This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new e72b099887 NIFI-13559 Removed Legacy Access Resource REST Methods
(#9091)
e72b099887 is described below
commit e72b0998878951c1d2d41b7d76a2474434399bce
Author: David Handermann <[email protected]>
AuthorDate: Fri Jul 19 08:15:19 2024 -0500
NIFI-13559 Removed Legacy Access Resource REST Methods (#9091)
- Removed GET /access for Access Status
- Removed GET /access/config for Login Configuration
- Removed GET /access/token/expiration for Access Token Expiration
---
nifi-docker/dockermaven/integration-test.sh | 2 +-
.../nifi/web/api/dto/AccessConfigurationDTO.java | 45 -----
.../apache/nifi/web/api/dto/AccessStatusDTO.java | 82 ---------
.../web/api/entity/AccessConfigurationEntity.java | 43 -----
.../nifi/web/api/entity/AccessStatusEntity.java | 43 -----
.../api/entity/AccessTokenExpirationEntity.java | 36 ----
.../filter/DataTransferExcludedDoSFilterTest.java | 4 +-
.../org/apache/nifi/web/api/AccessResource.java | 193 ---------------------
.../nifi/web/api/AuthenticationResource.java | 3 +-
.../src/main/resources/nifi-web-api-context.xml | 5 -
.../configuration/WebSecurityConfiguration.java | 2 -
11 files changed, 4 insertions(+), 454 deletions(-)
diff --git a/nifi-docker/dockermaven/integration-test.sh
b/nifi-docker/dockermaven/integration-test.sh
index ff3d75c93e..2c35a6daa2 100755
--- a/nifi-docker/dockermaven/integration-test.sh
+++ b/nifi-docker/dockermaven/integration-test.sh
@@ -70,7 +70,7 @@ echo
echo "Checking NiFi REST API Access (expect status: 400)"
# Return code is 400 instead of 200 because of an invalid SNI
-test "400" = "$(docker exec "${container_name}" bash -c "curl -ksSo /dev/null
-w %{http_code} -m 10 --retry 5 --retry-connrefused --retry-max-time 60
https://${ip}:${port}/nifi-api/access";)"
+test "400" = "$(docker exec "${container_name}" bash -c "curl -ksSo /dev/null
-w %{http_code} -m 10 --retry 5 --retry-connrefused --retry-max-time 60
https://${ip}:${port}/nifi-api/authentication/configuration";)"
echo
echo "Stopping NiFi container"
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java
b/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java
deleted file mode 100644
index 79cd87a64d..0000000000
---
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessConfigurationDTO.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.dto;
-
-import io.swagger.v3.oas.annotations.media.Schema;
-
-import jakarta.xml.bind.annotation.XmlType;
-
-/**
- * Details for the access configuration.
- */
-@XmlType(name = "accessConfig")
-public class AccessConfigurationDTO {
-
- private Boolean supportsLogin;
-
- /**
- * @return Indicates whether or not this NiFi supports user login.
- */
- @Schema(description = "Indicates whether or not this NiFi supports user
login.",
- accessMode = Schema.AccessMode.READ_ONLY
- )
- public Boolean getSupportsLogin() {
- return supportsLogin;
- }
-
- public void setSupportsLogin(Boolean supportsLogin) {
- this.supportsLogin = supportsLogin;
- }
-
-}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
b/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
deleted file mode 100644
index 92410c504a..0000000000
---
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.dto;
-
-import io.swagger.v3.oas.annotations.media.Schema;
-
-import jakarta.xml.bind.annotation.XmlRootElement;
-
-/**
- * A serialized representation of this class can be placed in the entity body
of a response to the API. This particular entity holds the users access status.
