NIFI-655: - Fixing issue with filter bean initialization when clustered. Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c1cc165e Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c1cc165e Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c1cc165e
Branch: refs/heads/master Commit: c1cc165edb2fdacdcc958f8b4b1dcf97bf40eb5f Parents: 6bce858 Author: Matt Gilman <[email protected]> Authored: Fri Nov 27 10:05:58 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Fri Nov 27 10:05:58 2015 -0500 ---------------------------------------------------------------------- .../web/NiFiWebApiSecurityConfiguration.java | 72 ++++++++++++-------- .../web/security/NiFiAuthenticationFilter.java | 10 +-- 2 files changed, 47 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/c1cc165e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index bf12dee..73e9640 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -58,6 +58,11 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte private X509IdentityProvider certificateIdentityProvider; private LoginIdentityProvider loginIdentityProvider; + private NodeAuthorizedUserFilter nodeAuthorizedUserFilter; + private JwtAuthenticationFilter jwtAuthenticationFilter; + private X509AuthenticationFilter x509AuthenticationFilter; + private NiFiAnonymousUserFilter anonymousAuthenticationFilter; + public NiFiWebApiSecurityConfiguration() { super(true); // disable defaults } @@ -80,17 +85,17 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // cluster authorized user - http.addFilterBefore(buildNodeAuthorizedUserFilter(), AnonymousAuthenticationFilter.class); + http.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class); // anonymous - http.anonymous().authenticationFilter(buildAnonymousFilter()); + http.anonymous().authenticationFilter(anonymousFilterBean()); // x509 - http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class); + http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class); // jwt - consider when configured for log in if (loginIdentityProvider != null) { - http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); + http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class); } } @@ -106,35 +111,48 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService)); } - private NodeAuthorizedUserFilter buildNodeAuthorizedUserFilter() { - final NodeAuthorizedUserFilter nodeFilter = new NodeAuthorizedUserFilter(); - nodeFilter.setProperties(properties); - nodeFilter.setCertificateExtractor(certificateExtractor); - nodeFilter.setCertificateIdentityProvider(certificateIdentityProvider); - return nodeFilter; + @Bean + public NodeAuthorizedUserFilter nodeAuthorizedUserFilterBean() throws Exception { + if (nodeAuthorizedUserFilter == null) { + nodeAuthorizedUserFilter = new NodeAuthorizedUserFilter(); + nodeAuthorizedUserFilter.setProperties(properties); + nodeAuthorizedUserFilter.setCertificateExtractor(certificateExtractor); + nodeAuthorizedUserFilter.setCertificateIdentityProvider(certificateIdentityProvider); + } + return nodeAuthorizedUserFilter; } - private JwtAuthenticationFilter buildJwtFilter() throws Exception { - final JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter(); - jwtFilter.setProperties(properties); - jwtFilter.setJwtService(jwtService); - jwtFilter.setAuthenticationManager(authenticationManager()); - return jwtFilter; + @Bean + public JwtAuthenticationFilter jwtFilterBean() throws Exception { + // only consider the jwt authentication filter when configured for login + if (jwtAuthenticationFilter == null && loginIdentityProvider != null) { + jwtAuthenticationFilter = new JwtAuthenticationFilter(); + jwtAuthenticationFilter.setProperties(properties); + jwtAuthenticationFilter.setJwtService(jwtService); + jwtAuthenticationFilter.setAuthenticationManager(authenticationManager()); + } + return jwtAuthenticationFilter; } - private X509AuthenticationFilter buildX509Filter() throws Exception { - final X509AuthenticationFilter x509Filter = new X509AuthenticationFilter(); - x509Filter.setProperties(properties); - x509Filter.setCertificateExtractor(certificateExtractor); - x509Filter.setCertificateIdentityProvider(certificateIdentityProvider); - x509Filter.setAuthenticationManager(authenticationManager()); - return x509Filter; + @Bean + public X509AuthenticationFilter x509FilterBean() throws Exception { + if (x509AuthenticationFilter == null) { + x509AuthenticationFilter = new X509AuthenticationFilter(); + x509AuthenticationFilter.setProperties(properties); + x509AuthenticationFilter.setCertificateExtractor(certificateExtractor); + x509AuthenticationFilter.setCertificateIdentityProvider(certificateIdentityProvider); + x509AuthenticationFilter.setAuthenticationManager(authenticationManager()); + } + return x509AuthenticationFilter; } - private AnonymousAuthenticationFilter buildAnonymousFilter() { - final NiFiAnonymousUserFilter anonymousFilter = new NiFiAnonymousUserFilter(); - anonymousFilter.setUserService(userService); - return anonymousFilter; + @Bean + public NiFiAnonymousUserFilter anonymousFilterBean() throws Exception { + if (anonymousAuthenticationFilter == null) { + anonymousAuthenticationFilter = new NiFiAnonymousUserFilter(); + anonymousAuthenticationFilter.setUserService(userService); + } + return anonymousAuthenticationFilter; } @Autowired http://git-wip-us.apache.org/repos/asf/nifi/blob/c1cc165e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index 7ceca04..be781c2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -18,9 +18,7 @@ package org.apache.nifi.web.security; import java.io.IOException; import java.io.PrintWriter; -import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -40,11 +38,12 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.web.filter.GenericFilterBean; /** * */ -public abstract class NiFiAuthenticationFilter implements Filter { +public abstract class NiFiAuthenticationFilter extends GenericFilterBean { private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class); @@ -52,11 +51,6 @@ public abstract class NiFiAuthenticationFilter implements Filter { private NiFiProperties properties; @Override - public void init(final FilterConfig filterConfig) throws ServletException { - throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. - } - - @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
