java.util.Base64

This closes #6728

Signed-off-by: Mike Thomsen <mthomsen@apache.org>
This commit is contained in:
exceptionfactory 2022-11-23 09:45:40 -06:00 committed by Mike Thomsen
parent d55fb91b0f
commit de296b5e65
2 changed files with 13 additions and 9 deletions

View File

@ -20,13 +20,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Base64;
/** /**
* *
@ -39,8 +39,10 @@ public class KerberosService {
public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate"; public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate";
public static final String AUTHORIZATION_NEGOTIATE = "Negotiate"; public static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
private static final Base64.Decoder decoder = Base64.getDecoder();
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider; private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource(); private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) { public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) {
this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider; this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider;
@ -59,7 +61,7 @@ public class KerberosService {
logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header); logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header);
} }
byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8); byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
byte[] kerberosTicket = Base64.decode(base64Token); byte[] kerberosTicket = decoder.decode(base64Token);
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket); KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request)); authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));

View File

@ -35,13 +35,13 @@ import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
public class KerberosSpnegoIdentityProvider implements IdentityProvider { public class KerberosSpnegoIdentityProvider implements IdentityProvider {
@ -67,9 +67,11 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
private static final String AUTHORIZATION = "Authorization"; private static final String AUTHORIZATION = "Authorization";
private static final String AUTHORIZATION_NEGOTIATE = "Negotiate"; private static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
private static final Base64.Decoder decoder = Base64.getDecoder();
private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS); private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider; private final KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource; private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
@Autowired @Autowired
public KerberosSpnegoIdentityProvider( public KerberosSpnegoIdentityProvider(
@ -80,7 +82,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration(); final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration();
if (expirationFromProperties != null) { if (expirationFromProperties != null) {
long expiration = FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS); expiration = Math.round(FormatUtils.getPreciseTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS));
} }
} }
@ -105,7 +107,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL()); logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL());
byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8); byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
byte[] kerberosTicket = Base64.decode(base64Token); byte[] kerberosTicket = decoder.decode(base64Token);
return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request)); return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request));
} }
@ -119,7 +121,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
} }
final Object credentials = authenticationRequest.getCredentials(); final Object credentials = authenticationRequest.getCredentials();
byte[] kerberosTicket = credentials != null && credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null; byte[] kerberosTicket = credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
if (credentials == null) { if (credentials == null) {
logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null."); logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");