- */
-@XmlRootElement(name = "accessStatus")
-public class AccessStatusDTO {
-
- public static enum Status {
-
- UNKNOWN,
- ACTIVE
- }
-
- private String identity;
- private String username;
- private String status;
- private String message;
-
- /**
- * @return the user identity
- */
- @Schema(description = "The user identity.",
- accessMode = Schema.AccessMode.READ_ONLY
- )
- public String getIdentity() {
- return identity;
- }
-
- public void setIdentity(String identity) {
- this.identity = identity;
- }
-
- /**
- * @return the user access status
- */
- @Schema(description = "The user access status.",
- accessMode = Schema.AccessMode.READ_ONLY
- )
- public String getStatus() {
- return status;
- }
-
- public void setStatus(String status) {
- this.status = status;
- }
-
- /**
- * @return additional details about the user access status
- */
- @Schema(description = "Additional details about the user access status.",
- accessMode = Schema.AccessMode.READ_ONLY
- )
- public String getMessage() {
- return message;
- }
-
- public void setMessage(String message) {
- this.message = message;
- }
-
-}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java
b/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java
deleted file mode 100644
index a434d8359b..0000000000
---
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessConfigurationEntity.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import jakarta.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.web.api.dto.AccessConfigurationDTO;
-
-/**
- * A serialized representation of this class can be placed in the entity body
of a request or response to or from the API. This particular entity holds a
reference to a AccessConfigurationDTO.
- */
-@XmlRootElement(name = "accessConfigurationEntity")
-public class AccessConfigurationEntity extends Entity {
-
- private AccessConfigurationDTO config;
-
- /**
- * The AccessConfigurationDTO that is being serialized.
- *
- * @return The AccessConfigurationDTO object
- */
- public AccessConfigurationDTO getConfig() {
- return config;
- }
-
- public void setConfig(AccessConfigurationDTO config) {
- this.config = config;
- }
-
-}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java
b/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java
deleted file mode 100644
index e066e25869..0000000000
---
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessStatusEntity.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import jakarta.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.web.api.dto.AccessStatusDTO;
-
-/**
- * A serialized representation of this class can be placed in the entity body
of a request or response to or from the API. This particular entity holds a
reference to a AccessStatusDTO.
- */
-@XmlRootElement(name = "accessStatusEntity")
-public class AccessStatusEntity extends Entity {
-
- private AccessStatusDTO accessStatus;
-
- /**
- * The AccessStatusDTO that is being serialized.
- *
- * @return The AccessStatusDTO object
- */
- public AccessStatusDTO getAccessStatus() {
- return accessStatus;
- }
-
- public void setAccessStatus(AccessStatusDTO accessStatus) {
- this.accessStatus = accessStatus;
- }
-
-}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessTokenExpirationEntity.java
b/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessTokenExpirationEntity.java
deleted file mode 100644
index 5e0803143a..0000000000
---
a/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessTokenExpirationEntity.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import org.apache.nifi.web.api.dto.AccessTokenExpirationDTO;
-
-import jakarta.xml.bind.annotation.XmlRootElement;
-
-@XmlRootElement(name = "accessTokenExpirationEntity")
-public class AccessTokenExpirationEntity extends Entity {
-
- private AccessTokenExpirationDTO accessTokenExpiration;
-
- public AccessTokenExpirationDTO getAccessTokenExpiration() {
- return accessTokenExpiration;
- }
-
- public void setAccessTokenExpiration(AccessTokenExpirationDTO
accessTokenExpiration) {
- this.accessTokenExpiration = accessTokenExpiration;
- }
-
-}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/filter/DataTransferExcludedDoSFilterTest.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/filter/DataTransferExcludedDoSFilterTest.java
index fe43326252..2bce12464c 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/filter/DataTransferExcludedDoSFilterTest.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/java/org/apache/nifi/web/server/filter/DataTransferExcludedDoSFilterTest.java
@@ -38,7 +38,7 @@ import static org.mockito.Mockito.when;
public class DataTransferExcludedDoSFilterTest {
private static final String DATA_TRANSFER_URI = "/nifi-api/data-transfer";
- private static final String ACCESS_URI = "/nifi-api/access";
+ private static final String CONFIGURATION_URI =
"/nifi-api/authentication/configuration";
@Mock
private FilterConfig filterConfig;
@@ -62,7 +62,7 @@ public class DataTransferExcludedDoSFilterTest {
@Test
public void testDoFilterChain() throws ServletException, IOException {
- when(request.getRequestURI()).thenReturn(ACCESS_URI);
+ when(request.getRequestURI()).thenReturn(CONFIGURATION_URI);
filter.doFilterChain(filterChain, request, response);
