This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 34c355cc10 NIFI-15221 Upgraded Spring Framework from 6.2.15 to 7.0.2
(#10554)
34c355cc10 is described below
commit 34c355cc104842017c4a03c8b1ebc42f3313d6cd
Author: Pierre Villard <[email protected]>
AuthorDate: Wed Dec 31 04:01:26 2025 +0100
NIFI-15221 Upgraded Spring Framework from 6.2.15 to 7.0.2 (#10554)
- Updated NiFi Registry Identity Filter to directly invoke
AuthenticationManager
- Upgraded Spring Security to 7.0.2, Spring LDAP Core to 4.0.1, Spring
Integration to 7.0.1
Co-authored-by: Kevin Doran <[email protected]>
Signed-off-by: David Handermann <[email protected]>
---
nifi-commons/nifi-hashicorp-vault/pom.xml | 12 ++++-
.../nifi-email-processors/pom.xml | 2 +-
.../processors/email/AbstractEmailProcessor.java | 15 ++++--
.../apache/nifi/processors/email/ConsumeIMAP.java | 2 +-
.../apache/nifi/processors/email/ConsumePOP3.java | 2 +-
.../nifi/processors/email/TestConsumeEmail.java | 2 +-
.../nifi/redis/testcontainers/RedisContainer.java | 4 +-
.../testcontainers/RedisReplicaContainer.java | 2 +-
.../testcontainers/RedisSentinelContainer.java | 4 +-
.../org/apache/nifi/redis/util/RedisUtils.java | 2 +-
.../FrameworkClusterConfiguration.java | 2 +-
.../nifi-framework/nifi-web/nifi-web-api/pom.xml | 5 --
.../apache/nifi/web/StandardNiFiServiceFacade.java | 2 +-
.../security/NiFiAuthenticationRequestToken.java | 4 +-
.../nifi-registry-framework/pom.xml | 7 ++-
.../registry/db/CustomFlywayConfiguration.java | 2 +-
.../registry/db/CustomFlywayMigrationStrategy.java | 2 +-
.../registry/db/mapper/BucketEntityRowMapper.java | 2 +-
.../db/mapper/BucketItemEntityRowMapper.java | 2 +-
.../registry/db/mapper/FlowEntityRowMapper.java | 2 +-
.../db/mapper/FlowSnapshotEntityRowMapper.java | 2 +-
.../registry/db/mapper/KeyEntityRowMapper.java | 2 +-
.../nifi-registry-core/nifi-registry-jetty/pom.xml | 26 ++++++-----
.../jetty/handler/StandardHandlerProvider.java | 10 ++--
.../nifi-registry-revision-spring-jdbc/pom.xml | 5 ++
.../nifi-registry-core/nifi-registry-test/pom.xml | 5 ++
.../registry/db/DatabaseProfileValueSource.java | 30 ++++++++----
.../nifi-registry-web-api/pom.xml | 20 +++++---
.../nifi/registry/NiFiRegistryApiApplication.java | 7 +--
.../nifi/registry/web/api/AccessResource.java | 2 +-
.../web/security/NiFiRegistrySecurityConfig.java | 6 +--
.../security/authentication/IdentityFilter.java | 41 +++++++++++++----
.../kerberos/KerberosSpnegoIdentityProvider.java | 2 +-
.../src/main/resources/META-INF/NOTICE | 25 ++++++----
.../apache/nifi/registry/web/api/BucketsIT.java | 4 +-
.../org/apache/nifi/registry/web/api/FlowsIT.java | 6 +--
.../nifi/registry/web/api/IntegrationTestBase.java | 10 +---
.../application-ITSecureDatabase.properties | 21 +++++----
.../resources/application-ITSecureFile.properties | 21 +++++----
.../application-ITSecureKerberos.properties | 21 +++++----
.../resources/application-ITSecureLdap.properties | 23 +++++-----
.../resources/application-ITSecureProxy.properties | 21 +++++----
nifi-registry/nifi-registry-core/pom.xml | 20 ++++----
.../nifi-registry-toolkit-assembly/NOTICE | 51 +++++++++++----------
nifi-registry/pom.xml | 53 ++++++----------------
pom.xml | 15 +++++-
46 files changed, 293 insertions(+), 233 deletions(-)
diff --git a/nifi-commons/nifi-hashicorp-vault/pom.xml
b/nifi-commons/nifi-hashicorp-vault/pom.xml
index 876ca8e7d6..cbac36cf83 100644
--- a/nifi-commons/nifi-hashicorp-vault/pom.xml
+++ b/nifi-commons/nifi-hashicorp-vault/pom.xml
@@ -21,7 +21,7 @@
</parent>
<artifactId>nifi-hashicorp-vault</artifactId>
<properties>
- <spring.vault.version>3.2.0</spring.vault.version>
+ <spring.vault.version>4.0.0</spring.vault.version>
</properties>
<dependencies>
<dependency>
@@ -55,10 +55,19 @@
<artifactId>nifi-utils</artifactId>
<version>2.8.0-SNAPSHOT</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-security-utils-api</artifactId>
@@ -67,4 +76,3 @@
</dependency>
</dependencies>
</project>
-
diff --git
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
index 683f49c27f..290a7c81dd 100644
--- a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
+++ b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/pom.xml
@@ -25,7 +25,7 @@
<artifactId>nifi-email-processors</artifactId>
<packaging>jar</packaging>
<properties>
- <spring.integration.version>6.5.5</spring.integration.version>
+ <spring.integration.version>7.0.1</spring.integration.version>
</properties>
<dependencies>
diff --git
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/AbstractEmailProcessor.java
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/AbstractEmailProcessor.java
index 63e55ae01a..56de85925c 100644
---
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/AbstractEmailProcessor.java
+++
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/AbstractEmailProcessor.java
@@ -34,7 +34,11 @@ import org.apache.nifi.processor.util.StandardValidators;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.StaticListableBeanFactory;
-import org.springframework.integration.mail.AbstractMailReceiver;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+import org.springframework.integration.context.IntegrationContextUtils;
+import org.springframework.integration.mail.inbound.AbstractMailReceiver;
+import org.springframework.scheduling.concurrent.ConcurrentTaskScheduler;
import jakarta.mail.Address;
import jakarta.mail.Message;
@@ -320,8 +324,13 @@ abstract class AbstractEmailProcessor<T extends
AbstractMailReceiver> extends Ab
this.messageReceiver.setMaxFetchSize(fetchSize);
this.messageReceiver.setJavaMailProperties(this.buildJavaMailProperties(context));
- // need to avoid spring warning messages
- this.messageReceiver.setBeanFactory(new
StaticListableBeanFactory());
+ // Spring Integration 7 expects an evaluation context bean;
register a lightweight one for the receiver
+ final StaticListableBeanFactory beanFactory = new
StaticListableBeanFactory();
+ final StandardEvaluationContext evaluationContext = new
StandardEvaluationContext();
+ evaluationContext.setBeanResolver(new
BeanFactoryResolver(beanFactory));
+
beanFactory.addBean(IntegrationContextUtils.INTEGRATION_EVALUATION_CONTEXT_BEAN_NAME,
evaluationContext);
+
beanFactory.addBean(IntegrationContextUtils.TASK_SCHEDULER_BEAN_NAME, new
ConcurrentTaskScheduler());
+ this.messageReceiver.setBeanFactory(beanFactory);
this.messageReceiver.afterPropertiesSet();
this.messageQueue = new ArrayBlockingQueue<>(fetchSize);
diff --git
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumeIMAP.java
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumeIMAP.java
index 4ed00b95f3..0c9c23f01c 100644
---
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumeIMAP.java
+++
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumeIMAP.java
@@ -26,7 +26,7 @@ import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.util.StandardValidators;
-import org.springframework.integration.mail.ImapMailReceiver;
+import org.springframework.integration.mail.inbound.ImapMailReceiver;
@InputRequirement(Requirement.INPUT_FORBIDDEN)
@CapabilityDescription("Consumes messages from Email Server using IMAP
protocol. "
diff --git
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumePOP3.java
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumePOP3.java
index 270c9480e9..aca77b2304 100644
---
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumePOP3.java
+++
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ConsumePOP3.java
@@ -24,7 +24,7 @@ import
org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.ProcessContext;
-import org.springframework.integration.mail.Pop3MailReceiver;
+import org.springframework.integration.mail.inbound.Pop3MailReceiver;
