NIFI-655: - Adding documentation around the behavior of the authentication filters. - Only passing along necessary parameters.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/774d626f Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/774d626f Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/774d626f Branch: refs/heads/master Commit: 774d626f88c13098f69aac0fbb88902defa677df Parents: c722b56 Author: Matt Gilman <[email protected]> Authored: Mon Nov 30 15:07:40 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Mon Nov 30 15:07:40 2015 -0500 ---------------------------------------------------------------------- .../nifi/web/security/NiFiAuthenticationFilter.java | 13 +++++++++++-- .../nifi/web/security/jwt/JwtAuthenticationFilter.java | 3 +-- .../web/security/x509/X509AuthenticationFilter.java | 3 +-- 3 files changed, 13 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/774d626f/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index be781c2..c9b5c88 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -81,7 +81,7 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { try { - final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request, response); + final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request); if (authenticated != null) { // log the request attempt - response details will be logged later logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", @@ -108,7 +108,16 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean { } } - public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response); + /** + * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication + * request, the implementation should convert it to a NiFiAuthenticationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when + * the request contains an authentication request but it could not be authenticated. + * + * @param request The request + * @return The NiFiAuthenticationRequestToken used to later authorized the client + * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate + */ + public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request); protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { if (logger.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/nifi/blob/774d626f/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java index 2f18406..155610a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java @@ -26,7 +26,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import java.util.Arrays; import org.apache.nifi.web.security.InvalidAuthenticationException; @@ -41,7 +40,7 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter { private JwtService jwtService; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { + public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport jwt login when running securely if (!request.isSecure()) { return null; http://git-wip-us.apache.org/repos/asf/nifi/blob/774d626f/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java index dd7d47e..708b607 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java @@ -19,7 +19,6 @@ package org.apache.nifi.web.security.x509; import java.security.cert.X509Certificate; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationFilter; @@ -41,7 +40,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter { private X509IdentityProvider certificateIdentityProvider; @Override - public NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request, HttpServletResponse response) { + public NiFiAuthenticationRequestToken attemptAuthentication(final HttpServletRequest request) { // only suppport x509 login when running securely if (!request.isSecure()) { return null;