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index a97fbdca84..a4a98fe9ef 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -17,7 +17,6 @@
package org.apache.nifi.web.api;
import java.net.URI;
-import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collections;
import java.util.Optional;
@@ -49,41 +48,18 @@ import org.apache.nifi.authentication.LoginIdentityProvider;
import
org.apache.nifi.authentication.exception.AuthenticationNotSupportedException;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.AccessDeniedException;
-import org.apache.nifi.authorization.user.NiFiUser;
-import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
-import org.apache.nifi.web.api.dto.AccessConfigurationDTO;
-import org.apache.nifi.web.api.dto.AccessStatusDTO;
-import org.apache.nifi.web.api.dto.AccessTokenExpirationDTO;
-import org.apache.nifi.web.api.entity.AccessConfigurationEntity;
-import org.apache.nifi.web.api.entity.AccessStatusEntity;
-import org.apache.nifi.web.api.entity.AccessTokenExpirationEntity;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.LogoutException;
-import org.apache.nifi.web.security.ProxiedEntitiesUtils;
-import org.apache.nifi.web.security.UntrustedProxyException;
import org.apache.nifi.web.security.cookie.ApplicationCookieName;
import org.apache.nifi.web.security.jwt.provider.BearerTokenProvider;
import org.apache.nifi.web.security.jwt.revocation.JwtLogoutListener;
import org.apache.nifi.web.security.logout.LogoutRequest;
import org.apache.nifi.web.security.logout.LogoutRequestManager;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
-import org.apache.nifi.web.security.x509.X509AuthenticationProvider;
-import org.apache.nifi.web.security.x509.X509AuthenticationRequestToken;
-import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import
org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.jwt.JwtDecoder;
-import
org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
-import
org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
import
org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
-import
org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
/**
* RESTful endpoint for managing access.
@@ -95,131 +71,12 @@ public class AccessResource extends ApplicationResource {
private static final Logger logger =
LoggerFactory.getLogger(AccessResource.class);
protected static final String AUTHENTICATION_NOT_ENABLED_MSG = "User
authentication/authorization is only supported when running over HTTPS.";
- private X509CertificateExtractor certificateExtractor;
- private X509AuthenticationProvider x509AuthenticationProvider;
- private X509PrincipalExtractor principalExtractor;
-
private LoginIdentityProvider loginIdentityProvider;
- private JwtAuthenticationProvider jwtAuthenticationProvider;
private JwtLogoutListener jwtLogoutListener;
- private JwtDecoder jwtDecoder;
private BearerTokenProvider bearerTokenProvider;
private BearerTokenResolver bearerTokenResolver;
private LogoutRequestManager logoutRequestManager;
- /**
- * Retrieves the access configuration for this NiFi.
- *
- * @param httpServletRequest the servlet request
- * @return A accessConfigurationEntity
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces(MediaType.APPLICATION_JSON)
- @Path("config")
- @Operation(
- summary = "Retrieves the access configuration for this NiFi",
- responses = @ApiResponse(content = @Content(schema =
@Schema(implementation = AccessConfigurationEntity.class)))
- )
- public Response getLoginConfig(@Context HttpServletRequest
httpServletRequest) {
-
- final AccessConfigurationDTO accessConfiguration = new
AccessConfigurationDTO();
-
- // specify whether login should be supported and only support for
secure requests
- accessConfiguration.setSupportsLogin(loginIdentityProvider != null &&
httpServletRequest.isSecure());
-
- // create the response entity
- final AccessConfigurationEntity entity = new
AccessConfigurationEntity();
- entity.setConfig(accessConfiguration);
-
- // generate the response
- return generateOkResponse(entity).build();
- }
-
- /**
- * Gets the status the client's access.
- *
- * @param httpServletRequest the servlet request
- * @return A accessStatusEntity
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces(MediaType.APPLICATION_JSON)
- @Path("")
- @Operation(
- summary = "Gets the status the client's access",
- description = NON_GUARANTEED_ENDPOINT,
- responses = @ApiResponse(content = @Content(schema =
@Schema(implementation = AccessStatusEntity.class)))
- )
- @ApiResponses(
- value = {
- @ApiResponse(responseCode = "400", description = "NiFi was
unable to complete the request because it was invalid. The request should not
be retried without modification."),
- @ApiResponse(responseCode = "401", description = "Unable
to determine access status because the client could not be authenticated."),
- @ApiResponse(responseCode = "403", description = "Unable
to determine access status because the client is not authorized to make this
request."),
- @ApiResponse(responseCode = "409", description = "The
request was valid but NiFi was not in the appropriate state to process it."),
- @ApiResponse(responseCode = "500", description = "Unable
to determine access status because an unexpected error occurred.")