@InputRequirement(Requirement.INPUT_FORBIDDEN)
@CapabilityDescription("Consumes messages from Email Server using POP3
protocol. "
diff --git
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestConsumeEmail.java
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestConsumeEmail.java
index 65f502e45e..2a2d7613c2 100644
---
a/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestConsumeEmail.java
+++
b/nifi-extension-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestConsumeEmail.java
@@ -26,7 +26,7 @@ import org.apache.nifi.util.TestRunners;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-import org.springframework.integration.mail.AbstractMailReceiver;
+import org.springframework.integration.mail.inbound.AbstractMailReceiver;
import jakarta.mail.Message;
import jakarta.mail.MessagingException;
diff --git
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisContainer.java
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisContainer.java
index 285c1059f4..3fde902ca2 100644
---
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisContainer.java
+++
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisContainer.java
@@ -16,8 +16,8 @@
*/
package org.apache.nifi.redis.testcontainers;
-import org.springframework.lang.NonNull;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.utility.DockerImageName;
import org.testcontainers.utility.MountableFile;
diff --git
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisReplicaContainer.java
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisReplicaContainer.java
index c9c5061fdc..70af427ca4 100644
---
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisReplicaContainer.java
+++
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisReplicaContainer.java
@@ -16,7 +16,7 @@
*/
package org.apache.nifi.redis.testcontainers;
-import org.springframework.lang.NonNull;
+import org.jspecify.annotations.NonNull;
import org.testcontainers.utility.DockerImageName;
public class RedisReplicaContainer extends RedisContainer {
diff --git
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisSentinelContainer.java
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisSentinelContainer.java
index 1fe7815a2a..64ccaa8a49 100644
---
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisSentinelContainer.java
+++
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-extensions/src/test/java/org/apache/nifi/redis/testcontainers/RedisSentinelContainer.java
@@ -16,8 +16,8 @@
*/
package org.apache.nifi.redis.testcontainers;
-import org.springframework.lang.NonNull;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
import org.testcontainers.utility.DockerImageName;
import java.util.ArrayList;
diff --git
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-utils/src/main/java/org/apache/nifi/redis/util/RedisUtils.java
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-utils/src/main/java/org/apache/nifi/redis/util/RedisUtils.java
index f647f94a3c..3ad10372ab 100644
---
a/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-utils/src/main/java/org/apache/nifi/redis/util/RedisUtils.java
+++
b/nifi-extension-bundles/nifi-redis-bundle/nifi-redis-utils/src/main/java/org/apache/nifi/redis/util/RedisUtils.java
@@ -27,6 +27,7 @@ import org.apache.nifi.redis.RedisConnectionPool;
import org.apache.nifi.redis.RedisType;
import org.apache.nifi.ssl.SSLContextProvider;
import org.apache.nifi.util.StringUtils;
+import org.jspecify.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.connection.PoolException;
@@ -43,7 +44,6 @@ import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.stream.StreamMessageListenerContainer;
-import org.springframework.lang.Nullable;
import redis.clients.jedis.ConnectionPoolConfig;
import javax.net.ssl.SSLContext;
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/framework/configuration/FrameworkClusterConfiguration.java
b/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/framework/configuration/FrameworkClusterConfiguration.java
index ad4ded6321..4e94484bde 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/framework/configuration/FrameworkClusterConfiguration.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/framework/configuration/FrameworkClusterConfiguration.java
@@ -69,7 +69,7 @@ public class FrameworkClusterConfiguration {
this.eventReporter = eventReporter;
}
- @Autowired
+ @Autowired(required = false)
public void setClusterCoordinator(final ClusterCoordinator
clusterCoordinator) {
this.clusterCoordinator = clusterCoordinator;
}
diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
index 8cad4ba440..0723bcb2e0 100644
--- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
+++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
@@ -265,11 +265,6 @@
<groupId>io.prometheus</groupId>
<artifactId>simpleclient_common</artifactId>
</dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-jcl</artifactId>
- <scope>provided</scope> <!-- expected to be provided by parent
classloader -->
- </dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-common</artifactId>
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 563e9810af..c93263e3da 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -7392,7 +7392,7 @@ public class StandardNiFiServiceFacade implements
NiFiServiceFacade {
this.accessPolicyDAO = accessPolicyDAO;
}
- @Autowired
+ @Autowired(required = false)
public void setClusterCoordinator(final ClusterCoordinator coordinator) {
this.clusterCoordinator = coordinator;
}
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationRequestToken.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationRequestToken.java
index d05117fa1a..e168e3187c 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationRequestToken.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationRequestToken.java
@@ -16,6 +16,8 @@
*/
package org.apache.nifi.web.security;
+import java.util.Collections;
+
import org.springframework.security.authentication.AbstractAuthenticationToken;
/**
@@ -30,7 +32,7 @@ public abstract class NiFiAuthenticationRequestToken extends
AbstractAuthenticat
* @param authenticationDetails The authentication details of the client
making the request
*/
public NiFiAuthenticationRequestToken(final String clientAddress, final
Object authenticationDetails) {
- super(null);
+ super(Collections.emptyList());
setAuthenticated(false);
setDetails(authenticationDetails);
this.clientAddress = clientAddress;
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
index 3c51f81341..052e7dd63f 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-framework/pom.xml
@@ -244,7 +244,7 @@
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
- <version>3.3.5</version>
+ <version>4.0.1</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
@@ -310,6 +310,11 @@
<artifactId>spring-boot-starter-validation</artifactId>
<version>${spring.boot.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-flyway</artifactId>
+ <version>${spring.boot.version}</version>
+ </dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayConfiguration.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayConfiguration.java
index d21046f9bd..9b29858f0a 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayConfiguration.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayConfiguration.java
@@ -26,7 +26,7 @@ import
org.flywaydb.database.mysql.mariadb.MariaDBDatabaseType;
import org.flywaydb.database.postgresql.PostgreSQLDatabaseType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import
org.springframework.boot.autoconfigure.flyway.FlywayConfigurationCustomizer;
+import
org.springframework.boot.flyway.autoconfigure.FlywayConfigurationCustomizer;
import org.springframework.context.annotation.Configuration;
