exceptionfactory commented on a change in pull request #4581:
URL: https://github.com/apache/nifi/pull/4581#discussion_r501343422
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/servlets/ContentAcknowledgmentServlet.java
##########
@@ -60,20 +62,28 @@ public void init(final ServletConfig config) throws
ServletException {
}
@Override
- protected void doDelete(final HttpServletRequest request, final
HttpServletResponse response) throws ServletException, IOException {
- final X509Certificate[] certs = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
- String foundSubject = DEFAULT_FOUND_SUBJECT;
- if (certs != null && certs.length > 0) {
- for (final X509Certificate cert : certs) {
- foundSubject = cert.getSubjectDN().getName();
- if (authorizedPattern.matcher(foundSubject).matches()) {
- break;
- } else {
- logger.warn(processor + " rejecting transfer attempt from
" + foundSubject + " because the DN is not authorized");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, "not
allowed based on dn");
- return;
- }
+ protected void doGet(final HttpServletRequest request, final
HttpServletResponse response) throws ServletException, IOException {
+ if (request.getRequestURI().endsWith("/holds/ids")) {
+
+ String foundSubject = getSubjectDistinguishedName(request);
+ if (!foundSubject.equals(DEFAULT_FOUND_SUBJECT) &&
!authorizedPattern.matcher(foundSubject).matches()) {
Review comment:
Returning an HTTP 200 for an unauthorized request does not follow
standard conventions for HTTP communication. Recommend following the same
behavior as doDelete() and returning an HTTP 403 Forbidden when not authorized.
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
##########
@@ -231,6 +231,12 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
Review comment:
Apache NiFi uses Jackson for JSON processing throughout the framework.
In this particular case, Google Gson does not appear to provide any special
features, so using the Jackson ObjectMapper would avoid introducing a different
dependency for JSON handling.
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/servlets/ContentAcknowledgmentServlet.java
##########
@@ -60,20 +62,28 @@ public void init(final ServletConfig config) throws
ServletException {
}
@Override
- protected void doDelete(final HttpServletRequest request, final
HttpServletResponse response) throws ServletException, IOException {
- final X509Certificate[] certs = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
- String foundSubject = DEFAULT_FOUND_SUBJECT;
- if (certs != null && certs.length > 0) {
- for (final X509Certificate cert : certs) {
- foundSubject = cert.getSubjectDN().getName();
- if (authorizedPattern.matcher(foundSubject).matches()) {
- break;
- } else {
- logger.warn(processor + " rejecting transfer attempt from
" + foundSubject + " because the DN is not authorized");
- response.sendError(HttpServletResponse.SC_FORBIDDEN, "not
allowed based on dn");
- return;
- }
+ protected void doGet(final HttpServletRequest request, final
HttpServletResponse response) throws ServletException, IOException {
+ if (request.getRequestURI().endsWith("/holds/ids")) {
Review comment:
Since ListenHTTP supports a configurable base path, recommend making
this path a configurable property.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