- }
- )
- public Response getAccessStatus(@Context HttpServletRequest
httpServletRequest, @Context HttpServletResponse httpServletResponse) {
- if (!httpServletRequest.isSecure()) {
- throw new
AuthenticationNotSupportedException(AUTHENTICATION_NOT_ENABLED_MSG);
- }
-
- final AccessStatusDTO accessStatus = new AccessStatusDTO();
-
- try {
- final X509Certificate[] certificates =
certificateExtractor.extractClientCertificate(httpServletRequest);
-
- if (certificates == null) {
- final String bearerToken =
bearerTokenResolver.resolve(httpServletRequest);
- if (bearerToken == null) {
-
accessStatus.setStatus(AccessStatusDTO.Status.UNKNOWN.name());
- accessStatus.setMessage("Access Unknown: Certificate and
Token not found.");
- } else {
- try {
- final BearerTokenAuthenticationToken
authenticationToken = new BearerTokenAuthenticationToken(bearerToken);
- final Authentication authentication =
jwtAuthenticationProvider.authenticate(authenticationToken);
- final NiFiUserDetails userDetails = (NiFiUserDetails)
authentication.getPrincipal();
- final String identity = userDetails.getUsername();
-
- accessStatus.setIdentity(identity);
-
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- accessStatus.setMessage("Access Granted: Token
authenticated.");
- } catch (final AuthenticationException iae) {
-
applicationCookieService.removeCookie(getCookieResourceUri(),
httpServletResponse, ApplicationCookieName.AUTHORIZATION_BEARER);
- throw iae;
- }
- }
- } else {
- try {
- final String proxiedEntitiesChain =
httpServletRequest.getHeader(ProxiedEntitiesUtils.PROXY_ENTITIES_CHAIN);
- final String proxiedEntityGroups =
httpServletRequest.getHeader(ProxiedEntitiesUtils.PROXY_ENTITY_GROUPS);
-
- final X509AuthenticationRequestToken x509Request = new
X509AuthenticationRequestToken(
- proxiedEntitiesChain, proxiedEntityGroups,
principalExtractor, certificates, httpServletRequest.getRemoteAddr());
-
- final Authentication authenticationResponse =
x509AuthenticationProvider.authenticate(x509Request);
- final NiFiUser nifiUser = ((NiFiUserDetails)
authenticationResponse.getDetails()).getNiFiUser();
-
- accessStatus.setIdentity(nifiUser.getIdentity());
-
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- accessStatus.setMessage("Access Granted: Certificate
authenticated.");
- } catch (final IllegalArgumentException iae) {
- throw new InvalidAuthenticationException(iae.getMessage(),
iae);
- }
- }
- } catch (final UntrustedProxyException upe) {
- throw new AccessDeniedException(upe.getMessage(), upe);
- } catch (final AuthenticationServiceException ase) {
- throw new AdministrationException(ase.getMessage(), ase);
- }
-
- final AccessStatusEntity entity = new AccessStatusEntity();
- entity.setAccessStatus(accessStatus);
-
- return generateOkResponse(entity).build();
- }
-
/**
* Creates a token for accessing the REST API via username/password stored
as a cookie in the browser.
*
@@ -292,36 +149,6 @@ public class AccessResource extends ApplicationResource {
return generateCreatedResponse(uri, bearerToken).build();
}
- @GET
- @Produces(MediaType.APPLICATION_JSON)
- @Path("/token/expiration")
- @Operation(
- summary = "Get expiration for current Access Token",
- description = NON_GUARANTEED_ENDPOINT,
- responses = @ApiResponse(content = @Content(schema =
@Schema(implementation = AccessTokenExpirationEntity.class)))
- )
- @ApiResponses(
- value = {
- @ApiResponse(responseCode = "200", description = "Access
Token Expiration found"),
- @ApiResponse(responseCode = "401", description = "Access
Token not authorized"),
- @ApiResponse(responseCode = "409", description = "The
request was valid but NiFi was not in the appropriate state to process it.")