import javax.sql.DataSource;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayMigrationStrategy.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayMigrationStrategy.java
index 4dc74157ec..9cc7cf8b24 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayMigrationStrategy.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/CustomFlywayMigrationStrategy.java
@@ -30,7 +30,7 @@ import org.flywaydb.core.api.FlywayException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.flyway.FlywayMigrationStrategy;
+import org.springframework.boot.flyway.autoconfigure.FlywayMigrationStrategy;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Component;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketEntityRowMapper.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketEntityRowMapper.java
index 5bda0a8252..acd3162ff2 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketEntityRowMapper.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketEntityRowMapper.java
@@ -18,7 +18,7 @@ package org.apache.nifi.registry.db.mapper;
import org.apache.nifi.registry.db.entity.BucketEntity;
import org.springframework.jdbc.core.RowMapper;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.Nullable;
import java.sql.ResultSet;
import java.sql.SQLException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketItemEntityRowMapper.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketItemEntityRowMapper.java
index 4495879734..2d2fe1840f 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketItemEntityRowMapper.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/BucketItemEntityRowMapper.java
@@ -22,7 +22,7 @@ import org.apache.nifi.registry.db.entity.BundleEntity;
import org.apache.nifi.registry.db.entity.FlowEntity;
import org.apache.nifi.registry.extension.bundle.BundleType;
import org.springframework.jdbc.core.RowMapper;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.Nullable;
import java.sql.ResultSet;
import java.sql.SQLException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowEntityRowMapper.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowEntityRowMapper.java
index acaf343175..2dfbc38fef 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowEntityRowMapper.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowEntityRowMapper.java
@@ -19,7 +19,7 @@ package org.apache.nifi.registry.db.mapper;
import org.apache.nifi.registry.db.entity.BucketItemEntityType;
import org.apache.nifi.registry.db.entity.FlowEntity;
import org.springframework.jdbc.core.RowMapper;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.Nullable;
import java.sql.ResultSet;
import java.sql.SQLException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowSnapshotEntityRowMapper.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowSnapshotEntityRowMapper.java
index 07a59b347a..ad5fd87b84 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowSnapshotEntityRowMapper.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/FlowSnapshotEntityRowMapper.java
@@ -18,7 +18,7 @@ package org.apache.nifi.registry.db.mapper;
import org.apache.nifi.registry.db.entity.FlowSnapshotEntity;
import org.springframework.jdbc.core.RowMapper;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.Nullable;
import java.sql.ResultSet;
import java.sql.SQLException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/KeyEntityRowMapper.java
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/KeyEntityRowMapper.java
index 6e190a5744..56421e50cf 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/KeyEntityRowMapper.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/db/mapper/KeyEntityRowMapper.java
@@ -18,7 +18,7 @@ package org.apache.nifi.registry.db.mapper;
import org.apache.nifi.registry.db.entity.KeyEntity;
import org.springframework.jdbc.core.RowMapper;
-import org.springframework.lang.Nullable;
+import org.jspecify.annotations.Nullable;
import java.sql.ResultSet;
import java.sql.SQLException;
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-jetty/pom.xml
b/nifi-registry/nifi-registry-core/nifi-registry-jetty/pom.xml
index e96296ff02..dc5d9fd175 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-jetty/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-jetty/pom.xml
@@ -59,32 +59,32 @@
<artifactId>jetty-server</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlet</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlet</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-webapp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-webapp</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlets</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlets</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-annotations</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-annotations</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-glassfish-jstl</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-glassfish-jstl</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-apache-jsp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-apache-jsp</artifactId>
<exclusions>
<exclusion>
<groupId>org.mortbay.jasper</groupId>
@@ -101,11 +101,13 @@
<dependency>
<groupId>org.mortbay.jasper</groupId>
<artifactId>mortbay-apache-jsp</artifactId>
+ <version>11.0.10.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.mortbay.jasper</groupId>
<artifactId>mortbay-apache-el</artifactId>
+ <version>11.0.10.1</version>
<scope>compile</scope>
<exclusions>
<exclusion>
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/handler/StandardHandlerProvider.java
b/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/handler/StandardHandlerProvider.java
index 3eeee8870e..052e194063 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/handler/StandardHandlerProvider.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/handler/StandardHandlerProvider.java
@@ -18,14 +18,14 @@ package org.apache.nifi.registry.jetty.handler;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
-import org.eclipse.jetty.ee10.webapp.MetaInfConfiguration;
+import org.eclipse.jetty.ee11.webapp.MetaInfConfiguration;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
-import org.eclipse.jetty.ee10.servlet.DefaultServlet;
-import org.eclipse.jetty.ee10.servlet.ErrorPageErrorHandler;
-import org.eclipse.jetty.ee10.servlet.ServletHolder;
+import org.eclipse.jetty.ee11.servlet.DefaultServlet;
+import org.eclipse.jetty.ee11.servlet.ErrorPageErrorHandler;
+import org.eclipse.jetty.ee11.servlet.ServletHolder;
import org.eclipse.jetty.ee.webapp.WebAppClassLoader;
-import org.eclipse.jetty.ee10.webapp.WebAppContext;
+import org.eclipse.jetty.ee11.webapp.WebAppContext;
import java.io.File;
import java.io.IOException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-revision/nifi-registry-revision-spring-jdbc/pom.xml
b/nifi-registry/nifi-registry-core/nifi-registry-revision/nifi-registry-revision-spring-jdbc/pom.xml
index a95a23cbb2..f145691247 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-revision/nifi-registry-revision-spring-jdbc/pom.xml
+++
b/nifi-registry/nifi-registry-core/nifi-registry-revision/nifi-registry-revision-spring-jdbc/pom.xml
@@ -62,5 +62,10 @@
<artifactId>jackson-databind</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml
b/nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml
index 5e10f727d6..7c373301ab 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml
@@ -42,6 +42,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-jdbc</artifactId>
+ <version>${spring.boot.version}</version>
+ </dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-test/src/main/java/org/apache/nifi/registry/db/DatabaseProfileValueSource.java
b/nifi-registry/nifi-registry-core/nifi-registry-test/src/main/java/org/apache/nifi/registry/db/DatabaseProfileValueSource.java
