mirror of https://github.com/apache/nifi.git
NIFI-10897 Replaced Spring Security Base64 with java.util.Base64
This closes #6728 Signed-off-by: Mike Thomsen <mthomsen@apache.org>
This commit is contained in:
parent
d55fb91b0f
commit
de296b5e65
|
@ -20,13 +20,13 @@ import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.crypto.codec.Base64;
|
|
||||||
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
|
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
|
||||||
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
|
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
|
||||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.util.Base64;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -39,8 +39,10 @@ public class KerberosService {
|
||||||
public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate";
|
public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate";
|
||||||
public static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
|
public static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
|
||||||
|
|
||||||
|
private static final Base64.Decoder decoder = Base64.getDecoder();
|
||||||
|
|
||||||
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
|
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
|
||||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||||
|
|
||||||
public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) {
|
public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) {
|
||||||
this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider;
|
this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider;
|
||||||
|
@ -59,7 +61,7 @@ public class KerberosService {
|
||||||
logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header);
|
logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header);
|
||||||
}
|
}
|
||||||
byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
|
byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
|
||||||
byte[] kerberosTicket = Base64.decode(base64Token);
|
byte[] kerberosTicket = decoder.decode(base64Token);
|
||||||
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
|
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
|
||||||
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||||
|
|
||||||
|
|
|
@ -35,13 +35,13 @@ import org.springframework.lang.Nullable;
|
||||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.crypto.codec.Base64;
|
|
||||||
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
|
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
|
||||||
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
|
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
|
||||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.util.Base64;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
||||||
|
@ -67,9 +67,11 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
||||||
private static final String AUTHORIZATION = "Authorization";
|
private static final String AUTHORIZATION = "Authorization";
|
||||||
private static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
|
private static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
|
||||||
|
|
||||||
|
private static final Base64.Decoder decoder = Base64.getDecoder();
|
||||||
|
|
||||||
private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
|
private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
|
||||||
private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
|
private final KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider;
|
||||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
|
private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public KerberosSpnegoIdentityProvider(
|
public KerberosSpnegoIdentityProvider(
|
||||||
|
@ -80,7 +82,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
||||||
|
|
||||||
final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration();
|
final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration();
|
||||||
if (expirationFromProperties != null) {
|
if (expirationFromProperties != null) {
|
||||||
long expiration = FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS);
|
expiration = Math.round(FormatUtils.getPreciseTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -105,7 +107,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
||||||
|
|
||||||
logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL());
|
logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL());
|
||||||
byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
|
byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
|
||||||
byte[] kerberosTicket = Base64.decode(base64Token);
|
byte[] kerberosTicket = decoder.decode(base64Token);
|
||||||
return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request));
|
return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -119,7 +121,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
final Object credentials = authenticationRequest.getCredentials();
|
final Object credentials = authenticationRequest.getCredentials();
|
||||||
byte[] kerberosTicket = credentials != null && credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
|
byte[] kerberosTicket = credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
|
||||||
|
|
||||||
if (credentials == null) {
|
if (credentials == null) {
|
||||||
logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");
|
logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");
|
||||||
|
|
Loading…
Reference in New Issue