nifi git commit: NIFI-5595 - Added the CORS filter to the templates/upload endpoint using a URL matcher. Explicitly allow methods GET, HEAD. These are the Spring defaults when the allowedMethods is empty but now it is explicit. This will require other me

Sat, 06 Oct 2018 16:25:13 -0700 

Repository: nifi
Updated Branches:
  refs/heads/master c6572f042 -> 246c09052


NIFI-5595 - Added the CORS filter to the templates/upload endpoint using a URL 
matcher.
Explicitly allow methods GET, HEAD. These are the Spring defaults when the 
allowedMethods is empty but now it is explicit. This will require other methods 
like POST etc to be from the same origin (for the template/upload URL).

This closes #3024.

Signed-off-by: Andy LoPresto <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/246c0905
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/246c0905
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/246c0905

Branch: refs/heads/master
Commit: 246c090526143943557b15868db6e8fe3fb30cf6
Parents: c6572f0
Author: thenatog <[email protected]>
Authored: Thu Sep 13 21:45:00 2018 -0400
Committer: Andy LoPresto <[email protected]>
Committed: Sat Oct 6 16:24:17 2018 -0700

----------------------------------------------------------------------
 .../nifi/web/NiFiWebApiSecurityConfiguration.java   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/246c0905/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
----------------------------------------------------------------------
diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
index 8d76bf3..d7fd89b 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@@ -43,6 +43,11 @@ import 
org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
 import 
org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 /**
  * NiFi Web Api Spring security
@@ -89,6 +94,7 @@ public class NiFiWebApiSecurityConfiguration extends 
WebSecurityConfigurerAdapte
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
+                .cors().and()
                 .rememberMe().disable()
                 .authorizeRequests()
                     .anyRequest().fullyAuthenticated()
@@ -112,6 +118,16 @@ public class NiFiWebApiSecurityConfiguration extends 
WebSecurityConfigurerAdapte
         http.anonymous().authenticationFilter(anonymousFilterBean());
     }
 
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedMethods(Arrays.asList("HEAD", "GET"));
+        UrlBasedCorsConfigurationSource source = new 
UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/process-groups/*/templates/upload", 
configuration);
+        return source;
+    }
+
     @Bean
     @Override
     public AuthenticationManager authenticationManagerBean() throws Exception {

Reply via email to