index 1a9e5d9ba9..74071e30b1 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-test/src/main/java/org/apache/nifi/registry/db/DatabaseProfileValueSource.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-test/src/main/java/org/apache/nifi/registry/db/DatabaseProfileValueSource.java
@@ -36,17 +36,11 @@ public class DatabaseProfileValueSource implements
ProfileValueSource {
private String currentDatabase;
DatabaseProfileValueSource() {
- final String activeProfiles =
System.getProperty("spring.profiles.active", H2);
+ currentDatabase = resolveCurrentDatabase();
+ }
- if (activeProfiles.contains(H2)) {
- currentDatabase = H2;
- } else if (activeProfiles.contains(MYSQL)) {
- currentDatabase = MYSQL;
- } else if (activeProfiles.contains(MARIADB)) {
- currentDatabase = MARIADB;
- } else if (activeProfiles.contains(POSTGRES)) {
- currentDatabase = POSTGRES;
- }
+ public static boolean isDatabase(final String database) {
+ return resolveCurrentDatabase().equalsIgnoreCase(database);
}
@Override
@@ -59,4 +53,20 @@ public class DatabaseProfileValueSource implements
ProfileValueSource {
}
return Boolean.toString(key.endsWith(currentDatabase)).toLowerCase();
}
+
+ private static String resolveCurrentDatabase() {
+ final String activeProfiles =
System.getProperty("spring.profiles.active", H2);
+
+ if (activeProfiles.contains(H2)) {
+ return H2;
+ } else if (activeProfiles.contains(MYSQL)) {
+ return MYSQL;
+ } else if (activeProfiles.contains(MARIADB)) {
+ return MARIADB;
+ } else if (activeProfiles.contains(POSTGRES)) {
+ return POSTGRES;
+ }
+
+ return H2;
+ }
}
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml
index 2db81d0e63..9271c775e6 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml
+++ b/nifi-registry/nifi-registry-core/nifi-registry-web-api/pom.xml
@@ -167,6 +167,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -180,8 +184,17 @@
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-jetty</artifactId>
+ <version>${spring.boot.version}</version>
+ </dependency>
<!-- Exclude micrometer-core because it creates a class cast issue
with logback, revisit later -->
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -209,13 +222,6 @@
</exclusion>
</exclusions>
</dependency>
- <!-- Must be marked provided in order to produce a correct WAR -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-tomcat</artifactId>
- <version>${spring.boot.version}</version>
- <scope>provided</scope>
- </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java
index 14cc33b48c..9c31f14200 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java
@@ -24,7 +24,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
-import
org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.boot.logging.LoggingSystem;
@@ -44,11 +43,7 @@ import java.util.Properties;
*
* WebMvcAutoConfiguration is excluded because our web app is using Jersey in
place of SpringMVC
*/
-@EnableAutoConfiguration(
- exclude = {
- ElasticsearchRestClientAutoConfiguration.class
- }
-)
+@EnableAutoConfiguration
@SpringBootApplication
public class NiFiRegistryApiApplication extends SpringBootServletInitializer {
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java
index 9f612cfe78..cf9f015d82 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java
@@ -78,7 +78,7 @@ import org.apache.nifi.registry.web.service.ServiceFacade;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.Nullable;
+import jakarta.annotation.Nullable;
import org.springframework.stereotype.Component;
import javax.net.ssl.SSLContext;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
index 8f52c19b70..3dce92e596 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
@@ -109,7 +109,7 @@ public class NiFiRegistrySecurityConfig {
.httpStrictTransportSecurity(hstsConfig ->
hstsConfig.maxAgeInSeconds(31540000))
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
)
- .authorizeRequests((authorize) -> authorize
+ .authorizeHttpRequests(authorize -> authorize
.requestMatchers(
PathPatternRequestMatcher.withDefaults().matcher("/access/token"),
PathPatternRequestMatcher.withDefaults().matcher("/access/token/identity-provider"),
@@ -134,7 +134,7 @@ public class NiFiRegistrySecurityConfig {
}
private IdentityFilter x509AuthenticationFilter() {
- return new IdentityFilter(x509IdentityProvider);
+ return new IdentityFilter(x509IdentityProvider,
authenticationManager());
}
private IdentityAuthenticationProvider x509AuthenticationProvider() {
@@ -142,7 +142,7 @@ public class NiFiRegistrySecurityConfig {
}
private IdentityFilter jwtAuthenticationFilter() {
- return new IdentityFilter(jwtIdentityProvider);
+ return new IdentityFilter(jwtIdentityProvider,
authenticationManager());
}
private IdentityAuthenticationProvider jwtAuthenticationProvider() {
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java
index 8c02a0fd7d..a40fc3d235 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java
@@ -20,7 +20,9 @@ import
org.apache.nifi.registry.security.authentication.AuthenticationRequest;
import org.apache.nifi.registry.security.authentication.IdentityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
@@ -35,16 +37,18 @@ import java.io.IOException;
* A class that will extract an identity / credentials claim from an
HttpServlet Request using an injected IdentityProvider.
*
* This class is designed to be used in collaboration with an {@link
IdentityAuthenticationProvider}. The identity/credentials will be
- * extracted by this filter and later validated by the {@link
IdentityAuthenticationProvider} in the default SecurityInterceptorFilter.
+ * extracted by this filter and validated by the {@link
IdentityAuthenticationProvider} via the {@link AuthenticationManager}.
*/
public class IdentityFilter extends GenericFilterBean {
private static final Logger logger =
LoggerFactory.getLogger(IdentityFilter.class);
private final IdentityProvider identityProvider;
+ private final AuthenticationManager authenticationManager;
- public IdentityFilter(IdentityProvider identityProvider) {
+ public IdentityFilter(IdentityProvider identityProvider,
AuthenticationManager authenticationManager) {
this.identityProvider = identityProvider;
+ this.authenticationManager = authenticationManager;
}
@Override
@@ -65,7 +69,7 @@ public class IdentityFilter extends GenericFilterBean {
if (credentialsAlreadyPresent()) {
logger.debug("Credentials already extracted for [{}], skipping
credentials extraction filter using {}",
-
SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString(),
+
SecurityContextHolder.getContext().getAuthentication().getPrincipal(),
identityProvider.getClass().getSimpleName());
filterChain.doFilter(servletRequest, servletResponse);
return;
@@ -76,15 +80,31 @@ public class IdentityFilter extends GenericFilterBean {
try {
AuthenticationRequest authenticationRequest =
identityProvider.extractCredentials((HttpServletRequest) servletRequest);
if (authenticationRequest != null) {
- Authentication authentication = new
AuthenticationRequestToken(authenticationRequest, identityProvider.getClass(),
servletRequest.getRemoteAddr());
- logger.debug("Adding credentials claim to SecurityContext to
be authenticated. Credentials extracted by {}: {}",
+ Authentication authenticationRequestToken = new
AuthenticationRequestToken(
+ authenticationRequest,
+ identityProvider.getClass(),
+ servletRequest.getRemoteAddr());
+ logger.debug("Attempting to authenticate credentials extracted
by {}: {}",
identityProvider.getClass().getSimpleName(),
authenticationRequest);
-
SecurityContextHolder.getContext().setAuthentication(authentication);
- // This filter's job, which is merely to search for and
extract an identity claim, is done.
