This is an automated email from the ASF dual-hosted git repository.
mcgilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new e35cbbba81 NIFI-13558 Configured Web Security to ignore
unauthenticated requests (#9090)
e35cbbba81 is described below
commit e35cbbba81522e2217ad2c9491ba4e5e29b3bcf1
Author: David Handermann <[email protected]>
AuthorDate: Thu Jul 18 12:26:26 2024 -0500
NIFI-13558 Configured Web Security to ignore unauthenticated requests
(#9090)
This closes #9090
---
.../configuration/WebSecurityConfiguration.java | 29 ++++++++++++++++------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
index 6f5dec1f00..9c6b28d4c4 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
@@ -55,8 +55,13 @@ import
org.springframework.security.web.authentication.AnonymousAuthenticationFi
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatchers;
import java.util.List;
+import java.util.stream.Collectors;
/**
* Application Security Configuration using Spring Security
@@ -68,6 +73,18 @@ import java.util.List;
@EnableWebSecurity
@EnableMethodSecurity
public class WebSecurityConfiguration {
+ private static final List<String> UNFILTERED_PATHS = List.of(
+ "/access",
+ "/access/config",
+ "/access/token",
+ "/access/logout/complete",
+ "/authentication/configuration"
+ );
+
+ private static final RequestMatcher UNFILTERED_PATHS_REQUEST_MATCHER = new
OrRequestMatcher(
+
UNFILTERED_PATHS.stream().map(AntPathRequestMatcher::new).collect(Collectors.toList())
+ );
+
/**
* Spring Security Authentication Manager configured using Authentication
Providers from specific configuration classes
*
@@ -108,14 +125,12 @@ public class WebSecurityConfiguration {
.securityContext(AbstractHttpConfigurer::disable)
.sessionManagement(AbstractHttpConfigurer::disable)
.headers(AbstractHttpConfigurer::disable)
- .authorizeHttpRequests(authorize -> authorize
+ .securityMatchers(securityMatchers -> securityMatchers
.requestMatchers(
- "/access",
- "/access/config",
- "/access/token",
- "/access/logout/complete",
- "/authentication/configuration"
- ).permitAll()
+
RequestMatchers.not(UNFILTERED_PATHS_REQUEST_MATCHER)
+ )
+ )
+ .authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.addFilterBefore(new SkipReplicatedCsrfFilter(),
CsrfFilter.class)