- }
- )
- public Response getAccessTokenExpiration() {
- final String bearerToken =
bearerTokenResolver.resolve(httpServletRequest);
- if (bearerToken == null) {
- throw new IllegalStateException("Access Token not found");
- } else {
- final Jwt jwt = jwtDecoder.decode(bearerToken);
- final Instant expiration = jwt.getExpiresAt();
- final AccessTokenExpirationDTO accessTokenExpiration = new
AccessTokenExpirationDTO();
- accessTokenExpiration.setExpiration(expiration);
- final AccessTokenExpirationEntity accessTokenExpirationEntity =
new AccessTokenExpirationEntity();
-
accessTokenExpirationEntity.setAccessTokenExpiration(accessTokenExpiration);
- return Response.ok(accessTokenExpirationEntity).build();
- }
- }
-
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.WILDCARD)
@@ -446,30 +273,10 @@ public class AccessResource extends ApplicationResource {
this.bearerTokenResolver = bearerTokenResolver;
}
- public void setJwtAuthenticationProvider(JwtAuthenticationProvider
jwtAuthenticationProvider) {
- this.jwtAuthenticationProvider = jwtAuthenticationProvider;
- }
-
- public void setJwtDecoder(final JwtDecoder jwtDecoder) {
- this.jwtDecoder = jwtDecoder;
- }
-
public void setJwtLogoutListener(final JwtLogoutListener
jwtLogoutListener) {
this.jwtLogoutListener = jwtLogoutListener;
}
- public void setX509AuthenticationProvider(X509AuthenticationProvider
x509AuthenticationProvider) {
- this.x509AuthenticationProvider = x509AuthenticationProvider;
- }
-
- public void setPrincipalExtractor(X509PrincipalExtractor
principalExtractor) {
- this.principalExtractor = principalExtractor;
- }
-
- public void setCertificateExtractor(X509CertificateExtractor
certificateExtractor) {
- this.certificateExtractor = certificateExtractor;
- }
-
public void setLogoutRequestManager(LogoutRequestManager
logoutRequestManager) {
this.logoutRequestManager = logoutRequestManager;
}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AuthenticationResource.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AuthenticationResource.java
index 108d8238bf..eb5bb06690 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AuthenticationResource.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AuthenticationResource.java
@@ -32,7 +32,6 @@ import
org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.api.dto.AuthenticationConfigurationDTO;
-import org.apache.nifi.web.api.entity.AccessConfigurationEntity;
import org.apache.nifi.web.api.entity.AuthenticationConfigurationEntity;
import org.apache.nifi.web.configuration.AuthenticationConfiguration;
import org.apache.nifi.web.util.RequestUriBuilder;
@@ -66,7 +65,7 @@ public class AuthenticationResource extends
ApplicationResource {
@Path("/configuration")
@Operation(
summary = "Retrieves the authentication configuration endpoint and
status information",
- responses = @ApiResponse(content = @Content(schema =
@Schema(implementation = AccessConfigurationEntity.class)))
+ responses = @ApiResponse(content = @Content(schema =
@Schema(implementation = AuthenticationConfigurationEntity.class)))
)
public Response getAuthenticationConfiguration() {
final AuthenticationConfigurationDTO configuration = new
AuthenticationConfigurationDTO();
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index f48abb9f7b..3e205612db 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -606,11 +606,6 @@
<bean id="accessResource" class="org.apache.nifi.web.api.AccessResource"
scope="singleton">
<property name="logoutRequestManager" ref="logoutRequestManager" />
<property name="loginIdentityProvider" ref="loginIdentityProvider"/>
- <property name="x509AuthenticationProvider"
ref="x509AuthenticationProvider"/>
- <property name="certificateExtractor" ref="certificateExtractor"/>
- <property name="principalExtractor" ref="principalExtractor"/>
- <property name="jwtAuthenticationProvider"
ref="jwtAuthenticationProvider"/>
- <property name="jwtDecoder" ref="jwtDecoder" />
<property name="jwtLogoutListener" ref="jwtLogoutListener"/>
<property name="bearerTokenProvider" ref="bearerTokenProvider"/>
<property name="bearerTokenResolver" ref="bearerTokenResolver"/>
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
index 9c6b28d4c4..2870eb6a13 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/configuration/WebSecurityConfiguration.java
@@ -74,8 +74,6 @@ import java.util.stream.Collectors;
@EnableMethodSecurity
public class WebSecurityConfiguration {
private static final List<String> UNFILTERED_PATHS = List.of(
- "/access",
- "/access/config",
"/access/token",
"/access/logout/complete",
"/authentication/configuration"