- // The actual authentication of the identity claim will be
handled by a corresponding IdentityAuthenticationProvider
+
+ // Authenticate the request token using the
AuthenticationManager,
+ // which will try all the configured AuthenticationProviders
until it finds one that supports authenticating the type of extracted
credentials
+ final Authentication authenticated =
authenticationManager.authenticate(authenticationRequestToken);
+ if (authenticated != null && authenticated.isAuthenticated()) {
+
SecurityContextHolder.getContext().setAuthentication(authenticated);
+ logger.debug("Authentication successful for {}",
authenticated.getName());
+ }
+ } else {
+ logger.debug("The {} did not find credentials it supports on
the servlet request. " +
+ "Allowing this request to continue through the filter
chain where another filter might authenticate it.",
+ identityProvider.getClass().getSimpleName());
}
- } catch (Exception e) {
+ } catch (final AuthenticationException e) {
+ logger.info("Authentication failed for credentials extracted by
{}: {}", identityProvider.getClass().getSimpleName(), e.getMessage());
+ logger.debug("Authentication failure details", e);
+ // Allow request to continue, where it will result in a 401 error
for paths that require an authenticated request
+ } catch (final Exception e) {
logger.debug("Exception occurred while extracting credentials:",
e);
}
@@ -92,6 +112,7 @@ public class IdentityFilter extends GenericFilterBean {
}
private boolean credentialsAlreadyPresent() {
- return SecurityContextHolder.getContext().getAuthentication() != null;
+ final Authentication authentication =
SecurityContextHolder.getContext().getAuthentication();
+ return authentication != null && authentication.isAuthenticated();
}
}
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
index ac5d6fd14b..fb4bc189ce 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
@@ -30,7 +30,7 @@ import org.apache.nifi.registry.util.FormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.Nullable;
+import jakarta.annotation.Nullable;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/resources/META-INF/NOTICE
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/resources/META-INF/NOTICE
index 7c972030c8..de073e4524 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/resources/META-INF/NOTICE
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/resources/META-INF/NOTICE
@@ -137,16 +137,6 @@ The following binary components are provided under the
Common Development and Di
(CDDL 1.1) (GPL2 w/ CPE) hk2-runlevel
(org.glassfish.hk2:hk2-runlevel:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
(CDDL 1.1) (GPL2 w/ CPE) spring-bridge
(org.glassfish.hk2:spring-bridge:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
(CDDL 1.1) (GPL2 w/ CPE) Jakarta RESTful Web Services
(jakarta.ws.rs:jakarta.ws.rs-api:jar:3.1.0 -
https://jakarta.ee/specifications/restful-ws/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-bean-validation
(org.glassfish.jersey.ext:jersey-bean-validation:jar:2.29.1 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-client
(org.glassfish.jersey.core:jersey-client:jar:2.27 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-common
(org.glassfish.jersey.core:jersey-common:jar:2.29.1 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-container-servlet-core
(org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.29.1 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-entity-filtering
(org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.29.1 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-hk2
(org.glassfish.jersey.inject:jersey-hk2:jar:2.27 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-media-jaxb
(org.glassfish.jersey.media:jersey-media-jaxb:jar:2.29.1 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-media-json-jackson
(org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.29.1 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-server
(org.glassfish.jersey.core:jersey-server:jar:2.29.1 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-spring4
(org.glassfish.jersey.ext:jersey-spring4:jar:2.27 - https://jersey.github.io/)
(CDDL 1.1) (GPL2 w/ CPE) OSGi resource locator bundle
(org.glassfish.hk2:osgi-resource-locator:jar:1.0.1 -
https://glassfish.org/osgi-resource-locator)
************************
@@ -159,3 +149,18 @@ The following binary components are provided under the
Eclipse Public License 1.
(EPL 1.0)(LGPL 2.1) Logback Classic
(ch.qos.logback:logback-classic:jar:1.2.6 - https://logback.qos.ch/)
(EPL 1.0)(LGPL 2.1) Logback Core (ch.qos.logback:logback-core:jar:1.2.6 -
https://logback.qos.ch/)
(EPL 1.0) AspectJ Weaver (org.aspectj:aspectjweaver:jar:1.8.13 -
https://www.eclipse.org/aspectj/)
+
+************************
+Eclipse Public License 2.0
+************************
+
+The following binary components are provided under the Eclipse Public License
2.0. See project link for details.
+ (EPL 2.0) jersey-bean-validation
(org.glassfish.jersey.ext:jersey-bean-validation:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-client (org.glassfish.jersey.core:jersey-client:jar:4.0.0
- https://jersey.github.io/)
+ (EPL 2.0) jersey-common (org.glassfish.jersey.core:jersey-common:jar:4.0.0
- https://jersey.github.io/)
+ (EPL 2.0) jersey-container-servlet-core
(org.glassfish.jersey.containers:jersey-container-servlet-core:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-entity-filtering
(org.glassfish.jersey.ext:jersey-entity-filtering:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-hk2 (org.glassfish.jersey.inject:jersey-hk2:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-media-jaxb
(org.glassfish.jersey.media:jersey-media-jaxb:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-media-json-jackson
(org.glassfish.jersey.media:jersey-media-json-jackson:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-server (org.glassfish.jersey.core:jersey-server:jar:4.0.0
- https://jersey.github.io/)
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/BucketsIT.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/BucketsIT.java
index d22f0b1a9a..97437c272d 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/BucketsIT.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/BucketsIT.java
@@ -20,7 +20,7 @@ import org.apache.nifi.registry.bucket.Bucket;
import org.apache.nifi.registry.revision.entity.RevisionInfo;
import org.junit.jupiter.api.Test;
import org.skyscreamer.jsonassert.JSONAssert;
-import org.springframework.test.annotation.IfProfileValue;
+import org.springframework.test.context.junit.jupiter.EnabledIf;
import org.springframework.test.context.jdbc.Sql;
import jakarta.ws.rs.client.Entity;
@@ -57,7 +57,7 @@ public class BucketsIT extends UnsecuredITBase {
// NOTE: The tests that seed the DB directly from SQL end up with
different results for the timestamp depending on
// which DB is used, so for now these types of tests only run against H2.
