This is an automated email from the ASF dual-hosted git repository.
thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 576338c NIFI-8697: When login endpoint is encountered and JWT is no
longer valid, request cookie to be deleted. Also fixed NPE that was encountered
when going to /logout without the expected cookie being present
576338c is described below
commit 576338cd55ea01a0b00952f486d063ee67b7ee13
Author: Mark Payne <[email protected]>
AuthorDate: Mon Jun 14 14:36:03 2021 -0400
NIFI-8697: When login endpoint is encountered and JWT is no longer valid,
request cookie to be deleted. Also fixed NPE that was encountered when going to
/logout without the expected cookie being present
Signed-off-by: Nathan Gough <[email protected]>
This closes #5155.
---
.../main/java/org/apache/nifi/web/api/AccessResource.java | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 0221485..6103d3c 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -1158,7 +1158,7 @@ public class AccessResource extends ApplicationResource {
@ApiResponse(code = 500, message = "Unable to determine
access status because an unexpected error occurred.")
}
)
- public Response getAccessStatus(@Context HttpServletRequest
httpServletRequest) {
+ public Response getAccessStatus(@Context HttpServletRequest
httpServletRequest, @Context HttpServletResponse httpServletResponse) {
// only consider user specific access over https
if (!httpServletRequest.isSecure()) {
@@ -1192,8 +1192,12 @@ public class AccessResource extends ApplicationResource {
// attempt authorize to /flow
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
accessStatus.setMessage("You are already logged in.");
- } catch (JwtException e) {
- throw new
InvalidAuthenticationException(e.getMessage(), e);
+ } catch (final InvalidAuthenticationException iae) {
+ if (WebUtils.getCookie(httpServletRequest,
NiFiBearerTokenResolver.JWT_COOKIE_NAME) != null) {
+ removeCookie(httpServletResponse,
NiFiBearerTokenResolver.JWT_COOKIE_NAME);
+ }
+
+ throw iae;
}
}
} else {
@@ -1553,7 +1557,8 @@ public class AccessResource extends ApplicationResource {
LogoutRequest logoutRequest = null;
// check if a logout request identifier is present and if so complete
the request
- final String logoutRequestIdentifier =
WebUtils.getCookie(httpServletRequest, LOGOUT_REQUEST_IDENTIFIER).getValue();
+ final Cookie cookie = WebUtils.getCookie(httpServletRequest,
LOGOUT_REQUEST_IDENTIFIER);
+ final String logoutRequestIdentifier = cookie == null ? null :
cookie.getValue();
if (logoutRequestIdentifier != null) {
logoutRequest =
logoutRequestManager.complete(logoutRequestIdentifier);
}