@Test
- @IfProfileValue(name = "current.database.is.h2", value = "true")
+ @EnabledIf(expression =
"#{T(org.apache.nifi.registry.db.DatabaseProfileValueSource).isDatabase('h2')}")
@Sql(executionPhase = Sql.ExecutionPhase.BEFORE_TEST_METHOD, scripts =
{"classpath:db/clearDB.sql", "classpath:db/BucketsIT.sql"})
public void testGetBuckets() throws Exception {
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java
index 965b1a83ae..697ac7ce1d 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java
@@ -24,7 +24,7 @@ import
org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata;
import org.apache.nifi.registry.revision.entity.RevisionInfo;
import org.junit.jupiter.api.Test;
import org.skyscreamer.jsonassert.JSONAssert;
-import org.springframework.test.annotation.IfProfileValue;
+import org.springframework.test.context.junit.jupiter.EnabledIf;
import org.springframework.test.context.jdbc.Sql;
import jakarta.ws.rs.WebApplicationException;
@@ -72,7 +72,7 @@ public class FlowsIT extends UnsecuredITBase {
// NOTE: The tests that seed the DB directly from SQL end up with
different results for the timestamp depending on
// which DB is used, so for now these types of tests only run against H2.
@Test
- @IfProfileValue(name = "current.database.is.h2", value = "true")
+ @EnabledIf(expression =
"#{T(org.apache.nifi.registry.db.DatabaseProfileValueSource).isDatabase('h2')}")
public void testGetFlows() throws Exception {
// Given: a few buckets and flows have been populated in the DB (see
FlowsIT.sql)
@@ -365,7 +365,7 @@ public class FlowsIT extends UnsecuredITBase {
// NOTE: The tests that seed the DB directly from SQL end up with
different results for the timestamp depending on
// which DB is used, so for now these types of tests only run against H2.
@Test
- @IfProfileValue(name = "current.database.is.h2", value = "true")
+ @EnabledIf(expression =
"#{T(org.apache.nifi.registry.db.DatabaseProfileValueSource).isDatabase('h2')}")
public void testGetFlowVersions() throws Exception {
// Given: a bucket "1" with flow "1" with existing snapshots has been
populated in the DB (see FlowsIT.sql)
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/IntegrationTestBase.java
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/IntegrationTestBase.java
index ad1c010546..5e1b834299 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/IntegrationTestBase.java
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/IntegrationTestBase.java
@@ -23,7 +23,6 @@ import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.databind.type.TypeFactory;
import
com.fasterxml.jackson.module.jakarta.xmlbind.JakartaXmlBindAnnotationIntrospector;
import org.apache.nifi.registry.client.NiFiRegistryClientConfig;
-import org.apache.nifi.registry.db.DatabaseProfileValueSource;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.glassfish.jersey.client.ClientConfig;
import
org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJaxbJsonProvider;
@@ -32,7 +31,7 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.boot.test.web.server.LocalServerPort;
import org.springframework.context.annotation.Bean;
-import org.springframework.test.annotation.ProfileValueSourceConfiguration;
+import org.springframework.test.context.TestPropertySource;
import jakarta.annotation.PostConstruct;
import javax.net.ssl.HostnameVerifier;
@@ -48,7 +47,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock;
/**
* A base class to simplify creating integration tests against an API
application running with an embedded server and volatile DB.
*/
-@ProfileValueSourceConfiguration(DatabaseProfileValueSource.class)
+@TestPropertySource(properties =
"server.servlet.context-path=/nifi-registry-api")
public abstract class IntegrationTestBase {
private static final String CONTEXT_PATH = "/nifi-registry-api";
@@ -66,11 +65,6 @@ public abstract class IntegrationTestBase {
private final Lock readLock = lock.readLock();
private NiFiRegistryProperties testProperties;
- @Bean
- public
org.springframework.boot.web.server.WebServerFactoryCustomizer<org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory>
webServerFactoryCustomizer() {
- return factory -> factory.setContextPath(CONTEXT_PATH);
- }
-
@Bean
public NiFiRegistryProperties getNiFiRegistryProperties() {
readLock.lock();
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureDatabase.properties
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureDatabase.properties
index b5e851e538..f99f723327 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureDatabase.properties
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureDatabase.properties
@@ -22,15 +22,16 @@
# Custom (non-standard to Spring Boot) properties
-nifi.registry.properties.file:
src/test/resources/conf/secure-database/nifi-registry.properties
-nifi.registry.client.properties.file:
src/test/resources/conf/secure-database/nifi-registry-client.properties
+nifi.registry.properties.file=src/test/resources/conf/secure-database/nifi-registry.properties
+nifi.registry.client.properties.file=src/test/resources/conf/secure-database/nifi-registry-client.properties
-# Embedded Server SSL Context Config
-server.ssl.client-auth: need
-server.ssl.key-store: ./target/test-classes/keys/registry-ks.jks
-server.ssl.key-store-password: password
-server.ssl.key-password: password
-server.ssl.protocol: TLS
-server.ssl.trust-store: ./target/test-classes/keys/ca-ts.jks
-server.ssl.trust-store-password: password
\ No newline at end of file
+# Embedded Server SSL Context Config (direct properties)
+server.ssl.client-auth=need
+server.ssl.key-store=classpath:keys/registry-ks.jks
+server.ssl.key-store-password=password
+server.ssl.key-password=password
+server.ssl.key-store-type=JKS
+server.ssl.trust-store=classpath:keys/ca-ts.jks
+server.ssl.trust-store-password=password
+server.ssl.trust-store-type=JKS
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureFile.properties
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureFile.properties
index cea51c6e8e..69ba4d9819 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureFile.properties
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureFile.properties
@@ -22,15 +22,16 @@
# Custom (non-standard to Spring Boot) properties
-nifi.registry.properties.file:
src/test/resources/conf/secure-file/nifi-registry.properties
-nifi.registry.client.properties.file:
src/test/resources/conf/secure-file/nifi-registry-client.properties
+nifi.registry.properties.file=src/test/resources/conf/secure-file/nifi-registry.properties
+nifi.registry.client.properties.file=src/test/resources/conf/secure-file/nifi-registry-client.properties
-# Embedded Server SSL Context Config
-server.ssl.client-auth: need
-server.ssl.key-store: ./target/test-classes/keys/registry-ks.jks
-server.ssl.key-store-password: password
-server.ssl.key-password: password
-server.ssl.protocol: TLS
-server.ssl.trust-store: ./target/test-classes/keys/ca-ts.jks
-server.ssl.trust-store-password: password
+# Embedded Server SSL Context Config (direct properties)
+server.ssl.client-auth=need
+server.ssl.key-store=classpath:keys/registry-ks.jks
+server.ssl.key-store-password=password
+server.ssl.key-password=password
+server.ssl.key-store-type=JKS
+server.ssl.trust-store=classpath:keys/ca-ts.jks
+server.ssl.trust-store-password=password
+server.ssl.trust-store-type=JKS
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureKerberos.properties
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureKerberos.properties
index fb1c928232..04aebc38db 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureKerberos.properties
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureKerberos.properties
@@ -22,15 +22,16 @@
# Custom (non-standard to Spring Boot) properties
-nifi.registry.properties.file:
src/test/resources/conf/secure-kerberos/nifi-registry.properties
-nifi.registry.client.properties.file:
src/test/resources/conf/secure-kerberos/nifi-registry-client.properties
+nifi.registry.properties.file=src/test/resources/conf/secure-kerberos/nifi-registry.properties
+nifi.registry.client.properties.file=src/test/resources/conf/secure-kerberos/nifi-registry-client.properties
-# Embedded Server SSL Context Config
-#server.ssl.client-auth: need # server does not require two-way TLS
-server.ssl.key-store: ./target/test-classes/keys/registry-ks.jks
-server.ssl.key-store-password: password
-server.ssl.key-password: password
-server.ssl.protocol: TLS
-server.ssl.trust-store: ./target/test-classes/keys/ca-ts.jks
-server.ssl.trust-store-password: password
+# Embedded Server SSL Context Config (direct properties)
+#server.ssl.client-auth=need # server does not require two-way TLS
+server.ssl.key-store=classpath:keys/registry-ks.jks
+server.ssl.key-store-password=password
+server.ssl.key-password=password
+server.ssl.key-store-type=JKS
+server.ssl.trust-store=classpath:keys/ca-ts.jks
+server.ssl.trust-store-password=password
+server.ssl.trust-store-type=JKS
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureLdap.properties
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureLdap.properties
index 25b749d98f..c5efba3148 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureLdap.properties
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureLdap.properties
@@ -22,18 +22,19 @@
# Custom (non-standard to Spring Boot) properties
-nifi.registry.properties.file:
src/test/resources/conf/secure-ldap/nifi-registry.properties
-nifi.registry.client.properties.file:
src/test/resources/conf/secure-ldap/nifi-registry-client.properties
+nifi.registry.properties.file=src/test/resources/conf/secure-ldap/nifi-registry.properties
+nifi.registry.client.properties.file=src/test/resources/conf/secure-ldap/nifi-registry-client.properties
-# Embedded Server SSL Context Config
-#server.ssl.client-auth: need # LDAP-configured server does not require
two-way TLS
-server.ssl.key-store: ./target/test-classes/keys/registry-ks.jks
-server.ssl.key-store-password: password
-server.ssl.key-password: password
-server.ssl.protocol: TLS
-server.ssl.trust-store: ./target/test-classes/keys/ca-ts.jks
-server.ssl.trust-store-password: password
+# Embedded Server SSL Context Config (direct properties)
+#server.ssl.client-auth=need # LDAP-configured server does not require
two-way TLS
+server.ssl.key-store=classpath:keys/registry-ks.jks
+server.ssl.key-store-password=password
+server.ssl.key-password=password
+server.ssl.key-store-type=JKS
+server.ssl.trust-store=classpath:keys/ca-ts.jks
+server.ssl.trust-store-password=password
+server.ssl.trust-store-type=JKS
# Embedded LDAP Config
spring.ldap.embedded.base-dn: dc=example,dc=com
@@ -45,4 +46,4 @@ spring.ldap.embedded.validation.enabled: false
# Additional Logging Config
logging.level.org.springframework.security.ldap: DEBUG
-logging.level.org.springframework.ldap: DEBUG
\ No newline at end of file
+logging.level.org.springframework.ldap: DEBUG
diff --git
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureProxy.properties
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureProxy.properties
index cab6d4195f..2aa206257e 100644
---
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureProxy.properties
+++
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/application-ITSecureProxy.properties
@@ -22,15 +22,16 @@
# Custom (non-standard to Spring Boot) properties
-nifi.registry.properties.file:
src/test/resources/conf/secure-proxy/nifi-registry.properties
-nifi.registry.client.properties.file:
src/test/resources/conf/secure-proxy/nifi-registry-client.properties
+nifi.registry.properties.file=src/test/resources/conf/secure-proxy/nifi-registry.properties
+nifi.registry.client.properties.file=src/test/resources/conf/secure-proxy/nifi-registry-client.properties
-# Embedded Server SSL Context Config
-server.ssl.client-auth: need
-server.ssl.key-store: ./target/test-classes/keys/registry-ks.jks
-server.ssl.key-store-password: password
-server.ssl.key-password: password
-server.ssl.protocol: TLS
-server.ssl.trust-store: ./target/test-classes/keys/ca-ts.jks
-server.ssl.trust-store-password: password
+# Embedded Server SSL Context Config (direct properties)
+server.ssl.client-auth=need
+server.ssl.key-store=classpath:keys/registry-ks.jks
+server.ssl.key-store-password=password
+server.ssl.key-password=password
+server.ssl.key-store-type=JKS
+server.ssl.trust-store=classpath:keys/ca-ts.jks
+server.ssl.trust-store-password=password
+server.ssl.trust-store-type=JKS
diff --git a/nifi-registry/nifi-registry-core/pom.xml
b/nifi-registry/nifi-registry-core/pom.xml
index 8702faa7c7..6311b483ef 100644
--- a/nifi-registry/nifi-registry-core/pom.xml
+++ b/nifi-registry/nifi-registry-core/pom.xml
@@ -62,28 +62,28 @@
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlet</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlet</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-webapp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-webapp</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlets</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlets</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-annotations</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-annotations</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-apache-jsp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-apache-jsp</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
diff --git
a/nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/NOTICE
b/nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/NOTICE
index 5acbd8701b..3629d95c04 100644
--- a/nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/NOTICE
+++ b/nifi-registry/nifi-registry-toolkit/nifi-registry-toolkit-assembly/NOTICE
@@ -172,29 +172,6 @@ Common Development and Distribution License 1.1
The following binary components are provided under the Common Development and
Distribution License 1.1. See project link for details.
- (CDDL 1.1) (GPL2 w/ CPE) Jakarta Servlet API
(jakarta.servlet:jakarta.servlet-api:jar:6.0.0 -
https://jakarta.ee/specifications/servlet/)
- (CDDL 1.1) (GPL2 w/ CPE) aopalliance-repackaged
(org.glassfish.hk2.external:aopalliance-repackaged:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) asm-all-repackaged
(org.glassfish.hk2.external:asm-all-repackaged:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) class-model
(org.glassfish.hk2:class-model:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) config-types
(org.glassfish.hk2:config-types:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2 (org.glassfish.hk2:hk2:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-api (org.glassfish.hk2:hk2-api:jar:2.5.0-b42
- https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-utils
(org.glassfish.hk2:hk2-utils:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-locator
(org.glassfish.hk2:hk2-locator:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-config
(org.glassfish.hk2:hk2-config:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-core
(org.glassfish.hk2:hk2-core:jar:2.5.0-b42 - https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) hk2-runlevel
(org.glassfish.hk2:hk2-runlevel:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) spring-bridge
(org.glassfish.hk2:spring-bridge:jar:2.5.0-b42 -
https://javaee.github.io/glassfish/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-bean-validation
(org.glassfish.jersey.ext:jersey-bean-validation:jar:2.26 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-client
(org.glassfish.jersey.core:jersey-client:jar:2.26 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-common
(org.glassfish.jersey.core:jersey-common:jar:2.26 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-container-servlet-core
(org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.26 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-entity-filtering
(org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.26 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-hk2
(org.glassfish.jersey.inject:jersey-hk2:jar:2.26 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-media-jaxb
(org.glassfish.jersey.media:jersey-media-jaxb:jar:2.26 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-media-json-jackson
(org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.26 -
https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-server
(org.glassfish.jersey.core:jersey-server:jar:2.26 - https://jersey.github.io/)
- (CDDL 1.1) (GPL2 w/ CPE) jersey-spring4
(org.glassfish.jersey.ext:jersey-spring4:jar:2.26 - https://jersey.github.io/)
(CDDL 1.1) (GPL2 w/ CPE) OSGi resource locator bundle
(org.glassfish.hk2:osgi-resource-locator:jar:1.0.1 -
https://glassfish.org/osgi-resource-locator)
@@ -215,3 +192,31 @@ The following binary components are provided under the
Eclipse Public License 1.
(EPL 1.0)(LGPL 2.1) Logback Classic
(ch.qos.logback:logback-classic:jar:1.2.6 - https://logback.qos.ch/)
(EPL 1.0)(LGPL 2.1) Logback Core (ch.qos.logback:logback-core:jar:1.2.6 -
https://logback.qos.ch/)
(EPL 1.0) AspectJ Weaver (org.aspectj:aspectjweaver:jar:1.8.13 -
https://www.eclipse.org/aspectj/)
+
+************************
+Eclipse Public License 2.0
+************************
+
+The following binary components are provided under the Eclipse Public License
2.0. See project link for details.
+ (EPL 2.0) Jakarta Servlet API
(jakarta.servlet:jakarta.servlet-api:jar:6.1.0 -
https://jakarta.ee/specifications/servlet/)
+ (EPL 2.0) aopalliance-repackaged
(org.glassfish.hk2.external:aopalliance-repackaged:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) asm-all-repackaged
(org.glassfish.hk2.external:asm-all-repackaged:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) class-model (org.glassfish.hk2:class-model:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) config-types (org.glassfish.hk2:config-types:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2 (org.glassfish.hk2:hk2:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-api (org.glassfish.hk2:hk2-api:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-utils (org.glassfish.hk2:hk2-utils:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-locator (org.glassfish.hk2:hk2-locator:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-config (org.glassfish.hk2:hk2-config:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-core (org.glassfish.hk2:hk2-core:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) hk2-runlevel (org.glassfish.hk2:hk2-runlevel:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) spring-bridge (org.glassfish.hk2:spring-bridge:jar:4.0.0 -
https://eclipse-ee4j.github.io/glassfish-hk2/)
+ (EPL 2.0) jersey-bean-validation
(org.glassfish.jersey.ext:jersey-bean-validation:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-client (org.glassfish.jersey.core:jersey-client:jar:4.0.0
- https://jersey.github.io/)
+ (EPL 2.0) jersey-common (org.glassfish.jersey.core:jersey-common:jar:4.0.0
- https://jersey.github.io/)
+ (EPL 2.0) jersey-container-servlet-core
(org.glassfish.jersey.containers:jersey-container-servlet-core:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-entity-filtering
(org.glassfish.jersey.ext:jersey-entity-filtering:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-hk2 (org.glassfish.jersey.inject:jersey-hk2:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-media-jaxb
(org.glassfish.jersey.media:jersey-media-jaxb:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-media-json-jackson
(org.glassfish.jersey.media:jersey-media-json-jackson:jar:4.0.0 -
https://jersey.github.io/)
+ (EPL 2.0) jersey-server (org.glassfish.jersey.core:jersey-server:jar:4.0.0
- https://jersey.github.io/)
diff --git a/nifi-registry/pom.xml b/nifi-registry/pom.xml
index bbe66b54d5..43a8b514ff 100644
--- a/nifi-registry/pom.xml
+++ b/nifi-registry/pom.xml
@@ -35,9 +35,7 @@
<module>nifi-registry-docker-maven</module>
</modules>
<properties>
- <jakarta.ws.rs-api.version>3.1.0</jakarta.ws.rs-api.version>
- <jersey.bom.version>3.1.11</jersey.bom.version>
- <spring.boot.version>3.5.9</spring.boot.version>
+ <spring.boot.version>4.0.1</spring.boot.version>
<flyway.version>11.19.1</flyway.version>
<flyway.tests.version>10.0.0</flyway.tests.version>
<swagger.ui.version>3.12.0</swagger.ui.version>
@@ -46,27 +44,6 @@
</properties>
<dependencyManagement>
<dependencies>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-bom</artifactId>
- <version>${jetty.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-bom</artifactId>
- <version>${jetty.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- <dependency>
- <groupId>org.glassfish.jersey</groupId>
- <artifactId>jersey-bom</artifactId>
- <version>${jersey.bom.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
@@ -96,35 +73,35 @@
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-glassfish-jstl</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-glassfish-jstl</artifactId>
<version>${jetty.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-annotations</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-annotations</artifactId>
<version>${jetty.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-webapp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-webapp</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlet</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlet</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlets</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-servlets</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-apache-jsp</artifactId>
+ <groupId>org.eclipse.jetty.ee11</groupId>
+ <artifactId>jetty-ee11-apache-jsp</artifactId>
<exclusions>
<exclusion>
<groupId>org.mortbay.jasper</groupId>
@@ -141,13 +118,13 @@
<dependency>
<groupId>org.mortbay.jasper</groupId>
<artifactId>mortbay-apache-jsp</artifactId>
- <version>10.1.48</version>
+ <version>11.0.10.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.mortbay.jasper</groupId>
<artifactId>mortbay-apache-el</artifactId>
- <version>10.1.48</version>
+ <version>11.0.10.1</version>
<scope>compile</scope>
<exclusions>
<exclusion>
diff --git a/pom.xml b/pom.xml
index a53599e5a8..adce9a3729 100644
--- a/pom.xml
+++ b/pom.xml
@@ -196,8 +196,8 @@
<jersey.bom.version>4.0.0</jersey.bom.version>
<jetty.version>12.1.5</jetty.version>
<servlet-api.version>6.1.0</servlet-api.version>
- <spring.security.version>6.5.7</spring.security.version>
- <spring.version>6.2.15</spring.version>
+ <spring.security.version>7.0.2</spring.security.version>
+ <spring.version>7.0.2</spring.version>
<swagger.annotations.version>2.2.41</swagger.annotations.version>
<!-- Testing and quality -->
@@ -511,6 +511,17 @@
<scope>import</scope>
<type>pom</type>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
